How to get the starting/base address of a process in C++?

Question

I\'m testing this whole base/static pointer thing by using it on Microsoft\'s Spider Solitaire. So I got the base pointer of the amount of \"moves\" the player has used, and

Answer 1

You should take a look at the structure IMAGE_OPTIONAL_HEADER in your executable. I also suggest you to read this great guide : http://msdn.microsoft.com/en-us/library/ms809762.aspx

Answer 2

Here's another way, written in Visual Studio 2015 but should be backwards compatible.

#define PSAPI_VERSION 1
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>

// To ensure correct resolution of symbols, add Psapi.lib to TARGETLIBS
#pragma comment(lib, "psapi.lib")

void GetBaseAddressByName(DWORD processId, TCHAR *processName)
{
    TCHAR szProcessName[MAX_PATH] = TEXT("<unknown>");

    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
        PROCESS_VM_READ,
        FALSE, processId);

    if (NULL != hProcess)
    {
        HMODULE hMod;
        DWORD cbNeeded;

        if (EnumProcessModulesEx(hProcess, &hMod, sizeof(hMod),
            &cbNeeded, LIST_MODULES_32BIT | LIST_MODULES_64BIT))
        {
            GetModuleBaseName(hProcess, hMod, szProcessName,
                sizeof(szProcessName) / sizeof(TCHAR));
            if (!_tcsicmp(processName, szProcessName)) {
                _tprintf(TEXT("0x%p\n"), hMod);
            }
        }
    }

    CloseHandle(hProcess);
}

int main(void)
{
    DWORD aProcesses[1024];
    DWORD cbNeeded;
    DWORD cProcesses;

    // Get the list of process identifiers.
    if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
        return 1;

    // Calculate how many process identifiers were returned.
    cProcesses = cbNeeded / sizeof(DWORD);

    // Check the names of all the processess (Case insensitive)
    for (int i = 0; i < cProcesses; i++) {
        GetBaseAddressByName(aProcesses[i], TEXT("SpiderSolitaire.exe"));
    }

    return 0;
}

Answer 3

Here is some code to find the base address for a given process.

Note that this code uses the Multi-Byte Character Set; in VS2012 this is set from Properties > Configuration Properties > Project Defaults > Character Set > Use Multi-Byte Character Set.

#define _CRT_SECURE_NO_WARNINGS
#define UNINITIALIZED 0xFFFFFFFF

#include <iostream>
#include <iomanip>
#include <Windows.h>
#include <TlHelp32.h> //PROCESSENTRY

/* The name of the process */
const char* processName_ = "REPLACETHIS.exe" ; 

void main(void)
{
DWORD  processID_     = NULL ;
DWORD  processBaseAddress_   = UNINITIALIZED;

/* Get the process ID  */
{
    PROCESSENTRY32 processEntry_ ; // Entry into process you wish to inject to
    HANDLE hProcSnapshot_ = NULL ; 
    /* Takes a snapshot of the system's processes */
    hProcSnapshot_ = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) ; //?

    /* While process has not been found, keep looking for it */
    while(!processID_)
    {
        /* If a process on the system exists */
        if(Process32First(hProcSnapshot_, &processEntry_)) //?
        {
            /* Check all processes in the system's processes snapshot */
            do
            {
                /* Compare the name of the process to the one we want */
                if( !strcmp(processEntry_.szExeFile, processName_) ) //?
                {
                    /* Save the processID and break out */
                    processID_ = processEntry_.th32ProcessID ;
                    break ;
                }
            } 
            while(Process32Next(hProcSnapshot_, &processEntry_)) ;
        }

        /* Didnt find process, sleep for a bit */
        if( !processID_ )
        {
            system("CLS") ;
            std::cout << "Make sure " << processName_ << " is running." << std::endl ;
            Sleep(200) ;
        }
    }

    /* Process found */
    std::cout << "Found Process: " << processName_ << std::endl ;
}


/* Find Base Address of process */
{
    HANDLE moduleSnapshotHandle_ = INVALID_HANDLE_VALUE;
    MODULEENTRY32 moduleEntry_;

    /* Take snapshot of all the modules in the process */
    moduleSnapshotHandle_ = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, processID_ );

    /* Snapshot failed */
    if( moduleSnapshotHandle_ == INVALID_HANDLE_VALUE )
    {
        std::cout << "Module Snapshot error" << std::endl ;
        return ;
    }

    /* Size the structure before usage */
    moduleEntry_.dwSize = sizeof( MODULEENTRY32 );

    /* Retrieve information about the first module */
    if( !Module32First( moduleSnapshotHandle_, &moduleEntry_ ) )
    {
        std::cout << "First module not found" << std::endl ;  
        CloseHandle( moduleSnapshotHandle_ );    
        return ;
    }

    /* Find base address */
    while(processBaseAddress_ == UNINITIALIZED)
    {
        /* Find module of the executable */
        do
        {

            /* Compare the name of the process to the one we want */
            if( !strcmp(moduleEntry_.szModule, processName_) ) //?
            {
                /* Save the processID and break out */
                processBaseAddress_ = (unsigned int)moduleEntry_.modBaseAddr ;
                break ;
            }

        } while( Module32Next( moduleSnapshotHandle_, &moduleEntry_ ) );


        if( processBaseAddress_ == UNINITIALIZED )
        {
            system("CLS") ;
            std::cout << "Failed to find module" << processName_ << std::endl ;
            Sleep(200) ;
        }
    }

    /* Found module and base address successfully */
    std::cout << "Base Address: " << std::hex << processBaseAddress_ << std::dec << std::endl ;
    CloseHandle( moduleSnapshotHandle_ );
}