Pregunta
USING JNA API with Java, I've been searching through memory of a game, attempting to withdraw a multi-level pointer to a certain address in order to get around the DMA that is utilized. When I succeeded, the pointers address was based upon the "gamename.exe"+0000025C and several levels of offsets.
With this, and the base address of the gamename.exe being dynamically reset upon restart of the client, I will need to calculate the base address.
I am using Java and have found this StackOverflow post to be of great help setting up a method JNA - Getting Base address
I have written a similar method, snippet below:
https://stackoverflow.com/questions/21920113
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianpublic int getBaseAddress() {
try {
Pointer hProcess = main.Kernel32.INSTANCE.GetCurrentProcess();
System.out.println(hProcess);
List<Module> hModules = PsapiTools.getInstance().EnumProcessModules(hProcess);
System.out.println(hModules);
for(Module m: hModules){
System.out.println(m.getFileName());
if(m.getFileName().contains("NexusTK.exe")){
m.log(m.getFileName() + ": 0x" + Long.toHexString(Pointer.nativeValue(m.getEntryPoint())));
System.out.println(m);
return Integer.valueOf("" + Pointer.nativeValue(m.getLpBaseOfDll()));
}
}
} catch (Exception e) { e.printStackTrace(); }
return -1;
}
Full class found here
This is what my console shows. Lots of DLL's but no .exe of my game.
QUESTION:
How do I find the process of my game client through the Module collection? Am I feeding the function the correct Pointer? Do I need to restructure the code to calculate the base address?
Solución
You are enumerating all the modules of the current process, that is: your process, that is: javaw.exe. That's because you feed the EnumProcessModules API with the result of GetCurrentProcess()
If you want to enumerate the modules of another process, you need to use OpenProcess with it's PID.
You can get a PID with two methods:
