因此您可以看到,获取.exe基址存在一些麻烦。
在这种情况下,假设这是Tutorial-x86_64.exe
我如何获得流程地址?
希望任何人都可以提供帮助。
答案 0 :(得分:2)
System.Diagnostics.Process[] processes = System.Diagnostics.Process.GetProcessesByName("Tutorial-x86_64");
int base = processes[0].MainModule.BaseAddress.ToInt32();
您还可以获取EntryPoint
int base_adr = processes[0].MainModule.EntryPointAddress.ToInt32();
int height_offset = 0x0007E1BC; //some address example
int height_adr = (IntPtr)(base_adr + height_offset);
这是另一个功能。
private static IntPtr GetModuleBaseAddress(string AppName, string ModuleName)
{
IntPtr BaseAddress = IntPtr.Zero;
Process[] myProcess = null;
ProcessModule myProcessModule = null;
myProcess = Process.GetProcessesByName(AppName);
if (myProcess.Length > 0)
{
ProcessModuleCollection myProcessModuleCollection;
try
{
myProcessModuleCollection = myProcess[0].Modules;
}
catch { return IntPtr.Zero; /*Maybe would be ok show the exception after/instead return*/ }
for (int i = 0; i < myProcessModuleCollection.Count; i++)
{
myProcessModule = myProcessModuleCollection[i];
if (myProcessModule.ModuleName.Contains(ModuleName))
{
BaseAddress = myProcessModule.BaseAddress;
break;
}
}
}
return BaseAddress;
}
答案 1 :(得分:0)
using System.Diagnostics;
using System.Linq;
public IntPtr GetModuleBaseAddress(string processName, string moduleName)
{
// Get an instance of the specified process
Process process;
try
{
process = Process.GetProcessesByName(processName)[0];
}
catch (IndexOutOfRangeException)
{
// The process isn't currently running
throw new ArgumentException($"No process with name {processName} is currently running");
}
// Get an instance of the specified module in the process
// We use linq here to avoid unnecesary for loops
var module = process.Modules.Cast<ProcessModule>().SingleOrDefault(m => string.Equals(m.ModuleName, moduleName, StringComparison.OrdinalIgnoreCase));
//Return IntPtr.Zero if the module doesn't exist in the process
return module?.BaseAddress ?? IntPtr.Zero;
}
var modBaseAddress = GetModuleBaseAddress("Tutorial-x86_64.exe", "Tutorial-x86_64.exe");