获取进程的基地址

Question

我试图了解有关内存读取的知识，为此，我试图获取进程的基地址，以便以后找到指针。游戏称为突击魔方。

我可以获得进程的名称，进程的ID，processHandle，但是我找不到基址，并且我已经到了8个小时了。

下面是我的代码，因此您可以看到我在来到这里之前至少会尝试一下。我试图使用getModuleHandleA（），但它似乎不起作用，总是返回0。

图片：Cheat Engine

import os.path
import ctypes
import ctypes.wintypes

# Process Permissions
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_OPERATION = 0x0008
PROCESS_VM_READ = 0x0010
PROCESS_VM_WRITE = 0x0020

MAX_PATH = 260

class winAPI():

    def __init__(self):
        pass

    def enumerateProcesses(self):

        count = 32
        while True:

            # Create correct size of array
            ProcessIds = (ctypes.wintypes.DWORD*count)()
            # Pointer to the array
            lpidProcess = ctypes.byref(ProcessIds)
            # The size of the processID's
            sizeOfArray = ctypes.sizeof(ProcessIds)
            # How many bytes there are in the array
            BytesReturned = ctypes.wintypes.DWORD()

            # If the function succeeds, return value is 1, if fail return value is 0
            if ctypes.windll.Psapi.EnumProcesses(lpidProcess, sizeOfArray, ctypes.byref(BytesReturned)):

                # If our array is large enough to contain the bytes, return 
                if BytesReturned.value < sizeOfArray:
                    # print("ProcessIds:", ProcessIds, "BytesReturned:", BytesReturned.value)


                    return ProcessIds, BytesReturned.value

                # If our array is NOT large enough, add 32*2 bytes to the array 
                else:
                    count = count * 2
            else:
                # Call winapi'sGetLastError for a better explaination?
                return None

    def OpenProcess(self, dwProcessId):

        dwDesiredAccess = (PROCESS_QUERY_INFORMATION | PROCESS_VM_OPERATION |
        PROCESS_VM_READ | PROCESS_VM_WRITE)
        bInheritHandle = False


        hProcess = ctypes.windll.kernel32.OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId)
        if hProcess:
            return hProcess
        else:
            return None

    def GetProcessIdByName(self, pName):

        # Add .exe to name if not provided in argument
        if pName.endswith('.exe'):
            pass
        else:
            pName = pName + '.exe'

        # Split our returned function into PID's and bytes    
        ProcessIds, BytesReturned = self.enumerateProcesses()
        listPIDs = list(ProcessIds)

        for i in range(len(listPIDs)):

            ProcessID = ProcessIds[i]
            hProcess = ctypes.windll.kernel32.OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessID)

            if hProcess:

                # print(hex(id(hProcess)))

                ImageFileName = (ctypes.c_char*MAX_PATH)()

                if ctypes.windll.psapi.GetProcessImageFileNameA(hProcess, ImageFileName, MAX_PATH) > 0:


                    filename = os.path.basename(ImageFileName.value).decode('utf-8')

                    BaseAddress = (ctypes.windll.kernel32.GetModuleHandleA(filename) )
                    print("Baseaddy", BaseAddress)

                    if filename == pName:

                        print("ProcessID:", ProcessID, "|", "hProcess:", hProcess)
                        return ProcessID, hProcess

                self.HandleCloser(hProcess)

    def HandleCloser(self, hProcess):

        # Calls winAPI's CloseHandle function and closes handle
        ctypes.windll.kernel32.CloseHandle(hProcess)

        return None

if __name__ == "__main__": 

    api = winAPI()
    pid = api.GetProcessIdByName("ac_client.exe")
    processID = pid[0]
    hProcess = pid[1]
    print("hProcess", hProcess)