问题
I trying to read coordinates from a game. This works perfectly fine, when using ReadProcessMemory on a HANDLE that I receive through OpenProcess, with the memory I find in CheatEngine. For example, if I know the float value in the running process is at 0x5AB38F68, I can read this.
However, the address changes everytime the game restarts. It depends on a module called AkSoundEngine.dll. So basically the address would be at AkSoundEngine.dll+0x168F68. However, I cannot for the life of me find the baseaddress of said DLL. It shows in CE: Click for Image
However, when using EnumProcessModules() on the same HANDLE as before, these are the results:
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\ntdll.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64win.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64cpu.dll
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
The DLL is not showing. Therefore my assumption is, that it might be within one of the tld.exe modules. If that is the case, how would I go about iterating modules of a module and then receiving its base address? Am I right to assume that I would have to add the tld.exe's base address as well, as in:
tld.exe+AkSoundEngine.dll+0x168F68
?
You might also notice, that it shows tld.exe 5 times as a module, but only 2 of them return a BaseOfDll, as part of LPMODULEINFO
as returned by GetModuleInformation().
Could it be, that I've just run into what is doable in JNA (I doubt that, since I'm just calling C code)?
I'm not sure how to ask more specifically, but you can see the whole code at my GitHub. Most of it is happening in Game.java's updatePosition() method.
回答1:
The solution was to use EnumProcessModulesEx() with the flag for 32 Bit. I was also told, that if Java is 64 bit, each HMODULE is 8 bytes long. In addition, there are some problems with the PROCESS_ALL_ACCESS flag when using EnumProcessModulesEx() on newer systems.
来源:https://stackoverflow.com/questions/28394955/jna-enumprocessmodules-not-returning-all-dlls