Game.dll Handle

[Revived Soulreaver]

Quote:

Originally Posted by aocunderground

GetModuleHandle can only return module handles from the process in which it was called. Unless you are injected... you're doing it completely wrong.

I am using c# so i am simply getting the process by name and then the main module and the id of that. This returns the Module Handle. I am then attempting to readMemory using this handle. It still however returns 0 everytime even with read only access.

EDIT: NVM looks like I am calculating Game.dll address incorrectly so i'll look into this more and see if i can make sure to make this dynamic.

[aocunderground]

Quote:

Originally Posted by Revived Soulreaver

I am using c# so i am simply getting the process by name and then the main module and the id of that. This returns the Module Handle. I am then attempting to readMemory using this handle. It still however returns 0 everytime even with read only access.

EDIT: NVM looks like I am calculating Game.dll address incorrectly so i'll look into this more and see if i can make sure to make this dynamic.

using System.Diagnostics...

Code:

            Process aionProcess = null;
            Process[] processes = Process.GetProcesses();
            foreach (Process process in processes)
            {
                if (process.ProcessName == "AION.bin")
                {
                    aionProcess = process;
                    break;
                }
            }

The Process object that is returned will hold a list of modules and their associated handles, etc.


Oh, and read up on ReadProcessMemory buddy. You don't need the module handle, you need the process handle, which the Process class conveniently contains for you.

[Revived Soulreaver]

Quote:

Originally Posted by aocunderground

using System.Diagnostics...

Code:

            Process aionProcess = null;
            Process[] processes = Process.GetProcesses();
            foreach (Process process in processes)
            {
                if (process.ProcessName == "AION.bin")
                {
                    aionProcess = process;
                    break;
                }
            }

The Process object that is returned will hold a list of modules and their associated handles, etc.


Oh, and read up on ReadProcessMemory buddy. You don't need the module handle, you need the process handle, which the Process class conveniently contains for you.

Issue Resolved: I was only having an issue since i am running x64, the code you are supplying is for x86 which my code works for as well.

Have a good one.

[aocunderground]

Quote:

Originally Posted by Revived Soulreaver

Issue Resolved: I was only having an issue since i am running x64, the code you are supplying is for x86 which my code works for as well.

Have a good one.

What? This code works in x64.

[Revived Soulreaver]

Quote:

Originally Posted by aocunderground

What? This code works in x64.

Unfortunately it does not...It does compile and it does run...but you'll never find Game.dll...if you don't believe me feel free to test it.

Sorry we were talking about 2 different things, yes that will find Aion.BIN and that is important, but this won't get you a baseAddress which is what my question was...my bad

Thanks for the assist.

[aocunderground]

Quote:

Originally Posted by Revived Soulreaver

Unfortunately it does not...It does compile and it does run...but you'll never find Game.dll...if you don't believe me feel free to test it.

Sorry we were talking about 2 different things, yes that will find Aion.BIN and that is important, but this won't get you a baseAddress which is what my question was...my bad

Thanks for the assist.

Code:

            foreach (ProcessModule module in aionProcess.Modules)
            {
                if (module.ModuleName == "Game.dll")
                {
                    IntPtr gameBaseAddress = module.BaseAddress;
                    break;
                }
            }

ModuleName *may* strip off the extension, I can't remember, so it might be "Game" not "Game.dll".

[GTxFinish]

He's right, it doesnt find game.dll module. I am also running x64, and when debugging it only shows a handful of Aion's process Modules (maybe like 10% of what there actually is).

Hey RevivedSoulReaver, how did you work around this? Did I read your post wrong or did you figure out how to detect game.dll?

Thanks,
Fnsh

[Revived Soulreaver]

Quote:

Originally Posted by aocunderground

Code:

            foreach (ProcessModule module in aionProcess.Modules)
            {
                if (module.ModuleName == "Game.dll")
                {
                    IntPtr gameBaseAddress = module.BaseAddress;
                    break;
                }
            }

ModuleName *may* strip off the extension, I can't remember, so it might be "Game" not "Game.dll".

No it doesn't work like that, if you aren't debugging or running x64 Vista or greater you wouldn't see this...Thanks for the code and attempted helping.

Quote:

Originally Posted by GTxFinish

He's right, it doesnt find game.dll module. I am also running x64, and when debugging it only shows a handful of Aion's process Modules (maybe like 10% of what there actually is).

Hey RevivedSoulReaver, how did you work around this? Did I read your post wrong or did you figure out how to detect game.dll?

Thanks,
Fnsh

Yes, i have fixed/worked around this. It isn't hard, just need to know what to google it is also important to understand how windows x64 handles 32 bit processes. I recommend googling around with wow64 (one of the 5 dlls returned from x64 processes) and you'll find out about it. You see you get the main process and then the x64 dlls that allow the process to work.

Note there isn't any C# for this you'll be using DllImport...good luck dude

I hope this points you in the right direction.

[aocunderground]

Ah that makes sense, I always enable debug/all access privileges by default.

Also, you really don't need module bases if you don't work with offsets (from module bases)

[Revived Soulreaver]

Quote:

Originally Posted by aocunderground

Ah that makes sense, I always enable debug/all access privileges by default.

Also, you really don't need module bases if you don't work with offsets (from module bases)

I'm completely unsure about what you are attempting to (sneaky? suggestive) with this. You need base addresses if you are doing any memory work. If you are doing Packet sniffing you just need the appropriate filter.

[aocunderground]

Quote:

Originally Posted by Revived Soulreaver

I'm completely unsure about what you are attempting to (sneaky? suggestive) with this. You need base addresses if you are doing any memory work. If you are doing Packet sniffing you just need the appropriate filter.

You can search the game's memory for byte patterns (in functions) that reference memory addresses. Since the memory locations that you extract are written to memory inside functions on load, you never need to deal with offsets.

Take for example:

Code:

mov     ecx, dword_108E7230
mov     eax, ecx
sub     eax, 0Ah

You can search for the above code, placing wildcards on the 4 bytes (dword) 108E7230. Then you'd always be able to find that memory location, even between game versions (usually.)

I don't know if I'm explaining this properly.

[iifuzz]

anyone have the offset to the list of npc's/monsters

[aocunderground]

Quote:

Originally Posted by iifuzz

anyone have the offset to the list of npc's/monsters

how is this at all related to anything that has been going on in this thread?

[iifuzz]

nothing ^_^
thought id ask anyways!