Game.dll Handle

Page 2 of 2 1 2
09/24/2009 21:59 Revived Soulreaver#16
Quote:
Originally Posted by aocunderground View Post
GetModuleHandle can only return module handles from the process in which it was called. Unless you are injected... you're doing it completely wrong.

I am using c# so i am simply getting the process by name and then the main module and the id of that. This returns the Module Handle. I am then attempting to readMemory using this handle. It still however returns 0 everytime even with read only access.

EDIT: NVM looks like I am calculating Game.dll address incorrectly so i'll look into this more and see if i can make sure to make this dynamic.
09/27/2009 22:57 aocunderground#17
Quote:
Originally Posted by Revived Soulreaver View Post
I am using c# so i am simply getting the process by name and then the main module and the id of that. This returns the Module Handle. I am then attempting to readMemory using this handle. It still however returns 0 everytime even with read only access.

EDIT: NVM looks like I am calculating Game.dll address incorrectly so i'll look into this more and see if i can make sure to make this dynamic.
using System.Diagnostics...
Code:
            Process aionProcess = null;
            Process[] processes = Process.GetProcesses();
            foreach (Process process in processes)
            {
                if (process.ProcessName == "AION.bin")
                {
                    aionProcess = process;
                    break;
                }
            }
The Process object that is returned will hold a list of modules and their associated handles, etc.


Oh, and read up on ReadProcessMemory buddy. You don't need the module handle, you need the process handle, which the Process class conveniently contains for you.
09/28/2009 06:53 Revived Soulreaver#18
Quote:
Originally Posted by aocunderground View Post
using System.Diagnostics...
Code:
            Process aionProcess = null;
            Process[] processes = Process.GetProcesses();
            foreach (Process process in processes)
            {
                if (process.ProcessName == "AION.bin")
                {
                    aionProcess = process;
                    break;
                }
            }
The Process object that is returned will hold a list of modules and their associated handles, etc.


Oh, and read up on ReadProcessMemory buddy. You don't need the module handle, you need the process handle, which the Process class conveniently contains for you.
Issue Resolved: I was only having an issue since i am running x64, the code you are supplying is for x86 which my code works for as well.

Have a good one.
09/28/2009 17:25 aocunderground#19
Quote:
Originally Posted by Revived Soulreaver View Post
Issue Resolved: I was only having an issue since i am running x64, the code you are supplying is for x86 which my code works for as well.

Have a good one.
What? This code works in x64.
09/28/2009 17:53 Revived Soulreaver#20
Quote:
Originally Posted by aocunderground View Post
What? This code works in x64.
Unfortunately it does not...It does compile and it does run...but you'll never find Game.dll...if you don't believe me feel free to test it.

Sorry we were talking about 2 different things, yes that will find Aion.BIN and that is important, but this won't get you a baseAddress which is what my question was...my bad

Thanks for the assist.
09/29/2009 03:07 aocunderground#21
Quote:
Originally Posted by Revived Soulreaver View Post
Unfortunately it does not...It does compile and it does run...but you'll never find Game.dll...if you don't believe me feel free to test it.

Sorry we were talking about 2 different things, yes that will find Aion.BIN and that is important, but this won't get you a baseAddress which is what my question was...my bad

Thanks for the assist.
Code:
            foreach (ProcessModule module in aionProcess.Modules)
            {
                if (module.ModuleName == "Game.dll")
                {
                    IntPtr gameBaseAddress = module.BaseAddress;
                    break;
                }
            }
ModuleName *may* strip off the extension, I can't remember, so it might be "Game" not "Game.dll".
10/02/2009 04:58 GTxFinish#22
He's right, it doesnt find game.dll module. I am also running x64, and when debugging it only shows a handful of Aion's process Modules (maybe like 10% of what there actually is).

Hey RevivedSoulReaver, how did you work around this? Did I read your post wrong or did you figure out how to detect game.dll?

Thanks,
Fnsh
10/02/2009 20:32 Revived Soulreaver#23
Quote:
Originally Posted by aocunderground View Post
Code:
            foreach (ProcessModule module in aionProcess.Modules)
            {
                if (module.ModuleName == "Game.dll")
                {
                    IntPtr gameBaseAddress = module.BaseAddress;
                    break;
                }
            }
ModuleName *may* strip off the extension, I can't remember, so it might be "Game" not "Game.dll".
No it doesn't work like that, if you aren't debugging or running x64 Vista or greater you wouldn't see this...Thanks for the code and attempted helping.

Quote:
Originally Posted by GTxFinish View Post
He's right, it doesnt find game.dll module. I am also running x64, and when debugging it only shows a handful of Aion's process Modules (maybe like 10% of what there actually is).

Hey RevivedSoulReaver, how did you work around this? Did I read your post wrong or did you figure out how to detect game.dll?

Thanks,
Fnsh
Yes, i have fixed/worked around this. It isn't hard, just need to know what to google it is also important to understand how windows x64 handles 32 bit processes. I recommend googling around with wow64 (one of the 5 dlls returned from x64 processes) and you'll find out about it. You see you get the main process and then the x64 dlls that allow the process to work.

Note there isn't any C# for this you'll be using DllImport...good luck dude

I hope this points you in the right direction.
10/02/2009 22:01 aocunderground#24
Ah that makes sense, I always enable debug/all access privileges by default.

Also, you really don't need module bases if you don't work with offsets (from module bases) ;)
10/02/2009 22:39 Revived Soulreaver#25
Quote:
Originally Posted by aocunderground View Post
Ah that makes sense, I always enable debug/all access privileges by default.

Also, you really don't need module bases if you don't work with offsets (from module bases) ;)
I'm completely unsure about what you are attempting to ;) (sneaky? suggestive) with this. You need base addresses if you are doing any memory work. If you are doing Packet sniffing you just need the appropriate filter.
10/05/2009 06:42 aocunderground#26
Quote:
Originally Posted by Revived Soulreaver View Post
I'm completely unsure about what you are attempting to ;) (sneaky? suggestive) with this. You need base addresses if you are doing any memory work. If you are doing Packet sniffing you just need the appropriate filter.

You can search the game's memory for byte patterns (in functions) that reference memory addresses. Since the memory locations that you extract are written to memory inside functions on load, you never need to deal with offsets.

Take for example:
Code:
mov     ecx, dword_108E7230
mov     eax, ecx
sub     eax, 0Ah
You can search for the above code, placing wildcards on the 4 bytes (dword) 108E7230. Then you'd always be able to find that memory location, even between game versions (usually.)

I don't know if I'm explaining this properly.
10/06/2009 13:37 iifuzz#27
anyone have the offset to the list of npc's/monsters
10/06/2009 14:57 aocunderground#28
Quote:
Originally Posted by iifuzz View Post
anyone have the offset to the list of npc's/monsters
how is this at all related to anything that has been going on in this thread?
10/07/2009 00:24 iifuzz#29
nothing ^_^
thought id ask anyways!
Page 2 of 2 1 2