Hello , trying to make memory scan to engine.exe process,
Regretfully i am stuck with error code number 0x5 wich means Access is denied.
I guess its because of Hackshield memory protect ?
The error comes when trying to execute :
I tryd also this :
But hackshield blockes EnumProcessModules ):
Any solution please ? should i try to do this in ring 0 - kernel-mode driver programing ?
Hello Staviko ,
An easy way to get the base address of a process is to inject a dll and then call
:mofo::mofo::mofo:
i Hope this will help me (: Thanks my self .
Regretfully i am stuck with error code number 0x5 wich means Access is denied.
I guess its because of Hackshield memory protect ?
The error comes when trying to execute :
Code:
IntPtr proc_min_address = process.MainModule.BaseAddress;
I tryd also this :
Code:
Open the process using OpenProcess -- if successful, the value returned is a handle to the process, which is just an opaque token used by the kernel to identify a kernel object. Its exact integer value (0x5c in your case) has no meaning to userspace programs, other than to distinguish it from other handles and invalid handles. Call GetProcessImageFileName to get the name of the main executable module of the process. Use EnumProcessModules to enumerate the list of all modules in the target process. For each module, call GetModuleFileNameEx to get the filename, and compare it with the executable's filename. When you've found the executable's module, call GetModuleInformation to get the raw entry point of the executable.
Any solution please ? should i try to do this in ring 0 - kernel-mode driver programing ?
Hello Staviko ,
An easy way to get the base address of a process is to inject a dll and then call
Code:
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch(ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
int base = (ULONG)GetModuleHandleW(0);
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
:mofo::mofo::mofo:
i Hope this will help me (: Thanks my self .