USING JNA API with Java, I've been searching through memory of a game, attempting to withdraw a multi-level pointer to a certain address in order to get around the DMA that is utilized. When I succeeded, the pointers address was based upon the "gamename.exe"+0000025C and several levels of offsets.
With this, and the base address of the gamename.exe being dynamically reset upon restart of the client, I will need to calculate the base address.
I am using Java and have found this StackOverflow post to be of great help setting up a method JNA - Getting Base address
I have written a similar method, snippet below:
public int getBaseAddress() {
try {
Pointer hProcess = main.Kernel32.INSTANCE.GetCurrentProcess();
System.out.println(hProcess);
List<Module> hModules = PsapiTools.getInstance().EnumProcessModules(hProcess);
System.out.println(hModules);
for(Module m: hModules){
System.out.println(m.getFileName());
if(m.getFileName().contains("NexusTK.exe")){
m.log(m.getFileName() + ": 0x" + Long.toHexString(Pointer.nativeValue(m.getEntryPoint())));
System.out.println(m);
return Integer.valueOf("" + Pointer.nativeValue(m.getLpBaseOfDll()));
}
}
} catch (Exception e) { e.printStackTrace(); }
return -1;
}
Full class found here
This is what my console shows. Lots of DLL's but no .exe of my game.
QUESTION:
How do I find the process of my game client through the Module collection? Am I feeding the function the correct Pointer? Do I need to restructure the code to calculate the base address?
You are enumerating all the modules of the current process, that is: your process, that is: javaw.exe. That's because you feed the EnumProcessModules API with the result of GetCurrentProcess()
If you want to enumerate the modules of another process, you need to use OpenProcess with it's PID.
You can get a PID with two methods: