I trying to read coordinates from a game. This works perfectly fine, when using ReadProcessMemory on a HANDLE that I receive through OpenProcess, with the memory I find in CheatEngine. For example, if I know the float value in the running process is at 0x5AB38F68, I can read this.
However, the address changes everytime the game restarts. It depends on a module called AkSoundEngine.dll. So basically the address would be at AkSoundEngine.dll+0x168F68. However, I cannot for the life of me find the baseaddress of said DLL. It shows in CE: Click for Image
However, when using EnumProcessModules() on the same HANDLE as before, these are the results:
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\ntdll.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64win.dll
[2015-02-08 09:26:09][INFO][Game:59] - C:\Windows\SYSTEM32\wow64cpu.dll
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
[2015-02-08 09:26:09][INFO][Game:59] - F:\Steam\steamapps\common\TheLongDark\tld.exe
The DLL is not showing. Therefore my assumption is, that it might be within one of the tld.exe modules. If that is the case, how would I go about iterating modules of a module and then receiving its base address? Am I right to assume that I would have to add the tld.exe's base address as well, as in:
tld.exe+AkSoundEngine.dll+0x168F68?
You might also notice, that it shows tld.exe 5 times as a module, but only 2 of them return a BaseOfDll, as part of LPMODULEINFO as returned by GetModuleInformation().
Could it be, that I've just run into what is doable in JNA (I doubt that, since I'm just calling C code)?
I'm not sure how to ask more specifically, but you can see the whole code at my GitHub. Most of it is happening in Game.java's updatePosition() method.
The solution was to use EnumProcessModulesEx() with the flag for 32 Bit. I was also told, that if Java is 64 bit, each HMODULE is 8 bytes long. In addition, there are some problems with the PROCESS_ALL_ACCESS flag when using EnumProcessModulesEx() on newer systems.