Look at it like this:
Windows creates a process:
[----------------------------------------------------]
Tibia.exe (======) is loaded into memory and begins execution, ASLR determines where in memory it is loaded...
[-------------======----------------------------------]
Before ASLR, the gap between the start of the process and Tibia.exe entry point was always 0x400000. When ASLR was implemented, this value was randomised. Since then, it will vary every time.
There are two ways to work around ASLR, one of which is to tell your PC not to use it at all. The problem I have with this is that it's effectively altering your entire machine, so any code you write you need to also write code to make it work on other machines (write code to disable ASLR for all other users).
The other way is my preferred method, which is to enumerate process modules and get the first element from the enumeration where the name of the element contains Tibia.exe. This doesn't require any hackery, and is nice and clean.
This code enumerates process modules, dumping them all to console (pop it into a C++ command line project and hit run.
Code:
/*
GetBaseAddrCpp.cpp
© Josh Griffith 2013
This file is part of GenericInjector.
TibiaInjector is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
TibiaInjector is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with TibiaInjector. If not, see <http://www.gnu.org/licenses/>.
*/
#include "stdafx.h"
#include <Windows.h>
#include <Psapi.h>
#include <iostream>
#include <fstream>
using namespace std;
int _tmain(int argc, _TCHAR* argv[])
{
wofstream myFile;
myFile.open("modules.txt");
myFile.clear();
myFile << L"Josh's module finder" << endl;
HWND hwnd = FindWindow(L"TibiaClient", NULL);
cout << "Handle: " << hwnd << endl;
myFile << L"Handle: " << hwnd << endl;
DWORD cbNeeded;
DWORD processID;
GetWindowThreadProcessId(hwnd, &processID);
cout << "Process ID: " << processID << endl;
myFile << L"Process ID: " << processID << endl;
HANDLE handle = OpenProcess(PROCESS_ALL_ACCESS, TRUE, processID);
cout << "Process Handle: " << handle << endl;
myFile << L"Process Handle: " << handle << endl;
HMODULE hMods[1024];
if (EnumProcessModules(handle, hMods, sizeof(hMods), &cbNeeded))
{
cout << "Enumerated: " << "Success!" << endl;
for (int i = 0; i < (cbNeeded / sizeof(hwnd)); i++)
{
cout << "Round " << i << ": ";
myFile << L"Round " << i << L": ";
TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(handle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
cout << "Module Name: ";
wcout << szModName; // Wide string char thing
cout << ". Entry Number: " << hMods[i] ; // hMods may be wide string, too, IDK, I didn't use it yet.
myFile << L"Module Name: " << szModName << L". Entry Number: " << hMods[i];
}
cout << ". " << endl;
myFile << L". " << endl;
}
}
CloseHandle(handle);
cout << "End" << endl;
myFile.close();
return 0;
}
Available with syntax highlighting on Github: https://github.com/XtrmJosh/TibiaInj...aseAddrCpp.cpp