zarut
04-15-2008, 08:35 AM
Credicts to Wiccaan and Symbol from cheatengine forums.
Base + Offset = Address
Address - Base = Offset
Every module that is loaded into a programs memory space has a base address of where it starts. You need this base address to calculate the offset to use next time the program is loaded.
You can obtain the base address of a module using the following API:
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
Google 'em for examples, as they are used very commonly now-a-days.
As Symbol said, thats probably not the correct base address. 00400000 is commonly the base address given to a program. (VB6 defaults to this memory address.)
While you have CE attached to the program, open the memory editor and goto the menu:
View -> Enumerate DLL's and Symbols
As you said your address was located at 01EA4BA0, look for a module that is close (but less then) that address. Something like 01E00000.
Base + Offset = Address
Address - Base = Offset
Every module that is loaded into a programs memory space has a base address of where it starts. You need this base address to calculate the offset to use next time the program is loaded.
You can obtain the base address of a module using the following API:
- CreateToolhelp32Snapshot
- Process32First / Process32Next
- Module32First / Module32Next
Google 'em for examples, as they are used very commonly now-a-days.
As Symbol said, thats probably not the correct base address. 00400000 is commonly the base address given to a program. (VB6 defaults to this memory address.)
While you have CE attached to the program, open the memory editor and goto the menu:
View -> Enumerate DLL's and Symbols
As you said your address was located at 01EA4BA0, look for a module that is close (but less then) that address. Something like 01E00000.