Solved Python GetModuleBaseNameA error

Hexui Undetected CSGO Cheats PUBG Accounts

sato

Full Member
Jan 8, 2021
4
117
1
Game Name
deceit
Anticheat
no anticheat
How long you been coding/hacking?
3 month
Coding Language
python
Untitled2.png


Hello everyone, I don't know how to fix overflow error. This my function is change moduleName to baseAddress (python language )
hMods[index] in code very long this game is 64bit how to fix.
I'm not good in English. Thank you all
 

sato

Full Member
Jan 8, 2021
4
117
1
Now I can fix this problem. thank you everyone for helping
this is code after I fix it

Python:
import os.path
import ctypes
from ctypes import wintypes
import time
from ctypes.wintypes import DWORD, HANDLE, HMODULE, HINSTANCE ,LARGE_INTEGER





# Process Permissions
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_OPERATION = 0x0008
PROCESS_VM_READ = 0x0010
PROCESS_VM_WRITE = 0x0020
PROCESS_ALL_ACCESS = 0x1F0FFF
MAX_PATH = 260

WM_KEYDOWN = 0x100
WM_KEYUP = 0x101

def CloseHandle(hProcess):
    ctypes.windll.kernel32.CloseHandle(hProcess)
    return GetLastError()

def GetLastError():
    return ctypes.windll.kernel32.GetLastError()

def OpenProcess(dwProcessId):
    dwDesiredAccess = PROCESS_ALL_ACCESS
    bInheritHandle = False
    hProcess = ctypes.windll.kernel32.OpenProcess(
                                                dwDesiredAccess,
                                                bInheritHandle,
                                                dwProcessId
                                                )
    if hProcess:
        return hProcess
    else:
        return 0


def EnumProcesses():
    count = 32
    while True:
        ProcessIds = (ctypes.wintypes.DWORD*count)()
        cb = ctypes.sizeof(ProcessIds)
        BytesReturned = ctypes.wintypes.DWORD()
        if ctypes.windll.Psapi.EnumProcesses(ctypes.byref(ProcessIds), cb, ctypes.byref(BytesReturned)):
            if BytesReturned.value < cb:
                return ProcessIds, BytesReturned.value
            else:
                count *= 2
        else:
            return 0

def GetProcessIdByName(pName):
    if pName.endswith('.exe'):
        pass
    else:
        pName = pName+'.exe'          
    ProcessIds, BytesReturned = EnumProcesses()
    for index in list(range(int(BytesReturned / ctypes.sizeof(ctypes.wintypes.DWORD)))):
        ProcessId = ProcessIds[index]
        hProcess = ctypes.windll.kernel32.OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId)
        if hProcess:
            ImageFileName = (ctypes.c_char*MAX_PATH)()
            if ctypes.windll.psapi.GetProcessImageFileNameA(hProcess, ImageFileName, MAX_PATH) > 0:
                filename = os.path.basename(ImageFileName.value)
                if filename.decode('utf-8') == pName:
                    return ProcessId
            CloseHandle(hProcess)

def ModuleGetBase(hHandle, ModuleName):
    base_name = (ctypes.c_char * MAX_PATH)()

    hMods = (wintypes.HMODULE * 1024)()
    cbNeeded = ctypes.wintypes.HMODULE()
    if ctypes.windll.psapi.EnumProcessModules(hHandle, ctypes.byref(hMods), ctypes.sizeof(hMods), ctypes.byref(cbNeeded)):
        for index in range(int(cbNeeded.value / ctypes.sizeof(ctypes.wintypes.HMODULE))):
         
            #print(hex(hMods[index]))

           #add this statement
            ctypes.windll.psapi.GetModuleBaseNameA.argtypes = [wintypes.HANDLE,wintypes.HMODULE, wintypes.LPSTR, wintypes.DWORD]  
            ctypes.windll.psapi.GetModuleBaseNameA(hHandle, hMods[index], base_name, MAX_PATH)
            #print(base_name.value.decode('utf-8').lower())
            if ModuleName.lower() == base_name.value.decode('utf-8').lower():
                return hMods[index]
    return 0



gameName = "Deceit.exe"
pid = GetProcessIdByName(gameName)
memopen = OpenProcess(pid)

baseAddr = ModuleGetBase(memopen, "Game.dll")
print("PID: ", pid)
print("base address: ", hex(baseAddr))
 
Last edited:

Broihon

Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,793
41,598
324
lpcbNeeded returns the buffer size in bytes. You have to device this by the size of an HMODULE and not DWORD. DWORD is 4 bytes on both x86 and x64 whereas HMODULE is 4 bytes on x86 but 8 bytes on x64. This however isn't the cause of the problem here but still should be fixed.

The main problem is that apparently python can't properly convert the 2nd argument. I suggest instead of declaring the array with c_void_p (void*) to use a non pointer type like a 64 bit sized integer or the actual definition of a module handle like HINSTANCE or HMODULE.
 

sato

Full Member
Jan 8, 2021
4
117
1
show us the code
This is code

Python:
import os.path
import ctypes
from ctypes import wintypes
import time






# Process Permissions
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_OPERATION = 0x0008
PROCESS_VM_READ = 0x0010
PROCESS_VM_WRITE = 0x0020
PROCESS_ALL_ACCESS = 0x1F0FFF
MAX_PATH = 260

WM_KEYDOWN = 0x100
WM_KEYUP = 0x101

def CloseHandle(hProcess):
    ctypes.windll.kernel32.CloseHandle(hProcess)
    return GetLastError()

def GetLastError():
    return ctypes.windll.kernel32.GetLastError()

def OpenProcess(dwProcessId):
    dwDesiredAccess = PROCESS_ALL_ACCESS
    bInheritHandle = False
    hProcess = ctypes.windll.kernel32.OpenProcess(
                                                dwDesiredAccess,
                                                bInheritHandle,
                                                dwProcessId
                                                )
    if hProcess:
        return hProcess
    else:
        return 0


def EnumProcesses():
    count = 32
    while True:
        ProcessIds = (ctypes.wintypes.DWORD*count)()
        cb = ctypes.sizeof(ProcessIds)
        BytesReturned = ctypes.wintypes.DWORD()
        if ctypes.windll.Psapi.EnumProcesses(ctypes.byref(ProcessIds), cb, ctypes.byref(BytesReturned)):
            if BytesReturned.value < cb:
                return ProcessIds, BytesReturned.value
            else:
                count *= 2
        else:
            return 0

def GetProcessIdByName(pName):
    if pName.endswith('.exe'):
        pass
    else:
        pName = pName+'.exe'           
    ProcessIds, BytesReturned = EnumProcesses()
    for index in list(range(int(BytesReturned / ctypes.sizeof(ctypes.wintypes.DWORD)))):
        ProcessId = ProcessIds[index]
        hProcess = ctypes.windll.kernel32.OpenProcess(PROCESS_QUERY_INFORMATION, False, ProcessId)
        if hProcess:
            ImageFileName = (ctypes.c_char*MAX_PATH)()
            if ctypes.windll.psapi.GetProcessImageFileNameA(hProcess, ImageFileName, MAX_PATH) > 0:
                filename = os.path.basename(ImageFileName.value)
                if filename.decode('utf-8') == pName:
                    return ProcessId
            CloseHandle(hProcess)

def ModuleGetBase(hHandle, ModuleName):
    base_name = (ctypes.c_char * MAX_PATH)()

    hMods = (ctypes.c_void_p * 1024)()
    cbNeeded = ctypes.wintypes.DWORD()
    if ctypes.windll.psapi.EnumProcessModules(hHandle, hMods, ctypes.sizeof(hMods), ctypes.byref(cbNeeded)):
        for index in range(int(cbNeeded.value / ctypes.sizeof(ctypes.wintypes.DWORD))):
          
            print(hex(hMods[index]))
            ctypes.windll.psapi.GetModuleBaseNameA(hHandle, hMods[index], base_name, MAX_PATH)
            if ModuleName.lower() == base_name.value.decode('utf-8').lower():
                return hMods[index]
    return 0



gameName = "Deceit.exe"
pid = GetProcessIdByName(gameName)
memopen = OpenProcess(pid)

baseAddr = ModuleGetBase(memopen, "Game.dll")
print("PID: ", pid)
print("base address: ", baseAddr)
 

sato

Full Member
Jan 8, 2021
4
117
1
lpcbNeeded returns the buffer size in bytes. You have to device this by the size of an HMODULE and not DWORD. DWORD is 4 bytes on both x86 and x64 whereas HMODULE is 4 bytes on x86 but 8 bytes on x64. This however isn't the cause of the problem here but still should be fixed.

The main problem is that apparently python can't properly convert the 2nd argument. I suggest instead of declaring the array with c_void_p (void*) to use a non pointer type like a 64 bit sized integer or the actual definition of a module handle like HINSTANCE or HMODULE.
thank you I will test it
 

Similar threads

Community Mods