functionTest.cpp does not work on x64 builds

Rob-- / memoryjs

Read and write process memory in Node.js (Windows API functions exposed via Node bindings)

MIT License

632 stars 86 forks source link

functionTest.cpp does not work on x64 builds #119

Closed clarkewd closed 5 months ago

clarkewd commented 5 months ago

The functionTest.cpp file works as expected when built for x86 but when I build with x64 it appears as if the address is wrong.

For example, when I build and run for x64 I get this output:

Function offset from base: 0x1040
Absolute: 0x1b2f1040

But if I open a debugger and find the address of the function it is showing up as 7FF61B2F1040

clarkewd commented 5 months ago

There might be a better way to do this but this seems to work:

#include <windows.h>
#include <iostream>
#include <TlHelp32.h>

typedef unsigned __int64 QWORD;

float testAdd(float a) {
  std::cout << a << std::endl;
  return a;
}

int main() {
  QWORD offset = (QWORD)testAdd - (QWORD)GetModuleHandle(NULL);
  std::cout << "Function offset from base: 0x" << std::hex << offset << std::dec << std::endl;
  std::cout << "Absolute: 0x" << std::hex << (QWORD)testAdd << std::dec << std::endl;

  getchar();
  return 0;
}