Return memory address of specific function

[murakami]

For example, for a cheat engine type WriteProcessMemory at memory viewer> goto address to get the writeprocessmemory address of kernel32.
can I do this with AHK? I want to get the address of oridnal8 function of ntdll32.

 

[#Rin]

address := DllCall("GetProcAddress", "Ptr", DllCall("GetModuleHandle", "Str", "kernel32.dll"), "Str", "WriteProcessMemory", "Ptr")
MsgBox % format("0x{:X}", address)

?

 

[murakami]

address := DllCall("GetProcAddress", "Ptr", DllCall("GetModuleHandle", "Str", "kernel32.dll"), "Str", "WriteProcessMemory", "Ptr")
MsgBox % format("0x{:X}", address)

?

Thank you for answer. How do I use the functionality of a particular process? For example, I want to get the ordinal8 function address of svchost.exe.

 

[#Rin]

Process, Exist, "svchost.exe"
hKernel32RemoteProcess := GetModulesBaseAddrByName(ErrorLevel, "kernel32.dll")
hKernel32 := DllCall("GetModuleHandle", "Str", "kernel32.dll")
WriteProcessMemoryAddr := DllCall("GetProcAddress", "UInt", hKernel32, "Str", "WriteProcessMemory", "UInt")
WriteProcessMemoryAddrRemoteProcess := hKernel32RemoteProcess + WriteProcessMemoryAddr - hKernel32
MsgBox, % format("0x{:X}", WriteProcessMemoryAddrRemoteProcess)

GetModulesBaseAddrByName(pid, DllName)
{
    static TH32CS_SNAPMODULE = 8, INVALID_HANDLE_VALUE = -1
    VarSetCapacity(MODULEENTRY32, 1064, 0)
    NumPut(1064, MODULEENTRY32)
   
    hSnapshot := DllCall("CreateToolhelp32Snapshot", "UInt", TH32CS_SNAPMODULE, "UInt", pid)
    if (hSnapshot == INVALID_HANDLE_VALUE)
        return false
   
    if (DllCall("Module32First", "UInt", hSnapshot, "UInt", &MODULEENTRY32))
    {
        pszModule := &MODULEENTRY32 + 32
        if (DllCall("lstrcmpi", "Str", DllName, "UInt", pszModule) == 0)
        {
            DllCall("CloseHandle", "UInt", hSnapshot)
            return NumGet(MODULEENTRY32, 20)
        }
       
        while (DllCall("Module32Next", "UInt", hSnapshot, "UInt", &MODULEENTRY32))
        {
            if (DllCall("lstrcmpi", "Str", DllName, "UInt", pszModule) == 0)
            {
                DllCall("CloseHandle", "UInt", hSnapshot)
                return NumGet(MODULEENTRY32, 20)
            }
        }
    }
    DllCall("CloseHandle", "UInt", hSnapshot)
    return false
}

 

[murakami]

Process, Exist, "svchost.exe"
hKernel32RemoteProcess := GetModulesBaseAddrByName(ErrorLevel, "kernel32.dll")
hKernel32 := DllCall("GetModuleHandle", "Str", "kernel32.dll")
WriteProcessMemoryAddr := DllCall("GetProcAddress", "UInt", hKernel32, "Str", "WriteProcessMemory", "UInt")
WriteProcessMemoryAddrRemoteProcess := hKernel32RemoteProcess + WriteProcessMemoryAddr - hKernel32
MsgBox, % format("0x{:X}", WriteProcessMemoryAddrRemoteProcess)

GetModulesBaseAddrByName(pid, DllName)
{
    static TH32CS_SNAPMODULE = 8, INVALID_HANDLE_VALUE = -1
    VarSetCapacity(MODULEENTRY32, 1064, 0)
    NumPut(1064, MODULEENTRY32)
  
    hSnapshot := DllCall("CreateToolhelp32Snapshot", "UInt", TH32CS_SNAPMODULE, "UInt", pid)
    if (hSnapshot == INVALID_HANDLE_VALUE)
        return false
  
    if (DllCall("Module32First", "UInt", hSnapshot, "UInt", &MODULEENTRY32))
    {
        pszModule := &MODULEENTRY32 + 32
        if (DllCall("lstrcmpi", "Str", DllName, "UInt", pszModule) == 0)
        {
            DllCall("CloseHandle", "UInt", hSnapshot)
            return NumGet(MODULEENTRY32, 20)
        }
      
        while (DllCall("Module32Next", "UInt", hSnapshot, "UInt", &MODULEENTRY32))
        {
            if (DllCall("lstrcmpi", "Str", DllName, "UInt", pszModule) == 0)
            {
                DllCall("CloseHandle", "UInt", hSnapshot)
                return NumGet(MODULEENTRY32, 20)
            }
        }
    }
    DllCall("CloseHandle", "UInt", hSnapshot)
    return false
}

you're so great. I really appreciate your help !!