Finding The Baseaddress Of A Running Process
Solution 1:
I did manage to find a solution for python 3.5 32-bit and 64 bit.
For 32 bit I used psutil and pymem (as already suggested on this question).:
import psutil
import pymem
my_pid = None
pids = psutil.pids()
for pid in pids:
ps = psutil.Process(pid)
# find process by .exe name, but note that there might be more instances of solitaire.exeif"solitaire.exe"in
my_pid =
print( "%s running with pid: %d" % (, )
base_address = pymem.process.base_address(pid)
For 64 bit pymem was not working. I found suggestions using win32api.GetModuleHandle(fileName) but it required win32api.LoadLibrary(fileName) which was not using an already running process.
Therefore I found this suboptimal solution, since this returns a whole list of possibilities:
import win32process
import win32api
# first get pid, see the 32-bit solution
processHandle = win32api.OpenProcess(PROCESS_ALL_ACCESS, False, my_pid)
modules = win32process.EnumProcessModules(processHandle)
base_addr = modules[0] # for me it worked to select the first item in list...
Solution 2:
See How to enumerate modules in python 64bit for some good code to use. You are looking for 'modBaseAddr'.
For more info on tagMODULEENTRY32, see
You could also use pymem ('obsolete' project but still works) with the following code (you want modBaseAddr):
for m inself.listModules():
if m.szModule==szModule:
print m.szModule, m.szExePath, m.modBaseAddr
Post a Comment for "Finding The Baseaddress Of A Running Process"