如何在 C 中获取进程的起始/基地址？

这是另一种方式，用 Visual Studio 2015 编写，但应该向后兼容。

 void GetBaseAddressByName(DWORD processId, const _TCHAR *processName)
{
    _TCHAR szProcessName[MAX_PATH] = _TEXT("<unknown>");

    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
        PROCESS_VM_READ,
        FALSE, processId);

    if (NULL != hProcess)
    {
        HMODULE hMod;
        DWORD cbNeeded;

        if (EnumProcessModulesEx(hProcess, &hMod, sizeof(hMod),
            &cbNeeded, LIST_MODULES_32BIT | LIST_MODULES_64BIT))
        {
            GetModuleBaseName(hProcess, hMod, szProcessName,
                sizeof(szProcessName) / sizeof(_TCHAR));
            if (!_tcsicmp(processName, szProcessName)) {
                _tprintf(_TEXT("0x%p\n"), hMod);
            }
        }
    }

    CloseHandle(hProcess);
}

int notmain(void)
{
    DWORD aProcesses[1024];
    DWORD cbNeeded;
    DWORD cProcesses;

    // Get the list of process identifiers.
    if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded))
        return 1;

    // Calculate how many process identifiers were returned.
    cProcesses = cbNeeded / sizeof(DWORD);

    // Check the names of all the processess (Case insensitive)
    for (int i = 0; i < cProcesses; i++) {
        GetBaseAddressByName(aProcesses[i], _TEXT("SpiderSolitaire.exe"));
    }

    return 0;
}

原文由 Orwellophile 发布，翻译遵循 CC BY-SA 4.0 许可协议