From: http://blog.csdn.net/firefoxbug/article/details/7201351

下面代码是通过进程ID来获取进程的基地址，创建一个进程快照后，读取进程模块，一般情况下第一个模块就是进程的基地址，下面的程序通过模块的字符串匹配来找到基地址。通过MODULEENTRY32来读取，下面是代码：

#include <Windows.h>
#include <Tlhelp32.h>
#include <stdio.h>HMODULE fnGetProcessBase(DWORD PID);
DWORD GetLastErrorBox(HWND hWnd, LPSTR lpTitle) ;int main()
{HMODULE hModule = fnGetProcessBase(6520);printf("%X",hModule);return 0;
}HMODULE fnGetProcessBase(DWORD PID)
{//获取进程基址HANDLE hSnapShot;//通过CreateToolhelp32Snapshot和线程ID，获取进程快照hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);if (hSnapShot == INVALID_HANDLE_VALUE){GetLastErrorBox(NULL,"无法创建快照");return NULL;}MODULEENTRY32 ModuleEntry32;ModuleEntry32.dwSize = sizeof(ModuleEntry32);if (Module32First(hSnapShot, &ModuleEntry32)){do {TCHAR szExt[5];strcpy(szExt, ModuleEntry32.szExePath + strlen(ModuleEntry32.szExePath) - 4);for (int i = 0;i < 4;i++){if ((szExt[i] >= 'a')&&(szExt[i] <= 'z')){szExt[i] = szExt[i] - 0x20;}}if (!strcmp(szExt, ".EXE")){CloseHandle(hSnapShot);return ModuleEntry32.hModule;}} while (Module32Next(hSnapShot, &ModuleEntry32));}CloseHandle(hSnapShot);return NULL;}// 显示错误信息  
DWORD GetLastErrorBox(HWND hWnd, LPSTR lpTitle)  
{  LPVOID lpv;  DWORD dwRv;  if (GetLastError() == 0) return 0;  dwRv = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |  FORMAT_MESSAGE_FROM_SYSTEM,  NULL,  GetLastError(),  MAKELANGID(LANG_ENGLISH, SUBLANG_ENGLISH_US),  (LPSTR)&lpv,  0,  NULL);  MessageBox(hWnd, (LPCSTR)lpv, lpTitle, MB_OK);  if(dwRv)  LocalFree(lpv);  SetLastError(0);  return dwRv;  
}