|
Click to See Complete Forum and Search --> : getting dll address in memory joecool August 7th, 2005, 08:47 PM hello, I'd need to get the base address of a dll that is loaded in memory, in order to pacth some parts of it using WriteProcessMemory API. what API should I use and how ? thanks in advance. philkr August 8th, 2005, 03:15 AM You can get the base address with GetModuleHandle(). But every process has its own address space. joecool August 8th, 2005, 09:52 AM thanks for your answer ! I got this working. But now I have an other problem. I use VirtualProtectEx to set the memory bytes in need to patch to PAGE_EXECUTE_READWRITE before patching them with WriteProcessMemory. This runs fine on WinXP but VirtualProtectEx fails on Win2k :/ any idea on how I should do it ? philkr August 8th, 2005, 10:35 AM Maybe you don't have the required rights. Did you logon as administrator? What access did you acquire when calling OpenProcess()? If you only want to write to the memory PAGE_READWRITE will do. No need for execute. joecool August 8th, 2005, 01:01 PM Yes i'm logged as administrator. I called OpenProcess like this: OpenProcess(PROCESS_VM_WRITE | PROCESS_VM_OPERATION,FALSE,PI.dwProcessId) and I tried PAGE_READWRITE before PAGE_EXECUTE_READWRITE. thanks for helping me I really don't know what do to. joecool August 10th, 2005, 01:23 PM hmm seems like actually I have a problem with GetModuleHandle() I call it like this: HANDLE hnwin = GetModuleHandle("dllname.dll"); and return value is NULL how could I solve this ? golanshahar August 10th, 2005, 03:40 PM if GetModuleHandle(..) return you NULL that mean that the "dllname.dll" was not loaded to memory. in order to load it to memory you should call the ::LoadLibrary(..) (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wcecoreos5/html/wce50lrfloadlibrary.asp) api. Cheers joecool August 10th, 2005, 11:22 PM thanks for your answer. but actually the dll is loaded by another process. I know it has been loaded since I can see it in winhex RAM editor. What I'm trying to do is to code a little loader to patch that dll in memory and so I need to get it's address. KobayashiMaru August 11th, 2005, 12:13 AM Don't you still have to call LoadLibrary so that the DLL gets paged into your address space? philkr August 11th, 2005, 02:52 AM thanks for your answer. but actually the dll is loaded by another process. I know it has been loaded since I can see it in winhex RAM editor. What I'm trying to do is to code a little loader to patch that dll in memory and so I need to get it's address. Despite this, you will have to use LoadLibrary, because you can only get the address if the dll is mapped to your address space. If it still does not work, this article might be interesting for you: http://www.codeproject.com/threads/winspy.asp#section_3 joecool August 20th, 2005, 10:16 PM I'm sorry, I forgot to thank you guys. Actually I used EnumProcessModules() which worked very well. anyway thanks a lot for helping me out. codeguru.com
Copyright Internet.com Inc., All Rights Reserved. |
|