Hi people,

I currently have code that lists all the current processes running on the system.

I am needing to get the IMAGE_DOS_HEADER, IMAGE_OPTIONAL_HEADER, and IMAGE_IMPORT_DESCRIPTOR infomation from one of the processes.

I can easily get the process handle (OpenProcess()) from the process id (i am obtaining to process id via CreateToolhelp32Snapshot() Process32First() etc.)

What is the difference between HMOD and a HANDLE?

The code i would use is as follows, where hMod is a module handle

IMAGE_DOS_HEADER * ImageDosHeader = (IMAGE_DOS_HEADER *)hMod;
IMAGE_OPTIONAL_HEADER * ImageOptionalHeader = (IMAGE_OPTIONAL_HEADER *)((BYTE *)hMod + ImageDosHeader->e_lfanew + 24);
IMAGE_IMPORT_DESCRIPTOR * ImageImportDescriptor = (IMAGE_IMPORT_DESCRIPTOR *)((BYTE *)hMod + ImageOptionalHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_IMPORT].VirtualAddress);


Can anyone shead some light?

HMODULE is a handle to a library that you load
http://www.codeguru.com/cpp/w-p/dll/tips/article.php/c3635/

Here is detailed description of what is what regarding Portable Executable format along with sample code,

Microsoft Portable Executable and Common Object File Format Specification (http://www.microsoft.com/whdc/system/platform/firmware/PECOFF.mspx)

Inside Windows: An In-Depth Look into the Win32 Portable 1 (http://msdn.microsoft.com/msdnmag/issues/02/02/PE/)

Inside Windows: An In-Depth Look into the Win32 Portable 2 (http://msdn.microsoft.com/msdnmag/issues/02/03/PE2/)

Thanks for both of your replys.

I have managed to get the IMAGE_DOS_HEADER etc. code working when calling LoadLibrary("prog.exe"); however, this loads prog.exe into my programe and returns the HMODULE to it relitive to my programe. This means any changes i make to the IMAGE_DOS_HEADER etc. infomation is only for the one instance loaded form my programe. This makes sence.

What i need to do is some how get the address of an already running process so i can do the same thing to the process that is already running.

Im not sure if im explaning this in the best way, if what im saying doesnt make sence let me know and il try and explane it in a better way.

Thanks :)

I don't understand what exactly you're wanting to do.

You put "LoadLibrary" and ".exe" in one phrase, which is possible but I'm thinking you may be getting some things mixed up here.
An HMODULE is (apart from the label "handle" it's usually given) also a linear offset to the base address of where a module was loaded but that only applies to where you load a module into the process context of the executing code.

What i need to do is some how get the address of an already running process so i can do the same thing to the process that is already running.

Either I'm just reading this wrong somehow or what you're trying to do is impossible.
You can not get an HMODULE or any similar kind of pointer to a base offset of another process in your current process context.
You simply cannot reference any process by means of a pointer to it because of the simple fact that different processes under the win32 subsystem execute in different segments.

So, all that aside, could you please be somewhat clearer about what you're trying to do?