Jump to content
Tuts 4 You

[.Net] Get ImageBase with Assembly class?

high6

By high6
in Programming and Coding

Recommended Posts

high6

high6

Posted
Posted

Is there a way to get the imagebase of the assembly in memory with the Assembly class?

  • 3 weeks later...
Malakai

Malakai

Posted
Posted

You can P/Invoke the PSAPI.dll and use GetModuleInformation

	[StructLayout(LayoutKind.Sequential)]
	public struct MODULEINFO
	{
		public IntPtr lpBaseOfDll;
		public uint SizeOfImage;
		public IntPtr EntryPoint;
	}		[DllImport("psapi.dll", SetLastError = true)]
		[return: MarshalAs(UnmanagedType.Bool)]
		public static extern bool GetModuleInformation(IntPtr hProcess, IntPtr hModule, out MODULEINFO lpmodinfo, uint countBytes);

That's from Blackstorm's RE framework.

high6

high6

Posted
  • Author
Posted

Problem is, how do you get the Assembly's "hModule"?

revert

revert

Posted
Posted 
			foreach (ProcessModule mod in Process.GetCurrentProcess().Modules)
			{
				if (mod.ModuleName == "MyModule")
				{
					MessageBox.Show(mod.BaseAddress.ToString("X8"));
				}
			}

Standard .NET code. You just need to include "using System.Diagnostics".

high6

high6

Posted
  • Author
Posted

The assembly wasn't loaded with LoadLibrary though so it isn't in the module list.

At this point I am probably gonna look at SOS.dll's dumpdomain function.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Go to topic listing
×
×
  • Create New...