[.Net] Get ImageBase with Assembly class?

Followers

Posted April 16, 200916 yr

Is there a way to get the imagebase of the assembly in memory with the Assembly class?

3 weeks later...

May 2, 200916 yr

You can P/Invoke the PSAPI.dll and use GetModuleInformation

	[StructLayout(LayoutKind.Sequential)]
	public struct MODULEINFO
	{
		public IntPtr lpBaseOfDll;
		public uint SizeOfImage;
		public IntPtr EntryPoint;
	}		[DllImport("psapi.dll", SetLastError = true)]
		[return: MarshalAs(UnmanagedType.Bool)]
		public static extern bool GetModuleInformation(IntPtr hProcess, IntPtr hModule, out MODULEINFO lpmodinfo, uint countBytes);

That's from Blackstorm's RE framework.

May 4, 200916 yr

Author

Problem is, how do you get the Assembly's "hModule"?

May 4, 200916 yr

			foreach (ProcessModule mod in Process.GetCurrentProcess().Modules)
			{
				if (mod.ModuleName == "MyModule")
				{
					MessageBox.Show(mod.BaseAddress.ToString("X8"));
				}
			}

Standard .NET code. You just need to include "using System.Diagnostics".

May 4, 200916 yr

Author

The assembly wasn't loaded with LoadLibrary though so it isn't in the module list.

At this point I am probably gonna look at SOS.dll's dumpdomain function.

Create an account or sign in to comment

Followers

Go to topic listing

Sign In

[.Net] Get ImageBase with Assembly class?

Featured Replies

Create an account or sign in to comment

Account

Navigation

Search

Configure browser push notifications

Chrome (Android)

Chrome (Desktop)

Safari (iOS 16.4+)

Safari (macOS)

Edge (Android)

Edge (Desktop)

Firefox (Android)

Firefox (Desktop)