high6 Posted April 16, 2009 Share Posted April 16, 2009 Is there a way to get the imagebase of the assembly in memory with the Assembly class? Link to comment
Malakai Posted May 2, 2009 Share Posted May 2, 2009 You can P/Invoke the PSAPI.dll and use GetModuleInformation [StructLayout(LayoutKind.Sequential)] public struct MODULEINFO { public IntPtr lpBaseOfDll; public uint SizeOfImage; public IntPtr EntryPoint; } [DllImport("psapi.dll", SetLastError = true)] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool GetModuleInformation(IntPtr hProcess, IntPtr hModule, out MODULEINFO lpmodinfo, uint countBytes);That's from Blackstorm's RE framework. Link to comment
high6 Posted May 4, 2009 Author Share Posted May 4, 2009 Problem is, how do you get the Assembly's "hModule"? Link to comment
revert Posted May 4, 2009 Share Posted May 4, 2009 foreach (ProcessModule mod in Process.GetCurrentProcess().Modules) { if (mod.ModuleName == "MyModule") { MessageBox.Show(mod.BaseAddress.ToString("X8")); } }Standard .NET code. You just need to include "using System.Diagnostics". Link to comment
high6 Posted May 4, 2009 Author Share Posted May 4, 2009 The assembly wasn't loaded with LoadLibrary though so it isn't in the module list.At this point I am probably gonna look at SOS.dll's dumpdomain function. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now