Hello all,

I need to get some quick dirty patching done. Which APIs let you retrieve the Imagebase of a module in another process? I'm looking to get the ImageBase of a DLL loading into another process. Been googling a bit but cant seem to find it and its slipped my memory

Thanks

-r

Edited July 8, 201015 yr by rendari

tlhelp32: http://msdn.microsoft.com/en-us/library/ms686832%28VS.85%29.aspx

CreateToolhelp32Snapshot

Process32First

Process32Next

Module32First

Module32Next

psapi: http://msdn.microsoft.com/en-us/library/ms684894%28VS.85%29.aspx

EnumProcesses

EnumProcessModulesEx

Both can achieve the same thing, up to you which you wish to use. There are a bunch of examples around the net using both of these libraries. If you need help just ask.

Ended up doing EnumProcessModules and a quick SearchAndReplace in each module. Thanks tho!

You also can look at PEB.ImageBaseAddress by ReadProcessMemory

but this way is not documented by ms ^_____^ and may be not compatible with new OSes

And what is more, it won't work when trying to get a DLL's imagebase, unfortunately.