rendari Posted July 8, 2010 Posted July 8, 2010 (edited) Hello all, I need to get some quick dirty patching done. Which APIs let you retrieve the Imagebase of a module in another process? I'm looking to get the ImageBase of a DLL loading into another process. Been googling a bit but cant seem to find it and its slipped my memory Thanks -r Edited July 8, 2010 by rendari
atom0s Posted July 8, 2010 Posted July 8, 2010 tlhelp32: http://msdn.microsoft.com/en-us/library/ms686832%28VS.85%29.aspx CreateToolhelp32Snapshot Process32First Process32Next Module32First Module32Next psapi: http://msdn.microsoft.com/en-us/library/ms684894%28VS.85%29.aspx EnumProcesses EnumProcessModulesEx Both can achieve the same thing, up to you which you wish to use. There are a bunch of examples around the net using both of these libraries. If you need help just ask.
rendari Posted July 8, 2010 Author Posted July 8, 2010 Ended up doing EnumProcessModules and a quick SearchAndReplace in each module. Thanks tho!
izlesa Posted July 9, 2010 Posted July 9, 2010 You also can look at PEB.ImageBaseAddress by ReadProcessMemorybut this way is not documented by ms ^_____^ and may be not compatible with new OSes
metr0 Posted July 9, 2010 Posted July 9, 2010 And what is more, it won't work when trying to get a DLL's imagebase, unfortunately.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now