rendari Posted July 8, 2010 Share Posted July 8, 2010 (edited) Hello all, I need to get some quick dirty patching done. Which APIs let you retrieve the Imagebase of a module in another process? I'm looking to get the ImageBase of a DLL loading into another process. Been googling a bit but cant seem to find it and its slipped my memory Thanks -r Edited July 8, 2010 by rendari Link to comment
atom0s Posted July 8, 2010 Share Posted July 8, 2010 tlhelp32: http://msdn.microsoft.com/en-us/library/ms686832%28VS.85%29.aspx CreateToolhelp32Snapshot Process32First Process32Next Module32First Module32Next psapi: http://msdn.microsoft.com/en-us/library/ms684894%28VS.85%29.aspx EnumProcesses EnumProcessModulesEx Both can achieve the same thing, up to you which you wish to use. There are a bunch of examples around the net using both of these libraries. If you need help just ask. Link to comment
rendari Posted July 8, 2010 Author Share Posted July 8, 2010 Ended up doing EnumProcessModules and a quick SearchAndReplace in each module. Thanks tho! Link to comment
izlesa Posted July 9, 2010 Share Posted July 9, 2010 You also can look at PEB.ImageBaseAddress by ReadProcessMemorybut this way is not documented by ms ^_____^ and may be not compatible with new OSes Link to comment
metr0 Posted July 9, 2010 Share Posted July 9, 2010 And what is more, it won't work when trying to get a DLL's imagebase, unfortunately. Link to comment
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now