Hi, Can someone provide MODULEINFO structure in MASM64?
invoke GetModuleInformation, hProcess, qword ptr [rax], addr modInfo, sizeof MODULEINFO

I realized that MODULEINFO structure is not defined anywhere!

I found the way I have define that struct in MASM64:
MODULEINFO STRUCT
lpBaseOfDll DQ ? ; Base address of module
SizeOfImage DQ ? ; Size of the module in bytes
EntryPoint DQ ? ; Entry point of the module
MODULEINFO ENDS

GetModuleInformation return proper value.

typedef struct _MODULEINFO {

LPVOID lpBaseOfDll; //4 on x32, 8 on x64

DWORD SizeOfImage; //4 on both

LPVOID EntryPoint; //4 on x32, 8 on x64

} MODULEINFO, *LPMODULEINFO;

2 hours ago, BfoX said:

typedef struct _MODULEINFO {

LPVOID lpBaseOfDll; //4 on x32, 8 on x64

DWORD SizeOfImage; //4 on both

LPVOID EntryPoint; //4 on x32, 8 on x64

} MODULEINFO, *LPMODULEINFO;

This is what I thought at first; anyway declarated like this doesn't works;
SizeOfImage has to be also a qword.

You missed alignment of struct members, I guess.

Code sample (Compiled using VS 2022, MASM template):

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
;
; MODULEINFO (64bit) code sample (FYI - THERE IS NO OUTPUT)
; Retrieves info about the current process main module and stores its base address, image
; size, and entry point into your MODULEINFO structure, then exits.
;
; Notes:
; Aligns the stack and sets up a proper Windows x64 call frame.
; Gets the current process handle using GetCurrentProcess.
; Gets the HMODULE of the running EXE using GetModuleHandleA(NULL).
; Calls GetModuleInformation with :
; RCX = process handle
; RDX = module handle
; R8 = pointer to your modInfo struct
; R9D = size of the struct (24 bytes)
; Writes into modInfo :
; lpBaseOfDll — module base address
; SizeOfImage — full PE image size
; EntryPoint — module entry point RVA resolved to VA
; Calls ExitProcess(0)
; 
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

includelib kernel32.lib
includelib psapi.lib

extern GetCurrentProcess    : proc
extern GetModuleHandleA : proc
extern GetModuleInformation : proc
extern ExitProcess : proc

; Define structure with explicit 8 - byte alignment
MODULEINFO STRUCT 8
lpBaseOfDll    QWORD ?
SizeOfImage    DWORD ?
EntryPoint     QWORD ?
MODULEINFO ENDS

.data
modInfo MODULEINFO <>

.code
main proc
; 16 - BYTE ALIGNMENT
push rbp; Save original RBP
mov rbp, rsp      ; Create stack frame
and rsp, -16      ; Force RSP to be a multiple of 16
sub rsp, 32       ; Allocate Shadow Space(4 registers * 8 bytes)

; 1. Get current process handle
call GetCurrentProcess
mov rbx, rax
; Normally you'd push RBX, but since we 
; call ExitProcess, we never return to the caller.

; 2. Get handle to the current EXE
xor rcx, rcx
call GetModuleHandleA
mov rdx, rax     ; Arg 2: hModule

; 3. Setup arguments for GetModuleInformation
mov rcx, rbx     ; Arg 1: hProcess
lea r8, modInfo  ; Arg 3: lpmodinfo
mov r9d, 24      ; Arg 4: cb (Size of MODULEINFO is exactly 24 bytes)
call GetModuleInformation

; 4. Exit
xor rcx, rcx
call ExitProcess
main endp
end

Edited 3 hours ago3 hr by Stingered

11 hours ago, CodeExplorer said:

Hi, Can someone provide MODULEINFO structure in MASM64?
invoke GetModuleInformation, hProcess, qword ptr [rax], addr modInfo, sizeof MODULEINFO

I realized that MODULEINFO structure is not defined anywhere!

Are you using hutch's MASM64 SDK? Yes unfortunately it does not have that struct.