堆栈内存溢出
  简体   繁体   English

C++ 获取正在运行的进程的 DLL 的基址

[英]C++ Get the Base Address of a DLL of a running process

 原文  2016-08-23 03:39:03       c++/ memory/ module

问题描述

I am trying to read an address from a running process.我正在尝试从正在运行的进程中读取地址。 In order to do this, I have determined the offset of the address from a certain dll of the running process.为了做到这一点,我从正在运行的进程的某个 dll 中确定了地址的偏移量。 So far what I have done is I find the window, I than find the PID of the program and get the handle of it.到目前为止,我所做的是找到窗口,然后找到程序的 PID 并获得它的句柄。 From there I create a snapshot of the program using CreateToolhelp32Snapshot(), which allows me to loop through the modules of the program.从那里我使用 CreateToolhelp32Snapshot() 创建程序的快照,它允许我循环浏览程序的模块。 From there I would like to get the base address of a specific module by name, however I am not sure how to get the name of the modules, this is my current code and where I am stuck.从那里我想通过名称获取特定模块的基地址,但是我不确定如何获取模块的名称,这是我当前的代码以及我卡住的地方。 Is there a simple way I can get the name of the module based on the information I have?有没有一种简单的方法可以根据我拥有的信息获取模块的名称?

// Find the window
hwnd = FindWindow(NULL, L"calculator");
if (!hwnd) {
    cout << "window not found\n";
    cin.get();
}

//Get Process ID
GetWindowThreadProcessId(hwnd, &pid);

HANDLE phandle = OpenProcess(PROCESS_VM_OPERATION, 0, pid);
if (!phandle) {
    cout << "could not get handle\n";
    cin.get();
}
if (snapshot_test != INVALID_HANDLE_VALUE) {

    // First module
    MODULEENTRY32 mod_entry;
    mod_entry.dwSize = sizeof(mod_entry);

    if (Module32First(snapshot_test, &mod_entry)) {
        do {
            DWORD test = (DWORD)(mod_entry.modBaseAddr + 0x46F68 + 10);
            cout << ReadProcessMemory(phandle, (void*)(test), &health, sizeof(health), 0);
        } while (Module32Next(snapshot_test, &mod_entry));
    }
    else (cout << "module32first error");
}
else (cout << "snapshot error")

1 个解决方案

解决方案1
 0  2020-04-01 23:57:00

The MODULEENTRY32.szModule variable contains the name of the module, and MODULEENTRY32.modBaseAddr contains the address of the module itself. MODULEENTRY32.szModule 变量包含模块的名称,MODULEENTRY32.modBaseAddr 包含模块本身的地址。 You can use this function to get the address of a module by passing in it's name.您可以使用此函数通过传入模块名称来获取模块的地址。 It will loop through the modules and find the one with the matching name它将遍历模块并找到具有匹配名称的模块

uintptr_t GetModuleBaseAddress(DWORD procId, const wchar_t* modName)
{
    uintptr_t modBaseAddr = 0;
    HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, procId);
    if (hSnap != INVALID_HANDLE_VALUE)
    {
        MODULEENTRY32 modEntry;
        modEntry.dwSize = sizeof(modEntry);
        if (Module32First(hSnap, &modEntry))
        {
            do
            {
                if (!_wcsicmp(modEntry.szModule, modName))
                {
                    modBaseAddr = (uintptr_t)modEntry.modBaseAddr;
                    break;
                }
            } while (Module32Next(hSnap, &modEntry));
        }
    }
    CloseHandle(hSnap);
    return modBaseAddr;
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 c/c++ 如何获取 .exe 运行进程的基地址? - c/c++ how can i get base address of .exe running process? 如何在C ++中获取进程的起始/基址? - How to get the starting/base address of a process in C++? 获取进程的基址 - Get base address of process C ++获取已分配节的基地址 - C++ get the base address of a allocated section 在C ++的进程中查找加载的DLL的内存地址 - Finding the memory address of a loaded DLL in a process in C++ 没有DLL注入的进程的基址? - Base address of a process without DLL injection? C ++-将代码注入到正在运行的进程中(使用DLL) - C++ - Injecting code into running process (using DLL) C++:如何使用 memory 地址与 a.exe 基址而不是 a.dll 基址 - C++: How do I use memory address with a .exe base instead of a .dll base C ++获取在后台运行的进程失败 - C++ Get failure for process running in background DLL注入后如何获取目标进程的基地址? - How can I get the base address of the target process after DLL injection?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM