stackoom
  简体   繁体   中英

getting base address from an exe c++

 原文  2016-01-06 22:22:24       c++/ winapi/ openprocess

Question

I tried to get the base starting address from this exe with openprocess, but I keep crashing when I run the code and I don't really see anything wrong with it. 

HMODULE GetModule(HANDLE han)
{
    HMODULE hMods[1024];
    int i;
    DWORD cbNeeded;
    char szProcessName[MAX_PATH] = "Minesweeper.exe";
    EnumProcessModules(han, hMods, sizeof(hMods), &cbNeeded);
    for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
    {
        TCHAR szModName[MAX_PATH];
        GetModuleFileNameEx(han, hMods[i], szProcessName, sizeof(szModName));
        //printf(TEXT("\t%s (0x%08X)\n"), szModName, hMods[i]);
        if (szModName == szProcessName)
        {
            cout << "FOUND" << endl;
        }
    }
    return 0;
}

1 answers

solution1
 0  2016-01-06 22:58:11

There are several issues with your code:

  • You are using TCHAR , but not using TCHAR consistently.
  • You're using == instead of the correct string comparison function.
  • The call to GetModuleFileNameEx uses the wrong array.

Here is a cleaned up version of your code, with corrections (not tested, but has most if not all of the issues with the code addressed): 

HMODULE GetModule(HANDLE han)
{
    HMODULE hMods[1024];
    int i;
    DWORD cbNeeded;
    TCHAR szProcessName[MAX_PATH] = _T("Minesweeper.exe");
    EnumProcessModules(han, hMods, sizeof(hMods), &cbNeeded);
    for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
    {
        TCHAR szModName[MAX_PATH];
        GetModuleFileNameEx(han, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR));
        if ( _tcscmp(szModName,szProcessName) == 0)
        {
            cout << "FOUND" << endl;
        }
    }
    return 0;
}

Note that the _T() macro is used to represent string literals. Since Microsoft has two character-set build types, and you're using TCHAR , you should have the rest of your strings be TCHAR compatible. Using straight up char , and relying on the character-set build type to save you from a compiler or runtime error is not the way to write the code.

In addition, the sizeof in the call to GetModuleFileNameEx must be divided by sizeof(TCHAR) to be correct.

Also, to address the string comparison, the _tcscmp function is used. This function will be correct regardless of the character-set build type.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question C++: How do I use memory address with a .exe base instead of a .dll base Having issues getting the module base address C++ c/c++ how can i get base address of .exe running process? Getting ptr from memory address with c++ Base address of exe? C++ Getting address of substring Getting contents of an address in C++ Getting address of caller in c++ c++ ReadProcessMemory base address + offset not working C++ get the base address of a allocated section
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM