stackoom
  简体   繁体   中英

get x64 process module base address from x86 app

 原文  2016-05-11 04:10:45       windows/ winapi

Question

How would one get the base address of a module in a x64 process from a x86(32bit) app. i have no problem getting the process id with NtQuerySystemInformation but CreateToolhelp32Snapshot and EnumProcesses both fail to get the x64 process modules, are there any other ways to do this like any undocumented functions im missing?

1 answers

solution1
 0  2016-05-11 08:21:13

You can achieve this by parsing PEB structure. It's undocumented but it's not changing between systems: http://www.nirsoft.net/kernel_struct/vista/PEB.html

Interesting part for you is PEB->Ldr->InLoadOrderModuleList.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Process memory, GPU shared memory and x86 process on x64 windows address space RXTX x64 and x86 is it possible to cross-compile from x86(x64) windows to x86(x64) linux? Injecting a x86 target with a x86 dll from a x64 injector Windows x64 vs x86: Hardware vs. OS vs. process Module machine 'x64' conflicts with target machine 'x86' Windows development: x86 to x64 transition Compiling for both x86 and x64 Implement x86 to x64 assembly code switch Compile unmanaged executable for BOTH x86 and x64
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM