Get address for symbol in current process in Windows
Question
On *nix, you can compile a program with -rdynamic or loading dynamic libraries, use dlopen(NULL, RTLD_NOW) to get handle of current process, then use dlsym() with the handle to get address for a symbol within current process.
I am wondering what is the equivalent for doing so on Windows.
1 answers
solution1
0 2017-07-15 03:11:11
On Windows, you can rely on LoadLibrary() and GetProcAddress() APIs, both from kernel32.dll , to load a library and resolve its functions addresses. About GetProcAddr() :
Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
and takes in parameter:
A handle to the DLL module that contains the function or variable. The LoadLibrary, LoadLibraryEx, LoadPackagedLibrary, or GetModuleHandle function returns this handle.
If you want to resolve the adresses within the libraries of the process from an external process, your best bet would be to debug it with DebugActiveProcess and ReadProcessMemory()
You will have to browse the PE Format structures from the base address of the process. Not trivial, but not that hard. This topic is closely related to code injection, but you might want to read Understanding the Imports Address Table
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.