Menu
I've got a running process which is using 'Test.dll'. I would like to know the exact memory location of the start of Test.dll in memory, but can't seem to be able to.
My main problem is that I need to write to an offset from this DLL, but I can't exactly type in Test.dll+some offset when I use Read/WriteProcessMemory.
Any help would be greatly appreciated.
514
Okay, so one way to do it is to use the value returned by GetModuleHandle(). Yes, it returns a HANDLE, but you can cast that to the appropriate pointer type. Compare to the module's address range in the Modules window of Visual Studio and you'll see it is the same as the starting value for the range.
A better way to do it is to use GetModuleInformation(). The first field of the MODULEINFO structure you pass will contain the base address of the DLL.
Though according to the documentation of MODULEINFO:
The load address of a module is the same as the HMODULE value.
So I guess just using the HMODULE and casting is okay. Whatever you want to do, I guess.
If you want to get the info for a remote process, use EnumProcessModules().
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
