如何获取程序的内存地址 [英] How to get memory address of procedure

问题描述

我该怎么办？得到我项目中任何程序的地址？
SEE https://github.com/korbaSzael/u-dze-a文件gra / Biblioteki.cs或gra / bin / gebug / gra。 exe - >主窗口 - >菜单 - > Pomoc-> Biblioteki

我需要更正导出表中每个条目的导出地址，因为它给我RVA地址，我需要转换到内存
地址才可以调用它远离其他进程和Visual Studio之外的其他编程语言。

 我使用了委托，Func<>或Action<>如下所示，但它返回
在我加载到内存程序之外的地址，因此它也无法用于修复导出表。 
 
 void static myProc（）{} 
委托myDelegate = new Action（myProc）; 
 // GCHandle gch = GCHandle.Alloc（myDelegate）; //用于非静态程序
 IntPtr ptr = Marshal.GetFunctionPointerForDelegate（myDelegate）;  

如何从我的应用程序加载到内存中的导出表中获取内存地址？

和第二个问题是Visual Studio无法为* .DLL文件设置导入地址表和导出地址表。查看gra / DLL并通过单击表单上的ładujbibliotekę按钮将其加载到进程中Biblioteki然后选择文件gra / dll.dll。然后在上部组合框中选择dll.dll
来查看其详细信息并导出和导入地址。看到Visual Studio无法设置地址表。我如何使Visual Studio成为可能填写DLL的导出和导入表？

以下代码：

     DataTable tableExports = null;

     private void bExports_Click（object sender，EventArgs e）

      {

       tableExports = new DataTable（）;

       tableExports.Columns.Add（" export name" ，typeof（string））;

       tableExports.Columns.Add（" address"，typeof（cAddress））;

       tableExports.Columns.Add（" size"，typeof（cSize））;

        ;   IntPtr pHandle = OpenProcess（0x1F0FFF，true，（comboBox2.SelectedItem as cbProcess）.id）;
$
         ulong baseOfDll;

       &nbs磷;布尔状态;

                status = SymInitialize（pHandle，null，false）;

                baseOfDll = SymLoadModuleEx（pHandle，IntPtr.Zero，（comboBox1.SelectedItem as cbModule）。file，null，0,0，IntPtr.Zero，0）;

                if（baseOfDll！= 0&& SymEnumerateSymbols64（pHandle，baseOfDll，EnumSyms，IntPtr.Zero）！= false）

                {

                    dataGridView1.DataSource = tableExports;

                    （dataGridView1.DataSource as DataTable）.DefaultView.Sort =" export name";

                }¥b $ b                SymCleanup（pHandle）;

                CloseHandle（pHandle）;

            }¥b $ b        public bool EnumSyms（string name，ulong address，uint givenSize，IntPtr context）

        {

            tableExports.Rows.Add（name，new cAddress {address = address}，new cSize {size = givenSize}）;

           返回true;

        }

上面为DLL和EXE文件返回导出表中每个条目的RVA（相对虚拟地址）。但它加载模块，获取RVAs和卸载模块。因为我得到了我的模块基地址：

Process [] processTable = Process.GetProcesses（）;

baseAddress = processTable [myProcess] .Modules [myModule] .BaseAddress;

因此，对于该模块的任何模块和基本内存地址的每个过程，我都有RVA，

所有我需要做的是计算VA（程序在物理上的实际内存地址）。我知道

必须重新计算：

必须从RVA中减去一些值，然后再添加基本内存地址......

如何得到那个值（我必须减去），因为它应该位于文件头中的某个地方 

模块我可以读取该文件内容因为我知道它的基地地址?????????

 
  static     void   foo  （）  
   {  
  }   
 
   static     void     Main  （  string   []   args  ）  
   {  
   Delegate   fooDelegate   =     new     Action  （  foo  ）;   
 
   IntPtr   p   =     Marshal  。  GetFunctionPointerForDelegate  （  fooDelegate  ）;   
 
  控制台 。  WriteLine  （  p  ）;   
  }  
 
 以上代码从我的程序模块外部返回工作代码，可能在某个时间点不存在 
 

解决方案

如果有任何代码可以手动遍历我的程序导出地址表，这将有助于导出表中应该有所有内存地址，因为我所做的是相对地址，不知道如何将其转换为实际内存地址。

任何人都知道怎么做而不调用任何外部函数，因为我知道我的程序的基地址????? ?????????????????? b

SEE https://github.com/korbaSzael/u-dze-a

How can I get address of any procedure in my project? SEE https://github.com/korbaSzael/u-dze-a file gra/Biblioteki.cs or gra/bin/gebug/gra.exe -> Main window->Menu->Pomoc->Biblioteki
I need to correct export address for each entry in export table because it gives me RVA address that i need to transform into memory address before i would be able to call it remotely from other process and from other programing language than Visual Studio.

I used delegates, Func<> or Action<> like below but it returns address which 
is outside of my loaded into memory program so it is also no use in fixing export tables.

void static myProc(){}
Delegate myDelegate = new Action(myProc);
// GCHandle gch = GCHandle.Alloc(myDelegate);// for nonstatic procedures
IntPtr ptr = Marshal.GetFunctionPointerForDelegate(myDelegate);

How can I get memory address from export table which lies inside my app loaded into memory?

AND second issue is that Visual Studio fails to set import address table and export address table for *.DLL files. SEE gra/DLL and load it into process by clicking ładuj bibliotekę button on form Biblioteki and than choose file gra/dll.dll. Then select dll.dll in upper combobox to view its details and export and import addresses. SEE that Visual Studio failed to set address tables. HOW can i make Visual Studio to fill export and import tables for DLL?

There is code below:

        DataTable tableExports = null;
        private void bExports_Click(object sender, EventArgs e)
        {
            tableExports = new DataTable();
            tableExports.Columns.Add("export name", typeof(string));
            tableExports.Columns.Add("address", typeof(cAddress));
            tableExports.Columns.Add("size", typeof(cSize));
                IntPtr pHandle = OpenProcess(0x1F0FFF, true, (comboBox2.SelectedItem as cbProcess).id);
                ulong baseOfDll;
                bool status;
                status = SymInitialize(pHandle, null, false);
                baseOfDll = SymLoadModuleEx(pHandle, IntPtr.Zero, (comboBox1.SelectedItem as cbModule).file, null, 0, 0, IntPtr.Zero, 0);
                if (baseOfDll != 0 && SymEnumerateSymbols64(pHandle, baseOfDll, EnumSyms, IntPtr.Zero) != false)
                {
                    dataGridView1.DataSource = tableExports;
                    (dataGridView1.DataSource as DataTable).DefaultView.Sort = "export name";
                }
                SymCleanup(pHandle);
                CloseHandle(pHandle);
            }
        public bool EnumSyms(string name, ulong address, uint givenSize, IntPtr context)
        {
            tableExports.Rows.Add(name,new cAddress{address = address}, new cSize { size = givenSize });
            return true;
        }

Above returns RVA (relative virtual address) for each entry in export table for both DLL and EXE files. But it loads module, gets RVAs and unloads module. Since I get my module base address from:

Process[] processTable = Process.GetProcesses();

baseAddress = processTable[myProcess].Modules[myModule].BaseAddress;

So, since I have both RVA for each procedure for any module and base memory address for that module,

all I need to do is to calculate VA (real memory address where the procedure is physically). I know

that there must be some recalculation:

some value must be subtracted from RVA and then base memory address added to it...

HOW TO GET that value (which I must subtract) since it should lie somewhere in file header 

of module and I can read that file contents because I know its base address?????????

static void foo()
{
}

static void Main(string[] args)
{
    Delegate fooDelegate = new Action(foo);

    IntPtr p = Marshal.GetFunctionPointerForDelegate(fooDelegate);

    Console.WriteLine(p);
}
above code returns working code from outside of my program module and may not be there at some point in time

解决方案

If there is any code to traverse manually my program Export Address table that would help as there should be all memory addresses in export table because what I do is relative address and do not know how to transform it into real memory address.

Anyone knows how to do it without calling any external functions since I know base address of my program?????????????????

SEE https://github.com/korbaSzael/u-dze-a

这篇关于如何获取程序的内存地址的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！