在C ++进程中查找加载的DLL的内存地址 [英] Finding the memory address of a loaded DLL in a process in C++
问题描述
我的主要问题是我需要写入这个DLL的偏移量,但是当我使用Read / WriteProcessMemory时,我无法正确输入Test.dll +某些偏移量。
任何帮助都将非常感谢。
好的,所以一个方法是使用 GetModuleHandle返回的值()。是的,它返回一个 HANDLE ,但您可以将其转换为适当的指针类型。与Visual Studio的模块窗口中的模块地址范围进行比较,您将看到与范围的起始值相同。
更好的方式它是使用 GetModuleInformation()。 MODULEINFO 的第一个字段结构您通过将包含DLL的基址。
尽管根据MODULEINFO的文档:
模块的加载地址与HMODULE值相同。
所以我猜只是使用HMODULE和铸造是好的无论你想要做什么,我猜想。
如果你想获得远程进程的信息,请使用 EnumProcessModules()。
I've got a running process which is using 'Test.dll'. I would like to know the exact memory location of the start of Test.dll in memory, but can't seem to be able to.
My main problem is that I need to write to an offset from this DLL, but I can't exactly type in Test.dll+some offset when I use Read/WriteProcessMemory.
Any help would be greatly appreciated.
Okay, so one way to do it is to use the value returned by GetModuleHandle(). Yes, it returns a HANDLE, but you can cast that to the appropriate pointer type. Compare to the module's address range in the Modules window of Visual Studio and you'll see it is the same as the starting value for the range.
A better way to do it is to use GetModuleInformation(). The first field of the MODULEINFO structure you pass will contain the base address of the DLL.
Though according to the documentation of MODULEINFO:
The load address of a module is the same as the HMODULE value.
So I guess just using the HMODULE and casting is okay. Whatever you want to do, I guess.
If you want to get the info for a remote process, use EnumProcessModules().
这篇关于在C ++进程中查找加载的DLL的内存地址的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
