Finding the memory address of a loaded DLL in a pr

2019-06-27 03:35发布

问题:

I've got a running process which is using 'Test.dll'. I would like to know the exact memory location of the start of Test.dll in memory, but can't seem to be able to.

My main problem is that I need to write to an offset from this DLL, but I can't exactly type in Test.dll+some offset when I use Read/WriteProcessMemory.

Any help would be greatly appreciated.

回答1:

Okay, so one way to do it is to use the value returned by GetModuleHandle(). Yes, it returns a HANDLE, but you can cast that to the appropriate pointer type. Compare to the module's address range in the Modules window of Visual Studio and you'll see it is the same as the starting value for the range.

A better way to do it is to use GetModuleInformation(). The first field of the MODULEINFO structure you pass will contain the base address of the DLL.

Though according to the documentation of MODULEINFO:

The load address of a module is the same as the HMODULE value.

So I guess just using the HMODULE and casting is okay. Whatever you want to do, I guess.

If you want to get the info for a remote process, use EnumProcessModules().



标签: c++ memory dll