Index
> Windows > get base with handle. |
| Author |
|
|
Overflowz 26 Jul 2011, 21:32
I know that GetModuleHandle gets handle of loaded modules in executable, but how can I find it's base ? I know, it's really noobish question.
Regards. |
|||
26 Jul 2011, 21:32 |
|
|
revolution 26 Jul 2011, 21:56
IIRC GetModuleHandle() == base address.
|
|||
|
26 Jul 2011, 21:56 |
|
|
vid 26 Jul 2011, 22:46
What do you need process base for?
|
|||
|
26 Jul 2011, 22:46 |
|
|
Overflowz 26 Jul 2011, 23:02
Hi, I'm trying to hook some API calls for remote processes to filter "bad actions". I've written DLL to inject in process that will call GetModuleHandle+GetProcAddress and then hook it but GetProcAddress fails. using user32.dll and MessageBoxA API. and using detour hooking method from examples section.
EDIT: Sorry, I was using bad arguments in GetProcAddress API..  Never mind, I solved it. Thanks! |
|||
|
26 Jul 2011, 23:02 |
|
|
vid 26 Jul 2011, 23:51
Interesting, usually things which do "bad actions" such as hooking don't use GetModuleHandle+GetProcAddress. They usually try to determine module base address themselves, and then search export table manually. What process is that, if I may know?
PS: On unrelated matter, if you are by any chance interested in how to search export table manually, try IczLion's old tutorial. |
|||
|
26 Jul 2011, 23:51 |
|
|
Overflowz 27 Jul 2011, 00:13
vid
Hi, I'm trying easy way with detour example. Here's algorithm: Code: After injecting DLL, it modifies first 5 bytes of API call with JMP XXXXX instruction that points to hook procedure which will filter arguments and if everything is okay, then it will execute normally, else, it will modify arguments. That's all. I've done it now. Thanks anyway
If someone want source I can post it but, many people can use it only for harm.. Regards. |
|||
|
27 Jul 2011, 00:13 |
|
< Last Thread | Next Thread > |
Forum Rules:
|