flat assembler
Message board for the users of flat assembler.

Home Search Register
Log in to check your private messages Log in

Index > Windows > MODULE32 64 bit definition?
Author
Thread Post new topic Reply to topic
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 05 Oct 2024, 00:00
So I defined MODULE32 struct in fasm like this:

struct MODULEENTRY32
dwSize dd ?
th32ModuleID dd ?
th32ProcessID dd ?
GlblcntUsage dd ?
ProccntUsage dd ?
modBaseAddr dq ?
modBaseSize dd ?
hModule dq ?
szModule rb MAX_MODULE_NAME32+1
szExePath rb MAX_PATH
ends

but Module32First fails with GetLastError 0x57, i'm coding in 64 bit, any ideas?
Post 05 Oct 2024, 00:00
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20625
Location: In your JS exploiting you and your system
revolution 05 Oct 2024, 02:10
In Win32 all addresses and handles are dwords.
Code:
MAX_MODULE_NAME32       = 255
MAX_PATH                = 260

struc MODULEENTRY32 {
        .dwSize                 dd      ?
        .th32ModuleID           dd      ?
        .th32ProcessID          dd      ?
        .GlblcntUsage           dd      ?
        .ProccntUsage           dd      ?
        .modBaseAddr            dd      ?
        .modBaseSize            dd      ?
        .hModule                dd      ?
        .szModule               rb      MAX_MODULE_NAME32+1
        .szExePath              rb      MAX_PATH
}struct MODULEENTRY32
The make a structure 64-bit then I think you need to set all 64-bit dq's to 8 byte alignment.
Post 05 Oct 2024, 02:10
View user's profile Send private message Visit poster's website Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4226
Location: vpcmpistri
bitRAKE 05 Oct 2024, 04:49
extra_12345 wrote:
i'm coding in 64 bit, any ideas?
Code:
struct MODULEENTRY32
        dwSize          dd ?
        th32ModuleID    dd ?
        th32ProcessID   dd ?
        GlblcntUsage    dd ?
        ProccntUsage    dd ?
                __0     dd ?    ; needed for alignment of following qword
        modBaseAddr     dq ?
        modBaseSize     dd ?
                __1     dd ?    ; needed for alignment of following qword
        hModule         dq ?
        szModule        rb MAX_MODULE_NAME32+1
        szExePath       rb MAX_PATH
                __2     dd ?    ; needed for alignment of structure
ends
assert sizeof MODULEENTRY32 = 568
... another way to debug the error is to step into the function and check the allowed sizes of the structure.

_________________
¯\(°_o)/¯ “languages are not safe - uses can be” Bjarne Stroustrup
Post 05 Oct 2024, 04:49
View user's profile Send private message Visit poster's website Reply with quote
macomics



Joined: 26 Jan 2021
Posts: 1147
Location: Russia
macomics 05 Oct 2024, 04:55
Code:
; typedef struct tagMODULEENTRY32 {
;   DWORD   dwSize;
;   DWORD   th32ModuleID;
;   DWORD   th32ProcessID;
;   DWORD   GlblcntUsage;
;   DWORD   ProccntUsage;
;   BYTE    *modBaseAddr;
;   DWORD   modBaseSize;
;   HMODULE hModule;
;   char    szModule[MAX_MODULE_NAME32 + 1];
;   char    szExePath[MAX_PATH];
; } MODULEENTRY32;

MAX_MODULE_NAME32       = 255
MAX_PATH                = 260

struc MODULEENTRY32A {
  .dwSize           dd ?
  .th32ModuleID     dd ?
  .th32ProcessID    dd ?
  .GlblcntUsage     dd ?
  .ProccntUsage     dd ?
  .alignment32_0    dd ? ; zero
  .modBaseAddr      dq ?
  .modBaseSize      dd ?
  .alignment32_1    dd ? ; zero
  .hModule          dq ?
  .szModule         db (MAX_MODULE_NAME32 + 1) dup ?
  .szExePath        db MAX_PATH dup ?
}

struc MODULEENTRY32W {
  .dwSize           dd ?
  .th32ModuleID     dd ?
  .th32ProcessID    dd ?
  .GlblcntUsage     dd ?
  .ProccntUsage     dd ?
  .alignment32_0    dd ? ; zero
  .modBaseAddr      dq ?
  .modBaseSize      dd ?
  .alignment32_1    dd ? ; zero
  .hModule          dq ?
  .szModule         du (MAX_MODULE_NAME32 + 1) dup ?
  .szExePath        du MAX_PATH dup ?
}
Post 05 Oct 2024, 04:55
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 4226
Location: vpcmpistri
bitRAKE 05 Oct 2024, 05:12
In 64-bit, the MODULEENTRY32A structure size does need to be a multiple of eight.
Post 05 Oct 2024, 05:12
View user's profile Send private message Visit poster's website Reply with quote
extra_12345



Joined: 21 Apr 2020
Posts: 45
extra_12345 07 Oct 2024, 16:36
thanks guys, this worked fine:

Code:
struct MODULEENTRY32
    dwSize          dd ?                     ; 4 bytes
    th32ModuleID    dd ?                     ; 4 bytes
    th32ProcessID   dd ?                     ; 4 bytes
    GlblcntUsage    dd ?                     ; 4 bytes
    ProccntUsage    dd ?                     ; 4 bytes
                    rd 1                     ; Insert 4 bytes of padding for alignment of next 64-bit field
    modBaseAddr     dq ?                     ; 8 bytes (64-bit pointer)
    modBaseSize     dd ?                     ; 4 bytes
                    rd 1                     ; Insert 4 bytes of padding for alignment of next 64-bit field
    hModule         dq ?                     ; 8 bytes (64-bit handle)
    szModule        rb MAX_MODULE_NAME32 + 1 ; 256 bytes (char array)
    szExePath       rb MAX_PATH              ; 260 bytes (char array)
                    rd 1
ends
Post 07 Oct 2024, 16:36
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Main index Download Documentation Examples Message board

Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.