GetModuleHandle

原創 liveownworld 2018-10-15 06:01 

#pragma pack(8)
typedef struct _PROCESS_BASIC_INFORMATION64 {
	NTSTATUS ExitStatus;
	UINT32 Reserved0;
	UINT64 PebBaseAddress;
	UINT64 AffinityMask;
	UINT32 BasePriority;
	UINT32 Reserved1;
	UINT64 UniqueProcessId;
	UINT64 InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION64;
#pragma pack()
typedef
NTSTATUS(WINAPI *pfnNtWow64QueryInformationProcess64)
(HANDLE ProcessHandle, UINT32 ProcessInformationClass,
	PVOID ProcessInformation, UINT32 ProcessInformationLength,
	UINT32* ReturnLength);
typedef
NTSTATUS(WINAPI *pfnNtWow64ReadVirtualMemory64)
(HANDLE ProcessHandle, PVOID64 BaseAddress,
	PVOID BufferData, UINT64 BufferLength,
	PUINT64 ReturnLength);
typedef
NTSTATUS(WINAPI *pfnNtWow64ReadVirtualMemory64_Bin)
(HANDLE ProcessHandle, PVOID BufferData,
	LPCTSTR ModuleName, UINT64 BufferLength,
	PUINT64 ReturnLength);
long long GetModuleHandle64(HANDLE processHandle,LPCTSTR ModuleName)
{
	PROCESS_BASIC_INFORMATION64 pbi64;
	int ret;
	long long ldr;
	long long ModuleHandle;
	long long pName;
	HMODULE NtdllModule = GetModuleHandle(L"ntdll.dll");
	pfnNtWow64QueryInformationProcess64 NtWow64QueryInformationProcess64 = (pfnNtWow64QueryInformationProcess64)GetProcAddress(NtdllModule, "NtWow64QueryInformationProcess64");
	pfnNtWow64ReadVirtualMemory64 NtWow64ReadVirtualMemory64 = (pfnNtWow64ReadVirtualMemory64)GetProcAddress(NtdllModule, "NtWow64ReadVirtualMemory64");
	pfnNtWow64ReadVirtualMemory64_Bin NtWow64ReadVirtualMemory64_Bin = (pfnNtWow64ReadVirtualMemory64_Bin)GetProcAddress(NtdllModule, "NtWow64ReadVirtualMemory64_Bin");
	ret = NtWow64QueryInformationProcess64(processHandle, 0, &pbi64, 48, 0);
	if (ret == 0)
	{
		return 0;
	}
	NtWow64ReadVirtualMemory64(processHandle, (PVOID64)(pbi64.PebBaseAddress + 24), &ldr, 8, 0);
	NtWow64ReadVirtualMemory64(processHandle, (PVOID64)(ldr + 24), &ldr, 8, 0);
	do
	{
		NtWow64ReadVirtualMemory64(processHandle, (PVOID64)(ldr + 48), &ModuleHandle, 8, 0);
		if (ModuleHandle != 0)
		{
			break;
		}
		NtWow64ReadVirtualMemory64(processHandle, (PVOID64)(ldr + 96), &pName, 8, 0);
		NtWow64ReadVirtualMemory64_Bin(processHandle, &pName, ModuleName, sizeof(ModuleName), 0);

	} while (ModuleHandle != 0);
	return ModuleHandle;
}

 

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

24-5-18 X

自 3 月 31 號回來之後,這兩個月像是失去了方向一般,對很多事都提不起興趣。 今天和 X 聊了聊,他還是以前那個熟悉的樣子。 高中的時候,他是我們班裏公認的第一,我們是普通班,但他有着實驗班的實力,事實上,高考時他全校第三,後來去了美國

Higurashi-kagome 2024-06-01 14:30:43

【dubbo】如何測試一個dubbo服務呢?

rpc服務框架——dubbo https://cn.dubbo.apache.org/zh-cn/blog/2023/02/23/一文幫你快速瞭解-dubbo-核心能力/ 自制項目: https://github.com/Jinwenxin

金大鑫要堅持 2024-06-01 14:29:53

kubeconfig 多個集羣配置 如何切換

kubectl config get-contexts kubectl config use-context <context-name> kubectl config current-context

hiningrise 2024-06-01 14:27:53

兩臺windowserver服務器配置Redis哨兵集羣

十年河東,十年河西,莫欺少年窮 學無止境,精益求精 redis下載地址:https://github.com/tporadowski/redis/releases  這裏選擇壓縮版,不選擇安裝版 1、集羣環境  主機master: 局域網

天才臥龍 2024-06-01 14:24:12

oidc-client.js踩坑吐槽貼

前言 前面選用了IdentityServer4做爲認證授權的基礎框架,感興趣的可以看上篇<微服務下認證授權框架的探討>,已經初步完成了authorization-code與implicit的簡易demo(html+js 在IIS部署的站點)

提伯斯 2024-06-01 14:23:02

微盟電商-以造數工廠爲底座的低成本自動化應用實現(一)

微盟電商-以造數工廠爲底座的低成本自動化應用實現 SAAS服務的特點是能夠以同一套代碼基礎,服務各種使用場景的客戶,由此帶來的業務組合與配置的多樣性是造成測試在造數環節以及自動化測試的實施階段面臨繁瑣與困難的根本原因。如何確保自動化的高效實

保軍Baojun 2024-06-01 14:20:12

Mac Brew install慢的問題

# 替換brew.git: jimmy@MacBook-Pro Library % cd "$(brew --repo)" jimmy@MacBook-Pro Homebrew % git remote set-url origin htt

阿 軍 2024-06-01 14:18:02

Vue devDependencies 與 dependencies 能別

Vue devDependencies 與 dependencies 能別,如何往 項目的node_modules安裝組件 概述 devDependencies 用於本地環境開發 只會在開發環境下依賴的模塊,生產環境不會被打入包內(通過

阿 軍 2024-06-01 14:18:02

mysql 超大大數據庫複製前可執行的加速導入的SQL

use 數據庫;set global innodb_flush_log_at_trx_commit=0;set global max_allowed_packet=1024*1024*20;set global bulk_insert_bu

菊花茶 2024-06-01 14:14:21

css25 CSS Tables

https://www.w3schools.com/css/css_table.asp css25 CSS Tables CSS Tables The look of an HTML table can be greatly improv

emanlee 2024-06-01 14:13:21

css29 CSS Layout - The z-index Property

https://www.w3schools.com/css/css_z-index.asp   CSS Layout - The z-index Property     The z-index property specifies th

emanlee 2024-06-01 14:13:21

css28 CSS Layout - The position Property

https://www.w3schools.com/css/css_positioning.asp CSS Layout - The position Property The position property specifies t

emanlee 2024-06-01 14:13:21

css26 CSS Layout - The display Property

https://www.w3schools.com/css/css_display_visibility.asp     CSS Layout - The display Property The display property is

emanlee 2024-06-01 14:13:21

css31 CSS Layout - float and clear

https://www.w3schools.com/css/css_float.asp   CSS Layout - float and clear     The CSS float property specifies how an

emanlee 2024-06-01 14:13:21

css27 CSS Layout - width and max-width

https://www.w3schools.com/css/css_max-width.asp   CSS Layout - width and max-width     Using width, max-width and margi

emanlee 2024-06-01 14:13:21