Posted: Tue Feb 07, 2006 4:52 am Post subject: Enum Dll's in suspended process
Hi,
when I run a new process via API CreateProcess with flag CREATE_SUSPENDED set, it's not possible to get imported dll's via functions EnumProcessModules nor Module32First/Module32Next. Even ProcessExplorer made by sysinternals cannot reveal imported dll's but cheatengine can.
When I load suspended process into CHE, then click on "Memory view", then in menu select "View Dll's and symbols" and a new window with all imported Dll's appear...how does this feature work? I'm trying this on WinXP.
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
Posted: Tue Feb 07, 2006 5:10 am Post subject:
I use SymEnumerateModules to get all the modules and SymEnumerateSymbols to get all the functions and other symbols of each module.
It's part of the symbol handler of windows (thats why if a game has debug info attached it'll also show that, e.g if you get the windows xp symbol files and use it on minesweeper you'll see that cSec is the name of the timer) _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum