| View previous topic :: View next topic |
| Author |
Message |
SwaggaJackin'
Master Cheater
 Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
 Posted: Fri Dec 30, 2011 9:58 pm Post subject: Find the entry point of a DLL within an exe using ReadProces |
 |
|
How does one find the address of the entry point of a DLL within a process using ReadProcessMemory API?
Obviously I need to do this because the entry point is dynamic and is needed for a pointer.
Similar to how cheat engine works with a pointer
"mydll.dll + 0x00000000"
How do I find the address of my.dll within the exe using ReadProcessMemory?
Application and DLL are x64 if that matters.
Thanks.
|
|
| Back to top |
|
 |
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Sat Dec 31, 2011 5:52 am Post subject: |
|
|
you simply can't.
Instead use these (check msdn for info)
CreateToolhelp32Snapshot
Process32First / Process32Next
Module32First / Module32Next
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Sat Dec 31, 2011 8:34 am Post subject: |
|
|
You could use EnumProcessModulesEx for the specific process and right after use GetModuleInformation for your module,
in which case you'll have all the info you need inside the MODULEINFO Structure.
_________________
Stylo |
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Sat Dec 31, 2011 5:16 pm Post subject: |
|
|
| NoMercy wrote: | you simply can't.
Instead use these (check msdn for info)
CreateToolhelp32Snapshot
Process32First / Process32Next
Module32First / Module32Next |
I looked into those, but wasn't sure they'd work for 64-bit.
| Stylo wrote: |
You could use EnumProcessModulesEx for the specific process and right after use GetModuleInformation for your module,
in which case you'll have all the info you need inside the MODULEINFO Structure. |
Thanks. I'll check that out.
|
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Sun Jan 01, 2012 6:32 pm Post subject: |
|
|
| I don't see any reason why it should not work on 64 bit
|
|
| Back to top |
|
|
Pasukaru
How do I cheat?
![]() Reputation: 0
Joined: 15 Dec 2011
Posts: 8
|
| Posted: Sun Jan 01, 2012 10:05 pm Post subject: |
|
|
forum.cheatengine.org/viewtopic.php?p=5306732#5306732
:>
the module in your case is the DLL of course. 
|
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Sun Jan 01, 2012 10:27 pm Post subject: |
|
|
| NoMercy wrote: | | I don't see any reason why it should not work on 64 bit |
I'm not quite sure, but they all state 32 in their name, usually 64-bit version api's have 'Ex' appended to them.
Perhaps I'm wrong....*shrug*
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sun Jan 01, 2012 10:34 pm Post subject: |
|
|
| SwaggaJackin' wrote: | | NoMercy wrote: | | I don't see any reason why it should not work on 64 bit |
I'm not quite sure, but they all state 32 in their name, usually 64-bit version api's have 'Ex' appended to them.
Perhaps I'm wrong....*shrug* |
The 'Ex' part of APIs aren't specifically for 64bit. They are just extended versions of the API to allow more specific parameters to be used for extended (hence the 'Ex') usage.
Just be sure to read through the pages for each API regarding their 64bit usability, or anything extra you may need to do/call.
CreateToolhelp32Snapshot for example:
http://msdn.microsoft.com/en-us/library/windows/desktop/ms682489%28v=vs.85%29.aspx
Note that you can use the QueryFullProcessImageName function to retrieve the full name of an executable image for both 32- and 64-bit processes from a 32-bit process.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
