Author Topic: NOVARSEG, you wanted addresses of DLLs?  (Read 2492 times)

0 Members and 1 Guest are viewing this topic.

Offline SpriggsySpriggs

  • Forum Resident
  • Posts: 1145
  • Larger than life
    • View Profile
    • GitHub
NOVARSEG, you wanted addresses of DLLs?
« on: February 18, 2021, 01:04:57 pm »
@NOVARSEG

I seem to recall from a few months back you mentioned that you wanted a way to retrieve the addresses of the DLLs in memory. I have some code that I wrote up here that will find those base addresses for you. This sample will only retrieve the addresses for the current process, the exe itself. If you want to find addresses from another process then you will need to change the zero in the function call of the CreateToolhelp32Snapshot%& to the PID of the process you want.

A screenshot of sample output:
  [ You are not allowed to view this attachment ]  

And the code:
Code: QB64: [Select]
  1.  
  2. $If VERSION < 1.5 Then
  3.     $ERROR Must be v1.5 or greater to compile
  4.  
  5. Type MODULEENTRY32
  6.     dwSize As Long
  7.     th32ModuleID As Long
  8.     th32ProcessID As Long
  9.     GlblcntUsage As Long
  10.     ProccntUsage As Long
  11.     $If 64BIT Then
  12.         padding As Long
  13.     $End If
  14.     modBaseAddr As _Offset
  15.     modBaseSize As Long
  16.     $If 64BIT Then
  17.         padding2 As Long
  18.     $End If
  19.     hModule As _Offset
  20.     szModule As String * 256
  21.     $If 64BIT Then
  22.         padding3 As Long
  23.     $End If
  24.     szExePath As String * 260
  25.  
  26. Const TH32CS_INHERIT = &H80000000
  27. Const TH32CS_SNAPHEAPLIST = &H00000001
  28. Const TH32CS_SNAPMODULE = &H00000008
  29. Const TH32CS_SNAPMODULE32 = &H00000010
  30. Const TH32CS_SNAPPROCESS = &H00000002
  31. Const TH32CS_SNAPTHREAD = &H00000004
  32. Const TH32CS_SNAPALL = TH32CS_SNAPHEAPLIST Or TH32CS_SNAPMODULE Or TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD
  33.  
  34. Const TOM_TRUE = -1
  35. Const TOM_FALSE = 0
  36.  
  37. Const MAX_MODULE_NAME32 = 255
  38. Const MAX_PATH = 260
  39.  
  40.     Function CreateToolhelp32Snapshot%& (ByVal dwFlags As Long, Byval th32ProcessID As Long)
  41.     Function Module32First% (ByVal hSnapshot As _Offset, Byval lpme As _Offset)
  42.     Function Module32Next% (ByVal hSnapshot As _Offset, Byval lpme As _Offset)
  43.     Function CloseHandle% (ByVal hObject As _Offset)
  44.     Function GetLastError& ()
  45.  
  46. 'Declare Library
  47. '    Function getpid& ()
  48. 'End Declare
  49.  
  50. Dim As _Offset hProcessSnap
  51. Dim As MODULEENTRY32 me
  52.  
  53. hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0)
  54. 'Print hProcessSnap, getpid
  55.  
  56. me.dwSize = Len(me)
  57.  
  58. ret = Module32First(hProcessSnap, _Offset(me))
  59. 'Print GetLastError
  60.  
  61. While ret <> 0
  62.     Print me.modBaseAddr, me.szModule
  63.     ret = Module32Next(hProcessSnap, _Offset(me))
  64. Dim As Integer closeh
  65. closeh = CloseHandle(hProcessSnap)
« Last Edit: February 18, 2021, 01:09:55 pm by SpriggsySpriggs »
Shuwatch!

Offline SMcNeill

  • QB64 Developer
  • Forum Resident
  • Posts: 3972
    • View Profile
    • Steve’s QB64 Archive Forum
Re: NOVARSEG, you wanted addresses of DLLs?
« Reply #1 on: February 18, 2021, 05:06:31 pm »
One suggestions Spriggsy -- you want want to get in the habit of making your padding AS STRING * SIZE.  Here, it's not going to matter as it's just unused padding, but getting in the habit might keep things standardized for you in the future if you need some odd size padding. 

Say for example that the data structure is an integer, then a byte, then a long....   You'd need padding after that byte, and it'd need to be 5 characters worth.  Can't use a LONG for that, but if you're in the auto-habit of typing PaddingX AS LONG, your brain might automatically insert that into your code, and then you'd have the dangest time finding and fixing that type of glitch as your eyes will just skip over it, as your brain assures you, you've already made the adjustment there...   (Trust me, I speak from experience, as I've spent many an hour not being able to find such a simple problem in my own code!)

What variable type you use for the space isn't really going to matter to the code -- be it 4 bytes, 2 integers, 1 long, a single, or a string * 4 -- but the habit of typing out the length manually might save you some serious debugging issues in the future.  (And besides, it'd allow for an uniform padding syntax so all the code ends up looking the same.)   ;)
https://github.com/SteveMcNeill/Steve64 — A github collection of all things Steve!

Offline SpriggsySpriggs

  • Forum Resident
  • Posts: 1145
  • Larger than life
    • View Profile
    • GitHub
Re: NOVARSEG, you wanted addresses of DLLs?
« Reply #2 on: February 18, 2021, 07:48:32 pm »
@SMcNeill

I purposely checked the struct size and variable sizes beforehand and made sure the padding went to the right spot. I choose to use a long so far because, so far, I've been only needing 4 bytes in those spots. If I need some strange padding size then I might use string. But since I know I needed 4 bytes in each spot it was logical to use the long. But yeah, I've been printing out struct sizes in C++ to find the size of the struct and size of each variable in the type. Of course, the next logical step would be to print the offset of each variable in the struct to see where each one starts. This would tell the exact number of bytes in-between each variable.
« Last Edit: February 18, 2021, 07:58:15 pm by SpriggsySpriggs »
Shuwatch!