+ 2
How to find memory address for dll? C#/C++
Pointers have dll name on them. But I can't read the pointers before I know the address for the dll file. file.dll + 0x93E684
1 Odpowiedź
+ 4
By utility: listdlls from the sysinternals suite.
From code,
Own process: GetModuleInformation()
https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-getmoduleinformation
_MODULEINFO structure (first variable is LPVOID lpBaseOfDll)
https://docs.microsoft.com/en-us/windows/desktop/api/psapi/ns-psapi-_moduleinfo
Remote Process: EnumProcessModules
https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-enumprocessmodules
Additional things you'll probably want to review / know:
Does ASLR relocate all DLLs by the same offset?
https://blogs.msdn.microsoft.com/oldnewthing/2017011-00/?p=95205
editbin.exe with rebase option (platform SDK)
dependency walker (I use this often while analyzing binaries) will tell you the preferred load address (which you can rebase)