+ 2

How to find memory address for dll? C#/C++

Pointers have dll name on them. But I can't read the pointers before I know the address for the dll file. file.dll + 0x93E684

19th Jul 2018, 3:54 PM
Toni Isotalo
Toni Isotalo - avatar
1 Odpowiedź
+ 4
By utility: listdlls from the sysinternals suite. From code, Own process: GetModuleInformation() https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-getmoduleinformation _MODULEINFO structure (first variable is LPVOID lpBaseOfDll) https://docs.microsoft.com/en-us/windows/desktop/api/psapi/ns-psapi-_moduleinfo Remote Process: EnumProcessModules https://docs.microsoft.com/en-us/windows/desktop/api/psapi/nf-psapi-enumprocessmodules Additional things you'll probably want to review / know: Does ASLR relocate all DLLs by the same offset? https://blogs.msdn.microsoft.com/oldnewthing/2017011-00/?p=95205 editbin.exe with rebase option (platform SDK) dependency walker (I use this often while analyzing binaries) will tell you the preferred load address (which you can rebase)
19th Jul 2018, 9:40 PM
Kirk Schafer
Kirk Schafer - avatar