How can I get the base address of the target process after DLL injection?

StackOverflow https://stackoverflow.com/questions/18553966

Question

After I've successfully injected my dll into my target process, say "target.exe", how can I get the base address of "target.exe"?

I've tried GetModuleHandle(0) and GetModuleHandle("target.exe") but it doesn't seem to be right and I'm not sure how to debug. I've tried to print it like this:

//retrive target's base address
DWORD EXEBaseAddr = (DWORD) GetModuleHandle((LPCWSTR)"target.exe");
std::stringstream sstr;
sstr << EXEBaseAddr;
std::string str = sstr.str();
String^ str3 = gcnew String(str.c_str());
baseAddressLBL->Text = str3;

I had to cast it at the end again because I'm using a Windows Form (not sure if that's what it's called) to print the address in my interface.

Was it helpful?

Solution

You are using the wide version of GetModuleHandle (i.e. GetModuleHandleW) thus you must pass it a valid wide string. Your mistake is that you are casting a non-wide string into a wide string which won't work. Use the following instead:

(DWORD)GetModuleHandleW(L"target.exe");

Or, the following, which accomplishes the same thing:

(DWORD)GetModuleHandleA("target.exe");

OTHER TIPS

GetModuleHandle(NULL); does get the current running process's id ;) so if ur code is running inside of the target.exe process you should be retrieving the process id using that API call, are you sure that you were able to succesfully inject the dll and jump the call to your code ?

if you are sure your code is working you could try to use GetCurrentProcessId(); function it retrieves the calling process's id :) more about it on the MSDN

http://msdn.microsoft.com/en-us/library/windows/desktop/ms683180(v=vs.85).aspx

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top