Injected DLL not correct HMODULE
So I am injecting a DLL into a program. I can verify that the DLL is injected with help from Process Explorer. After the injection I am looping all modules from the process, comparing the names and return the injected dll as a HMODULE.
Then I GetProcAddress() this HMODULE to find a extern function inside of it, but for some reason this does not work properly.
HMODULE dllAddress = getModuleAddressFromProc(pid, "NewDll.dll");
externCreateThread createThread = (externCreateThread)GetProcAddress(dllAddress, "createThread");
When I breakpoint and check dllAddress it says:
When I use LoadLibrary to load the DLL in my current program and use that as a HMODULE, it does work.
HMODULE dllAddress = LoadLibrary(L"C:\\NewDll.dll");
externCreateThread createThread = (externCreateThread)GetProcAddress(dllAddress, "createThread");
Breakpointing to check dllAddress:
The returned HMODULE from the list of HMODULES is not the same as the HMODULE from LoadLibrary. Although the pointer address is the same.
Listing all the modules from the process is done with the code Microsoft provides. I altered it a bit to work with string comparison, but that does not effect the HMODULE type.
HMODULE getModuleAddressFromProc(DWORD pid, string moduleName) {
HMODULE hMods[1024];
DWORD cbNeeded;
HMODULE output;
unsigned int i;
HANDLE newHandle = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);
if (EnumProcessModules(newHandle, hMods, sizeof(hMods), &cbNeeded)) {
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++) {
TCHAR szModName[MAX_PATH];
if (GetModuleFileNameEx(newHandle, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) {
string s2 = charToString(szModName);
if (s2.find(moduleName) != string::npos) {
output = hMods[i];
break;
}
}
}
}
return output;
}
Got it working with help from:
- Sort program not working, not sure why
- Fast & accurate atan/arctan approximation algorithm
- What's the difference between strtok_r and strtok_s in C?
- How memory address for pointer to arrays is same as an element in 2D array?
- Which is the best way to suppress "unused variable" warning
- How to use ellipsis in c's case statement?
- How can I exclude non-numeric keys? CS50 Caesar Pset2
- Fast ceiling of an integer division in C / C++
- Is there an invalid pthread_t id?
- How to Implement Universal Setter/Getter Functions for Interrupt-Driven Variables in Embedded C?
- How does SIMD (avx) processing work? for example, if I want 10 32 bit floats how do i fit in a 256 bit avx vector?
- FDCAN problems on STM32G4
- How does the call macro enable mutual recursion between functions f and g in this Hanoi Tower implementation?
- Running test on Rocket core CPU - global variable initialized to 0 is unsuccessful, output wrong value instead
- Interacting with C arrays without knowing the size
- Combination of two strings
- Avoiding strcpy overflow destination warning
- carriage return by fgets
- How to use special characters in C?
- Why does 1.0/100.0 == 0.1/10.0 give True?
- Is it correct to compare pointers in C?
- Force free() to return malloc memory back to OS
- How can I print to standard error in C with 'printf'?
- What is the standard behavior of fread in C on Windows?
- How is strtok removing lines it shouldn't have access to?
- Using array as smart point in C
- Assigning string to malloced 2d char array not working as intended
- How to refactor repetition inside a Makefile?
- Why does an empty preprocessor command still evaluate to something?
- How to implement variable sized array within C struct