lundi 13 avril 2015

Using GetModuleBaseName() correctly

I have the following question about the use of GetModuleBaseName. First, I will show you a little piece of code:



 #include <windows.h>
 #include <stdio.h>


 void test(){
    DWORD currentProcID = GetCurrentProcessId();
    HANDLE hCurrentProc = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, currentProcID);


  HMODULE hLib = LoadLibrary("psapi.dll");
  FARPROC addr_EnumProcessModules = GetProcAddress(hLib, "EnumProcessModules");
  FARPROC addr_GetModuleBaseName = GetProcAddress(hLib, "GetModuleBaseName");

  HMODULE moduleArray[8000];
  HMODULE *moduleID = moduleArray;
  DWORD cb = sizeof(moduleArray) / sizeof(moduleArray[0]);
  DWORD bytesNeeded = 0;

  (addr_EnumProcessModules)(hCurrentProc,moduleID, cb, &bytesNeeded);

  DWORD numberOfModules = bytesNeeded / sizeof(DWORD);
  printf("The process with the id %u has %u" modules, currentProcID, numberOfModules);      // (*)

  printf(This is the list of module handles:\n);

  int offset = 0;
  while(offset < numberOfModules){
      printf("%d\n", *(moduleID + offset));
      offset++;
  }


  char baseName[MAX_PATH];
  char *moduleBaseName = baseName;
  memset(moduleBaseName, '\0', MAX_PATH);
  DWORD nSize = sizeof(baseName) / sizeof(baseName[0]);

  printf(The module name of 1st module handle entry is: \n);
  DWORD result = (addr_GetModuleBaseName)(hCurrentProc, *(moduleID), moduleBaseName, nSize);

  if(result != 0 ){


    int index = 0;
    while( *(moduleBaseName + index) != '\0'){
        printf("%c", *(moduleBaseName + index));
        index++;
    }


  }
  else{
    printf("GetModuleBaseName failed.");
  }


}


int main(){

  HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)test, NULL, 0, NULL);

  if(hThread != NULL){
    return WaitForSingleObject(hThread, INFINITE);
  }
  else{
    return 1;
  }
}


As you can see, I get the id of the current process and a handle to it. Then I enumerate the modules of it and store it into "moduleArray" pointed to by moduleID. In my case, I have 6 modules. To make the whole thing easy, I only take the first entry(handle to the 1st module) and pass it to GetModuleBaseName(). The array "baseName" pointed to by "moduleBaseName" should store the name of the module.


So, the problem is: When I run it, then it prints the line at (*) and after a while it crashes. The console says:



  Process exited after 4.186 seconds with return value 3221225477


What is wrong here?


PS: I do not want to have a call to GetModuleFileName(). So, I decided to select GetModuleBaseName().


And here is a picture of the result:


enter image description here


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)