C++ 什么是 HMODULE?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/9545732/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What is HMODULE?
提问by Blood
I have little problem. I have loaded DLL into the process (it's not mine) and I have to use function inside it. I have got offset to this function so only what I have to do is to get DLLs address and add it to offset to get to the function. GetModuleHandle()returns HMODULEvariable but actually I don't know what HMODULEis. Is it address of loaded DLL or some kind of other mark?
我的问题不大。我已将 DLL 加载到进程中(它不是我的),并且必须在其中使用函数。我已经获得了这个函数的偏移量,所以我要做的就是获取 DLL 地址并将其添加到偏移量以获取该函数。GetModuleHandle()返回HMODULE变量,但实际上我不知道是什么HMODULE。它是加载的 DLL 的地址还是某种其他标记?
And if it's not address of place where DLL is loaded, how can I get this address? I hope I make myself clear.
如果它不是加载 DLL 的位置的地址,我怎样才能得到这个地址?我希望我说清楚。
采纳答案by Len Holgate
The method that you propose will work fine.
您提出的方法将正常工作。
It seems that you have injected a dll into a target process and wish to obtain the address of a function in that dll in the target process from the process that injected the dll.
您似乎已经将一个 dll 注入到目标进程中,并希望从注入该 dll 的进程中获取目标进程中该 dll 中的函数地址。
I assume that you also have the dll loaded in the process that injected the dll into the target process and that you want to create a remote thread in the target process and get it to execute the target function in the target process.
我假设您还在将 dll 注入目标进程的进程中加载了 dll,并且您想在目标进程中创建一个远程线程并让它在目标进程中执行目标函数。
Since the dll that you have injected may not be loaded at the same address in the target process as it is in the injecting process you cannot simply use the address that you would obtain from calling GetProcAddress on the function in the injecting process.
由于您注入的 dll 可能不会在目标进程中加载到与注入进程中相同的地址,因此您不能简单地使用通过在注入进程中的函数上调用 GetProcAddress 获得的地址。
An HMODULE is just the DLL's base address (see this answerfor details). So you can take the HMODULE of the dll in your injecting process and subtract it from the address returned by GetProcAddress on your function. You can then add the HMODULE of the injected dll in the target process to this offset to get the address of the target function in the injected dll in the target process. Assuming this function has the correct signature, pass it as the thread function to your call to create the remote thread and you are now running the target function in the target process.
HMODULE 只是 DLL 的基地址(有关详细信息,请参阅此答案)。因此,您可以在注入过程中获取 dll 的 HMODULE,并从函数上 GetProcAddress 返回的地址中减去它。然后可以将目标进程中注入的dll的HMODULE添加到这个偏移量中,就可以得到目标进程中注入的dll中目标函数的地址。假设此函数具有正确的签名,将其作为线程函数传递给您的调用以创建远程线程,并且您现在正在目标进程中运行目标函数。
I explain this in more detail in this answer.
回答by David Schwartz
Call GetProcAddress. The offset cancels out, as you'd have to both add it (to get to the function) and subtract it (to get the base address), so you might as well not bother.
调用GetProcAddress。偏移量抵消了,因为您必须添加它(以获取函数)和减去它(以获取基地址),所以您最好不要打扰。
回答by ThiefMaster
It is similar to the void*returned by the POSIX dlopen()function (it might eben be a typedef - but I don't know that for sure). You pass it to GetProcAddressas an argument. Wen you are done you also pass it to FreeLibraryto unload the DLL.
它类似于void*POSIXdlopen()函数返回的(它可能是一个 typedef - 但我不确定)。您将其GetProcAddress作为参数传递给。文你完成了你也把它传递FreeLibrary给卸载 DLL。
