Home > Enterprise >  Getting base address of dll of specific process using JNA
Getting base address of dll of specific process using JNA

Time:09-22

Updated: See updates at the bot of the question

I would like to get base address of game.dll which is inside war3.exe process. I'm trying to do it via JNA library version 5.9.0, but no success.

The issue I faced with: I can't get game.dll module from war3.exe process. I tried to get it using:

int pid = getProcessId("Warcraft III");
openProcess(PROCESS_ALL_ACCESS, pid);
WinDef.HMODULE hMod = Kernel32.INSTANCE.GetModuleHandle("game.dll")

But the result of hMod is null.

Also I have tried to get all modules that war3.exe process has. As you may see it contains only 5 modules and it doesn't contain game.dll. But when I open war3.exe via Process Explorer I see definitely more than 5.

Executed with Intellij Idea: enter image description here

Taken from Process Explorer: game.dll pic

Please, share your opinion and ideas why I get only 5 modules from IDE.

Any advice on how to get the game.dll module and its base address via JNA would be appreciated.

Updates: As per Remy's answer I have made one more try with EnumProcessModules(). Here is my code snippet:

import com.sun.jna.Pointer;
import com.sun.jna.platform.win32.Psapi;
import com.sun.jna.platform.win32.User32;
import com.sun.jna.platform.win32.WinDef.HMODULE;
import com.sun.jna.platform.win32.WinNT.HANDLE;
import com.sun.jna.ptr.IntByReference;

import java.util.Arrays;
import java.util.List;

import static com.sun.jna.platform.win32.WinNT.PROCESS_ALL_ACCESS;
import static handler.memory.MemoryHandler.openProcess;

public class MemoryHandler {
    static final User32 user32 = User32.INSTANCE;
    static final Psapi psapi = Psapi.INSTANCE;

    public static void main(String[] args) {
        int pid = getProcessId("Warcraft III");
        HANDLE process = openProcess(PROCESS_ALL_ACCESS, pid);

        HMODULE[] hMods = new HMODULE[1024];
        psapi.EnumProcessModules(process, hMods, hMods.length, new IntByReference(1024));

        List<HMODULE> hModList = Arrays.asList(hMods);
        hModList.forEach(hMod ->
                System.out.println(Pointer.nativeValue(hMod.getPointer())));
    }

    public static int getProcessId(String window) {
        IntByReference pid = new IntByReference(0);
        user32.GetWindowThreadProcessId(user32.FindWindow(null, window), pid);

        return pid.getValue();
    }
}

And here is the result: enter image description here

As far as I understand I have got some pointers. But how should I understand which one from them is related to game.dll? I was assuming that I should get somehow the list on modules where I could see their names and base addresses.

Also if I change System.out.println(Pointer.nativeValue(hMod.getPointer()))); to hModList.forEach(System.out::println); I see the following pointers and a lot of nulls (about 1000).

enter image description here

Do these addresses contain the address of game.dll?

CodePudding user response:

GetModuleHandle() looks in the calling process only. Since game.dll is not loaded in your own process, GetModuleHandle() can't find it.

To look for a module loaded in another process, you need to use either:

  • enter image description here

Page link:https//www.codepudding.com/Enterprise/121856.html

Prev:How to Intentionally cause Windows Heap Corruption?
Next:Get data in parallel with MVC 3, .NET 4.5 and EF 6
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding