winapi - EnumProcessModulesEx and CreateToolhelp32Snapshot fails - whatever 32bit or 64bit -

-

edit:

the answer of question here:

https://stackoverflow.com/a/27317947/996540

when create project in msvc, option /dynamicbase default enabled now. because of aslr(address space layout randomization, since windows vista), everytime run exe, it's load address random.

i doing dll injection job recently, did research on google, , have read projects. load address (base address) of exe important.

it seems there're 2 simple apis this: enumprocessmodulesex , createtoolhelp32snapshot. never succeeded.

so code sample:

void testenumprocessmodulesex(const char* app) {     std::cout << "begin testenumprocessmodulesex(" << mybit() << ")" << std::endl;      startupinfoa startupinfo = {0};     startupinfo.cb = sizeof(startupinfo);     process_information processinformation = {0};      if (createprocessa(app, null, null, null, false, create_suspended, null, null, &startupinfo, &processinformation))     {         std::vector<hmodule> buf(128);         dword needed = 0;         (;;) {             if (enumprocessmodulesex(processinformation.hprocess, &buf[0], dword(buf.size()*sizeof(hmodule)), &needed, list_modules_all) == false) {                 dword ec = getlasterror();                 std::cout << "getlasterror() = " << ec << std::endl;                 break;             }             else if (needed <= buf.size() * sizeof(hmodule)) {                 break;             }             else {                 const size_t oldsize = buf.size();                 buf.resize(oldsize * 2);             }         }         resumethread(processinformation.hthread);         waitforsingleobject(processinformation.hprocess, infinite);     }      std::cout << "end testenumprocessmodulesex(" << mybit() << ")" << std::endl; }

to reduce length of question, complete code - including createtoolhelp32snapshot's test code - not listed here, can from:

https://dl.dropboxusercontent.com/u/235920/enum_proc_mods_sample.7z or https://www.mediafire.com/?cry3pnra8392099

"if function called 32-bit application running on wow64, can enumerate modules of 32-bit process. if process 64-bit process, function fails , last error code error_partial_copy (299)." - msdn.

and blog post question: http://winprogger.com/getmodulefilenameex-enumprocessmodulesex-failures-in-wow64/

unfortunately, not make sence, because whatever specified process 32bit or 64bit, fails 299; whatever caller process 32-bit or 64bit, fails 299.

this output of sample:

begin testenumprocessmodulesex(32bit) getlasterror() = 299 hello world 32bit end testenumprocessmodulesex(32bit)  begin testenumprocessmodulesex(32bit) getlasterror() = 299 hello world 64bit end testenumprocessmodulesex(32bit)  begin testenumprocessmodulesex(64bit) getlasterror() = 299 hello world 32bit end testenumprocessmodulesex(64bit)  begin testenumprocessmodulesex(64bit) getlasterror() = 299 hello world 64bit end testenumprocessmodulesex(64bit)

as see, combination failed.

my os windows 7 64bit pro , compiler vs2013.

so, can ?

i have no idea unsuccess of enumprocessmodulesex , createtoolhelp32snapshot, let's leave question expert.

my goal load address (base address) of child process, find entry point , patch - reason patch entry point here: https://opcode0x90.wordpress.com/2011/01/15/injecting-dll-into-process-on-load/

since dll injection main purpose of mine, have reconsider question. use "createremotethread & loadlibrary technique" http://www.codeproject.com/articles/4610/three-ways-to-inject-your-code-into-another-proces#section_2 dll injection (in fact aslr not barrier of technique way), although there many limits in dllmain http://msdn.microsoft.com/en-us/library/windows/desktop/dn633971%28v=vs.85%29.aspx , little works ok: find base address of exe using getmodulehandlea(null), save hmodule returned shared memory, next, caller process read shared memory , hmodule. synchronization mechanism necessary of course.

so, answer ipc. (not every ipc mechanism safe in dllmain way)


Comments

Post a Comment

Popular posts from this blog

python - mat is not a numerical tuple : openCV error -

-
i have write down code showing error ma not getting it: please help: showing mat not numerical tuple: import cv import cv2 capture = cv2.videocapture("j.3gp") while(1): _, frame1 = capture.read() grayimage1 = cv2.cvtcolor(frame1, cv2.color_bgr2gray) _, frame2 = capture.read() grayimage2 = cv2.cvtcolor(frame2, cv2.color_bgr2gray) differenceimage = cv2.absdiff(grayimage1,grayimage2) thresholdimage = cv2.threshold(differenceimage,25,255,cv2.thresh_binary) cv2.imshow("difference image", differenceimage) cv2.imshow("threshold image", thresholdimage) cv2.imshow("image", frame1) k = cv2.waitkey(30) & 0xff error arising : ----------------------------------------------------------------------------------------- traceback (most recent call last): file "desk.py", line 15, in <module> cv2.imshow("threshold image", thresholdimage) typeerror: mat not numerical tuple ...
Read more

c# - MSAA finds controls UI Automation doesn't -

-
i'm working on automating windows application. i'm using teststack white framework. i've hit problem. program has 'window' object cannot see inside of. white shows no controls inside of it. inspect.exe shows no controls inside of either when running in ui automation mode. if switch inspect msaa see controls inside fine. there anyway me use msaa c# handle on these controls? if can identify msaa functions need, can use p/invoke call them c#. here's example article doing msaa: http://www.codeproject.com/articles/38906/ui-automation-using-microsoft-active-accessibility also, pinvoke.net can used identify iaccessible (msaa) functions: http://www.pinvoke.net/search.aspx?search=iaccessible&namespace=[all] here's answer along lines: msaa com-based? finally, alternative p/invoke, might able use tlbimp.exe create wrapper assembly oleacc.dll, , access msaa functions through it. i'm not sure if works msaa, it's worth try. as e...
Read more

wordpress - .htaccess: RewriteRule: bad flag delimiters -

-
pulling hair out on one. have following .htaccess file custom redirects in addition wordpress's default settings. when tested on local wamp server worked fine after moving production i'm not getting rewriterule: bad flag delimiters error in server log , after while site goes down internal server error any appreciated. in advance! <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^rockford_weddings___welcome\.html$ /wedding/ [r=301,l] rewriterule ^blog/?$ /journal/ [r=301,l] rewriterule ^blog/(.*)$ /$1 [r=301,l] rewriterule ^portraitinvestment/?$ /portraitinvestment\.pdf [r=301,l] rewriterule ^weddinginvestment/?$ /weddinginvestment\.pdf [r=301,l] rewriterule ^holidaycards2014/?$ /holidaycards2014\.pdf [r=301,l] </ifmodule> # begin wordpress <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^index\.php$ - [l] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewriterule . /index.php [l] </...
Read more