Get process/loaded modules base?

I want to get the address at the beginning of the process my dll is loaded into, and the length of it, including ALL the loaded modules. I.E:

- Process.exe loads
- Process.exe loads module "Module1.ocx", "Module2.dll", "Module3.dll", "Module4.ocx"
- I load "my.dll" into Process.exe"

Process.exe:
Process.exe:
00000001: EB FA ED 5D
Module1.ocx
00000001: D3 AD B3 3F
Module2.dll
00000001: AD FE DD A2

1
2
3
4
5
6
7
DWORD dwFullProcess = GetBase(GetCurrentProcess()); //just example function names
DWORD dwLength = GetFullLength(dwFullProcess);

for(int i = 0; i < dwFullLength; i++)
{
cout << *(byte*)(dwFullProcess+i) << endl;
}


output:
EB
FA
ED
5D
D3
AD
B3
3F
AD
FE
DD
A2
.. etc (the point being the output is taken from process AND modules memory)

Currently, these functions only allow to iterate through the process ONLY:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
DWORD getProcBaseAddress(DWORD targetPID) {
    HANDLE hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, targetPID ); 
    MODULEENTRY32 me32;
    me32.dwSize = sizeof( MODULEENTRY32 );
    Module32First( hModuleSnap, &me32 );

    return (DWORD) me32.modBaseAddr;
}

DWORD getProcSize(DWORD targetPID) {
    HANDLE hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, targetPID ); 
    MODULEENTRY32 me32;
    me32.dwSize = sizeof( MODULEENTRY32 );
    Module32First( hModuleSnap, &me32 );

	return (DWORD) me32.modBaseSize;
}



Is it possible to iterate, byte by byte, through the memory of the current process and all the modules it has loaded?

Thanks.
Last edited on
Topic archived. No new replies allowed.