Databases
StackOverflow2013
Postsdbo
POGet path of current module after using RemoteThread
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGet path of current module after using RemoteThread
    primarykey
    data
    text
    <p>I need to get the current path of the module where my code executed (dll). I've made a dll injection from .NET into a native process and used RemoteThread.</p> <p>I have tried getcwd, GetCurrentDirectory, GetModuleHandle. Also tried this solution. But it doesn't work either. <strong>I get an empty string with the length of MAX_PATH</strong>. <a href="https://stackoverflow.com/questions/6719140/get-path-of-current-module-after-using-remotethread/6719210#6719210">https://stackoverflow.com/questions/6719140/get-path-of-current-module-after-using-remotethread/6719210#6719210</a> I already opened a thread but I can not login to my email to get the id. Sorry but anyway thanks for your answer. I will rate this time!</p> <p>C# Injection</p> <pre><code>public static IntPtr InjectLibrary( Process targetProcess, string libraryPath) { var libaryPathBytes = Encoding.GetBytes(); var hProc = NativeMethods.OpenProcess() var hMemory = NativeMethods.VirtualAllocEx() NativeMethods.WriteProcessMemory() var hLoadLib = NativeMethods.GetProcAddress() var hThread = NativeMethods.CreateRemoteThread() return hThread; } </code></pre> <hr> <p>Native Library</p> <pre><code>BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: { DWORD threadId; CreateThread( NULL, 0, Bootstrap, NULL, 0, &amp;threadId); break; } case DLL_THREAD_ATTACH: case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } DWORD WINAPI Bootstrap(LPVOID arg) { DWORD currentProcessID = GetCurrentProcessId(); HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, currentProcessID); MODULEENTRY32 entry; Module32First(snapshot, &amp;entry); MessageBox(NULL, entry.szLibPath, L"", MB_OK);//entry.szLibPath is empty string with the length if MAX_PATH like □□□□□□□□□□□□□□□□□□□□□□□.... HMODULE module = entry.hModule; wchar_t currentPath[MAX_PATH]; GetModuleFileName(module, currentPath, MAX_PATH); MessageBox(NULL, currentPath, L"", MB_OK);//currentPath isempty string with the length if MAX_PATH like □□□□□□□□□□□□□□□□□□□□□□□.... //all other options give me the same string or the executable path return 0; } </code></pre>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USCommunity
    1. USMR.ABC
    plurals
    1. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTDuplicate
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POGet path of current module after using RemoteThread
      1. This table or related slice is empty.
      1. VTDownMod
    2. VO
      singulars
      1. POGet path of current module after using RemoteThread
      1. This table or related slice is empty.
      1. VTDownMod
    3. VO
      singulars
      1. POGet path of current module after using RemoteThread
      1. This table or related slice is empty.
      1. VTDownMod
    1. COOK, and what was the result when you tried those things? What's the _problem_?
      singulars
      1. POGet path of current module after using RemoteThread
      1. USLightness Races in Orbit
    2. CO@mandylane You still did not give us more information though on how things don't work for you, as Tomalak hinted at in your "previous" question.
      singulars
      1. POGet path of current module after using RemoteThread
      1. USBart
    3. COare the people crazy here ? just give everybody bad ratings. sorry but @Bart i cant look all time on stackoverflow. Is 1 hour for you to long ? @interjay And i answer the reason for my double post.
      singulars
      1. POGet path of current module after using RemoteThread
      1. USMR.ABC
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload