Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
See more: .NET
below is the code which im using to retrieve info from .exe using dbghelp
 
but im not able to load the module
SymLoadModuleEx is always returning zero
 

 
int _tmain(int argc, _TCHAR* argv[])
{
 
   SymSetOptions( SymGetOptions() | SYMOPT_UNDNAME|SYMOPT_DEFERRED_LOADS|SYMOPT_DEBUG);
    
        DWORD64 dwBaseAddr = 0;
 

        g_hProcess = OpenProcess(PROCESS_ALL_ACCESS,FALSE,1696);
 

 
     BOOL status =  SymInitialize(g_hProcess,"D:\\TF_Sandbox\\SandBx_BL\\INTERN_91F\\TestSim\\debug",TRUE);
 
     if(status == FALSE)
     {
 

     }
 
     DWORD test = SymLoadModuleEx(g_hProcess,    // target process
                    NULL,"D:\\TF_Sandbox\\SandBx_BL\\INTERN_91F\\TestSim\\debug\\TestSim.exe", // name of image file
                    NULL,        // name of module - not required
                    dwBaseAddr,  // base address - not required
                    0,           // size of image - not required
                    NULL,        // MODLOAD_DATA used for special cases
                    0);//)          // flags - not required

 

     PIMAGEHLP_MODULE64 mod_Image;
 
     mod_Image->SizeOfStruct = sizeof(IMAGEHLP_MODULE64);
 
     BOOL retVal = SymGetModuleInfo64(g_hProcess,dwBaseAddr,mod_Image);
 
     if(test == 0)
     {
         SymCleanup(g_hProcess);
         return 0;
 
     }
 
}
Posted 3-Aug-11 17:01pm
Edited 3-Aug-11 17:37pm
Prerak Patel140.4K
v2
Comments
Prerak Patel at 3-Aug-11 23:40pm
   
Need more information regarding error.
SAKryukov at 4-Aug-11 0:20am
   
.NET?!
--SA
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Use GetLastError to get the error details. If it is not clear, post it here.
 
If the function succeeds, the return value is the base address of the loaded module.
If the function fails, the return value is zero. To retrieve extended error information, call GetLastError.
If the module is already loaded, the return value is zero and GetLastError returns ERROR_SUCCESS.

Ref:http://msdn.microsoft.com/en-us/library/ms681353(v=vs.85).aspx[^]
  Permalink  
Comments
rajeshlokayata at 4-Aug-11 0:10am
   
hi im able load the module ......But when i call SymGetModuleInfo64 after loading it is returning 0 value.Im not able to get module infomartion IMAGEHLP_MODULE64 ModuleInfo;
memset(&ModuleInfo, 0, sizeof(ModuleInfo) );
ModuleInfo.SizeOfStruct = sizeof(ModuleInfo);
BOOL bRet = ::SymGetModuleInfo64( GetCurrentProcess(), ModBase,&ModuleInfo );
Prerak Patel at 4-Aug-11 0:29am
   
You mean SymGetModuleInfo64 returns False?! Then also, use GetLastError after that and get the details of error why it is not successful.
rajeshlokayata at 4-Aug-11 0:30am
   
last error is 87
Prerak Patel at 4-Aug-11 0:55am
   
Error 87 means "The parameter is incorrect"
http://www.codeproject.com/KB/cpp/BackPatch.aspx
rajeshlokayata at 4-Aug-11 6:02am
   
Hi Perrak
the link u sent is good and i have changed my code and it is working now
thanks for ur help..
Prerak Patel at 4-Aug-11 6:22am
   
You are welcome.
Prerak Patel at 4-Aug-11 6:23am
   
If this has solved the issue specified, mark it as answer.
rajeshlokayata at 4-Aug-11 1:06am
   
But the thing which parameter im passing wrongly......followed documents from MSDN for this example
rajeshlokayata at 4-Aug-11 6:06am
   
is it possible to set the values of variables using the address of variables obtained from dbghelp ????
Prerak Patel at 4-Aug-11 6:24am
   
You should try it. I am not expert of this. I'll let you know if I will find something.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

Hardcoding your process id is a bad idea, but I am assuming you know what you are doing here; that you are testing this against another executable who info you have at hand.
 
That said, I would be suspicious of g_hProcess and status after SymInitialize(). You should validate those values.
 
If your program is built with UNICODE, then you have to define DBGHELP_TRANSLATE_TCHAR and make sure your strings are UNICODE.
  Permalink  
Comments
rajeshlokayata at 4-Aug-11 6:01am
   
hi mic
I have changed the code and it is working ......I have removed the hardcodings.
thanks
rajeshlokayata at 4-Aug-11 6:06am
   
Is it possible to set the values of variables using the address of variables obtained from dbghelp ????
Michael Bergman at 4-Aug-11 11:49am
   
Can you be more specific about what you want to do?
Thanks.
rajeshlokayata at 4-Aug-11 11:55am
   
hi mic
ill get the address of the variable and use that address to set the variable value
 
Im getting the symbols of an .exe which im loading using dbghelp
 
//pass the variable name and get the address using SymName function
 
and then use that address to set value to that variable
 
is it possible
Michael Bergman at 4-Aug-11 12:08pm
   
SymFromName, like SymGetModuleInfo64, expects you to provide an structure for it to fill out so you are not really getting any addresses from dbghelp, you are providing an address to dbghelp so it can give you information for you to use as you want.
Michael Bergman at 4-Aug-11 11:58am
   
Ouch! I just saw what you did wrong. In your code you declare:
 
PIMAGEHLP_MODULE64 mod_Image;
 
This is an uninitialized pointer. You should have declared:
 
IMAGEHLP_MODULE64 mod_Image;
mod_Image.SizeOfStruct = sizeof(IMAGEHLP_MODULE64);
BOOL retVal = SymGetModuleInfo64(g_hProcess,dwBaseAddr, &mod_Image);
 
at that point mod_Image should be filled out and you own it.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web01 | 2.8.140926.1 | Last Updated 4 Aug 2011
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100