// GetModuleBase takes a module name as an argument. (e.g. "kernel32.dll")
// Returns the modules base address.
//
// (Mostly taken from genkman's gist: https://gist.github.com/henkman/3083408)
// TODO(Andoryuuta): Figure out possible licencing issues with this, or rewrite.
func (p *Process) GetModuleBase(moduleName string) (uintptr, error) {
snap, ok := w32.CreateToolhelp32Snapshot(w32.TH32CS_SNAPMODULE32|w32.TH32CS_SNAPALL|w32.TH32CS_SNAPMODULE, uint32(p.PID))
if !ok {
return 0, errors.New("Error trying on create toolhelp32 snapshot.")
}
defer w32.CloseHandle(snap)
var me32 w32.MODULEENTRY32
me32.DwSize = uint32(unsafe.Sizeof(me32))
// Get first module
if !w32.Module32First(snap, &me32) {
return 0, errors.New("Error trying to get first module.")
}
// Check first module
if syscall.UTF16ToString(me32.SzModule[:]) == moduleName {
return uintptr(unsafe.Pointer(me32.ModBaseAddr)), nil
}
// Loop all modules remaining
for w32.Module32Next(snap, &me32) {
// Check this module
if syscall.UTF16ToString(me32.SzModule[:]) == moduleName {
return uintptr(unsafe.Pointer(me32.ModBaseAddr)), nil
}
}
// If this is reached, then we couldn't find the module
return 0, errors.New("Couldn't Find Module.")
}
//getFileNameByPID returns a file name given a PID.
func getFileNameByPID(pid uint32) string {
var fileName string = `<Unknown File>`
//Open process
hnd, ok := w32.OpenProcess(w32.PROCESS_QUERY_INFORMATION, false, pid)
if !ok {
return fileName
}
defer w32.CloseHandle(hnd)
//Get file path
path, ok := w32.GetProcessImageFileName(hnd)
if !ok {
return fileName
}
//Split file path to get file name
_, fileName = filepath.Split(path)
return fileName
}