• Welcome to Valhalla Legends Archive.
 

Getting remote PE header

Started by Telos, February 13, 2004, 08:45 AM

Previous topic - Next topic
Print
|
Go Down Pages1
User actions

Telos

February 13, 2004, 08:45 AM
I am looking to get the PE header of another process that is already running

The way I see it I have two options:
1) Map the file to my process address space and get the header using the base address of that mapping
2) Create a thread in the remote process to get the header using the remote process image

Neither is that great a solution so if anyone knows a better way to do this let me know

TIA

TheMinistered

#1
February 13, 2004, 12:00 PM
Disregard this, as me and telos are already in the address space of the remote process as we are injecting a dll.   I don't think he knew that for some reason??

Adron

#2
February 13, 2004, 01:52 PM
Quote from: Telos on February 13, 2004, 08:45 AM
Neither is that great a solution so if anyone knows a better way to do this let me know

ReadProcessMemory comes to mind.
Print
|
Go Up Pages1
User actions