Roy Rashti
Reputation: 206
Get filename mapped into memory by the address it's mapped to
assuming there's the following code -
HANDLE h = CreateFile(L"some_dll.dll", GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_DELETE,
NULL,
OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);
HANDLE map = CreateFileMapping(h, NULL, PAGE_READONLY | SEC_IMAGE, 0, 0, NULL);
LPVOID res = MapViewOfFileEx(map, 0, 0, 0, 0, 0);
Is it possible to extract 'some_dll', given the address it's mapped to, using c++ ?
When trying to debug this executable using windbg, it seems that it doesn't extract the module well too
Upvotes: 0
Views: 1338
Answers (1)
Harry Johnston
Reputation: 36308
Yes, this is exactly what GetMappedFileName is for:
Checks whether the specified address is within a memory-mapped file in the address space of the specified process. If so, the function returns the name of the memory-mapped file.
PS: there's no reason for windbg to show the name of a memory mapped file that isn't a loaded module, even if the file happens to be a DLL.
Upvotes: 5
Related Questions
- Getting actual file name (with proper casing) on Windows
- Get Win32 HANDLE from MemoryMappedFile
- C++ get full path to file in directory
- C++ Winapi - Get Directory (path) identifier
- Get variable name by address
- Is there any way to find out full file path from another process?
- Casting memory location to get String
- Get location of a file pointer
- Get file handle to running executable
- Get File Name via Index