64 bit equivalent of "GetModuleHandleA" need

Question

I need to extent the compatibility of my application to 64 bit exe.

__int64 GetGameFunctionAddress(std::string GameFileExe, std::string Address)
  {
    // Get integer value address of the original function hook

    #if defined(_WIN64)

        /// code to emulate GetModuleHandleA on 64 executible

    #else

        return (__int64)GetModuleHandleA(GameFileExe.c_str()) + std::strtoul(Address.c_str(), NULL, 16);
    
    #end if
    
}

this function get Address to pass to IDA for hook a function of a game.

I call this function with this line:

Output.MainFunctHookAddressInt = GetGameFunctionAddress(Output.ExeFile, GameInfo.MainFunctHookAddressInt);

AddressOfHookSoundFunction = Output.MainFunctHookAddressInt;

and in a second time I pass it to detours:

DetourAttach(&(LPVOID&)AddressOfHookSoundFunction, HookMainFunction);

Unfortunately "GetModuleHandleA" work only on 32 bit games, but I need to extend the compatibility to 64 bit games too.

So I need to fix my 'GetGameFunctionAddress' function to add 64 bit compatibility.

Can you help me please ?

Update:

One user tell me:

According to this GetModuleHandleA does not work to get the base address if the process is 64bit. Why does getting the base address using GetModuleHandle work?

`GetModuleHandle` of course work in both 64bit and 32bit. unclear about what you ask — RbMm, Jun 24 '22 at 08:01
@RbMm afaik there are issues if your app and another app are in different realms. — Swift - Friday Pie, Jun 24 '22 at 08:09
@Swift-FridayPie - `GetModuleHandleA` say that all happens in the same process — RbMm, Jun 24 '22 at 08:15
One user tell me: According to this GetModuleHandleA does not work to get the base address if the process is 64bit. https://stackoverflow.com/questions/18066847/why-does-getting-the-base-address-using-getmodulehandle-work — , Jun 24 '22 at 08:18
The answer says: Do not truncate your (potentially 64-bit wide) address to a 32-bit wide `DWORD`. — IInspectable, Jun 24 '22 at 08:21

score 4 · Accepted Answer · answered Jun 24 '22 at 08:29

4

GetModuleHandleW returns a value of type HMODULE (which is the same as HINSTANCE, aka HANDLE, aka PVOID, aka void*). In other words: It returns a pointer sized value.

Pointer sized values are 32 bits wide in 32-bit processes, and 64 bits wide in 64-bit processes. Either way you get the address of the module base address, irrespective of the bitness of the process.

Now obviously, since you are interacting with filesystem objects that aren't under your control, you do not want to call the ANSI version of the API (GetModuleHandleA) but the Unicode version: GetModuleHandleW. And while you're doing pretty low-level stuff here, you probably don't want to use types from the C++ Standard Library either (if you insist, use std::wstring/std::wstring_view).

answered Jun 24 '22 at 08:29

IInspectable

46,945
8
85
181

In short you suggest to use "GetModuleHandleW" and "std::wstring" on both cases ? – Jun 24 '22 at 08:48
Yes, and no. Always use `GetModuleHandleW`, yes, regardless of target architecture. No, don't use `std::wstring` at all. Presumably, you're infiltrating a foreign process. You should not assume that the C++ support libraries are fully initialized, or that the target process is even using them. Keep things as C-like as possible (pick Rust for a C-replacement with bonuses). – IInspectable Jun 24 '22 at 09:32
Thank you ! I will try and let you known ! – Jun 24 '22 at 10:21

64 bit equivalent of "GetModuleHandleA" need

1 Answers1