Process module from name in C#

Question

I have this code in python:

client = pymem.process.module_from_name(pm.process_handle, "client.dll").lpBaseOfDll

I tried to rewrite it in C#.

In C#, I have this: Magner is a class with imports of user32 and kernel

pHandle = Manager.OpenProcess(Manager.PROCESS_VM_READ | Manager.PROCESS_VM_WRITE | Manager.PROCESS_VM_OPERATION, false, pId);

public static T Read<T>(Int64 address)
{
    byte[] Buffer = new byte[Marshal.SizeOf(typeof(T))];
    IntPtr ByteRead;
    Manager.ReadProcessMemory(pHandle, address, Buffer, (uint)Buffer.Length, out ByteRead);

    GCHandle handle = GCHandle.Alloc(Buffer, GCHandleType.Pinned);
    T stuff = (T)Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(T));
    handle.Free();
    return stuff;
}

Magner code:

[DllImport("kernel32.dll")]
public static extern IntPtr OpenProcess(UInt32 dwAccess, bool inherit, int pid);

[DllImport("kernel32.dll", SetLastError = true)]
public static extern bool ReadProcessMemory(IntPtr hProcess, Int64 lpBaseAddress, [In, Out] byte[] lpBuffer, UInt64 dwSize, out IntPtr lpNumberOfBytesRead);
    
// READ FLAGS
public static uint PROCESS_VM_READ = 0x0010;
public static uint PROCESS_VM_WRITE = 0x0020;
public static uint PROCESS_VM_OPERATION = 0x0008;
public static uint PAGE_READWRITE = 0x0004;

The problem is, the C# code works for normal readings, but here I need to get a process module by the name. The code in python works but I don't know how to make this in C#. I'm stuck here for the last 2 weeks.

EDIT:

THIS CODE IN THE PICTURE DOESN'T WORK

_THIS CODE IN PICATURE DOESN'T WORK_, but it works well for me. So what do you get if you run this code? Notice that string comparsion is case senstive. — shingo, Dec 14 '21 at 06:17
It returns process.exe as one of the modules, but I need the client.dll inside of process.exe. All the codes I've seen are using the same way just looking for "client.dll" in the modules list but when I try it doesn't work. Case sensitive is correct — Paglione, Dec 14 '21 at 06:26
Is client.dll a 32-bit module? If it is choose the "Prefer 32-bit" option in your c# project properties. This is the only difference between Process.Modules and pymem's module_from_name, it doesn't enumerate modules with a different architecture. — shingo, Dec 14 '21 at 07:35

GibbOne · Answer 1 · 2021-12-14T09:26:58.323

0

Use System.Diagnostics.Process.Modules.

You can enumerate all loaded dlls.

More details here.

See also Getting a list of DLLs currently loaded in a process C#.

Example (that works like a charm :-)). Start a notepad instance before run it:

edited Dec 14 '21 at 09:26

answered Dec 14 '21 at 06:21

GibbOne

629
6
10

I tried but without success, I linked print of the code in the post – Paglione Dec 14 '21 at 06:39
Do you have an exception? Did you try to list all the modules? I added a simple example. – GibbOne Dec 14 '21 at 09:26

Process module from name in C#

1 Answers1