DosQueryModFromEIP

From EDM2
Jump to: navigation, search

DosQueryModFromEIP queries a module handle and name from a given flat address. It takes a flat 32 bit address as a parameter and returns information about the module (a protect mode application currently executing) owning the storage.

Syntax

 APIRET APIENTRY DosQueryModFromEIP
   (HMODULE *phMod, ULONG *pObjNum, ULONG BuffLen, PCHAR pBuff, ULONG *pOffset, ULONG Address) 

Parameters

phMod (PHMODULE) output 
Address of a location in which the module handle is returned.
pObjNum (PULONG) output 
Address of a ULONG where the module object number corresponding to the Address is returned. The object is zero based.
BuffLen (ULONG) input 
Length of the user supplied buffer pointed to by pBuff.
pBuff (PCHAR) output 
Address of a user supplied buffer in which the module name is returned.
pOffset (PULONG) output 
Address of a where the offset to the object corresponding to the Address is returned. The offset is zero based.
Address (ULONG) input 
Input address to be queried.

Return Code

ulrc (APIRET) returns

DosQueryModFromEIP returns one of the following values

  • 0 NO_ERROR
  • 87 ERROR_INVALID_PARAMETER
  • 487 ERROR_INVALID_ADDRESS

Example Code

int main(int argc, char *argv[], char *envp[]){
   HMODULE hMod;
   ULONG ObjNum;
   ULONG Offset;
   ULONG eip;
   APIRET rc;
   char Buff[256];

   if (argc !=2) {
      printf("QEIP \n");
      return 0;
   } /* endif */

   eip = strtoul(argv[1],NULL,0);

   rc=DosQueryModFromEIP(  hMod,
                           ObjNum,
                          sizeof(Buff),
                          Buff,
                           Offset,
                          eip);
   if (rc!=0) {
      printf("DosQueryModFromEIP returned rc=%u\n",rc);
      return rc;
   } /* endif */

   printf("\nLinear Address  0x%08x\n",eip);
   printf("%s\n",Buff);
   printf("handle  0x%04x\n",hMod);
   printf("Object  0x%08x\n",ObjNum);
   printf("Offset  0x%08x\n",Offset);

   return 0;
}

Related Functions