DosQueryModFromEIP

From EDM2
Jump to: navigation, search

DosQueryModFromEIP queries a module handle and name from a given flat address. It takes a flat 32 bit address as a parameter and returns information about the module (a protect mode application currently executing) owning the storage.

Syntax

 APIRET APIENTRY DosQueryModFromEIP
   (HMODULE *phMod, ULONG *pObjNum, ULONG BuffLen, PCHAR pBuff, ULONG *pOffset, ULONG Address) 

Parameters

phMod (PHMODULE) output 
Address of a location in which the module handle is returned.
pObjNum (PULONG) output 
Address of a ULONG where the module object number corresponding to the Address is returned. The object is zero based.
BuffLen (ULONG) input 
Length of the user supplied buffer pointed to by pBuff.
pBuff (PCHAR) output 
Address of a user supplied buffer in which the module name is returned.
pOffset (PULONG) output 
Address of a where the offset to the object corresponding to the Address is returned. The offset is zero based.
Address (ULONG) input 
Input address to be queried.

Return Code

ulrc (APIRET) returns

DosQueryModFromEIP returns one of the following values

  • 0 NO_ERROR
  • 87 ERROR_INVALID_PARAMETER
  • 487 ERROR_INVALID_ADDRESS

Example Code

int main(int argc, char *argv[], char *envp[]){
   HMODULE hMod;
   ULONG ObjNum;
   ULONG Offset;
   ULONG eip;
   APIRET rc;
   char Buff[256];

   if (argc !=2) {
      printf("QEIP \n");
      return 0;
   } /* endif */

   eip = strtoul(argv[1],NULL,0);

   rc=DosQueryModFromEIP(  hMod,
                           ObjNum,
                          sizeof(Buff),
                          Buff,
                           Offset,
                          eip);
   if (rc!=0) {
      printf("DosQueryModFromEIP returned rc=%u\n",rc);
      return rc;
   } /* endif */

   printf("\nLinear Address  0x%08x\n",eip);
   printf("%s\n",Buff);
   printf("handle  0x%04x\n",hMod);
   printf("Object  0x%08x\n",ObjNum);
   printf("Offset  0x%08x\n",Offset);

   return 0;
}

Related Functions

From duplicate page

Prototype

APIRET APIENTRY DosQueryModFromEIP ( HMODULE *phMod, ULONG *pObjNum, ULONG BuffLen, PCHAR pBuff, ULONG *pOffset, PVOID Address ) ;

Linkage Definition
IMPORTS DOSQUERYMODFROMEIP = DOSCALL1.360 
Parameters
  • HMODULE *phMod The address into which to store the address's module handle.
  • ULONG *pObjNum The address into which to store the module's object/segment number.
  • ULONG BuffLen The size of the buffer into which the module name will be stored.
  • PCHAR pBuff The address of the buffer into which the module name will be stored.
  • ULONG *pOffset The address into which the offset into the module segment will be stored.
  • PVOID Address The address to be analyzed.
Comments

This function may be used to get a program module name, segment number and offset within the segment if you have an absolute address within the calling program. This can be useful when trying to build an exception handler for debugging.

Example

In this code fragment, pContextRecord is one of the parameters passed to an OS/2 exception handler.

HMODULE hModule(0);
ULONG   ObjectNumber(0),Offset(0);
char    ModuleName [CCHMAXPATH+1]={0};
DosQueryModFromEIP (&hModule, &ObjectNumber, sizeof(ModuleName), ModuleName, 
  &Offset, (PVOID)pContextRecord->ctx_RegEip);
printf ("Exception occurred in module '%s', segment %i, offset %08X.\n", 
  ModuleName, ObjectNumber, Offset);