DosQueryModFromEIP
From EDM2
DosQueryModFromEIP queries a module handle and name from a given flat address. It takes a flat 32 bit address as a parameter and returns information about the module (a protect mode application currently executing) owning the storage.
Syntax
APIRET APIENTRY DosQueryModFromEIP (HMODULE *phMod, ULONG *pObjNum, ULONG BuffLen, PCHAR pBuff, ULONG *pOffset, ULONG Address)
Parameters
- phMod (PHMODULE) output
- Address of a location in which the module handle is returned.
- pObjNum (PULONG) output
- Address of a ULONG where the module object number corresponding to the Address is returned. The object is zero based.
- BuffLen (ULONG) input
- Length of the user supplied buffer pointed to by pBuff.
- pBuff (PCHAR) output
- Address of a user supplied buffer in which the module name is returned.
- pOffset (PULONG) output
- Address of a where the offset to the object corresponding to the Address is returned. The offset is zero based.
- Address (ULONG) input
- Input address to be queried.
Return Code
ulrc (APIRET) returns
DosQueryModFromEIP returns one of the following values
- 0 NO_ERROR
- 87 ERROR_INVALID_PARAMETER
- 487 ERROR_INVALID_ADDRESS
Example Code
int main(int argc, char *argv[], char *envp[]){
HMODULE hMod;
ULONG ObjNum;
ULONG Offset;
ULONG eip;
APIRET rc;
char Buff[256];
if (argc !=2) {
printf("QEIP \n");
return 0;
} /* endif */
eip = strtoul(argv[1],NULL,0);
rc=DosQueryModFromEIP( hMod,
ObjNum,
sizeof(Buff),
Buff,
Offset,
eip);
if (rc!=0) {
printf("DosQueryModFromEIP returned rc=%u\n",rc);
return rc;
} /* endif */
printf("\nLinear Address 0x%08x\n",eip);
printf("%s\n",Buff);
printf("handle 0x%04x\n",hMod);
printf("Object 0x%08x\n",ObjNum);
printf("Offset 0x%08x\n",Offset);
return 0;
}
