DosQueryModFromEIP
From EDM2
DosQueryModFromEIP queries a module handle and name from a given flat address. It takes a flat 32 bit address as a parameter and returns information about the module (a protect mode application currently executing) owning the storage.
Syntax
APIRET APIENTRY DosQueryModFromEIP (HMODULE *phMod, ULONG *pObjNum, ULONG BuffLen, PCHAR pBuff, ULONG *pOffset, ULONG Address)
Parameters
- phMod (PHMODULE) output
- Address of a location in which the module handle is returned.
- pObjNum (PULONG) output
- Address of a ULONG where the module object number corresponding to the Address is returned. The object is zero based.
- BuffLen (ULONG) input
- Length of the user supplied buffer pointed to by pBuff.
- pBuff (PCHAR) output
- Address of a user supplied buffer in which the module name is returned.
- pOffset (PULONG) output
- Address of a where the offset to the object corresponding to the Address is returned. The offset is zero based.
- Address (ULONG) input
- Input address to be queried.
Return Code
ulrc (APIRET) returns
DosQueryModFromEIP returns one of the following values
- 0 NO_ERROR
- 87 ERROR_INVALID_PARAMETER
- 487 ERROR_INVALID_ADDRESS
Example Code
int main(int argc, char *argv[], char *envp[]){ HMODULE hMod; ULONG ObjNum; ULONG Offset; ULONG eip; APIRET rc; char Buff[256]; if (argc !=2) { printf("QEIP \n"); return 0; } /* endif */ eip = strtoul(argv[1],NULL,0); rc=DosQueryModFromEIP( hMod, ObjNum, sizeof(Buff), Buff, Offset, eip); if (rc!=0) { printf("DosQueryModFromEIP returned rc=%u\n",rc); return rc; } /* endif */ printf("\nLinear Address 0x%08x\n",eip); printf("%s\n",Buff); printf("handle 0x%04x\n",hMod); printf("Object 0x%08x\n",ObjNum); printf("Offset 0x%08x\n",Offset); return 0; }