学习VLD2.0代码,看到如下函数:
HMODULE GetCallingModule( UINT_PTR pCaller )
{
HMODULE hModule = NULL;
MEMORY_BASIC_INFORMATION mbi;
if ( VirtualQuery((LPCVOID)pCaller, &mbi, sizeof(MEMORY_BASIC_INFORMATION)) == sizeof(MEMORY_BASIC_INFORMATION) )
{
// the allocation base is the beginning of a PE file
hModule = (HMODULE) mbi.AllocationBase;
}
return hModule;
}
入参是函数地址或eip/rip,可以得到其所在的模块句柄。