I only have an hModule handle (from GetModuleHandle) and want to get the ProcessId (OpenProcess) from. Is there a way to do that?

Beste regards,
Posted on 2007-03-23 14:45:25 by Nordwind64
did you read remarks section for GetModuleHandle help? hModule is only valid for your process
you want your process handle? use "GetCurrentProcess()" or "GetCurrentProcessId()" for pid
Posted on 2007-03-23 14:52:54 by drizz
Thank you! But I use the API in my injected dll (no virus!!!). Could found another solution.

Best regards,
Posted on 2007-03-24 11:50:01 by Nordwind64
Hi Nordwind64
calling those functions from the remote dll will give you handles of the process that loaded that dll.
can you be more descriptive about what are you trying to do...

Posted on 2007-03-24 19:31:00 by drizz

Drizz, you're right. Now I use...

invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,0
push eax
mov hmodul.dwSize, sizeof MODULEENTRY32
invoke Module32First,eax,addr hmodul
pop eax     
invoke CloseHandle,eax

...to get some infos (exepath) about the process.

I'm about to write some little hackertools (which dlls/file are using by a prog, e.g.). A filemon like util. Nothing destructive!
Posted on 2007-04-01 06:06:59 by Nordwind64
You might want to say "process tools" instead of "hacker tools", to avoid confusion. Sounds useful enough though, the sysinternals tools certainly make life easier...
Posted on 2007-04-01 09:21:52 by f0dder