NTSTATUS PhpGetDllBaseRemote(
_In_ HANDLE ProcessHandle,
_In_ PPH_STRINGREF BaseDllName,
_Out_ PVOID *DllBase
)
{
NTSTATUS status;
GET_DLL_BASE_REMOTE_CONTEXT context;
#ifdef _WIN64
BOOLEAN isWow64 = FALSE;
#endif
context.BaseDllName = *BaseDllName;
context.DllBase = NULL;
#ifdef _WIN64
PhGetProcessIsWow64(ProcessHandle, &isWow64);
if (isWow64)
status = PhEnumProcessModules32(ProcessHandle, PhpGetDllBaseRemoteCallback, &context);
if (!context.DllBase)
#endif
status = PhEnumProcessModules(ProcessHandle, PhpGetDllBaseRemoteCallback, &context);
if (NT_SUCCESS(status))
*DllBase = context.DllBase;
return status;
}
HRESULT STDMETHODCALLTYPE DnCLRDataTarget_GetImageBase(
__in ICLRDataTarget *This,
__in LPCWSTR imagePath,
__out CLRDATA_ADDRESS *baseAddress
)
{
DnCLRDataTarget *this = (DnCLRDataTarget *)This;
PHP_GET_IMAGE_BASE_CONTEXT context;
RtlInitUnicodeString(&context.ImagePath, (PWSTR)imagePath);
context.BaseAddress = NULL;
PhEnumProcessModules(this->ProcessHandle, PhpGetImageBaseCallback, &context);
#ifdef _M_X64
if (this->IsWow64)
PhEnumProcessModules32(this->ProcessHandle, PhpGetImageBaseCallback, &context);
#endif
if (context.BaseAddress)
{
*baseAddress = (CLRDATA_ADDRESS)context.BaseAddress;
return S_OK;
}
else
{
return E_FAIL;
}
}
