Verify module handle validity
I have a handle to a module (HMODULE type) that I need to be verified. I know a couple of ways of doing it, but the problem is, the 4 byte value can contain any kind of data, from 0x00000000 to 0xFFFFFFFF. And I'm afraid that some values could crash the program. What should I do?
I believe (but I have no direct evidence thereof) that a HMODULE is (essentially) a pointer, and as such, it would be hard to determine what is a valid value and what isn't a valid pointer.
Some quick arbitrary playing around seems to indicate that the HMODULE, if it's valid for this process, is actually a valid memory address. This assumes, I think, that THIS process loaded the library.
Further, it seems like it's the address of the header of the DLL itself, so if you read the first two bytes, it would be MZ, then 0x90 0x00 in the next two bytes.
All of my handles where also aligned to 64KB.
This is on a sample of three rather randomly selected DLL's.
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
You could try simply calling GetModuleFileName() to see if it fails or not. It *shouldn't* crash on a bad handle value, but you can test that
gg
Much better suggestion than mine, of course...Originally Posted by Codeplug
You could try simply calling GetModuleFileName() to see if it fails or not. It *shouldn't* crash on a bad handle value, but you can test that
gg
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
>> Much better suggestion than mine, of course...
Not really: I tried that, but GetModuleFileName() works alot even with a bad handle.
I'll try what you said, it seems like a pretty good idea to me!
What? GetModuleFileaName should return zero if the handle is invalid - what is the name you get back if you try with different values?
--
Mats
Compilers can produce warnings - make the compiler programmers happy: Use them!
Please don't PM me for help - and no, I don't do help over instant messengers.
Just random junk, but it only happens sometimes, most of the time not. But as you know, that's not a risk worth taking.
You could use PSAPI or ToolHelp functions to get a snapshot of the current modules for the process - but that's a bit expensive.
gg
Yeah, I know, I thought of that too. But I figured out a good way of doing it.
If anyone's wondering, I came up with this trough trial-and-error, it works for all the exes and dlls that I tried:
Code:char *cs = (char*)hModule; if(cs[0] == 'Z' && !cs[2] && cs[3] <= 0x20) // This is a valid HMODULE handle!
