GetModuleHandle
Jump to navigation
Jump to search
Description
Used to obtain a handle to an already loaded module. Malware may use GetModuleHandle to locate and modify code in a loaded module or to search for a good location to inject code.
Syntax
HMODULE WINAPI GetModuleHandle(
_In_opt_ LPCTSTR lpModuleName
);
Parameters
- lpModuleName [in, optional]
- The name of the loaded module (either a .dll or .exe file). If the file name extension is omitted, the default library extension .dll is appended. The file name string can include a trailing point character (.) to indicate that the module name has no extension. The string does not have to specify a path. When specifying a path, be sure to use backslashes (\), not forward slashes (/). The name is compared (case independently) to the names of modules currently mapped into the address space of the calling process.
- If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).
- The GetModuleHandle function does not retrieve handles for modules that were loaded using the LOAD_LIBRARY_AS_DATAFILE flag. For more information, see LoadLibraryEx.
Return value
If the function succeeds, the return value is a handle to the specified module.
If the function fails, the return value is NULL. To get extended error information, call GetLastError.