C question

[xtknight]

Why do these yield different results? Aren't these supposed to do the same thing? Or do I need to do a malloc() to create the structure prior to calling the function when I just declare a pointer for it like this (for the second failing one)?

modinfo=(MODULEINFO*)malloc(sizeof(MODULEINFO));

Succeeds:

MODULEINFO modinfo;
GetModuleInformation(hProc,modules[x],&modinfo,sizeof(MODULEINFO));
//address variables using modinfo.property

Fails:

MODULEINFO *modinfo;
GetModuleInformation(hProc,modules[x],modinfo,sizeof(MODULEINFO));
//address variables using modinfo->property

Prototype of the function:

BOOL GetModuleInformation(
HANDLE hProcess,
HMODULE hModule,
LPMODULEINFO lpmodinfo,
DWORD cb
);

Function info:

http://msdn.microsoft.com/library/defau...s/perfmon/base/getmodulefilenameex.asp

Edit: sorry, I just answered my own question I think. I needed to do the malloc/free.

 

[EagleKeeper]

First option has allocated memory;
Second has a pointer defined of the type, but no memory behind it for data to be filed in with.

Module Info usually has information buried within the structure that gets set properly;

 

[xtknight]

Ahh...thanks...learn something new (about pointers) every day.

Anyhow I think I'll just recycle this thread and post the program I made out of that code. It just lists modules for any explorer.exe process, it might be helpful in diagnosing spyware or shell slowdown problems.

As a side note how do you print out an LPVOID parameter with printf??

Would this be fine?
printf("pid: %08X; module: %08lX,%08X,%08lX,%s\n",pe.th32ProcessID,modinfo.lpBaseOfDll,modinfo.SizeOfImage,modinfo.EntryPoint,szExePath);

%08lX for the LPVOIDs and %08X for the DWORDs? Not sure what the %08X really means, but my guess is something octal...I just googled some printf functions people called...

I get this warning:

xpmods.cpp(49) : warning C4313: 'printf' : '%X' in format string conflicts with argument 2 of type 'LPVOID'
xpmods.cpp(49) : warning C4313: 'printf' : '%X' in format string conflicts with argument 4 of type 'LPVOID'

 

[Markbnj]

Use p, that's the printf formatting code for a pointer.

Pointers can really be confusing when you're learning C or C++. The first thing to remember is that they are like any other scalar type.

long a; // 32 bits that hold a long integer

long* b; // 32 bits that hold the address of a long integer


And like any other scalar type we can add, subtract, assign, and otherwise manipulate a pointer.

b = &a; // b now holds the address in memory where a is stored

b = b + 1; // advance the address sizeof(long) bytes forward in memory

b = b - 1; // move the address sizeof(long) bytes back in memory

But the thing to remember is that when you perform arithmetic on a pointer you are changing an address. If b "points" to the address of a, and you do b++, then b now points to the address of a 32 bit long just forward of a in memory. Might be good, might not. It's good if you know that another long is stored ahead of a in ram, as in an array for example. It's bad if you don't know what's there.

There are different ways to access the memory "pointed to" by an address. The first is through "dereferencing." We use the * operator to tell the compiler "not b, but the thing at the address in b." This is what you do if you want to alter or take the value of a scalar type such as a long through a pointer.

*b = 1; // assigns the value 1 to a, because a's address is stored in b

int c = *b; // reads the value of a into c

If what b points to is a structure or class instance, rather than a scalar, then you use access notation.

struct D { int e; int f; }

D g;
D *b = &g;

b->e = 1; // assigns 1 to the e member of the D instance b points to

(*b).f = 2; // assigns 2 to the member f, by first dereferencing the pointer, then accessing the structure

g.f = 2; // does the same thing