[RESOLVED] Get module name from process by address?

[Marcus09]

Hello there! I have smal or pretty big problem, i am trying to figure out how to retrive the module name within a runing process by an address,
let's say the process is called "testapp.exe" and it has 10 modules running,
based on this i would like to when i search for and address retrive what the name of the module this address is in. lets say the module name is named "module5" and has a base of "00300000" and has a size of "4EF1" witch makes this "00304EF1" and within that range my address is located "00304EF1"" not less or higher. example of my address "00304000" how can i then retrive that modules name based on a search for this address the easiest way?

I am able to retrive the base of the modules, and the base of the process.
and even the size for booth the process and it's modules, but! how would i go about calculating it all the fastest way, to see where my given address is at?
I hope i explained that as good as possible.

Is there any API for retriving module names based on a address? what should i be looking at?

Thank you for taking a look!

Marcus09.

[drag0n_45]

Marcus,
I'm having a bit of a hard time understanding the questions you're asking, but here's what I know:
Module names ARE NOT stored in memory. Variable/module/class names are just a placeholder for a memory address. In machine language, the only thing referred to by the equivalent of a "goto" statement is a memory address, and function calls are simply memory addresses called from a running address. That's why you can't get a module name: the module name doesn't exist - it's just a memory address.

[Liami]

Apologies for the slight necro, but this actually is possible.

I'll assume you have a handle to your process already, in which case you would need to use EnumProcessModules to get all of the modules loaded by the process.
Then you need to use the GetModuleInformation to find basic information of the module in memory (get the entry point + size of image), this will enable you to determine whether your address you want is in the range of this module. If not just move to the next module.
You can then use GetModuleFileNameEx to get the filename of the module.

[drag0n_45]

You can then use GetModuleFileNameEx to get the filename of the module.

Ah, that actually makes sense. I thought Marcus was referring to the programmed module name (such as "modSettings"), as opposed to the EXE module name...

[Marcus09]

Hi and thank's guys! well i am sorry to not been able to reply erlier.
had to replace pc with a new one, as i have been having constant pc crashes. so i decided to upgrade to a better one, well anyway, i actualy managed to create a tool that accomplish this a few days after i posted this question, since i thought i wouldent get any respond to this, since i thought it was impossible myself i dident remember to post back here, but like Liami said is almost the way i did go about doing it.
so i solved the problem and would like to thank you booth anyway for your reply's. if there is any interest's in that tool , i will post it.

[fmogavero]

I would be interested in taking a look at that code. I am currently working on something similar.