Windows API 之 GetModuleHandle

Retrieves a module handle for the specified module. The module must have been loaded by the calling process.

HMODULE WINAPI GetModuleHandle(
  _In_opt_ LPCTSTR lpModuleName
);

Parameters

lpModuleName [in, optional]

The name of the loaded module (either a .dll or .exe file). If the file name extension is omitted, the default library extension .dll is appended. The file name string can include a trailing point character (.) to indicate that the module name has no extension. The string does not have to specify a path. When specifying a path, be sure to use backslashes (\), not forward slashes (/). The name is compared (case independently) to the names of modules currently mapped into the address space of the calling process.

If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).

Return value

If the function succeeds, the return value is a handle to the specified module.

If the function fails, the return value is NULL. To get extended error information, call GetLastError.

Remarks

The returned handle is not global or inheritable. It cannot be duplicated or used by another process.

The GetModuleHandle function returns a handle to a mapped module without incrementing its reference count. However, if this handle is passed to the FreeLibrary function, the reference count of the mapped module will be decremented. Therefore, do not pass a handle returned by GetModuleHandle to the FreeLibrary function. Doing so can cause a DLL module to be unmapped prematurely.

例如：

GetModuleHandle(NULL); //  这将返回自身应用程序句柄

GetModuleHandle("kernel32");//这将返回kernel32.dll的句柄

模块句柄实际上就是模块在当前进程空间的装入地址。即，进程地址空间中可执行文件的基址。例如：

#include <windows.h>
#include <iostream>

using namespace std;

int main()
{
    HMODULE hModule = GetModuleHandle(NULL);
    PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)hModule;
    cout << (char*)pDosHeader << endl;
    system("pause");
    return ;
}

输出结果：

aaarticlea/png;base64,iVBORw0KGgoAAAANSUhEUgAAALUAAAAtCAIAAABnBL3QAAAGq0lEQVR4nO2caVcaSRSG+R/5kA85J7M6xkQCroiiiIj7hmtQURHZGmh2E+ePzBLjhuK+C7Tb/K750NApqrtvF0yig9Z73uOB6tu3lvsARSOofGwctZeNYfYECx2IegJRbzDmDcZ8bNzLxn2hBBNKMOFlf+SjP7IciH4MRD+xsRU29ikUWwnFV8Lx30OJr2bjK2IHY594B6IfUfsjy0wYcSjBhBK+UCI3WmRIbn/U5Y8sMeElJuxkQk5faNHHOrxBhye44AnMuwNzLmbOxdidjN3JzC56Zxe9Mwse27zbNueasi9N2p2TdufE7OL4jGNsesH6Yd46ZbdO2Ycn7EMTs4NjMwOjtn6rrdc61TM82T080TU4bhkcs/SPmvus5j6rqWekvXvY2DXUZhlstQwYOvtbzH3NHb36jl59e09Te3eTsUvX1qVrszS0WhoMnfUtnXUt5rpmc62+o0ZvqtGbtPp2TVO7RmfU6IzvdW3qxjZ1Y5u6oVXd0FrdYKiuz7uupbqu5V3eb2ub89YLrqop8Btt6VYBcOBk5Csh2B2IYgHeHDFxHxtj2DhfTtQYjnyNeWPJPYGo2x9xMWHBS0zIyYScPpa3wxt0eIMOT8DhCSy4A/Nu/9wSM7eUJ8Dpm1n0Tjs8tgWPbcHzYd41leNgaWJ2cXzaMT7tGLXxHMyNTNpHJu1D4zODY9MDo7Z+64c+61TvyGTP8CTPgbnfau63dvRZTT0jxu5hY9dQq2XQ0DnQYu7Xm3r1pl6dsVtn7G7ka2/orGvuqG3uqNWbtE3tWp1RozNqdG3qxlZ1g6G63vCuPlfaqlp9VY3+TU1TpbapUttUqdH9ptFVvNdVvNdVqBsr1I2/qht+qc77Xf3Pef/0tg5xLe8fqwr8w5ua/+LXldrXlVoVRsbx2SV3e8/d3nM3Cs4W+A61OPiazyn212x3uK/vMgW+zVzfZrjbDHeb5m7S3E06m/NV9uYqc32J+CLNXaS5i3T2/Cp7fpU5v8qcXfJOn12mTy/SpxdXJ+dXx2eXgo9OL45OLw5Pzg9Pzg+Oz/Z5H53uHZ7sHp7sHhynDo5T+8ep/aOdvaOdvcPt3cPk7kEydZBM7W+l9rd29jd39ja39za2dzeSuxvJ1Hoytb6VWttKrW3trG3ufNnc/rKR8+pGcnUjubqe/Cx4betvwV82ef+V8wbqP1eV/cfn9W9lFQYHG4m9ePmKmpq3Cn1B4W7vX7x8paKiElTAxw3lg6pQ6G6U8kGFC32rQvmgwoW+O+X54DiO4zghQLjLSemRRk31UJLjA2NChYCCtVM9ZaHXvjA+sOcJDI7HGzLVAwq9MArzIYjy8YyEXjXH9h/ilxXxXaonLvTzjiy4P1VROJ6h0A/biuWDsvL0JcChyAd9oXmOcufhIOQD2LdSPUEV8nFHr59SFUiAw+WPUD6ocPFk8KZ8UOES4HD5I9lrBT7gDYf4qOIGRTKAZFtTWmb4ULGDKXnw5aSvfDBhgY+iVhA+WtQpwM5XcncMxxc1TrSdI3sP/5z4YMIoHyrRpy0ll4SEDyCnYjag2EJC7IZkX3JMKMKEdUc+l/IQ+g/iknygIim2ihgp8mLLxQDxiuWHA9C5wAkVJ1XeQr49EJbbf8CVFreTP+bgAKB3mD/JzCTx6PjFfyXHqTip8pbbH3ETv3+BJy9eSngdCfkoQTCvWCOMlyJq4hZxwjKWR3R9TLxYhPMvqt4l8FHUMCRrDBdPccpFjZYkoAwkd32shLkJi6hYSMUwoPCS/QKN4lRwPHAb7lQ8O8kTy0wCHAAfhA8moJySt4EllhQ5RuJDnBSRcv0CbMHjfFJk8OK/5sob4AM7S0yPOAzOoJiWJJ4kuXhsijzJ/ZWMV8xf3hJ/fsu3wyuiWG+AFaBRkQ85AcmF+gEnikcrPqRIgFy28hYhH9hZJPWWfGzBSQhXliSsWFgJz5WLVwQXQBnO+Z3iSSX8/7okH8CDT3KIhI1yh2CSikIWGz9hLyQdYfFAv4rBgL5fvGQ1ZU8U4BDzIZxDWEi5MLjqimkl80jexhoBRLDk2AIpgii3oIRgPa6K48PLxjzBKG+S/ankcgON4tvis+ARA5gCAZJIKXYBRALxco2yi/6ogqeGS+75A8sI3BU3Svb3TZavuLk9lOTG8OgDk1Rxa+hl49j3Kx90sFT/c9Hfh6GChP5UHH3+oMLl438uMpTwsnH6/EGFC/1d0WvKBxUmJpzg7QvFKR9UuPzhZX94mUfk+u4fygdVgfyRZcE3lA8qTOiPnVM+qDD9Cwh0ZHaPKz6jAAAAAElFTkSuQmCC" alt="" />

可以看出hModule实际上就是装入内存的PE结构的首地址（指向字符“MZ”）。

参考：

https://msdn.microsoft.com/en-us/library/windows/desktop/ms683199%28v=vs.85%29.aspx

http://blog.csdn.net/guzhou_diaoke/article/details/8826558