The pec2hooks_api_watermark plug-in will allow you to retrieve a watermark previously placed on an executable by PEWatermark. When this plug-in is supplied to PECompact during compression, your executable can import an API that will allow for watermark retrieval.
DWORD GetWatermark(HMODULE hModule)
A pointer to the API is defined as:
typedef DWORD (WINAPI *PFNGetWatermark)(HMODULE hModule);
First, you need to import this API. This must be done at runtime (dynamic import), and is performed via a call to the Windows API GetProcAddress. You need to supply a module handle of 0x40000 and an ordinal value of 0x383 (PEC2_GETWATERMARK_ORDINAL). For example:
#define
PEC2_GETWATERMARK_ORDINAL 0x383
PFNGetWatermark PEC2_GetWatermark=(PFNGetWatermark)GetProcAddress((HMODULE)0x40000,(LPCSTR)PEC2_GETWATERMARK_ORDINAL);
Retrieval of the watermark would then be done simply via:
DWORD dwWatermark=PEC2_GetWatermark(GetModuleHandle(NULL));
Of course, you'll want to make sure the pointer to PEC2_GetWatermark returned from GetProcAddress isn't NULL before trying to invoke it. See sample below.
Sample use:
#include
"stdafx.h"
#include <windows.h>
#include
<stdio.h>
typedef
DWORD (WINAPI *PFNGetWatermark)(HMODULE hModule);