C++中获取指定进程模块的代码

2024年4月12日发(作者：)

C++中获取指定进程模块的代码

#include

#include

#include

#include

// Forward declarations:

BOOL ListProcessModules(DWORD dwPID);

void main()

{

HANDLE hToken;

LUID sedebugnameValue;

TOKEN_PRIVILEGES tkp;

OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);

LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue);

egeCount = 1;

eges[0].Luid = sedebugnameValue;

eges[0].Attributes = SE_PRIVILEGE_ENABLED;

AdjustTokenPrivileges(hToken, false, &tkp, sizeof tkp, NULL, NULL);

CloseHandle(hToken);

ListProcessModules(DWORD(16516));

getchar();

}

BOOL ListProcessModules(DWORD dwPID)

{

HANDLE hModuleSnap = INVALID_HANDLE_VALUE;

MODULEENTRY32 me32;

// Take a snapshot of all modules in the specified process.

hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);

if (hModuleSnap == INVALID_HANDLE_VALUE)

{

return(FALSE);

}

// Set the size of the structure before using it.

= sizeof(MODULEENTRY32);

// Retrieve information about the first module,

// and exit if unsuccessful

if (!Module32First(hModuleSnap, &me32))

{

CloseHandle(hModuleSnap); // Must clean up the snapshot object!

return(FALSE);

}

// Now walk the module list of the process,

// and display information about each module

do

{

printf("n MODULE NAME: %s", le);

printf("n executable = %s", ath);

printf("n process ID = 0x%08X", 32ProcessID);

printf("n ref count (g) = 0x%04X", tUsage);

printf("n ref count (p) = 0x%04X", tUsage);

printf("n base address = 0x%08X", (DWORD)eAddr);

printf("n base size = %d", eSize);

} while (Module32Next(hModuleSnap, &me32));

// Do not forget to clean up the snapshot object.

CloseHandle(hModuleSnap);

return(TRUE);

}