进程模块枚举之获取基地址 5/28
typedef BOOL (_stdcall *ENUMPROCESSMODULES)
(HANDLE hProcess,HMODULE* lphModule,DWORD cb,LPDWORD lpcbNeeded);
typedef DWORD (_stdcall *GETMODULEFILENAMEEX)
(HANDLE hProcess,HMODULE hModule,LPTSTR lpFilename,DWORD nSize );
unsigned int FindModlueAddr(DWORD dwProcessId,char *TempSMPFileName)
{
HMODULE hModule = LoadLibrary("psapi.dll");
HMODULE hMods[1024];
DWORD cbNeeded=0;
char szModName[MAX_PATH];
//char TempSMPFileName[256];
unsigned int Ret = 0;
if(hModule == NULL)
return 0;
ENUMPROCESSMODULES pEnumProcessModules =
(ENUMPROCESSMODULES)GetProcAddress(hModule, "EnumProcessModules");
GETMODULEFILENAMEEX pGetModuleFileNameEx =
(GETMODULEFILENAMEEX)GetProcAddress(hModule, "GetModuleFileNameExA");
HANDLE hProcess =
OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_VM_READ,false,dwProcessId);
if(!hProcess)
{
Ret = 0;
goto FuncRet1;
}
//strcpy(TempSMPFileName,(const char *)GetSMPFileName());
int i;
if(pEnumProcessModules(hProcess,hMods,sizeof(hMods), &cbNeeded))
{
//枚举成功
for ( i = 0; i <= (int)(cbNeeded / sizeof(HMODULE)); i++ )
{
if(pGetModuleFileNameEx( hProcess, hMods[i], szModName,sizeof(szModName)))
{
if(strstr(szModName,TempSMPFileName/*".SMP"/*"NDDCLW.SMP"*/))
{
//MessageBox(0,szModName,"提示",MB_OK);
Ret = (unsigned int)hMods[i];
goto FuncRet;
}
}
}
}
FuncRet:
CloseHandle(hProcess);
FuncRet1:
FreeLibrary(hModule);
return Ret;
}
目前有0条回应
Comment
Trackback