#include <Psapi.h>
#include <vector>
BOOL TraversalModule2(OUT std::vector<HMODULE> &vec, IN DWORD dwPid)
{
vec.clear();
try
{
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, dwPid);
if (hProcess)
{
BYTE *pbt = 0;
DWORD dwSize = 0, dw = 0x1000;
BOOL b = 0;
for (; dw < INT_MAX && !b; dw *= 2)
{
if (pbt)
{
delete pbt;
pbt = 0;
}
pbt = new BYTE[dw];
if (pbt)
{
b = EnumProcessModules(hProcess, (HMODULE*)pbt, dw, &dwSize);
}
}
if (pbt && b)
{
HMODULE *pdw = (HMODULE*)pbt;
for (DWORD i = 0; i < dwSize / sizeof(HMODULE); ++i)
{
vec.push_back(pdw[i]);
}
delete pbt;
pbt = 0;
}
CloseHandle(hProcess);
}
}
catch (...)
{
OutputDebugStringA(__FUNCTION__);
return 0;
}
return vec.size() > 0;
}
int main()
{
STARTUPINFO si = { 0 };
si.cb = sizeof(si);
PROCESS_INFORMATION pi = { 0 };
BOOL b = CreateProcess(_T("C:/Using/winmine.exe"), 0, 0, 0, 0, 0, 0, 0, &si, &pi);
if (b)
{
Sleep(1000);
std::vector<HMODULE> vec;
std::cout << TraversalModule2(vec, pi.dwProcessId) << endl;
for each (HMODULE var in vec)
{
printf("%08X\t", var);
printf("\r\n");
}
TerminateProcess(OpenProcess(PROCESS_ALL_ACCESS, 0, pi.dwProcessId), 0);
}
return 0;
}
浙公网安备 33010602011771号