#include <windows.h>
#include <tlhelp32.h>
#include <stdio.h>
#include <atlstr.h>
// Forward declarations:
BOOL ListProcessModules(DWORD dwPID);
void main()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue);
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, false, &tkp, sizeof tkp, NULL, NULL);
CloseHandle(hToken);
ListProcessModules(DWORD(16516));
getchar();
}
BOOL ListProcessModules(DWORD dwPID)
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if (hModuleSnap == INVALID_HANDLE_VALUE)
{
return(FALSE);
}
// Set the size of the structure before using it.
me32.dwSize = sizeof(MODULEENTRY32);
// Retrieve information about the first module,
// and exit if unsuccessful
if (!Module32First(hModuleSnap, &me32))
{
CloseHandle(hModuleSnap); // Must clean up the snapshot object!
return(FALSE);
}
// Now walk the module list of the process,
// and display information about each module
do
{
printf("\n MODULE NAME: %s", me32.szModule);
printf("\n executable = %s", me32.szExePath);
printf("\n process ID = 0x%08X", me32.th32ProcessID);
printf("\n ref count (g) = 0x%04X", me32.GlblcntUsage);
printf("\n ref count (p) = 0x%04X", me32.ProccntUsage);
printf("\n base address = 0x%08X", (DWORD)me32.modBaseAddr);
printf("\n base size = %d", me32.modBaseSize);
} while (Module32Next(hModuleSnap, &me32));
// Do not forget to clean up the snapshot object.
CloseHandle(hModuleSnap);
return(TRUE);
}
浙公网安备 33010602011771号