std::set<wxString, wxStringOrdinalComparator> ProcessManager::GetModulesForProcessIdInternalV1(int processID, DWORD& resultCode) { unique_handle process(OpenProcess(PROCESS_ALL_ACCESS, false, processID)); resultCode = ERROR_SUCCESS; if (process.get() == NULL) { resultCode = GetLastError(); return set<wxString, wxStringOrdinalComparator>(); } HMODULE modules[250]; DWORD needed; auto size = sizeof(modules); if (!EnumProcessModulesEx(process.get(), modules, sizeof(modules), &needed, LIST_MODULES_ALL)) { resultCode = GetLastError(); return set<wxString, wxStringOrdinalComparator>(); } set<wxString, wxStringOrdinalComparator> result; HMODULE* modulesSource; unique_ptr<HMODULE[]> dynamicSource; if (needed > sizeof(modules)) { dynamicSource = unique_ptr<HMODULE[]>(new HMODULE[needed / sizeof(HMODULE)]); if (!EnumProcessModulesEx(process.get(), dynamicSource.get(), needed, &needed, LIST_MODULES_ALL)) { resultCode = GetLastError(); return set<wxString, wxStringOrdinalComparator>(); } modulesSource = dynamicSource.get(); } else { modulesSource = modules; } int arrayLength = sizeof(modules) / sizeof(HMODULE); int arrivedLength = needed / sizeof(HMODULE); wchar_t nameBuffer[250]; for (int i = 0; i < arrivedLength; i++) { if (GetModuleFileNameEx(process.get(), modulesSource[i], nameBuffer, sizeof(nameBuffer))) { result.insert(nameBuffer); } } return move(result); }
BOOL STDCALL OSGetLoadedModuleList(HANDLE hProcess, StringList &ModuleList) { HMODULE hMods[1024]; DWORD count; if (EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &count, LIST_MODULES_ALL)) { for (UINT i=0; i<(count / sizeof(HMODULE)); i++) { TCHAR szFileName[MAX_PATH]; if (GetModuleFileNameEx(hProcess, hMods[i], szFileName, _countof(szFileName)-1)) { TCHAR *p; p = srchr(szFileName, '\\'); if (p) { *p = 0; p++; } slwr (p); ModuleList << p; } } } else return 0; return 1; }
// Get address of function in another process (since addresses aren't shared across processes) LPVOID GetProcAddressExternal(LPCSTR moduleName, LPCSTR funcName, HANDLE hTargetProcess) { // Get local function address HMODULE localModule = GetModuleHandleA(moduleName); HANDLE localAddress = GetProcAddress(localModule, funcName); // Get external modules HMODULE modules[100]; DWORD moduleSize; BOOL out = EnumProcessModulesEx(hTargetProcess, modules, (DWORD)100ul, &moduleSize, LIST_MODULES_ALL); // Get target module handle (which = the external module offset) char curModuleName[100]; HMODULE remoteModule = NULL; for (int i = 0; i < (int)(moduleSize / sizeof(DWORD)); i++) { GetModuleBaseNameA(hTargetProcess, modules[i], (LPSTR)&curModuleName, (DWORD)100); if (strcmp(moduleName, curModuleName) == 0) { remoteModule = modules[i]; break; } } if (remoteModule == NULL) { return NULL; } // Calculate address of function in external process unsigned long offset; offset = (unsigned long)localAddress - (unsigned long)localModule; return (LPVOID)((unsigned long)(remoteModule) + offset); }
bool app_list::get_app_info(app_info & info, const filters_t & filters, bool x86, bool query_name) { HMODULE hmodules[1024]; DWORD needed; HANDLE hprocess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, info.id); if (hprocess == NULL) return false; #ifdef _WIN64 BOOL px86; if ( ! IsWow64Process(hprocess, & px86)) { CloseHandle(hprocess); return false; } info.x86 = px86; #else info.x86 = true; #endif if (query_name && EnumProcessModulesEx( hprocess, hmodules, sizeof(hmodules), & needed, x86?LIST_MODULES_32BIT:LIST_MODULES_64BIT)) { WCHAR name[MAX_PATH] = {0}; std::wstring exename; if (GetModuleBaseName(hprocess, hmodules[0], name, sizeof(name)/sizeof(WCHAR))) { _wcslwr(name); exename = name; // skip filter if (filters.empty()) { info.name = exename; CloseHandle(hprocess); return true; } for (DWORD j = 0; j < (needed / sizeof(HMODULE)); j++) { WCHAR name[MAX_PATH] = {0}; if (GetModuleBaseName(hprocess, hmodules[j], name, sizeof(name)/sizeof(WCHAR))) { _wcslwr(name); for (filters_t::const_iterator it = filters.begin(); it != filters.end(); it++) if ( * it == name) { info.name = exename; CloseHandle(hprocess); return true; }; } } } } CloseHandle(hprocess); return ! query_name; }
int PrintModules( DWORD processID ) { HMODULE hMods[1024]; MODULEINFO minfo; HANDLE hProcess; DWORD cbNeeded; TCHAR szModName[MAX_PATH]; int modSize=0; hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); if (NULL == hProcess){ printf("Error: failed to open process.."); return 1; } int ret = EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &cbNeeded, LIST_MODULES_ALL); if( cbNeeded > sizeof(hMods) ){ printf("Error: buffer to small to get all modules!"); //shouldnt happen... return 1; } if( ret ) { for (int i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ ) { if(GetModuleInformation(hProcess, hMods[i], &minfo, sizeof(minfo)) == 0){ modSize=0; }else{ modSize = minfo.SizeOfImage; } if ( GetModuleFileNameEx( hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR))) { _tprintf( TEXT("0x%010X,0x%010X,%s\n"), hMods[i] , modSize, szModName); } } } else{ printf("Error: EnumProcessModulesEx failed %x", ret); } CloseHandle( hProcess ); return 0; }
std::vector<MODULEINFO> get_modules(HANDLE hProcess) { HMODULE hMods[1024]; DWORD cbNeeded; std::vector<MODULEINFO> modules; if (EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &cbNeeded, LIST_MODULES_ALL)) { size_t i; for (i = 0; i < (cbNeeded / sizeof(HMODULE)); ++i) { MODULEINFO modinfo; if (GetModuleInformation(hProcess, hMods[i], &modinfo, sizeof(modinfo))) modules.push_back(modinfo); } } return modules; }
int DumpProcess( DWORD processID, char* dumpPath ) { HMODULE hMods[1024]; MODULEINFO minfo; HANDLE hProcess; DWORD cbNeeded; int rv=0; hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID ); if (NULL == hProcess){ printf("Error: failed to open process.."); return 1; } int ret = EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &cbNeeded, LIST_MODULES_ALL); if( cbNeeded > sizeof(hMods) ){ printf("Error: buffer to small to get all modules!"); //shouldnt happen... return 1; } if( ret ) { if(GetModuleInformation(hProcess, hMods[0], &minfo, sizeof(minfo)) == 0){ printf("Error: GetModuleInformation failed %x", ret); }else{ rv = dump(processID, (__int64)minfo.lpBaseOfDll, minfo.SizeOfImage, dumpPath); } } else{ printf("Error: EnumProcessModulesEx failed %x", ret); } CloseHandle( hProcess ); return rv; }
int process_getmodules(pid_t pid, fcb_process_getmodules callback, void* param) { int major, minor; DWORD i; DWORD ret; DWORD bytes; HANDLE handle; HMODULE modules[1024] = {0}; CHAR filename[MAX_PATH] = {0}; // open process handle = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, pid); if(!handle) return (int)GetLastError(); // enum process modules system_version(&major, &minor); #if 0 if(major >= 6) ret = EnumProcessModulesEx(handle, modules, sizeof(modules), &bytes, LIST_MODULES_ALL); else #endif ret = EnumProcessModules(handle, modules, sizeof(modules), &bytes); if(!ret) return (int)GetLastError(); // get module filename for(i=0; i<bytes/sizeof(HMODULE); i++) { if(GetModuleFileNameExA(handle, modules[i], filename, sizeof(filename)-1)) callback(param, filename); } // close process CloseHandle(handle); return 0; }
Memory::Memory(const std::string& processName) { // First, get the handle of the process PROCESSENTRY32 entry; entry.dwSize = sizeof(entry); HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); while (Process32Next(snapshot, &entry)) { if (processName == entry.szExeFile) { _handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID); if (!_handle) { std::cerr << "Couldn't find " << processName.c_str() << ". Is it open?" << std::endl; exit(EXIT_FAILURE); } break; } } // Next, get the process base address DWORD numModules; std::vector<HMODULE> moduleList(1024); EnumProcessModulesEx(_handle, &moduleList[0], static_cast<DWORD>(moduleList.size()), &numModules, 3); std::string name(64, 0); for (DWORD i = 0; i < numModules / sizeof(HMODULE); i++) { GetModuleBaseNameA(_handle, moduleList[i], &name[0], sizeof(name)); // TODO: Filling with 0s still yeilds name.size() == 64... if (strcmp(processName.c_str(), name.c_str()) == 0) { _baseAddress = (uintptr_t)moduleList[i]; break; } } if (_baseAddress == 0) { std::cerr << "Couldn't find base address!" << std::endl; exit(EXIT_FAILURE); } }
BOOL PsGetModulesByProcessHandle(HANDLE ProcessHandle, MODULE_INFO *Entries, SIZE_T NumOfEntries, PSIZE_T RealNumOfEntries) { BOOL result; HMODULE *modules; DWORD needSize; SIZE_T moduleOffset = 0; SIZE_T moduleCounter = 0; if (!RealNumOfEntries) { return FALSE; } modules = (HMODULE*)AllocMem(sizeof(HMODULE) * NumOfEntries); if (!modules) { return FALSE; } result = EnumProcessModulesEx(ProcessHandle, modules, (DWORD)(sizeof(HMODULE) * NumOfEntries), &needSize, LIST_MODULES_ALL); if (!result) { DeallocMem(modules); return FALSE; } *RealNumOfEntries = needSize / sizeof(HMODULE); do { result = FALSE; moduleCounter++; if (moduleOffset >= NumOfEntries) { continue; } Entries[moduleOffset].ModuleHandle = modules[moduleOffset]; GetModuleFileNameEx(ProcessHandle, modules[moduleOffset], Entries[moduleOffset].ModulePath, MAX_PATH); GetShortFileName(Entries[moduleOffset].ModulePath, Entries[moduleOffset].ModuleName, MAX_PATH); result = moduleCounter < (*RealNumOfEntries); moduleOffset++; } while (result); DeallocMem(modules); *RealNumOfEntries = moduleCounter; if (moduleCounter > NumOfEntries) { return FALSE; } return TRUE; }