static void
hookAllModules(void)
{
HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
if (hModuleSnap == INVALID_HANDLE_VALUE) {
return;
}
MODULEENTRY32 me32;
me32.dwSize = sizeof me32;
if (VERBOSITY > 0) {
static bool first = true;
if (first) {
if (Module32First(hModuleSnap, &me32)) {
debugPrintf(" modules:\n");
do {
debugPrintf(" %s\n", me32.szExePath);
} while (Module32Next(hModuleSnap, &me32));
}
first = false;
}
}
if (Module32First(hModuleSnap, &me32)) {
do {
hookModule(me32.hModule, me32.szExePath);
} while (Module32Next(hModuleSnap, &me32));
}
CloseHandle(hModuleSnap);
}
/**
* Inspect all loaded modules for the specified process
* @param dwProcessId Process id
*/
void VBoxServicePageSharingInspectModules(DWORD dwProcessId)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessId);
if (hSnapshot == INVALID_HANDLE_VALUE)
{
printf("VBoxServicePageSharingInspectModules: CreateToolhelp32Snapshot failed with %d\n", GetLastError());
return;
}
printf("VBoxServicePageSharingInspectModules\n");
MODULEENTRY32 ModuleInfo;
BOOL bRet;
ModuleInfo.dwSize = sizeof(ModuleInfo);
bRet = Module32First(hSnapshot, &ModuleInfo);
do
{
/** todo when changing this make sure VBoxService.exe is excluded! */
char *pszDot = strrchr(ModuleInfo.szModule, '.');
if ( pszDot
&& (pszDot[1] == 'e' || pszDot[1] == 'E'))
continue; /* ignore executables for now. */
VBoxServicePageSharingCheckModule(&ModuleInfo);
}
while (Module32Next(hSnapshot, &ModuleInfo));
CloseHandle(hSnapshot);
}
QString CCrashStack::GetModuleByRetAddr(PBYTE Ret_Addr, PBYTE & Module_Addr)
{
MODULEENTRY32 M = {sizeof(M)};
HANDLE hSnapshot;
wchar_t Module_Name[MAX_PATH] = {0};
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, 0);
if ((hSnapshot != INVALID_HANDLE_VALUE) &&
Module32First(hSnapshot, &M))
{
do
{
if (DWORD(Ret_Addr - M.modBaseAddr) < M.modBaseSize)
{
lstrcpyn(Module_Name, M.szExePath, MAX_PATH);
Module_Addr = M.modBaseAddr;
break;
}
} while (Module32Next(hSnapshot, &M));
}
CloseHandle(hSnapshot);
QString sRet = QString::fromWCharArray(Module_Name);
return sRet;
}
BOOL ScanDllInProcess(DWORD dwPID, CString strDllName)
{
BOOL bRet = FALSE;
MODULEENTRY32 pe32;
// 在使用这个结构之前,先设置它的大小
pe32.dwSize = sizeof(pe32);
// 给进程内所有模块拍一个快照
//276为某进程的ID
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if(hProcessSnap == INVALID_HANDLE_VALUE)
{
//建立快照失败
return bRet;
}
// 遍历进程快照,轮流显示每个进程的信息
BOOL bMore = Module32First(hProcessSnap, &pe32);
while(bMore)
{
// printf("\n[DLL NAME]\t%s\n",pe32.szModule);
// printf("[DLL PATH]\t%s\n",pe32.szExePath);
if ( strDllName.CompareNoCase(pe32.szModule) == 0)
{
bRet = TRUE;
break;
}
bMore = Module32Next(hProcessSnap, &pe32);
}
// 不要忘记清除掉snapshot对象
CloseHandle(hProcessSnap);
return bRet;
}
static gpointer
find_in_any_module_using_toolhelp (const gchar *symbol_name)
{
HANDLE snapshot;
MODULEENTRY32 me32;
gpointer p;
if ((snapshot = CreateToolhelp32Snapshot (TH32CS_SNAPMODULE, 0)) == (HANDLE) -1)
return NULL;
me32.dwSize = sizeof (me32);
p = NULL;
if (Module32First (snapshot, &me32))
{
do {
if ((p = GetProcAddress (me32.hModule, symbol_name)) != NULL)
break;
} while (Module32Next (snapshot, &me32));
}
CloseHandle (snapshot);
return p;
}
uint32_t GetModuleBase(DWORD procId, char* modName)
{
HANDLE snapshot;
MODULEENTRY32 modInfo;
snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, procId);
modInfo.dwSize = sizeof(MODULEENTRY32);
if (Module32First(snapshot, &modInfo))
{
// printf("mod %s\n", modInfo.szModule);
if (!strcmp(modInfo.szModule, modName))
{
CloseHandle(snapshot);
return (uint32_t)modInfo.modBaseAddr;
}
while (Module32Next(snapshot, &modInfo))
{
// printf("mod %s\n", modInfo.szModule);
if (!strcmp(modInfo.szModule, modName))
{
CloseHandle(snapshot);
return (uint32_t)modInfo.modBaseAddr;
}
}
}
CloseHandle(snapshot);
return 0;
}
// detect which exe it is (installer, sumatra static or sumatra with dlls)
static ExeType DetectExeType()
{
ExeType exeType = ExeSumatraStatic;
HANDLE snap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
if (snap == INVALID_HANDLE_VALUE) {
plog("DetectExeType(): failed to detect type");
return exeType;
}
MODULEENTRY32 mod;
mod.dwSize = sizeof(mod);
BOOL cont = Module32First(snap, &mod);
while (cont) {
WCHAR *name = mod.szModule;
if (str::EqI(name, L"libmupdf.dll")) {
exeType = ExeSumatraLib;
break;
}
if (str::StartsWithI(name, L"SumatraPDF-") && str::EndsWithI(name, L"install.exe")) {
exeType = ExeInstaller;
break;
}
cont = Module32Next(snap, &mod);
}
CloseHandle(snap);
return exeType;
}
BOOL
GetPsModuleNameByAddress(
ULONG ProcessId,
ULONG pfnAddress,
LPTSTR pszModuleName,
ULONG cbszModuleName
)
{
MODULEENTRY32 ModuleEntry;
HANDLE hSnapShot;
BOOL bFlag = FALSE;
hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
ModuleEntry.dwSize = sizeof(MODULEENTRY32);
bFlag = Module32First(hSnapShot, &ModuleEntry);
while (bFlag)
{
if ((pfnAddress >= (ULONG)ModuleEntry.modBaseAddr) &&
(pfnAddress <= (ULONG)ModuleEntry.modBaseAddr + ModuleEntry.modBaseSize))
{
wcscpy_s(pszModuleName, cbszModuleName, ModuleEntry.szModule);
CloseHandle(hSnapShot);
return TRUE;
}
bFlag = Module32Next(hSnapShot, &ModuleEntry);
}
CloseHandle(hSnapShot);
return FALSE;
}
//---------------------------------------------------------------------------
void ScanMod(DWORD pid, DWORD* list)
{
MainForm->lb_mod->Items->Clear();
MainForm->clb_sec->Items->Clear();
memset(mod_list, 0, sizeof(mod_list));
BOOL working = 0;
MODULEENTRY32 me32 = {0};
me32.dwSize = sizeof(MODULEENTRY32);
unsigned int i = 0;
HANDLE hSnapshot;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
if (hSnapshot)
{
working = Module32First(hSnapshot, &me32);
while (working)
{
MainForm->lb_mod->Items->Add(UnicodeString(me32.szModule));
list[i] = (DWORD)me32.modBaseAddr;
working = Module32Next(hSnapshot,&me32);
i++;
}
CloseHandle(hSnapshot);
}
return;
}
bool QtProcessFinder::processUsesQt(int pid) {
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid);
if (hModuleSnap == INVALID_HANDLE_VALUE) {
qWarning("CreateToolhelp32Snapshot (of modules)");
return false;
}
// Set the size of the structure before using it.
me32.dwSize = sizeof(MODULEENTRY32);
// Retrieve information about the first module,
// and exit if unsuccessful
if (!Module32First(hModuleSnap, &me32)) {
qWarning("Module32First"); // show cause of failure
CloseHandle(hModuleSnap); // clean the snapshot object
return false;
}
// Now walk the module list of the process,
// and display information about each module
do {
if (wcsncmp(me32.szModule, L"Qt5", 3) == 0) {
return true;
}
} while (Module32Next(hModuleSnap, &me32));
CloseHandle(hModuleSnap);
return false;
}
BOOL CInjectDLL::Uninject(const DWORD dwRemoteProcessID, const LPCTSTR& lpwszRemoteDllFullPath)
{
std::wstring wstrRemoteDllFullPath = lpwszRemoteDllFullPath;
HANDLE hSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwRemoteProcessID);
MODULEENTRY32 Me32 = {0};
Me32.dwSize = sizeof(MODULEENTRY32);
BOOL bRet = ::Module32First(hSnap, &Me32);
while (bRet)
{
if (wcscmp(Me32.szExePath, wstrRemoteDllFullPath.c_str()) == 0)
{
break;
}
bRet = Module32Next(hSnap, &Me32);
}
CloseHandle(hSnap);
HANDLE hRemoteProgress = ::OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwRemoteProcessID);
if (hRemoteProgress == NULL)
{
//wprintf_s(_T("OpenProcess fail\n"));
return FALSE;
}
FARPROC pfnFunAddr = ::GetProcAddress(::GetModuleHandle(_T("Kernel32")),"FreeLibrary");
::CreateRemoteThread(hRemoteProgress, NULL, 0, (LPTHREAD_START_ROUTINE) pfnFunAddr, Me32.hModule, 0, NULL);
::CloseHandle(hRemoteProgress);
return TRUE;
}
// Enumerate the modules we have running and load their symbols.
// Return true if successful.
bool EnumAndLoadModuleSymbols(HANDLE hProcess, DWORD pid )
{
HANDLE hSnapShot;
MODULEENTRY32 me = { sizeof me };
bool keepGoing;
hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, pid );
if ( hSnapShot == (HANDLE) -1 )
return false;
keepGoing = Module32First( hSnapShot, &me );
while ( keepGoing )
{
// here, we have a filled-in MODULEENTRY32. Use it to load symbols.
// Don't check errors, if we can't load symbols for some modules we just
// won't be able to do symbolic reports on them.
StrAnsi staExePath(me.szExePath);
StrAnsi staModule(me.szModule);
// SymLoadModule( hProcess, 0, me.szExePath, me.szModule, (DWORD) me.modBaseAddr,
// me.modBaseSize);
::SymLoadModule( hProcess, 0, const_cast<char *>(staExePath.Chars()),
const_cast<char *>(staModule.Chars()), (DWORD)me.modBaseAddr, me.modBaseSize);
keepGoing = Module32Next( hSnapShot, &me );
}
CloseHandle( hSnapShot );
return true;
}
LPMODULEENTRY32 GetModuleInfo(DWORD dwPid)
{
static MODULEENTRY32 s_sModule;
HANDLE hSnapshot;
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPid);
if( hSnapshot == INVALID_HANDLE_VALUE )
{
printf("CreateToolhelp32Snapshot failed: %i\n",GetLastError());
return NULL;
}
s_sModule.dwSize = sizeof(MODULEENTRY32);
if( Module32First(hSnapshot,&s_sModule) == FALSE )
{
CloseHandle(hSnapshot);
printf("Module32First failed: %i\n",GetLastError());
return NULL;
}
do
{
if( strcmp("League of Legends.exe",s_sModule.szModule) == 0 )
{
CloseHandle(hSnapshot);
return &s_sModule;
}
}while(Module32Next(hSnapshot,&s_sModule));
printf("Couldn't find League of Legends module!\n");
CloseHandle(hSnapshot);
return NULL;
}
// すべてのモジュールに対してAPIフックを行う関数
void CAPIHook::ReplaceIATEntryInAllMods(
PCSTR pszModuleName,
PROC pfnCurrent,
PROC pfnNew)
{
// 自分自身(API_Hook_Lib.dll)のモジュールハンドルを取得
MEMORY_BASIC_INFORMATION mbi;
if(VirtualQuery(ReplaceIATEntryInAllMods, &mbi, sizeof(mbi)) == 0)
return;
HMODULE hModThisMod = (HMODULE) mbi.AllocationBase;
// モジュールリストを取得
HANDLE hModuleSnap = CreateToolhelp32Snapshot(
TH32CS_SNAPMODULE, GetCurrentProcessId());
if(hModuleSnap == INVALID_HANDLE_VALUE)
return;
MODULEENTRY32 me;
me.dwSize = sizeof(me);
BOOL bModuleResult = Module32First(hModuleSnap, &me);
// それぞれのモジュールに対してReplaceIATEntryInOneModを実行
// ただし自分自身(API_Hook_Lib.dll)には行わない
while(bModuleResult) {
if(me.hModule != hModThisMod)
ReplaceIATEntryInOneMod(pszModuleName, pfnCurrent, pfnNew, me.hModule);
bModuleResult = Module32Next(hModuleSnap, &me);
}
CloseHandle(hModuleSnap);
}
vector<MODULEENTRY32> CProcessTool::GetProcessModules(DWORD dwPID)
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
VCTMOD vctMod;
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPID);
memset(&me32,0,sizeof(me32));
if( hModuleSnap == INVALID_HANDLE_VALUE)
{
LOG::printError(TEXT("CreateToolhelp32Snapshot (od modules)"));
return vctMod;
}
me32.dwSize = sizeof(MODULEENTRY32);
if(!Module32First(hModuleSnap,&me32))
{
LOG::printError(TEXT("Module32First"));
CloseHandle(hModuleSnap);
return vctMod;
}
do
{
vctMod.push_back(me32);
} while (Module32Next(hModuleSnap,&me32));
CloseHandle(hModuleSnap);
return vctMod;
}
// Helper function
bool FindModuleByAddress(const BYTE* lpAddress, LPWSTR pszModule, int cchMax)
{
bool bFound = false;
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
if (hSnap != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 mi = {sizeof(mi)};
if (Module32First(hSnap, &mi))
{
do {
if ((lpAddress >= mi.modBaseAddr) && (lpAddress < (mi.modBaseAddr + mi.modBaseSize)))
{
bFound = true;
if (pszModule)
lstrcpyn(pszModule, mi.szExePath, cchMax);
break;
}
} while (Module32Next(hSnap, &mi));
}
CloseHandle(hSnap);
}
if (!bFound && pszModule)
*pszModule = 0;
return bFound;
}
BOOL CheckDllInProcess(DWORD dwPID, LPCTSTR szDllPath)
{
BOOL bMore = FALSE;
HANDLE hSnapshot = INVALID_HANDLE_VALUE;
MODULEENTRY32 me = { sizeof(me), };
if (INVALID_HANDLE_VALUE ==
(hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID)))
{
wsprintf(buf, L"CheckDllInProcess() : CreateToolhelp32Snapshot(%d) failed!!! [%d]\n",
dwPID, GetLastError());
MessageBox(NULL, buf, L"error", MB_OK);
return FALSE;
}
bMore = Module32First(hSnapshot, &me);
for (; bMore; bMore = Module32Next(hSnapshot, &me))
{
if (!_tcsicmp(me.szModule, szDllPath) ||
!_tcsicmp(me.szExePath, szDllPath))
{
CloseHandle(hSnapshot);
return TRUE;
}
}
CloseHandle(hSnapshot);
return FALSE;
}
int CATCodeMgr::GetAllLoadedModules( PMODULEENTRY32 pRetBuf, int maxCnt )
{
int curCnt = 0;
// 반환 버퍼 초기화
ZeroMemory(pRetBuf, sizeof(PMODULEENTRY32)*maxCnt);
// 프로세스 스냅샷 핸들을 생성
HANDLE hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
if(INVALID_HANDLE_VALUE == hModuleSnap) return 0;
pRetBuf[curCnt].dwSize = sizeof(MODULEENTRY32);
BOOL bExist = Module32First(hModuleSnap, &pRetBuf[curCnt]);
while( bExist == TRUE && curCnt < maxCnt )
{
curCnt++;
pRetBuf[curCnt].dwSize = sizeof(MODULEENTRY32);
bExist = Module32Next(hModuleSnap, &pRetBuf[curCnt]);
}
CloseHandle (hModuleSnap);
return curCnt;
}
//---------------------------------------------------------------------------
//ReplaceIATEntryInAllModules
void WINAPI TAPIHook::ReplaceIATEntryInAllModules(PCSTR DllName,
PROC pfnCurrent,PROC pfnNew,bool IsHookSelfDll)
{
// 是否Hook DLL本身的相应函数。对一些系统函数,如GetProcAddress、LoadLibraryA、
// LoadLibraryW、LoadLibraryEx、LoadLibraryExW这些函数,DLL本身是不能对它们进
// 行Hook的,否则会引起死循环。
HMODULE hThisModule = NULL;
hThisModule = (IsHookSelfDll) ? NULL : ModuleFromAddress(ReplaceIATEntryInAllModules);
/////
HANDLE hSnapshot;
MODULEENTRY32 ModEntry32;
DWORD dwProcessId;
BOOL Result;
dwProcessId = GetCurrentProcessId();
hSnapshot = CreateToolhelp32Snapshot((DWORD)TH32CS_SNAPMODULE,dwProcessId);
ModEntry32.dwSize = sizeof(MODULEENTRY32);
Result = Module32First(hSnapshot,&ModEntry32);
while(Result)
{
if(ModEntry32.hModule != hThisModule)
ReplaceIATEntryInModule(DllName,pfnCurrent,pfnNew,ModEntry32.hModule);
Result = Module32Next(hSnapshot,&ModEntry32);
}
CloseHandle(hSnapshot);
}
BOOL GetProcessModule (DWORD dwPID, DWORD dwModuleID,
LPMODULEENTRY32 lpMe32, DWORD cbMe32)
{
BOOL bRet = FALSE;
BOOL bFound = FALSE;
HANDLE hModuleSnap = NULL;
MODULEENTRY32 me32 = {0};
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if (hModuleSnap == (HANDLE)-1)
return (FALSE);
me32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(hModuleSnap, &me32))
{
do
{
if (me32.th32ModuleID == dwModuleID)
{
CopyMemory (lpMe32, &me32, cbMe32);
bFound = TRUE;
}
}
while (!bFound && Module32Next(hModuleSnap, &me32));
bRet = bFound;
}
else
bRet = FALSE;
CloseHandle (hModuleSnap);
return (bRet);
}
DWORD GetModuleBase(const DWORD dwProcessId, const char *szModuleName)
{
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwProcessId);
if (!hSnap)
{
return 0;
}
MODULEENTRY32 me;
me.dwSize = sizeof(MODULEENTRY32);
DWORD dwReturn = 0;
if (Module32First(hSnap, &me))
{
while (Module32Next(hSnap, &me))
{
printf("%s %x\n", me.szModule, me.modBaseAddr);
if (lstrcmpi(me.szModule, szModuleName) == 0)
{
dwReturn = (DWORD)me.modBaseAddr;
break;
}
}
}
CloseHandle(hSnap);
return dwReturn;
}
void APIHook::ReplaceIATInOneMod(PROC pfnOrig, PROC pfnNew)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
MODULEENTRY32 me32 = {sizeof(MODULEENTRY32)};
Module32First(hSnapshot, &me32);
HMODULE hThisMod = GetModuleHandleA(m_strCurrentModule.data());
do
{
if (me32.hModule == hThisMod)
{
continue;
}
ULONG ulSize;
PIMAGE_IMPORT_DESCRIPTOR pImportDesc = NULL;
__try
{
pImportDesc = (PIMAGE_IMPORT_DESCRIPTOR)ImageDirectoryEntryToData(me32.hModule, TRUE, IMAGE_DIRECTORY_ENTRY_IMPORT, &ulSize);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
}
if (pImportDesc == NULL)
continue;
for (; pImportDesc->Name; pImportDesc++)
{
PSTR pszName = (PSTR)((PBYTE)me32.hModule + pImportDesc->Name);
//cout << pszName << endl;
if (lstrcmpiA(m_strModule.data(), pszName) == 0)
{
PIMAGE_THUNK_DATA pThunk = (PIMAGE_THUNK_DATA)((PBYTE)me32.hModule + pImportDesc->FirstThunk);
for (; pThunk->u1.Function; pThunk++) {
// Get the address of the function address
PROC* ppfn = (PROC*) &pThunk->u1.Function;
// Is this the function we're looking for?
BOOL bFound = (*ppfn == pfnOrig);
if (bFound) {
//PROC pfnNew = (PROC)Hook_ExitProcess;
if (!WriteProcessMemory(GetCurrentProcess(), ppfn, &pfnNew, sizeof(char*), NULL) &&
ERROR_NOACCESS == GetLastError())
{
DWORD dwOldProtect;
if (VirtualProtect(ppfn, sizeof(char*), PAGE_WRITECOPY, &dwOldProtect))
{
WriteProcessMemory(GetCurrentProcess(), ppfn, &pfnNew, sizeof(char*), NULL);
VirtualProtect(ppfn, sizeof(char*), dwOldProtect, &dwOldProtect);
}
}
CloseHandle(hSnapshot);
return ;
}
}
}
}
} while (Module32Next(hSnapshot, &me32));
CloseHandle(hSnapshot);
}
// すべてのモジュールに対してAPIフックを行う関数
bool ReplaceIATEntryInAllMods(
PCSTR pszModuleName,
PROC pfnCurrent,
PROC pfnNew,
HMODULE hmodCaller)
{
if( hmodCaller ) {
return ReplaceIATEntryInOneMod(pszModuleName, pfnCurrent, pfnNew, hmodCaller);
} else {
bool bResult = false;
// モジュールリストを取得
HANDLE hModuleSnap = CreateToolhelp32Snapshot(
TH32CS_SNAPMODULE, GetCurrentProcessId());
if(hModuleSnap == INVALID_HANDLE_VALUE) {
return bResult;
}
MODULEENTRY32 me;
me.dwSize = sizeof(me);
BOOL bModuleResult = Module32First(hModuleSnap, &me);
// それぞれのモジュールに対してReplaceIATEntryInOneModを実行
while(bModuleResult) {
// OutputDebugString(">>");
// OutputDebugString(me.szModule);
// OutputDebugString("\n");
if( ReplaceIATEntryInOneMod(pszModuleName, pfnCurrent, pfnNew, me.hModule) ) {
bResult = true;
}
bModuleResult = Module32Next(hModuleSnap, &me);
}
CloseHandle(hModuleSnap);
return bResult;
}
}
BOOL CEnumDllDlg::OnInitDialog()
{
CDialogEx::OnInitDialog();
CRect rect;
m_list.GetWindowRect(&rect);
m_list.SetExtendedStyle(m_list.GetExtendedStyle() | LVS_EX_GRIDLINES | LVS_EX_FULLROWSELECT);
m_list.InsertColumn(0, _T("DLL名"), LVCFMT_LEFT, rect.Width() / 5, 0);
m_list.InsertColumn(1, _T("DLL路径"), LVCFMT_LEFT, 15 * rect.Width() / 20, 1);
MODULEENTRY32 module = { 0 };
module.dwSize = sizeof(MODULEENTRY32);
HANDLE hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, m_pID);
if (hSnap != INVALID_HANDLE_VALUE)
{
BOOL ret = Module32First(hSnap, &module);
int item = 0;
CString s;
while (ret)
{
m_list.InsertItem(item, module.szModule);
m_list.SetItemText(item, 1, module.szExePath);
++item;
ret = Module32Next(hSnap, &module);
}
CloseHandle(hSnap);
}
return TRUE; // return TRUE unless you set the focus to a control
// 异常: OCX 属性页应返回 FALSE
}
DWORD GetModuleSize(LPSTR strModuleName) {
MODULEENTRY32 lpme = { 0 };
DWORD dwSize = 0;
DWORD PID = GetCurrentProcessId();
BOOL isMod = 0;
char chModName[256];
strcpy_s(chModName, 255, strModuleName);
_strlwr_s(chModName, 255);
HANDLE hSnapshotModule = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, PID);
if (hSnapshotModule)
{
lpme.dwSize = sizeof(lpme);
isMod = Module32First(hSnapshotModule, &lpme);
while (isMod)
{
if (strcmp(_strlwr(lpme.szExePath), chModName))
{
dwSize = (DWORD)lpme.modBaseSize;
CloseHandle(hSnapshotModule);
return dwSize;
}
isMod = Module32Next(hSnapshotModule, &lpme);
}
}
CloseHandle(hSnapshotModule);
return 0;
}
void CheckModule()
{
MODULEENTRY32 ME32;
HANDLE hProcessSnap;
int ProcLoop;
hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, GetCurrentProcessId());
ME32.dwSize = sizeof(ME32);
ProcLoop = Module32First(hProcessSnap, &ME32);
while(ProcLoop){
ProcLoop = Module32Next(hProcessSnap, &ME32);
char ModulePath[MAX_PATH];
int len = GetModuleFileName(ME32.hModule, ModulePath, MAX_PATH);
if(len != 0){
for(int i = len - 1; i >= 0; i --)
{
if (ModulePath[i] == '\\')
{
if (cmpi(&ModulePath[i+1], "cfgdll.dll") == 0)
{
KillMe(3);
}
break;
}
}
}
}
CloseHandle(hProcessSnap);
}
static int DllInit(void)
{
#if defined(_WIN32_WINNT)
union { int(*f)(void); BYTE *p; } t = { DllInit };
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
IMAGE_DOS_HEADER *dos_header;
IMAGE_NT_HEADERS *nt_headers;
MODULEENTRY32 me32 = {sizeof(me32)};
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,0);
if (hModuleSnap != INVALID_HANDLE_VALUE &&
Module32First(hModuleSnap,&me32)) do
{
if (t.p >= me32.modBaseAddr &&
t.p < me32.modBaseAddr+me32.modBaseSize)
{
dos_header=(IMAGE_DOS_HEADER *)me32.modBaseAddr;
if (dos_header->e_magic==IMAGE_DOS_SIGNATURE)
{
nt_headers=(IMAGE_NT_HEADERS *)
((BYTE *)dos_header+dos_header->e_lfanew);
if (nt_headers->Signature==IMAGE_NT_SIGNATURE &&
me32.modBaseAddr!=(BYTE*)nt_headers->OptionalHeader.ImageBase)
OPENSSL_NONPIC_relocated=1;
}
break;
}
} while (Module32Next(hModuleSnap,&me32));
if (hModuleSnap != INVALID_HANDLE_VALUE)
CloseHandle(hModuleSnap);
#endif
OPENSSL_cpuid_setup();
return 0;
}
HMODULE GetRemoteModuleHandle( char *szModuleName, HANDLE hProcess, bool bUsePath )
{
HANDLE tlh = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, GetProcessId( hProcess ) );
MODULEENTRY32 modEntry;
modEntry.dwSize = sizeof( MODULEENTRY32 );
Module32First( tlh, &modEntry );
do
{
string comp;
comp.clear();
if(bUsePath){ comp = modEntry.szExePath; } else { comp = modEntry.szModule; }
if( !strcmp( szModuleName, comp.c_str() ) )
{
CloseHandle( tlh );
return modEntry.hModule;
}
}
while(Module32Next( tlh, &modEntry ) );
CloseHandle( tlh );
return NULL;
}
BOOL HookAPIAllMod( PHookFn Hooks, BOOL restore )
{
HANDLE hModuleSnap;
MODULEENTRY32 me;
BOOL fOk;
// Take a snapshot of all modules in the current process.
hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE,
GetCurrentProcessId() );
if (hModuleSnap == INVALID_HANDLE_VALUE)
return FALSE;
// Fill the size of the structure before using it.
me.dwSize = sizeof(MODULEENTRY32);
// Walk the module list of the modules.
for (fOk = Module32First( hModuleSnap, &me ); fOk;
fOk = Module32Next( hModuleSnap, &me ))
{
// We don't hook functions in our own module.
if (me.hModule != hDllInstance && me.hModule != hKernel)
{
// Hook this function in this module.
if (!HookAPIOneMod( me.hModule, Hooks, restore ))
{
CloseHandle( hModuleSnap );
return FALSE;
}
}
}
CloseHandle( hModuleSnap );
return TRUE;
}
std::vector<HMODULE> Ten18::Util::EnumerateModules()
{
std::vector<HMODULE> modules;
auto snapshot = MakeScoped(CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, 0), [] (HANDLE snapshot) { Ten18_HOPE_FOR.True = CloseHandle(snapshot); });
Ten18_EXPECT.Not(INVALID_HANDLE_VALUE) = static_cast<HANDLE>(snapshot);
MODULEENTRY32 me = {};
me.dwSize = sizeof(me);
const auto minSizeOfInterest = FIELD_OFFSET(MODULEENTRY32, hModule) + sizeof(me.hModule);
if (Module32First(snapshot, &me))
{
do
{
if (me.dwSize >= minSizeOfInterest)
modules.push_back(me.hModule);
Format("Module: %0", me.szModule).DebugOut();
me.dwSize = sizeof(me);
}
while (Module32Next(snapshot, &me));
}
return modules;
}
