std::set<wxString, wxStringOrdinalComparator> ProcessManager::GetModulesForProcessIdInternalV1(int processID, DWORD& resultCode)
{
unique_handle process(OpenProcess(PROCESS_ALL_ACCESS, false, processID));
resultCode = ERROR_SUCCESS;
if (process.get() == NULL)
{
resultCode = GetLastError();
return set<wxString, wxStringOrdinalComparator>();
}
HMODULE modules[250];
DWORD needed;
auto size = sizeof(modules);
if (!EnumProcessModulesEx(process.get(), modules, sizeof(modules), &needed, LIST_MODULES_ALL))
{
resultCode = GetLastError();
return set<wxString, wxStringOrdinalComparator>();
}
set<wxString, wxStringOrdinalComparator> result;
HMODULE* modulesSource;
unique_ptr<HMODULE[]> dynamicSource;
if (needed > sizeof(modules))
{
dynamicSource = unique_ptr<HMODULE[]>(new HMODULE[needed / sizeof(HMODULE)]);
if (!EnumProcessModulesEx(process.get(), dynamicSource.get(), needed, &needed, LIST_MODULES_ALL))
{
resultCode = GetLastError();
return set<wxString, wxStringOrdinalComparator>();
}
modulesSource = dynamicSource.get();
}
else
{
modulesSource = modules;
}
int arrayLength = sizeof(modules) / sizeof(HMODULE);
int arrivedLength = needed / sizeof(HMODULE);
wchar_t nameBuffer[250];
for (int i = 0; i < arrivedLength; i++)
{
if (GetModuleFileNameEx(process.get(), modulesSource[i], nameBuffer, sizeof(nameBuffer)))
{
result.insert(nameBuffer);
}
}
return move(result);
}
BOOL STDCALL OSGetLoadedModuleList(HANDLE hProcess, StringList &ModuleList)
{
HMODULE hMods[1024];
DWORD count;
if (EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &count, LIST_MODULES_ALL))
{
for (UINT i=0; i<(count / sizeof(HMODULE)); i++)
{
TCHAR szFileName[MAX_PATH];
if (GetModuleFileNameEx(hProcess, hMods[i], szFileName, _countof(szFileName)-1))
{
TCHAR *p;
p = srchr(szFileName, '\\');
if (p)
{
*p = 0;
p++;
}
slwr (p);
ModuleList << p;
}
}
}
else
return 0;
return 1;
}
// Get address of function in another process (since addresses aren't shared across processes)
LPVOID GetProcAddressExternal(LPCSTR moduleName, LPCSTR funcName, HANDLE hTargetProcess) {
// Get local function address
HMODULE localModule = GetModuleHandleA(moduleName);
HANDLE localAddress = GetProcAddress(localModule, funcName);
// Get external modules
HMODULE modules[100];
DWORD moduleSize;
BOOL out = EnumProcessModulesEx(hTargetProcess, modules, (DWORD)100ul, &moduleSize, LIST_MODULES_ALL);
// Get target module handle (which = the external module offset)
char curModuleName[100];
HMODULE remoteModule = NULL;
for (int i = 0; i < (int)(moduleSize / sizeof(DWORD)); i++) {
GetModuleBaseNameA(hTargetProcess, modules[i], (LPSTR)&curModuleName, (DWORD)100);
if (strcmp(moduleName, curModuleName) == 0) {
remoteModule = modules[i];
break;
}
}
if (remoteModule == NULL) { return NULL; }
// Calculate address of function in external process
unsigned long offset;
offset = (unsigned long)localAddress - (unsigned long)localModule;
return (LPVOID)((unsigned long)(remoteModule) + offset);
}
bool app_list::get_app_info(app_info & info, const filters_t & filters, bool x86, bool query_name) {
HMODULE hmodules[1024];
DWORD needed;
HANDLE hprocess = OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, info.id);
if (hprocess == NULL)
return false;
#ifdef _WIN64
BOOL px86;
if ( ! IsWow64Process(hprocess, & px86)) {
CloseHandle(hprocess);
return false;
}
info.x86 = px86;
#else
info.x86 = true;
#endif
if (query_name && EnumProcessModulesEx(
hprocess, hmodules, sizeof(hmodules), & needed, x86?LIST_MODULES_32BIT:LIST_MODULES_64BIT)) {
WCHAR name[MAX_PATH] = {0};
std::wstring exename;
if (GetModuleBaseName(hprocess, hmodules[0], name, sizeof(name)/sizeof(WCHAR))) {
_wcslwr(name);
exename = name;
// skip filter
if (filters.empty()) {
info.name = exename;
CloseHandle(hprocess);
return true;
}
for (DWORD j = 0; j < (needed / sizeof(HMODULE)); j++) {
WCHAR name[MAX_PATH] = {0};
if (GetModuleBaseName(hprocess, hmodules[j], name, sizeof(name)/sizeof(WCHAR))) {
_wcslwr(name);
for (filters_t::const_iterator it = filters.begin(); it != filters.end(); it++)
if ( * it == name) {
info.name = exename;
CloseHandle(hprocess);
return true;
};
}
}
}
}
CloseHandle(hprocess);
return ! query_name;
}
int PrintModules( DWORD processID )
{
HMODULE hMods[1024];
MODULEINFO minfo;
HANDLE hProcess;
DWORD cbNeeded;
TCHAR szModName[MAX_PATH];
int modSize=0;
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
if (NULL == hProcess){
printf("Error: failed to open process..");
return 1;
}
int ret = EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &cbNeeded, LIST_MODULES_ALL);
if( cbNeeded > sizeof(hMods) ){
printf("Error: buffer to small to get all modules!"); //shouldnt happen...
return 1;
}
if( ret )
{
for (int i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )
{
if(GetModuleInformation(hProcess, hMods[i], &minfo, sizeof(minfo)) == 0){
modSize=0;
}else{
modSize = minfo.SizeOfImage;
}
if ( GetModuleFileNameEx( hProcess, hMods[i], szModName, sizeof(szModName) / sizeof(TCHAR)))
{
_tprintf( TEXT("0x%010X,0x%010X,%s\n"), hMods[i] , modSize, szModName);
}
}
}
else{
printf("Error: EnumProcessModulesEx failed %x", ret);
}
CloseHandle( hProcess );
return 0;
}
std::vector<MODULEINFO> get_modules(HANDLE hProcess)
{
HMODULE hMods[1024];
DWORD cbNeeded;
std::vector<MODULEINFO> modules;
if (EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &cbNeeded, LIST_MODULES_ALL))
{
size_t i;
for (i = 0; i < (cbNeeded / sizeof(HMODULE)); ++i)
{
MODULEINFO modinfo;
if (GetModuleInformation(hProcess, hMods[i], &modinfo, sizeof(modinfo)))
modules.push_back(modinfo);
}
}
return modules;
}
int DumpProcess( DWORD processID, char* dumpPath )
{
HMODULE hMods[1024];
MODULEINFO minfo;
HANDLE hProcess;
DWORD cbNeeded;
int rv=0;
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
if (NULL == hProcess){
printf("Error: failed to open process..");
return 1;
}
int ret = EnumProcessModulesEx(hProcess, hMods, sizeof(hMods), &cbNeeded, LIST_MODULES_ALL);
if( cbNeeded > sizeof(hMods) ){
printf("Error: buffer to small to get all modules!"); //shouldnt happen...
return 1;
}
if( ret )
{
if(GetModuleInformation(hProcess, hMods[0], &minfo, sizeof(minfo)) == 0){
printf("Error: GetModuleInformation failed %x", ret);
}else{
rv = dump(processID, (__int64)minfo.lpBaseOfDll, minfo.SizeOfImage, dumpPath);
}
}
else{
printf("Error: EnumProcessModulesEx failed %x", ret);
}
CloseHandle( hProcess );
return rv;
}
int process_getmodules(pid_t pid, fcb_process_getmodules callback, void* param)
{
int major, minor;
DWORD i;
DWORD ret;
DWORD bytes;
HANDLE handle;
HMODULE modules[1024] = {0};
CHAR filename[MAX_PATH] = {0};
// open process
handle = OpenProcess(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ, FALSE, pid);
if(!handle)
return (int)GetLastError();
// enum process modules
system_version(&major, &minor);
#if 0
if(major >= 6)
ret = EnumProcessModulesEx(handle, modules, sizeof(modules), &bytes, LIST_MODULES_ALL);
else
#endif
ret = EnumProcessModules(handle, modules, sizeof(modules), &bytes);
if(!ret)
return (int)GetLastError();
// get module filename
for(i=0; i<bytes/sizeof(HMODULE); i++)
{
if(GetModuleFileNameExA(handle, modules[i], filename, sizeof(filename)-1))
callback(param, filename);
}
// close process
CloseHandle(handle);
return 0;
}
Memory::Memory(const std::string& processName) {
// First, get the handle of the process
PROCESSENTRY32 entry;
entry.dwSize = sizeof(entry);
HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
while (Process32Next(snapshot, &entry)) {
if (processName == entry.szExeFile) {
_handle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, entry.th32ProcessID);
if (!_handle) {
std::cerr << "Couldn't find " << processName.c_str() << ". Is it open?" << std::endl;
exit(EXIT_FAILURE);
}
break;
}
}
// Next, get the process base address
DWORD numModules;
std::vector<HMODULE> moduleList(1024);
EnumProcessModulesEx(_handle, &moduleList[0], static_cast<DWORD>(moduleList.size()), &numModules, 3);
std::string name(64, 0);
for (DWORD i = 0; i < numModules / sizeof(HMODULE); i++) {
GetModuleBaseNameA(_handle, moduleList[i], &name[0], sizeof(name));
// TODO: Filling with 0s still yeilds name.size() == 64...
if (strcmp(processName.c_str(), name.c_str()) == 0) {
_baseAddress = (uintptr_t)moduleList[i];
break;
}
}
if (_baseAddress == 0) {
std::cerr << "Couldn't find base address!" << std::endl;
exit(EXIT_FAILURE);
}
}
BOOL
PsGetModulesByProcessHandle(HANDLE ProcessHandle,
MODULE_INFO *Entries,
SIZE_T NumOfEntries,
PSIZE_T RealNumOfEntries)
{
BOOL result;
HMODULE *modules;
DWORD needSize;
SIZE_T moduleOffset = 0;
SIZE_T moduleCounter = 0;
if (!RealNumOfEntries)
{
return FALSE;
}
modules = (HMODULE*)AllocMem(sizeof(HMODULE) * NumOfEntries);
if (!modules)
{
return FALSE;
}
result = EnumProcessModulesEx(ProcessHandle,
modules,
(DWORD)(sizeof(HMODULE) * NumOfEntries),
&needSize,
LIST_MODULES_ALL);
if (!result)
{
DeallocMem(modules);
return FALSE;
}
*RealNumOfEntries = needSize / sizeof(HMODULE);
do
{
result = FALSE;
moduleCounter++;
if (moduleOffset >= NumOfEntries)
{
continue;
}
Entries[moduleOffset].ModuleHandle = modules[moduleOffset];
GetModuleFileNameEx(ProcessHandle,
modules[moduleOffset],
Entries[moduleOffset].ModulePath,
MAX_PATH);
GetShortFileName(Entries[moduleOffset].ModulePath,
Entries[moduleOffset].ModuleName,
MAX_PATH);
result = moduleCounter < (*RealNumOfEntries);
moduleOffset++;
}
while (result);
DeallocMem(modules);
*RealNumOfEntries = moduleCounter;
if (moduleCounter > NumOfEntries)
{
return FALSE;
}
return TRUE;
}
