Windows核心编程之一列举本程序加载的模块信息

本文作者：jimmy 文章性质：原创 发布日期：2004-04-02

MessageBox(GetActiveWindow(),"即将列举本程序所加载的Dll文件","",MB_OK); MEMORY_BASIC_INFORMATION mbi; PBYTE ptr = NULL; DWORD dwBytesReturn = sizeof(MEMORY_BASIC_INFORMATION); char szBuffer[256*100] = ""; char szModuFile[240] = ""; char szTmpBuffer[256] = ""; while( dwBytesReturn == sizeof(MEMORY_BASIC_INFORMATION) ) { dwBytesReturn = VirtualQuery( ptr,&mbi,sizeof(MEMORY_BASIC_INFORMATION) ); if( mbi.Type == MEM_FREE ) { mbi.AllocationBase = mbi.BaseAddress; } GetModuleFileName( (HINSTANCE)mbi.AllocationBase, szModuFile,240 ); sprintf(szTmpBuffer,"[ Module: %x - %s ] \r\n",mbi.AllocationBase,szModuFile); if(mbi.AllocationBase == mbi.BaseAddress && mbi.AllocationBase != NULL && mbi.AllocationBase != GetModuleHandle(NULL) )strcat(szBuffer , szTmpBuffer); ptr += mbi.RegionSize; } //这里加入你的代码，将生成的信息放入一个编辑框中以便查看，或存入文件 程序所用技术简介 VirtualQuery 获取内存的信息，很简单 typedef struct _MEMORY_BASIC_INFORMATION { // mbi PVOID BaseAddress; // base address of region PVOID AllocationBase; // allocation base address DWORD AllocationProtect; // initial access protection DWORD RegionSize; // size, in bytes, of region DWORD State; // committed, reserved, free DWORD Protect; // current access protection DWORD Type; // type of pages } MEMORY_BASIC_INFORMATION; typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION; 这个结构，在我们的程序中，最关心的是AllocationBase，BaseAddress 从代码中可以看出 AllocationBase 相当于 HMODULE . RegionSize则表明了这一块内存的大小。 ptr += mbi.RegionSize; 通过者一句，我们接着获取下一个内存块的信息 通过 GetModuleFileName 我们获取了模块的详细信息

【打印这篇文章】【关闭该窗口】

Copyright © 2004 Security Angel Team [S4T] All Rights Reserved.