|
說明
程式 for 9x
Option Explicit
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hWnd As Long, lpdwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Const MAX_MODULE_NAME32 = 255
Private Const MAX_PATH = 260
Private Type MODULEENTRY32
dwSize As Long
th32ModuleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Long
modBaseSize As Long
hModule As Long
szModule As String * MAX_MODULE_NAME32
szExePath As String * MAX_PATH
End Type
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Const TH32CS_SNAPHEAPLIST = &H1
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPTHREAD = &H4
Private Const TH32CS_SNAPMODULE = &H8
Private Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or
TH32CS_SNAPPROCESS Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE)
Private Const TH32CS_INHERIT = &H80000000
Private Declare Function Module32First Lib "kernel32" (ByVal hSnapshot As Long, lpme As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapshot As Long, lpme As MODULEENTRY32) As Long
Private Sub Command1_Click()
Dim hAppWnd As Long, hAppProcessID As Long
Dim enum_ExeFile As String
hAppWnd = FindWindow(vbNullString, Text1.Text)
GetWindowThreadProcessId hAppWnd, hAppProcessID
GetModule hAppProcessID
End Sub
Public Sub GetModule(ByVal Processid As Long)
Dim hSnapshot As Long
hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, Processid)
If hSnapshot = -1 Then
Exit Sub
End If
Dim sModuleName As String
Dim sFPModuleName As String
Dim cModuleBase As Long
Dim lModuleSize As Long
Dim ModEntry As MODULEENTRY32
ModEntry.dwSize = LenB(ModEntry)
If Module32First(hSnapshot, ModEntry) Then
Do
sFPModuleName = Left$(ModEntry.szExePath, InStr(1, ModEntry.szExePath, Chr(0)) - 1)
sModuleName = Left$(ModEntry.szModule,
InStr(1, ModEntry.szModule, Chr(0)) - 1)
List1.AddItem "模組名稱:" & sModuleName & _
" 完整路徑:" & sFPModuleName & _
" 基底位址:" & Hex$(ModEntry.modBaseAddr) & _
" 映像大小:" & ModEntry.modBaseSize
Loop While Module32Next(hSnapshot, ModEntry)
End If
CloseHandle hSnapshot
End Sub
註:實際上此版本在2000以後版本也可以執行 唯一的缺點是抓不到完整路徑名稱
程式 for NT
Option Explicit
Private Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, hModule As Long, ByVal cb As Long, cbNeeded As Long) As Long
Private Declare Function GetModuleBaseName Lib "PSAPI.DLL" Alias "GetModuleBaseNameA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpBaseName As String, ByVal nSize As Long) As Long
Private Declare Function GetModuleFileNameEx Lib "PSAPI.DLL" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
Private Declare Function GetModuleInformation Lib "PSAPI.DLL" (ByVal hProcess As Long, ByVal hModule As Long, lpModInfo As MODULEINFO, ByVal nSize As Long) As Long
Private Type MODULEINFO
lpBaseOfDll As Long
SizeOfImage As Long
EntryPoint As Long
End Type
Private Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Const PROCESS_VM_READ = &H10
Private Const PROCESS_QUERY_INFORMATION = &H400
Private Const MAX_PATH = 260
Private Sub Command1_Click()
List1.Clear
Dim hAppWnd As Long, hAppProcessID As Long
hAppWnd = FindWindow(vbNullString, Text1.Text)
GetWindowThreadProcessId hAppWnd, hAppProcessID
GetModules hAppProcessID
End Sub
Public Sub GetModules(ByVal ProcessID As Long)
Dim cbNeeded As Long, cModules As Long, hProcess As Long
Dim hModules() As Long
Dim MODINFO As MODULEINFO
Dim i As Long, j As Integer
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0&, ProcessID)
If hProcess = 0 Then Exit Sub
cModules = 1
'先用大小1的陣列傳入再由cdNeeded傳回值取得需要的Byte數
ReDim hModules(1 To cModules)
EnumProcessModules hProcess, hModules(1), cModules * 4, cbNeeded
'Long型態長度為4
cModules = cbNeeded / 4
'重新定義大小並取得模組
ReDim hModules(1 To cModules)
EnumProcessModules hProcess, hModules(1), cModules * 4, cbNeeded
Dim sModuleName As String
Dim sFPModuleName As String
Dim lModuleBase As Long
Dim lModuleSize As Long
For i = 1 To cModules
If hModules(i) Then
' Module name
sModuleName = String$(MAX_PATH, 0)
GetModuleBaseName hProcess, hModules(i), sModuleName, Len(sModuleName)
sModuleName = Left$(sModuleName, InStr(1, sModuleName, Chr(0)) - 1)
' Fully qualified module name
sFPModuleName = String$(MAX_PATH, 0)
GetModuleFileNameEx hProcess, hModules(i), sFPModuleName, Len(sFPModuleName)
sFPModuleName = Left$(sFPModuleName, InStr(1, sFPModuleName, Chr(0)) - 1)
' Get module info
GetModuleInformation hProcess, hModules(i), MODINFO, LenB(MODINFO)
List1.AddItem "模組名稱:" & sModuleName & _
" 完整路徑:" & sFPModuleName & _
" 進入點:" & Hex$(MODINFO.EntryPoint) & _
" 基底位址:" & Hex$(MODINFO.lpBaseOfDll) & _
" 映像大小:" & MODINFO.SizeOfImage
End If
Next
CloseHandle hProcess
End Sub
文件出處
範例下載
整理時間
|
