C++ | GetModuleInfo function example

1. // Example of algorithm to get module information from a specific process
2. // Returns the MODULEENTRY32 struct containing the infos (returns module base address 0x0 if failed)
3. MODULEENTRY32 GetModuleInfo(const std::string& ModuleName, DWORD ProcessId)
4. {
5.     // First of all we create a snapshot handle specific for modules
6.     // (notice the usage of TH32CS_SNAPMODULE) so we are able to call Module32First/Next
7.     // Remeber to close it when you don't use it anymore!
8.     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
9.     // Check if the snapshot created is valid
10.     if (hSnapshot == INVALID_HANDLE_VALUE)
11.     {
12.         MODULEENTRY32 mod; // Quick created just to return invalid base address
13.         mod.modBaseAddr = 0x0;
14.         return mod;
15.     }
16.    
17.     // Create the helper struct that will contain all the infos about the current module
18.     // while we loop through all the loaded modules
19.     MODULEENTRY32 ModEntry;
20.     // Remember to set the dwSize member of ModEntry to sizeof(MODULEENTRY32)
21.     ModEntry.dwSize = sizeof(MODULEENTRY32);
22.    
23.     // Call Module32First
24.     if (Module32First(hSnapshot, &ModEntry))
25.     {
26.         // Notice that you have to enable Multi-Byte character set in order
27.         // to avoid converting everything.
28.         // strcmp is not the only way to compare 2 strings ofc, work with your imagination
29.         if (!strcmp(ModEntry.szModule, ModuleName.c_str()))
30.         {
31.             // If we are here it means that the module has been found, we can
32.             // return ModEntry.
33.             // But first of all we have to close the snapshot handle!
34.             CloseHandle(hSnapshot);
35.             // Return ModEntry which is currently containing all the info we need about the module
36.             return ModEntry;
37.         }
38.     }
39.     else
40.     {
41.         // If the Process32First call failed, it means that there is no
42.         // process running in the first place, we can return directly.
43.         CloseHandle(hSnapshot);
44.         ModEntry.modBaseAddr = 0x0;
45.         return ModEntry;
46.     }
47.    
48.     // If we are here it means that the Module32First call returned TRUE, but the first module
49.     // wasn't the module that we were searching for. Now we can loop through the modules
50.     // using Module32Next
51.     while (Module32Next(hSnapshot, &ModEntry))
52.     {
53.         // We do the same check we did for Module32First
54.         if (!strcmp(ModEntry.szModule, ModuleName.c_str()))
55.         {
56.             // If we are here it means that the module has been found, we can
57.             // return ModEntry.
58.             // But first of all we have to close the snapshot handle!
59.             CloseHandle(hSnapshot);
60.             // Return ModEntry which is currently containing all the info we need about the module
61.             return ModEntry;
62.         }
63.     }
64.     // Continue loop while the Module32Next call returns TRUE meaning that there are still modules to check
65.    
66.     // If we are here it means that the module has not been found or that there are no modules to scan for anymore.
67.     // We can close the snapshot handle and return fail value.
68.     CloseHandle(hSnapshot);
69.     ModEntry.modBaseAddr = 0x0;
70.     return ModEntry;
71. }