SHARE
TWEET

C++ | GetModuleInfo function example

DoubleV Jul 29th, 2016 (edited) 851 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. // Example of algorithm to get module information from a specific process
  2. // Returns the MODULEENTRY32 struct containing the infos (returns module base address 0x0 if failed)
  3. MODULEENTRY32 GetModuleInfo(const std::string& ModuleName, DWORD ProcessId)
  4. {
  5.     // First of all we create a snapshot handle specific for modules
  6.     // (notice the usage of TH32CS_SNAPMODULE) so we are able to call Module32First/Next
  7.     // Remeber to close it when you don't use it anymore!
  8.     HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
  9.     // Check if the snapshot created is valid
  10.     if (hSnapshot == INVALID_HANDLE_VALUE)
  11.     {
  12.         MODULEENTRY32 mod; // Quick created just to return invalid base address
  13.         mod.modBaseAddr = 0x0;
  14.         return mod;
  15.     }
  16.    
  17.     // Create the helper struct that will contain all the infos about the current module
  18.     // while we loop through all the loaded modules
  19.     MODULEENTRY32 ModEntry;
  20.     // Remember to set the dwSize member of ModEntry to sizeof(MODULEENTRY32)
  21.     ModEntry.dwSize = sizeof(MODULEENTRY32);
  22.    
  23.     // Call Module32First
  24.     if (Module32First(hSnapshot, &ModEntry))
  25.     {
  26.         // Notice that you have to enable Multi-Byte character set in order
  27.         // to avoid converting everything.
  28.         // strcmp is not the only way to compare 2 strings ofc, work with your imagination
  29.         if (!strcmp(ModEntry.szModule, ModuleName.c_str()))
  30.         {
  31.             // If we are here it means that the module has been found, we can
  32.             // return ModEntry.
  33.             // But first of all we have to close the snapshot handle!
  34.             CloseHandle(hSnapshot);
  35.             // Return ModEntry which is currently containing all the info we need about the module
  36.             return ModEntry;
  37.         }
  38.     }
  39.     else
  40.     {
  41.         // If the Process32First call failed, it means that there is no
  42.         // process running in the first place, we can return directly.
  43.         CloseHandle(hSnapshot);
  44.         ModEntry.modBaseAddr = 0x0;
  45.         return ModEntry;
  46.     }
  47.    
  48.     // If we are here it means that the Module32First call returned TRUE, but the first module
  49.     // wasn't the module that we were searching for. Now we can loop through the modules
  50.     // using Module32Next
  51.     while (Module32Next(hSnapshot, &ModEntry))
  52.     {
  53.         // We do the same check we did for Module32First
  54.         if (!strcmp(ModEntry.szModule, ModuleName.c_str()))
  55.         {
  56.             // If we are here it means that the module has been found, we can
  57.             // return ModEntry.
  58.             // But first of all we have to close the snapshot handle!
  59.             CloseHandle(hSnapshot);
  60.             // Return ModEntry which is currently containing all the info we need about the module
  61.             return ModEntry;
  62.         }
  63.     }
  64.     // Continue loop while the Module32Next call returns TRUE meaning that there are still modules to check
  65.    
  66.     // If we are here it means that the module has not been found or that there are no modules to scan for anymore.
  67.     // We can close the snapshot handle and return fail value.
  68.     CloseHandle(hSnapshot);
  69.     ModEntry.modBaseAddr = 0x0;
  70.     return ModEntry;
  71. }
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top