Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // Example of algorithm to get module information from a specific process
- // Returns the MODULEENTRY32 struct containing the infos (returns module base address 0x0 if failed)
- MODULEENTRY32 GetModuleInfo(const std::string& ModuleName, DWORD ProcessId)
- {
- // First of all we create a snapshot handle specific for modules
- // (notice the usage of TH32CS_SNAPMODULE) so we are able to call Module32First/Next
- // Remeber to close it when you don't use it anymore!
- HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessId);
- // Check if the snapshot created is valid
- if (hSnapshot == INVALID_HANDLE_VALUE)
- {
- MODULEENTRY32 mod; // Quick created just to return invalid base address
- mod.modBaseAddr = 0x0;
- return mod;
- }
- // Create the helper struct that will contain all the infos about the current module
- // while we loop through all the loaded modules
- MODULEENTRY32 ModEntry;
- // Remember to set the dwSize member of ModEntry to sizeof(MODULEENTRY32)
- ModEntry.dwSize = sizeof(MODULEENTRY32);
- // Call Module32First
- if (Module32First(hSnapshot, &ModEntry))
- {
- // Notice that you have to enable Multi-Byte character set in order
- // to avoid converting everything.
- // strcmp is not the only way to compare 2 strings ofc, work with your imagination
- if (!strcmp(ModEntry.szModule, ModuleName.c_str()))
- {
- // If we are here it means that the module has been found, we can
- // return ModEntry.
- // But first of all we have to close the snapshot handle!
- CloseHandle(hSnapshot);
- // Return ModEntry which is currently containing all the info we need about the module
- return ModEntry;
- }
- }
- else
- {
- // If the Process32First call failed, it means that there is no
- // process running in the first place, we can return directly.
- CloseHandle(hSnapshot);
- ModEntry.modBaseAddr = 0x0;
- return ModEntry;
- }
- // If we are here it means that the Module32First call returned TRUE, but the first module
- // wasn't the module that we were searching for. Now we can loop through the modules
- // using Module32Next
- while (Module32Next(hSnapshot, &ModEntry))
- {
- // We do the same check we did for Module32First
- if (!strcmp(ModEntry.szModule, ModuleName.c_str()))
- {
- // If we are here it means that the module has been found, we can
- // return ModEntry.
- // But first of all we have to close the snapshot handle!
- CloseHandle(hSnapshot);
- // Return ModEntry which is currently containing all the info we need about the module
- return ModEntry;
- }
- }
- // Continue loop while the Module32Next call returns TRUE meaning that there are still modules to check
- // If we are here it means that the module has not been found or that there are no modules to scan for anymore.
- // We can close the snapshot handle and return fail value.
- CloseHandle(hSnapshot);
- ModEntry.modBaseAddr = 0x0;
- return ModEntry;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement