Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //http://waleedassar.blogspot.com - (@waleedassar)
- //This code shows how to list all loaded (even those hidden) modules of a process.
- #include "stdafx.h"
- #include "windows.h"
- #include "stdio.h"
- #define MemorySectionName 0x2
- #define MemoryBasicVlmInformation 0x3
- struct UNICODE_S
- {
- unsigned short len;
- unsigned short man_len;
- wchar_t* pStr;
- };
- struct MEMORY_BASIC_VLM_INFORMATION
- {
- unsigned long ImageBase;
- unsigned long blah[0x2];
- unsigned long SizeOfImage;
- };
- extern "C"
- {
- int __stdcall ZwQueryVirtualMemory(HANDLE,void*,int,void*,int,unsigned long*);
- }
- int main(int argc, char* argv[])
- {
- SYSTEM_INFO SI={0};
- GetSystemInfo(&SI);
- unsigned long min_addr=(unsigned long)(SI.lpMinimumApplicationAddress);
- unsigned long max_addr=(unsigned long)(SI.lpMaximumApplicationAddress);
- UNICODE_S* p=(UNICODE_S*)LocalAlloc(LMEM_ZEROINIT,0x1000); //allocate one page, to receive image file name
- for(unsigned long i=min_addr;i<=max_addr;i+=(SI.dwPageSize))
- {
- MEMORY_BASIC_INFORMATION MBI={0};
- if(VirtualQuery((void*)i,&MBI,sizeof(MBI)))
- {
- if(MBI.Type==MEM_IMAGE)
- {
- ZwQueryVirtualMemory(GetCurrentProcess(),(void*)i,MemorySectionName,p,0x1000,0);
- wprintf(L"Module: %s\r\n",p->pStr);
- unsigned long out=0;
- MEMORY_BASIC_VLM_INFORMATION MBVI={0};
- ZwQueryVirtualMemory(GetCurrentProcess(),(void*)i,MemoryBasicVlmInformation,&MBVI,sizeof(MBVI),&out);
- unsigned long IB=MBVI.ImageBase;
- wprintf(L" at:%X",IB);
- unsigned long szImage=MBVI.SizeOfImage;
- wprintf(L" size:%X\r\n",szImage);
- i+=szImage;
- }
- }
- }
- return 0;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
