【开源】马大哈系列功能模块-----列举进程模块(VB6.0)
Public Function TestFun()'测试过程.在立即窗口里执行本过程即可看到效果.K()返回的是每个模块的句柄.
Dim I() As String, J As Long, K() As Long
Call EnumModule("explorer.exe", I, K())
For J = 0 To UBound(I)
Debug.Print I(J),"hModule=" & k(I)
Next
End Function本模块可列出指定进程内的模块,需要与ModFindProcess.bas配合,下载地址:
马大哈系列功能模块----查找/结束进程 本帖最后由 tbage 于 2015-1-12 16:05 编辑
http://www.m5home.com/bbs/thread-7462-1-1.html
UnloadModule
的第二个参数,为模块名的时候"xxxx.dll"的时候,If sMod(i) = ModNameOrModHandle Then中sMod(i)下标越界,
试着将第二个参数转换为xxxx.dll的基址,得到的返回值为900,可xxxx.dll依然在PID里...
怎么能获取其他进程的xxxx.dll模块的句柄啊。。。。不知道咋弄了....{:soso_e109:} 这是在网上找得一个取模块基址的模块......
Attribute VB_Name = "得到模块基址"
'Text1 = GetModuleAdd(5788, "xxxx.dll")
'要>0就是正常加载了.
Option Explicit
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Module32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function NtUnmapViewOfSection Lib "NTDLL.dll" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long
Private Type PROCESSENTRY32
dwSizeAs Long
cntUseageAs Long
th32ProcessIDAs Long
th32DefaultHeapIDAs Long
th32ModuleIDAs Long
cntThreadsAs Long
th32ParentProcessIDAs Long
pcPriClassBaseAs Long
swFlagsAs Long
szExeFileAs String * 1024
End Type
Private Type MODULEENTRY32
dwSize As Long
th32ModuleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Long
modBaseSize As Long
hModule As Long
szModule As String * 256
szExePath As String * 1024
End Type
Public Type THREADENTRY32
dwSize As Long
cntusage As Long
th32threadID As Long
th32OwnerProcessID As Long
tpBasePri As Long
tpDeltaPri As Long
dwFlags As Long
End Type
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPmodule = &H8
Public Function GetModuleAdd(PID As Long, ModuleName As String) As Long
Dim pr As PROCESSENTRY32
Dim lp As Long
Dim mo As MODULEENTRY32
Dim LM As Long
Dim i As Long
Dim Temp As Variant
If ModuleName = "" Then GetModuleAdd = 0: Exit Function
pr.dwSize = Len(pr)
LM = CreateToolhelp32Snapshot(TH32CS_SNAPmodule, PID)
If LM > 0 Then
mo.dwSize = Len(mo)
If Module32First(LM, mo) Then
Do
Temp = Left(mo.szExePath, InStr(mo.szExePath, Chr(0)) - 1)
Temp = Mid(Temp, InStrRev(Temp, "\") + 1)
If UCase(Temp) = UCase(ModuleName) Then
GetModuleAdd = mo.modBaseAddr
Exit Function
End If
i = i + 1
Loop Until Module32Next(LM, mo) = 0
End If
CloseHandle (LM)
End If
End Function
谢谢分享 必须支持!
页:
[1]