【开源】马大哈系列功能模块-----列举进程模块(VB6.0)

马大哈

ModGetMod.bas (6.07 KB, 下载次数: 24621)

2013-2-15 00:37 上传

点击文件名下载附件
ModGetMod.bas

1. Public Function TestFun()
   
2.     '测试过程.在立即窗口里执行本过程即可看到效果.K()返回的是每个模块的句柄.
   
3.     Dim I() As String, J As Long, K() As Long
   
4.    
   
5.     Call EnumModule("explorer.exe", I, K())
   
6.     For J = 0 To UBound(I)
   
7.         Debug.Print I(J),"hModule=" & k(I)
   
8.     Next
   
9. End Function

复制代码

本模块可列出指定进程内的模块,需要与ModFindProcess.bas配合,下载地址:

马大哈系列功能模块----查找/结束进程

tbage

http://www.m5home.com/bbs/thread-7462-1-1.html
UnloadModule
的第二个参数，为模块名的时候"xxxx.dll"的时候，If sMod(i) = ModNameOrModHandle Then中sMod(i)下标越界，

试着将第二个参数转换为xxxx.dll的基址，得到的返回值为900,可xxxx.dll依然在PID里...


怎么能获取其他进程的xxxx.dll模块的句柄啊。。。。不知道咋弄了....{:soso_e109:}

tbage

这是在网上找得一个取模块基址的模块......

1. Attribute VB_Name = "得到模块基址"
   
2. 'Text1 = GetModuleAdd(5788, "xxxx.dll")
   
3. '要>0就是正常加载了.
   
4. 
   
5. 
   
6. 
   
7. Option Explicit
   
8. Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
   
9. Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
   
10. Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
    
11. Private Declare Function Module32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As Long
    
12. Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As Long
    
13. Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
    
14. Private Declare Function NtUnmapViewOfSection Lib "NTDLL.dll" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long) As Long
    
15. Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
    
16. Private Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long
    
17. Private Type PROCESSENTRY32
    
18.     dwSize  As Long
    
19.     cntUseage  As Long
    
20.     th32ProcessID  As Long
    
21.     th32DefaultHeapID  As Long
    
22.     th32ModuleID  As Long
    
23.     cntThreads  As Long
    
24.     th32ParentProcessID  As Long
    
25.     pcPriClassBase  As Long
    
26.     swFlags  As Long
    
27.     szExeFile  As String * 1024
    
28. End Type
    
29. Private Type MODULEENTRY32
    
30.     dwSize As Long
    
31.     th32ModuleID As Long
    
32.     th32ProcessID As Long
    
33.     GlblcntUsage As Long
    
34.     ProccntUsage As Long
    
35.     modBaseAddr As Long
    
36.     modBaseSize As Long
    
37.     hModule As Long
    
38.     szModule As String * 256
    
39.     szExePath As String * 1024
    
40.     End Type
    
41.     Public Type THREADENTRY32
    
42.     dwSize As Long
    
43.     cntusage As Long
    
44.     th32threadID As Long
    
45.     th32OwnerProcessID As Long
    
46.     tpBasePri As Long
    
47.     tpDeltaPri As Long
    
48.     dwFlags As Long
    
49. End Type
    
50. Private Const TH32CS_SNAPPROCESS = &H2
    
51. Private Const TH32CS_SNAPmodule = &H8
    
52. Public Function GetModuleAdd(PID As Long, ModuleName As String) As Long
    
53. Dim pr As PROCESSENTRY32
    
54. Dim lp As Long
    
55. Dim mo As MODULEENTRY32
    
56. Dim LM As Long
    
57. Dim i As Long
    
58. Dim Temp As Variant
    
59. If ModuleName = "" Then GetModuleAdd = 0: Exit Function
    
60.     pr.dwSize = Len(pr)
    
61.         LM = CreateToolhelp32Snapshot(TH32CS_SNAPmodule, PID)
    
62.         If LM > 0 Then
    
63.             mo.dwSize = Len(mo)
    
64.             If Module32First(LM, mo) Then
    
65.                 Do
    
66.                     Temp = Left(mo.szExePath, InStr(mo.szExePath, Chr(0)) - 1)
    
67.                     Temp = Mid(Temp, InStrRev(Temp, "") + 1)
    
68.                     If UCase(Temp) = UCase(ModuleName) Then
    
69.                         GetModuleAdd = mo.modBaseAddr
    
70.                         Exit Function
    
71.                     End If
    
72.                     i = i + 1
    
73.                 Loop Until Module32Next(LM, mo) = 0
    
74.             End If
    
75.                 CloseHandle (LM)
    
76.             End If
    
77. End Function
    
78. 
    
79. 
    

复制代码

sku__

谢谢分享

upring

必须支持!