public static bool LoadModules(IntPtr hProcess, ListModules ModuleType)
{
//Initialize parameters for EPM
uint cbNeeded = 0;
Psapi.EnumProcessModulesEx(hProcess, IntPtr.Zero, 0, out cbNeeded, ModuleType);
long ArraySize = cbNeeded / IntPtr.Size;
IntPtr[] hModules = new IntPtr[ArraySize];
GCHandle GCh = GCHandle.Alloc(hModules, GCHandleType.Pinned); // Don't forget to free this later
IntPtr lphModules = GCh.AddrOfPinnedObject();
uint cb = cbNeeded;
Psapi.EnumProcessModulesEx(hProcess, lphModules, cb, out cbNeeded, ModuleType);
for (int i = 0; i < ArraySize; i++)
{
MODULE_INFO ModInfo = new MODULE_INFO();
System.Text.StringBuilder lpFileName = new System.Text.StringBuilder(256);
System.Text.StringBuilder lpModuleBaseName = new System.Text.StringBuilder(32);
Psapi.GetModuleFileNameExW(hProcess, hModules[i], lpFileName, (uint)(lpFileName.Capacity));
Psapi.GetModuleInformation(hProcess, hModules[i], out ModInfo, (uint)(Marshal.SizeOf(ModInfo)));
Psapi.GetModuleBaseNameW(hProcess, hModules[i], lpModuleBaseName, (uint)(lpModuleBaseName.Capacity));
DbgHelp.SymLoadModuleEx(hProcess, IntPtr.Zero, lpFileName.ToString(), lpModuleBaseName.ToString(),
ModInfo.lpBaseOfDll, (int)ModInfo.SizeOfImage, IntPtr.Zero, 0);
}
GCh.Free();
return(false);
}
public static Symbol[] GetSymbols(string DllFile)
{
IntPtr CurProc = Process.GetCurrentProcess().Handle;
DbgHelp.SymInitialize(CurProc, null, false);
if (!File.Exists(DllFile))
{
throw new FileNotFoundException("File not found", DllFile);
}
List <Symbol> Symbols = new List <Symbol>();
ulong DllBase = DbgHelp.SymLoadModuleEx(CurProc, IntPtr.Zero, DllFile, null, 0, 0, IntPtr.Zero, 0);
DbgHelp.SymEnumerateSymbols64(CurProc, DllBase, (Name, Addr, Size, Ctx) => {
Symbols.Add(new Symbol(Name, DllBase - Addr, Size));
return(true);
}, IntPtr.Zero);
DbgHelp.SymCleanup(CurProc);
return(Symbols.ToArray());
}