public static Nullable <SModuleEntry32> Find(string name)
{
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapModule, 0);
if (!RApi.IsValidHandle(hSnap))
{
return(null);
}
Nullable <SModuleEntry32> module = null;
SModuleEntry32 me32 = new SModuleEntry32();
me32.dwSize = Marshal.SizeOf(me32);
bool next = RKernel32.Module32First(hSnap, ref me32);
while (next)
{
if (me32.szModule == name)
{
module = me32;
break;
}
next = RKernel32.Module32Next(hSnap, ref me32);
}
RKernel32.CloseHandle(hSnap);
return(module);
}
public static bool List(FModuleInfoCollection modules, int processId)
{
modules.Clear();
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapModule, processId);
if (!RApi.IsValidHandle(hSnap))
{
return(false);
}
SModuleEntry32 me32 = new SModuleEntry32();
me32.dwSize = Marshal.SizeOf(me32);
bool next = RKernel32.Module32First(hSnap, ref me32);
while (next)
{
FModuleInfo module = new FModuleInfo();
module.Handle = me32.hModule;
module.Name = me32.szModule;
module.Location = me32.szExePath;
module.BaseAddress = me32.modBaseAddr;
module.BaseSize = me32.modBaseSize;
module.ModuleID = me32.th32ModuleID;
module.GlblcntUsage = me32.GlblcntUsage;
module.ProccntUsage = me32.ProccntUsage;
modules.Push(module);
next = RKernel32.Module32Next(hSnap, ref me32);
}
RKernel32.CloseHandle(hSnap);
return(true);
}
public static SModuleEntry32[] ListModule(IntPtr hModule)
{
FObjects <SModuleEntry32> mes = new FObjects <SModuleEntry32>();
Nullable <SImageNtHeaders> ntHeaders = GetNtHeaders(hModule);
SImageDataDirectory idd = ntHeaders.Value.OptionalHeader.DataDirectory[(int)EImageDirectoryEntry.Import];
if (idd.VirtualAddress == 0)
{
return(mes.ToArray());
}
// Import
uint maddress = (uint)hModule.ToInt32();
IntPtr pIdHeader = (IntPtr)(maddress + idd.VirtualAddress);
int idSize = Marshal.SizeOf(typeof(SImageImportDescriptor));
while (true)
{
SImageImportDescriptor impDesc = (SImageImportDescriptor)Marshal.PtrToStructure(pIdHeader, typeof(SImageImportDescriptor));
if (impDesc.Name == 0)
{
break;
}
IntPtr namePtr = (IntPtr)(maddress + impDesc.Name);
SModuleEntry32 me = new SModuleEntry32();
me.modBaseAddr = impDesc.FirstThunk;
me.szModule = Marshal.PtrToStringAnsi(namePtr, 260);
mes.Push(me);
pIdHeader = (IntPtr)(pIdHeader.ToInt32() + idSize);
}
return(mes.ToArray());
}
public static SModuleEntry32[] ListAll(int processId)
{
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapModule, processId);
if (!RApi.IsValidHandle(hSnap))
{
return(null);
}
FObjects <SModuleEntry32> modules = new FObjects <SModuleEntry32>();
SModuleEntry32 me32 = new SModuleEntry32();
me32.dwSize = Marshal.SizeOf(me32);
bool next = RKernel32.Module32First(hSnap, ref me32);
while (next)
{
SModuleEntry32 module = new SModuleEntry32();
module = me32;
modules.Push(module);
next = RKernel32.Module32Next(hSnap, ref me32);
}
RKernel32.CloseHandle(hSnap);
return(modules.ToArray());
}