public static bool List(FModuleInfoCollection modules, int processId)
{
modules.Clear();
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapModule, processId);
if (!RApi.IsValidHandle(hSnap))
{
return(false);
}
SModuleEntry32 me32 = new SModuleEntry32();
me32.dwSize = Marshal.SizeOf(me32);
bool next = RKernel32.Module32First(hSnap, ref me32);
while (next)
{
FModuleInfo module = new FModuleInfo();
module.Handle = me32.hModule;
module.Name = me32.szModule;
module.Location = me32.szExePath;
module.BaseAddress = me32.modBaseAddr;
module.BaseSize = me32.modBaseSize;
module.ModuleID = me32.th32ModuleID;
module.GlblcntUsage = me32.GlblcntUsage;
module.ProccntUsage = me32.ProccntUsage;
modules.Push(module);
next = RKernel32.Module32Next(hSnap, ref me32);
}
RKernel32.CloseHandle(hSnap);
return(true);
}
public static Nullable <SModuleEntry32> Find(string name)
{
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapModule, 0);
if (!RApi.IsValidHandle(hSnap))
{
return(null);
}
Nullable <SModuleEntry32> module = null;
SModuleEntry32 me32 = new SModuleEntry32();
me32.dwSize = Marshal.SizeOf(me32);
bool next = RKernel32.Module32First(hSnap, ref me32);
while (next)
{
if (me32.szModule == name)
{
module = me32;
break;
}
next = RKernel32.Module32Next(hSnap, ref me32);
}
RKernel32.CloseHandle(hSnap);
return(module);
}
public static FProcessInfo[] Fetch()
{
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapProcess, 0);
if (!RApi.IsValidHandle(hSnap))
{
return(null);
}
FObjects <FProcessInfo> process = new FObjects <FProcessInfo>();
SProcessEntry32 pe32 = new SProcessEntry32();
pe32.dwSize = (uint)Marshal.SizeOf(pe32);
bool next = RKernel32.Process32First(hSnap, ref pe32);
while (next)
{
FProcessInfo info = new FProcessInfo();
info.Id = pe32.th32ProcessID;
info.Threads = (int)pe32.cntThreads;
info.FileName = pe32.szExeFile;
process.Push(info);
next = RKernel32.Process32Next(hSnap, ref pe32);
}
RKernel32.CloseHandle(hSnap);
return(process.ToArray());
}
public static bool ListThread(FThreadInfoCollection threads, int processId)
{
threads.Clear();
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapThread, processId);
if (RApi.IsValidHandle(hSnap))
{
SThreadEntry32 te32 = new SThreadEntry32();
te32.dwSize = Marshal.SizeOf(te32);
bool next = RKernel32.Thread32First(hSnap, ref te32);
while (next)
{
if (te32.th32OwnerProcessID == processId)
{
FThreadInfo thread = new FThreadInfo();
thread.ProcessID = te32.th32OwnerProcessID;
thread.Id = te32.th32ThreadID;
thread.Flags = te32.dwFlags;
thread.BasePri = te32.tpBasePri;
thread.DeltaPri = te32.tpDeltaPri;
thread.Usage = te32.cntUsage;
threads.Push(thread);
}
next = RKernel32.Thread32Next(hSnap, ref te32);
}
RKernel32.CloseHandle(hSnap);
return(true);
}
return(false);
}
public static bool List(FProcessInfoCollection processes)
{
processes.Clear();
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapProcess, 0);
if (RApi.IsValidHandle(hSnap))
{
SProcessEntry32 pe32 = new SProcessEntry32();
pe32.dwSize = (uint)Marshal.SizeOf(pe32);
bool next = RKernel32.Process32First(hSnap, ref pe32);
while (next)
{
FProcessInfo process = new FProcessInfo();
process.Id = pe32.th32ProcessID;
process.Threads = (int)pe32.cntThreads;
process.FileName = pe32.szExeFile;
process.PriClassBase = pe32.pcPriClassBase;
processes.Push(process);
next = RKernel32.Process32Next(hSnap, ref pe32);
}
RKernel32.CloseHandle(hSnap);
return(true);
}
return(false);
}
public static bool ListMemory(FMemoryInfos memories, int processId)
{
memories.Clear();
// List modules
FModuleInfoCollection modules = RModule.ListProcess(processId);
// List memory
uint address = 0;
SMemoryBasicInformation mbi = new SMemoryBasicInformation();
int size = Marshal.SizeOf(mbi);
IntPtr process = RKernel32.OpenProcess(EProcessAccess.QueryInformation, true, processId);
if (!RApi.IsValidHandle(process))
{
return(false);
}
while (RKernel32.VirtualQueryEx(process, address, ref mbi, size) > 0)
{
FMemoryInfo memory = new FMemoryInfo();
memory.AllocationBase = mbi.AllocationBase;
memory.AllocationProtect = mbi.AllocationProtect;
memory.BaseAddress = mbi.BaseAddress;
memory.Protect = mbi.Protect;
memory.RegionSize = mbi.RegionSize;
memory.State = mbi.State;
memory.Type = mbi.Type;
memory.Module = modules.FindByAddress(mbi.AllocationBase);
memories.Push(memory);
address = mbi.BaseAddress + mbi.RegionSize;
}
;
RKernel32.CloseHandle(process);
return(true);
}
public static SModuleEntry32[] ListAll(int processId)
{
IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapModule, processId);
if (!RApi.IsValidHandle(hSnap))
{
return(null);
}
FObjects <SModuleEntry32> modules = new FObjects <SModuleEntry32>();
SModuleEntry32 me32 = new SModuleEntry32();
me32.dwSize = Marshal.SizeOf(me32);
bool next = RKernel32.Module32First(hSnap, ref me32);
while (next)
{
SModuleEntry32 module = new SModuleEntry32();
module = me32;
modules.Push(module);
next = RKernel32.Module32Next(hSnap, ref me32);
}
RKernel32.CloseHandle(hSnap);
return(modules.ToArray());
}
