public static Module GetModule(Process process, string ModuleName)
{
SysApi.MODULEENTRY32 lppe = new SysApi.MODULEENTRY32();
if ((ModuleName == "") || (ModuleName == null))
{
throw new Exception("Can't find module");
}
IntPtr hSnapShot = SysApi.CreateToolhelp32Snapshot(8, process.Id);
if (hSnapShot != IntPtr.Zero)
{
lppe.dwSize = Marshal.SizeOf(typeof(SysApi.MODULEENTRY32));
if (SysApi.Module32First(hSnapShot, ref lppe) != 0)
{
do
{
if (lppe.szModule.ToLower() == ModuleName.ToLower())
{
Module module1 = new Module {
ProcessID = lppe.th32ProcessID,
BaseAddr = lppe.modBaseAddr,
BaseSize = lppe.modBaseSize,
hModule = lppe.hModule,
szModule = lppe.szModule,
szExePath = lppe.szExePath
};
SysApi.CloseHandle(hSnapShot);
return(module1);
}
}while (SysApi.Module32Next(hSnapShot, ref lppe) != 0);
}
SysApi.CloseHandle(hSnapShot);
}
throw new Exception("Can't find module. code = " + SysApi.GetLastError());
}
public static int getProcessBits(Process process)
{
bool flag;
IntPtr hProcess = SysApi.OpenProcess(0x400, 0, process.Id);
SysApi.IsWow64Process(hProcess, out flag);
SysApi.CloseHandle(hProcess);
if ((GetSystemBits() == 0x40) && !flag)
{
return(0x40);
}
return(0x20);
}