public static uint GetRemoteModuleHandle(int processId, string moduleName)
{
IntPtr handle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, (uint)processId);
if ((int)handle > 0)
{
var list = new List <ModuleEntry32>();
var pe32 = new ModuleEntry32();
pe32.dwSize = (uint)Marshal.SizeOf(pe32);
bool bMore = Module32First(handle, ref pe32);
while (bMore)
{
IntPtr temp = Marshal.AllocHGlobal((int)pe32.dwSize);
Marshal.StructureToPtr(pe32, temp, true);
var pe = (ModuleEntry32)Marshal.PtrToStructure(temp, typeof(ModuleEntry32));
Marshal.FreeHGlobal(temp);
list.Add(pe);
bMore = Module32Next(handle, ref pe32);
}
CloseHandle(handle);
foreach (ModuleEntry32 p in list)
{
if (p.szModule.Equals(moduleName))
{
return((uint)p.modBaseAddr);
}
}
}
return(0);
}
/// <summary>
///
/// </summary>
/// <param name="hSnapshot"></param>
/// <param name="me32"></param>
/// <returns></returns>
public static bool Module32Next(IntPtr hSnapshot, ref ModuleEntry32 me32, [CallerMemberName] string callerName = "")
{
if (!PInvokeDebugger.LoggingEnabled)
{
return(PInvoke_Module32Next(hSnapshot, ref me32));
}
bool returnValue = PInvoke_Module32Next(hSnapshot, ref me32);
PInvokeDebugInfo debugInfo = PInvokeDebugInfo.TraceDebugInfo(
ModuleName,
nameof(Module32Next),
callerName,
returnValue,
false,
nameof(hSnapshot), hSnapshot,
nameof(me32), me32
);
PInvokeDebugger.SafeCapture(debugInfo);
return(returnValue);
}
public static List <ModuleEntry32> EnumProcessModules(uint procId)
{
var snapshot = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, procId);
var mod = new ModuleEntry32
{
dwSize = (uint)Marshal.SizeOf(typeof(ModuleEntry32))
};
if (!Module32First(snapshot, ref mod))
{
return(null);
}
List <ModuleEntry32> modules = new();
do
{
modules.Add(mod);
} while (Module32Next(snapshot, ref mod));
return(modules);
}
internal static extern bool PInvoke_Module32Next(IntPtr hSnapshot, ref ModuleEntry32 me32);
internal static extern bool Module32Next(IntPtr hSnapshot, ref ModuleEntry32 lpme);
static extern bool Module32Next(IntPtr hSnapshot, ref ModuleEntry32 lpme);
public static uint GetRemoteModuleHandle(int processId, string moduleName)
{
IntPtr handle = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, (uint)processId);
if ((int)handle > 0)
{
var list = new List<ModuleEntry32>();
var pe32 = new ModuleEntry32();
pe32.dwSize = (uint)Marshal.SizeOf(pe32);
bool bMore = Module32First(handle, ref pe32);
while (bMore)
{
IntPtr temp = Marshal.AllocHGlobal((int)pe32.dwSize);
Marshal.StructureToPtr(pe32, temp, true);
var pe = (ModuleEntry32)Marshal.PtrToStructure(temp, typeof(ModuleEntry32));
Marshal.FreeHGlobal(temp);
list.Add(pe);
bMore = Module32Next(handle, ref pe32);
}
CloseHandle(handle);
foreach (ModuleEntry32 p in list)
{
if(p.szModule.Equals(moduleName))
return (uint)p.modBaseAddr;
}
}
return 0;
}
private static extern bool Module32First(IntPtr hSnapshot, ref ModuleEntry32 lpme);
