private static ModuleInfo[] GetModuleInfos(int processId, bool firstModuleOnly)
{
if (processId == NtProcessManager.SystemProcessID || processId == 0)
{
throw new Win32Exception(-2147467259, "EnumProcessModuleFailed");
}
SafeProcessHandle safeProcessHandle = SafeProcessHandle.InvalidHandle;
ModuleInfo[] result;
try
{
safeProcessHandle = ProcessManager.OpenProcess(processId, 1040, true);
IntPtr[] array = new IntPtr[64];
GCHandle gCHandle = default(GCHandle);
int num = 0;
while (true)
{
bool flag = false;
try
{
gCHandle = GCHandle.Alloc(array, GCHandleType.Pinned);
flag = NativeMethods.EnumProcessModules(safeProcessHandle, gCHandle.AddrOfPinnedObject(), array.Length * IntPtr.Size, ref num);
if (!flag)
{
bool flag2 = false;
bool flag3 = false;
if (true)
{
SafeProcessHandle safeProcessHandle2 = SafeProcessHandle.InvalidHandle;
try
{
safeProcessHandle2 = ProcessManager.OpenProcess(NativeMethods.GetCurrentProcessId(), 1024, true);
if (!SafeNativeMethods.IsWow64Process(safeProcessHandle2, ref flag2))
{
throw new Win32Exception();
}
if (!SafeNativeMethods.IsWow64Process(safeProcessHandle, ref flag3))
{
throw new Win32Exception();
}
if (flag2 && !flag3)
{
throw new Win32Exception(299, "EnumProcessModuleFailedDueToWow");
}
}
finally
{
if (safeProcessHandle2 != SafeProcessHandle.InvalidHandle)
{
safeProcessHandle2.Close();
}
}
}
for (int i = 0; i < 50; i++)
{
flag = NativeMethods.EnumProcessModules(safeProcessHandle, gCHandle.AddrOfPinnedObject(), array.Length * IntPtr.Size, ref num);
if (flag)
{
break;
}
Thread.Sleep(1);
}
}
}
finally
{
gCHandle.Free();
}
if (!flag)
{
break;
}
num /= IntPtr.Size;
if (num <= array.Length)
{
goto IL_157;
}
array = new IntPtr[array.Length * 2];
}
throw new Win32Exception();
IL_157:
ArrayList arrayList = new ArrayList();
for (int j = 0; j < num; j++)
{
try
{
ModuleInfo moduleInfo = new ModuleInfo();
IntPtr handle = array[j];
NativeMethods.NtModuleInfo ntModuleInfo = new NativeMethods.NtModuleInfo();
if (!NativeMethods.GetModuleInformation(safeProcessHandle, new HandleRef(null, handle), ntModuleInfo, Marshal.SizeOf(ntModuleInfo)))
{
throw new Win32Exception();
}
moduleInfo.sizeOfImage = ntModuleInfo.SizeOfImage;
moduleInfo.entryPoint = ntModuleInfo.EntryPoint;
moduleInfo.baseOfDll = ntModuleInfo.BaseOfDll;
StringBuilder stringBuilder = new StringBuilder(1024);
if (NativeMethods.GetModuleBaseName(safeProcessHandle, new HandleRef(null, handle), stringBuilder, stringBuilder.Capacity * 2) == 0)
{
throw new Win32Exception();
}
moduleInfo.baseName = stringBuilder.ToString();
StringBuilder stringBuilder2 = new StringBuilder(1024);
if (NativeMethods.GetModuleFileNameEx(safeProcessHandle, new HandleRef(null, handle), stringBuilder2, stringBuilder2.Capacity * 2) == 0)
{
throw new Win32Exception();
}
moduleInfo.fileName = stringBuilder2.ToString();
if (string.Compare(moduleInfo.fileName, "\\SystemRoot\\System32\\smss.exe", StringComparison.OrdinalIgnoreCase) == 0)
{
moduleInfo.fileName = Path.Combine(Environment.SystemDirectory, "smss.exe");
}
if (moduleInfo.fileName != null && moduleInfo.fileName.Length >= 4 && moduleInfo.fileName.StartsWith("\\\\?\\", StringComparison.Ordinal))
{
moduleInfo.fileName = moduleInfo.fileName.Substring(4);
}
arrayList.Add(moduleInfo);
}
catch (Win32Exception ex)
{
if (ex.NativeErrorCode != 6 && ex.NativeErrorCode != 299)
{
throw;
}
}
if (firstModuleOnly)
{
break;
}
}
ModuleInfo[] array2 = new ModuleInfo[arrayList.Count];
arrayList.CopyTo(array2, 0);
result = array2;
}
finally
{
if (!safeProcessHandle.IsInvalid)
{
safeProcessHandle.Close();
}
}
return result;
}
private static ModuleInfo[] GetModuleInfos(int processId, bool firstModuleOnly)
{
if (processId == NtProcessManager.SystemProcessID || processId == 0)
{
throw new Win32Exception(-2147467259, "EnumProcessModuleFailed");
}
SafeProcessHandle safeProcessHandle = SafeProcessHandle.InvalidHandle;
ModuleInfo[] result;
try
{
safeProcessHandle = ProcessManager.OpenProcess(processId, 1040, true);
IntPtr[] array = new IntPtr[64];
GCHandle gCHandle = default(GCHandle);
int num = 0;
while (true)
{
bool flag = false;
try
{
gCHandle = GCHandle.Alloc(array, GCHandleType.Pinned);
flag = NativeMethods.EnumProcessModules(safeProcessHandle, gCHandle.AddrOfPinnedObject(), array.Length * IntPtr.Size, ref num);
if (!flag)
{
bool flag2 = false;
bool flag3 = false;
if (true)
{
SafeProcessHandle safeProcessHandle2 = SafeProcessHandle.InvalidHandle;
try
{
safeProcessHandle2 = ProcessManager.OpenProcess(NativeMethods.GetCurrentProcessId(), 1024, true);
if (!SafeNativeMethods.IsWow64Process(safeProcessHandle2, ref flag2))
{
throw new Win32Exception();
}
if (!SafeNativeMethods.IsWow64Process(safeProcessHandle, ref flag3))
{
throw new Win32Exception();
}
if (flag2 && !flag3)
{
throw new Win32Exception(299, "EnumProcessModuleFailedDueToWow");
}
}
finally
{
if (safeProcessHandle2 != SafeProcessHandle.InvalidHandle)
{
safeProcessHandle2.Close();
}
}
}
for (int i = 0; i < 50; i++)
{
flag = NativeMethods.EnumProcessModules(safeProcessHandle, gCHandle.AddrOfPinnedObject(), array.Length * IntPtr.Size, ref num);
if (flag)
{
break;
}
Thread.Sleep(1);
}
}
}
finally
{
gCHandle.Free();
}
if (!flag)
{
break;
}
num /= IntPtr.Size;
if (num <= array.Length)
{
goto IL_157;
}
array = new IntPtr[array.Length * 2];
}
throw new Win32Exception();
IL_157:
ArrayList arrayList = new ArrayList();
for (int j = 0; j < num; j++)
{
try
{
ModuleInfo moduleInfo = new ModuleInfo();
IntPtr handle = array[j];
NativeMethods.NtModuleInfo ntModuleInfo = new NativeMethods.NtModuleInfo();
if (!NativeMethods.GetModuleInformation(safeProcessHandle, new HandleRef(null, handle), ntModuleInfo, Marshal.SizeOf(ntModuleInfo)))
{
throw new Win32Exception();
}
moduleInfo.sizeOfImage = ntModuleInfo.SizeOfImage;
moduleInfo.entryPoint = ntModuleInfo.EntryPoint;
moduleInfo.baseOfDll = ntModuleInfo.BaseOfDll;
StringBuilder stringBuilder = new StringBuilder(1024);
if (NativeMethods.GetModuleBaseName(safeProcessHandle, new HandleRef(null, handle), stringBuilder, stringBuilder.Capacity * 2) == 0)
{
throw new Win32Exception();
}
moduleInfo.baseName = stringBuilder.ToString();
StringBuilder stringBuilder2 = new StringBuilder(1024);
if (NativeMethods.GetModuleFileNameEx(safeProcessHandle, new HandleRef(null, handle), stringBuilder2, stringBuilder2.Capacity * 2) == 0)
{
throw new Win32Exception();
}
moduleInfo.fileName = stringBuilder2.ToString();
if (string.Compare(moduleInfo.fileName, "\\SystemRoot\\System32\\smss.exe", StringComparison.OrdinalIgnoreCase) == 0)
{
moduleInfo.fileName = Path.Combine(Environment.SystemDirectory, "smss.exe");
}
if (moduleInfo.fileName != null && moduleInfo.fileName.Length >= 4 && moduleInfo.fileName.StartsWith("\\\\?\\", StringComparison.Ordinal))
{
moduleInfo.fileName = moduleInfo.fileName.Substring(4);
}
arrayList.Add(moduleInfo);
}
catch (Win32Exception ex)
{
if (ex.NativeErrorCode != 6 && ex.NativeErrorCode != 299)
{
throw;
}
}
if (firstModuleOnly)
{
break;
}
}
ModuleInfo[] array2 = new ModuleInfo[arrayList.Count];
arrayList.CopyTo(array2, 0);
result = array2;
}
finally
{
if (!safeProcessHandle.IsInvalid)
{
safeProcessHandle.Close();
}
}
return(result);
}
