public static AModuleInfoArray GetModuleList(int pid) { var processList = new AModuleInfoArray(); var snapshot = CreateToolhelp32Snapshot(SnapshotFlags.Module | SnapshotFlags.Module32, (uint)pid); var mod = new MODULEENTRY32() { dwSize = (uint)Marshal.SizeOf(typeof(MODULEENTRY32)) }; if (!Module32FirstW(snapshot, ref mod)) { return(new AModuleInfoArray()); } var winDir = UEnvironment.GetWinDir(); do { processList.Inc(); processList.Last.ModuleName = mod.szModule; processList.Last.BaseAddress = mod.modBaseAddr; processList.Last.BaseSize = mod.modBaseSize; processList.Last.ModulePath = mod.szExePath; processList.Last.IsSystemModule = AStringUtils.Pos(winDir, mod.szExePath, true) != -1; }while (Module32NextW(snapshot, ref mod)); return(processList); }
public void LoadDllSymbols(Boolean useSnapshot) { var h = Process.Native.Handle; if (useSnapshot) { foreach (var m in GetModuleList(Process.Native.Id)) { CurrentModuleName = m.ModuleName; SymLoadModuleExW(h, IntPtr.Zero, m.ModulePath, null, 0, 0, IntPtr.Zero, 0); } } else { var processX86 = Process.IsX86; var currentProcessX64 = Environment.Is64BitProcess; var hMods = new IntPtr[1024]; var uiSize = (uint)(Marshal.SizeOf(typeof(IntPtr)) * (hMods.Length)); var winDir = UEnvironment.GetWinDir(); var winSysFolderX86 = UIo.Path.Combine(winDir, "System32"); var winSysFolderX64 = UIo.Path.Combine(winDir, "SysWOW64"); if (!EnumProcessModulesEx(h, hMods, uiSize, out var needed, 0x03)) // 0x03 = List Modules ALl { return; } var totalModules = (int)(needed / (Marshal.SizeOf(typeof(IntPtr)))); for (var i = 0; i < totalModules; i++) { var sb = new StringBuilder(1024); GetModuleFileNameExW(h, hMods[i], sb, sb.Capacity); var f = sb.ToString(); var loaded = SymLoadModuleExW(h, IntPtr.Zero, f, null, 0, 0, IntPtr.Zero, 0); if (loaded != 0) { continue; } if (!processX86 || !currentProcessX64) { continue; } var isWindowsDll = AStringUtils.Pos(winDir, f, true) != -1; var isWindowsDllX86 = isWindowsDll && AStringUtils.Pos(winSysFolderX86, f, true) != -1; if (!isWindowsDllX86) { continue; } f = f.Replace(winSysFolderX86, winSysFolderX64); SymLoadModuleExW(h, IntPtr.Zero, f, null, 0, 0, IntPtr.Zero, 0); } } }