public static bool List(FModuleInfoCollection modules, int processId) { modules.Clear(); IntPtr hSnap = RKernel32.CreateToolhelp32Snapshot(ETh32cs.SnapModule, processId); if (!RApi.IsValidHandle(hSnap)) { return(false); } SModuleEntry32 me32 = new SModuleEntry32(); me32.dwSize = Marshal.SizeOf(me32); bool next = RKernel32.Module32First(hSnap, ref me32); while (next) { FModuleInfo module = new FModuleInfo(); module.Handle = me32.hModule; module.Name = me32.szModule; module.Location = me32.szExePath; module.BaseAddress = me32.modBaseAddr; module.BaseSize = me32.modBaseSize; module.ModuleID = me32.th32ModuleID; module.GlblcntUsage = me32.GlblcntUsage; module.ProccntUsage = me32.ProccntUsage; modules.Push(module); next = RKernel32.Module32Next(hSnap, ref me32); } RKernel32.CloseHandle(hSnap); return(true); }
public static FModuleInfoCollection ListProcess(int processId) { FModuleInfoCollection modules = new FModuleInfoCollection(); List(modules, processId); return(modules); }
public static bool ListMemory(FMemoryInfos memories, int processId) { memories.Clear(); // List modules FModuleInfoCollection modules = RModule.ListProcess(processId); // List memory uint address = 0; SMemoryBasicInformation mbi = new SMemoryBasicInformation(); int size = Marshal.SizeOf(mbi); IntPtr process = RKernel32.OpenProcess(EProcessAccess.QueryInformation, true, processId); if (!RApi.IsValidHandle(process)) { return(false); } while (RKernel32.VirtualQueryEx(process, address, ref mbi, size) > 0) { FMemoryInfo memory = new FMemoryInfo(); memory.AllocationBase = mbi.AllocationBase; memory.AllocationProtect = mbi.AllocationProtect; memory.BaseAddress = mbi.BaseAddress; memory.Protect = mbi.Protect; memory.RegionSize = mbi.RegionSize; memory.State = mbi.State; memory.Type = mbi.Type; memory.Module = modules.FindByAddress(mbi.AllocationBase); memories.Push(memory); address = mbi.BaseAddress + mbi.RegionSize; } ; RKernel32.CloseHandle(process); return(true); }
public static bool List(FModuleInfoCollection modules) { return(List(modules, Process.GetCurrentProcess().Id)); }