C++ 获取进程某模块入口地址
时间:2021-07-16 17:43:34
收藏:0
阅读:0
实现代码:
HMODULE GetProcessModuleHandle(DWORD pid, CONST TCHAR* moduleName){ // 根据 PID 、模块名(需要写后缀,如:".dll"),获取模块入口地址。
MODULEENTRY32 moduleEntry;
HANDLE handle = NULL;
handle = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid); // 获取进程快照中包含在th32ProcessID中指定的进程的所有的模块。
if (!handle) {
CloseHandle(handle);
return NULL;
}
ZeroMemory(&moduleEntry, sizeof(MODULEENTRY32));
moduleEntry.dwSize = sizeof(MODULEENTRY32);
if (!Module32First(handle, &moduleEntry)) {
CloseHandle(handle);
return NULL;
}
do {
if (_tcscmp(moduleEntry.szModule, moduleName) == 0) {return moduleEntry.hModule;}
} while (Module32Next(handle, &moduleEntry));
CloseHandle(handle);
return 0;
}
int main(){
HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); // 进程快照句柄
PROCESSENTRY32 process = {sizeof(PROCESSENTRY32)}; // 存放进程快照的结构体
// 遍历进程
while (Process32Next(hProcessSnap,&process)){
// 找到 QQMusic.exe 进程
string s_szExeFile = process.szExeFile; // char* 转 string
if(s_szExeFile == "QQMusic.exe"){
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process.th32ProcessID); // 进程句柄
cout << "QQMusic.dll的模块基地址:" << GetProcessModuleHandle(process.th32ProcessID,"QQMusic.dll") << endl;
}
}
}
效果图:
评论(0)