au3能枚举出进程所调用的模块吗？

landays · 发表于 2009-12-14 17:23:49

本帖最后由 landays 于 2009-12-14 20:54 编辑

au3能枚举出进程所调用的模块吗？

==============
问题解决，标准答案在4楼
非常感谢netegg

netegg · 发表于 2009-12-14 20:12:59

好像见过，我找找看，估计留底儿了

landays · 发表于 2009-12-14 20:16:19

多谢楼上的帮忙找找
论坛里我搜索了很多帖子都没相关内容

netegg · 发表于 2009-12-14 20:27:42

本帖最后由 netegg 于 2009-12-15 00:24 编辑

#Include <WinAPI.au3>
#include <Array.au3>

; #FUNCTION#;===============================================================================
;
; Name...........: _ProcessGetLoadedModules
; Description ...: Returns an array containing the full path of the loaded modules
; Syntax.........: _ProcessGetLoadedModules($iPID)
; Parameters ....:
; Return values .: Success - An array with all the paths
;             : Failure - -1 and @error=1 if the specified process couldn't be opened.
; Author ........: Andreas Karlsson (monoceres)
; Modified.......:
; Remarks .......:
; Related .......:
; Link ..........;
; Example .......; No
;
;;==========================================================================================
Func _ProcessGetLoadedModules($iPID)
Local Const $PROCESS_QUERY_INFORMATION=0x0400
Local Const $PROCESS_VM_READ=0x0010
Local $aCall, $hPsapi=DllOpen("Psapi.dll")
Local $hProcess, $tModulesStruct
$tModulesStruct=DllStructCreate("hwnd [200]")
Local $SIZEOFHWND = DllStructGetSize($tModulesStruct)/200
$hProcess=_WinAPI_OpenProcess(BitOR($PROCESS_QUERY_INFORMATION,$PROCESS_VM_READ),False,$iPID)
If Not $hProcess Then Return SetError(1,0,-1)
$aCall=DllCall($hPsapi,"int","EnumProcessModules","ptr",$hProcess,"ptr",DllStructGetPtr($tModulesStruct),"dword",DllStructGetSize($tModulesStruct),"dword*","")
If $aCall[4]>DllStructGetSize($tModulesStruct) Then
      $tModulesStruct=DllStructCreate("hwnd ["&$aCall[4]/$SIZEOFHWND&"]")
      $aCall=DllCall($hPsapi,"int","EnumProcessModules","ptr",$hProcess,"ptr",DllStructGetPtr($tModulesStruct),"dword",$aCall[4],"dword*","")
EndIf
Local $aReturn[$aCall[4]/$SIZEOFHWND]
For $i=0 To Ubound($aReturn)-1
      $aCall=DllCall($hPsapi,"dword","GetModuleFileNameExW","ptr",$hProcess,"int",DllStructGetData($tModulesStruct,1,$i+1),"wstr","","dword",65536)
      $aReturn[$i]=$aCall[3]
Next
_WinAPI_CloseHandle($hProcess)
DllClose($hPsapi)
Return $aReturn
EndFunc

$LIST = ProcessList()
$MODULES = _ProcessGetLoadedModules($LIST[5][1])
_ArrayDisplay($MODULES,$LIST[5][0])

landays · 发表于 2009-12-14 20:38:07

不对。。我需要的是能返回某个进程调用的DLL等文件信息
你这个是显示PID与父ID和内存占用信息
不过还是多谢了

netegg · 发表于 2009-12-14 20:39:22

改了，再看看

landays · 发表于 2009-12-14 20:48:46

OK 就是这个多谢

chenxianpeng · 发表于 2009-12-15 18:54:34

强！！！！！！！！！！

刘强 · 发表于 2009-12-18 09:18:48

学习一下枚举

		自动登录	找回密码
密码			加入

au3能枚举出进程所调用的模块吗？

评分

评分