远程获取进程DLL模块地址


// ConsoleApplication1.cpp : 此文件包含 "main" 函数。程序执行将在此处开始并结束。
//

#include 
#include 
#include "tlhelp32.h"
#include 
#include 
#include 



HMODULE GetProcessModuleHandle(DWORD pid, CONST TCHAR* moduleName) {	// 根据 PID 、模块名(需要写后缀,如:".dll"),获取模块入口地址。
    MODULEENTRY32 moduleEntry;
    HANDLE handle = NULL;
    handle = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid); //  获取进程快照中包含在th32ProcessID中指定的进程的所有的模块。
    if (!handle) {
        CloseHandle(handle);
        return NULL;
    }
    ZeroMemory(&moduleEntry, sizeof(MODULEENTRY32));
    moduleEntry.dwSize = sizeof(MODULEENTRY32);
    if (!Module32First(handle, &moduleEntry)) {
        CloseHandle(handle);
        return NULL;
    }
    do {
        if (_tcscmp(moduleEntry.szModule, moduleName) == 0) { return moduleEntry.hModule; }
    } while (Module32Next(handle, &moduleEntry));
    CloseHandle(handle);
    return 0;
}

int main() {
    HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);  // 进程快照句柄
    PROCESSENTRY32 process = { sizeof(PROCESSENTRY32) };	// 存放进程快照的结构体

    //  遍历进程
    while (Process32Next(hProcessSnap, &process)) {
        // 找到 QQMusic.exe 进程
        std::string s_szExeFile = process.szExeFile; // char* 转 string
        if (s_szExeFile == "s.exe") {
            HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, process.th32ProcessID); // 进程句柄
            if (hProcess)
            {
                HMODULE hMod = GetProcessModuleHandle(process.th32ProcessID, "Role.dll");
                if (hMod)
                {
                    auto fnAddress = GetProcAddress(hMod, "GetKongfuAmount");
                    
                    std::cout << fnAddress <<"        "<< GetLastError();
                }
            }
        }
    }
}


你可能感兴趣的:(c++,c++)