获取进程加载的dll模块

 

//提升为SE_DEBUG_NAME
bool EnableDebugPriv()
{
    HANDLE hToken;
    TOKEN_PRIVILEGES tp;
    LUID luid;
    if(!OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES|TOKEN_QUERY,&hToken))
        return false;

    if(!LookupPrivilegeValue(NULL,SE_DEBUG_NAME,&luid))return false;

    tp.PrivilegeCount = 1;
    tp.Privileges[0].Attributes =SE_PRIVILEGE_ENABLED;
    tp.Privileges[0].Luid = luid;
    if(!AdjustTokenPrivileges(hToken,0,&tp,sizeof(TOKEN_PRIVILEGES),NULL,NULL) ) return false;

    return true;
}

//获取指定进程加载的所有dll模块
bool GetProcAllModule( DWORD dwPID)
{
    EnableDebugPriv();
    vector m_vProcModuleInfo;
    m_vProcModuleInfo.clear();
    m_vProcModuleInfo.swap(vector ());

    HANDLE hSnapshot = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE , dwPID);

    if ( INVALID_HANDLE_VALUE == hSnapshot )
    {
        return false;
    }

    MODULEENTRY32  module32;

    module32.dwSize = sizeof(MODULEENTRY32);

    BOOL bRet = Module32First(hSnapshot, &module32);

    while(bRet)
    {
        m_vProcModuleInfo.push_back(module32.szExePath);
        bRet = Module32Next(hSnapshot, &module32);
    }

    CloseHandle( hSnapshot );

    if (m_vProcModuleInfo.size())
    {
        for(UINT i=0;i<m_vProcModuleInfo.size();i++)
            cout<<m_vProcModuleInfo[i].c_str()<<endl;
    }
    return TRUE;
}