本文介绍了从其他进程获取模块句柄的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
是否有一种方法可以使用C ++从另一个进程中获取我知道其名称的模块的句柄?GetModuleHandle和GetModuleHandleEx只能从同一进程获取句柄.
Is there a way to get the handle of a module which I know its name from another process using C++?GetModuleHandle and GetModuleHandleEx are good only getting the handle from the same process.
推荐答案
您可以使用 ReadProcessMemory 和 PEB_LDR_DATA
You can use ReadProcessMemory and PEB_LDR_DATA
typedef struct _PEB_LDR_DATA {
BYTE Reserved1[8];
PVOID Reserved2[3];
LIST_ENTRY InMemoryOrderModuleList;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
LIST_ENTRY是一个链接列表,其中包含您的dll名称和dll加载位置的基址.
The LIST_ENTRY is a linked list that contains your dll name and base address of where the dll is loaded.
typedef struct _LDR_DATA_TABLE_ENTRY {
PVOID Reserved1[2];
LIST_ENTRY InMemoryOrderLinks;
PVOID Reserved2[2];
PVOID DllBase;
PVOID EntryPoint;
PVOID Reserved3;
UNICODE_STRING FullDllName;
BYTE Reserved4[8];
PVOID Reserved5[3];
union {
ULONG CheckSum;
PVOID Reserved6;
};
ULONG TimeDateStamp;
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
这篇关于从其他进程获取模块句柄的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!