_ProcessGetModulesEx()

PenGuin

Hier die Funktion von mir, optimiert und erweitert durch Kleiner und Großvater

[autoit]

; #FUNCTION# ====================================================================================================================
; Name...........: _ProcessGetModulesEx
; Description....: Retrieves the currently loaded modules in the target process.
; Syntax.........: _ProcessGetModules($iPID, $iMode, $iFlag)
; Parameters.....: $iPID - The PID of the target process.
; $iMode - Changes the returns in the array. This parameter can be:
; 1: Retrieves an array with the fullpath of the modules.
; 2: Retrieves an array with the modules only.
; $iFlag - The filter criteria. This parameter can be one of the following values
; 1: List the 32-bit modules.
; 2: List the 64-bit modules.
; 3: List all modules.
; 0: Use the default behavior.
; Return values..: Success - An array with the loaded modules.
; Failure - Returns -1 if the PId isn't valid
; Returns -2 if $iMode is not 1 or 2
; Returns -3 if the function couldn't open the target process
; Returns -4 if the function coudln't enumerate the modules
; Returns "Couldn't retrieve the modulename of xxxx" in the array where the function couldn't get the module name.
; Author.........: [email='pinguin94@autoit.de'][/email]
; Modified.......: Großvater, Kleiner
; Remarks........: None
; Related........: None
; Link...........: None
; Example........: No
; ===============================================================================================================================
Func _ProcessGetModulesEx($iPID, $iMode = 1, $iFlag = 0)
If Not ProcessExists($iPID) Then Return SetError(1, 0, -1)
If Not $iMode Or $iMode > 2 Then Return SetError(1, 0, -2)
Local $hOpen = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'int', 0x0400 + 0x0010, 'int', 0, 'int', $iPID)
If @error Then Return SetError(1, 0, -3)
Local $Struct = DllStructCreate('int[1024]')
Local $aEnum = DllCall('psapi.dll', 'int', 'EnumProcessModulesEx', 'handle', $hOpen[0], 'ptr', DllStructGetPtr($Struct), 'int', DllStructGetSize($Struct), 'dword*', 0, 'dword', $iFlag)
If @error Then Return SetError(1, 0, -4)
Local $iMax = $aEnum[4] / 4
Local $aModules[$iMax + 1]
Local $aTemp, $iMod = 0
For $i = 1 To $iMax
$aTemp = DllCall('psapi.dll', 'int', 'GetModuleFileNameEx', 'handle', $hOpen[0], 'int', DllStructGetData($Struct, 1, $i), 'str', '', 'int', 2048)
If @error Then
$iMod += 1
$aModules[$i] = "Couldn't retrieve the modulename of " & DllStructGetData($Struct, 1, $i)
ContinueLoop
EndIf
If $aTemp[3] Then
$iMod += 1
Switch $iMode
Case 1
$aModules[$i] = $aTemp[3]
Case Else
$aModules[$i] = StringMid($aTemp[3], StringInStr($aTemp[3], '\', 0, -1) + 1)
EndSwitch
EndIf
Next
$aModules[0] = $iMod
DllCall('kernel32.dll', 'int', 'CloseHandle', 'handle', $hOpen[0])
Return $aModules
EndFunc ;==>_ProcessGetModulesEx

[/autoit]

Beschreibung steht im Funktionsheader.

Diese Funktion listet alle geladenen Module in dem Zielprozess auf.

MfG

Kleiner

Hi!

Sehr schön!

Lg Kleiner

PenGuin

Hab noch paar Fehlerabfragen eingebaut

Kleiner

Hi!

Habe dein Code noch ein wenig gekürzt!

Spoiler anzeigen

[autoit]

#include-once
; #FUNCTION# ====================================================================================================================
; Name...........: _ProcessGetModulesEx
; Description....: Retrieves the currently loaded modules in the target process.
; Syntax.........: _ProcessGetModules($iPID, $iMode, $iFlag)
; Parameters.....: $iPID - The PID of the target process.
; $iMode - Changes the returns in the array. This parameter can be:
; 1: Retrieves an array with the fullpath of the modules.
; 2: Retrieves an array with the modules only.
; $iFlag - The filter criteria. This parameter can be one of the following values
; 1: List the 32-bit modules.
; 2: List the 64-bit modules.
; 3: List all modules.
; 0: Use the default behavior.
; Return values..: Success - An array with the loaded modules.
; Failure - Returns -1 if the PId isn't valid
; Returns -2 if $iMode is not 1 or 2
; Returns -3 if the function couldn't open the target process
; Returns -4 if the function coudln't enumerate the modules
; Returns "Couldn't retrieve the modulename of xxxx" in the array where the function couldn't get the module name.
; Author.........: [email='pinguin94@autoit.de'][/email]
; Modified.......: Großvater, Kleiner
; Remarks........: None
; Related........: None
; Link...........: None
; Example........: No
; ===============================================================================================================================
Func _ProcessGetModulesEx($iPID, $iMode = 1, $iFlag = 0)
If Not ProcessExists($iPID) Then Return SetError(1, 0, -1)
If Not $iMode Or $iMode > 2 Then Return SetError(1, 0, -2)
Local $hOpen = DllCall('kernel32.dll', 'handle', 'OpenProcess', 'int', 0x0400 + 0x0010, 'int', 0, 'int', $iPID)
If @error Then Return SetError(1, 0, -3)
Local $Struct = DllStructCreate('int[1024]')
Local $aEnum = DllCall('psapi.dll', 'int', 'EnumProcessModulesEx', 'handle', $hOpen[0], 'ptr', DllStructGetPtr($Struct), 'int', DllStructGetSize($Struct), 'dword*', 0, 'dword', $iFlag)
If @error Then Return SetError(1, 0, -4)
Local $iMax = $aEnum[4] / 4
Local $aModules[$iMax + 1]
Local $aTemp, $iMod = 0
For $i = 1 To $iMax
$aTemp = DllCall('psapi.dll', 'int', 'GetModuleFileNameEx', 'handle', $hOpen[0], 'int', DllStructGetData($Struct, 1, $i), 'str', '', 'int', 2048)
If @error Then
$iMod += 1
$aModules[$i] = "Couldn't retrieve the modulename of " & DllStructGetData($Struct, 1, $i)
ContinueLoop
EndIf
If $aTemp[3] Then
$iMod += 1
Switch $iMode
Case 1
$aModules[$i] = $aTemp[3]
Case Else
$aModules[$i] = StringMid($aTemp[3], StringInStr($aTemp[3], '\', 0, -1) + 1)
EndSwitch
EndIf
Next
$aModules[0] = $iMod
DllCall('kernel32.dll', 'int', 'CloseHandle', 'handle', $hOpen[0])
Return $aModules
EndFunc ;==>_ProcessGetModulesEx

[/autoit]

Lg Kleiner

PenGuin

Habs mal geändert