使用 kernel.dll 获取进程 mdoules c#
get process mdoules c# with kernel.dll
我在 运行 这个时候遇到了一些麻烦:
public MODULEENTRY32 getModule(String ModuleName)
{
MODULEENTRY32 module32;
module32.dwSize = (uint) Marshal.SizeOf(typeof(MODULEENTRY32));
IntPtr hSnap = CreateToolhelp32Snapshot(SnapshotFlags.TH32CS_SNAPMODULE | SnapshotFlags.TH32CS_SNAPMODULE32, (uint) process.Id);
Module32First(hSnap, out module32);
if (hSnap == IntPtr.Zero)
{
return new MODULEENTRY32();
}
do
{
if (module32.szModule.Equals(ModuleName))
{
CloseHandle(hSnap);
return module32;
}
} while (Module32Next(hSnap, out module32));
return new MODULEENTRY32();
}
我试图从进程中获取模块,但它总是 return 0,
我确定模块名称是正确的,进程 ID 也是正确的
我认为您提供的信息不足以确定问题所在。
如果您阅读了 CreateToolHelp32Snapshot 文档,您应该检查返回的 hSnap 是否为 INVALID_HANDLE_VALUE (-1)。如果是,则需要调用GetLastError 来确定失败的原因。
记录失败的可能原因:
If the specified process is the Idle process or one of the CSRSS
processes, this function fails and the last error code is
ERROR_ACCESS_DENIED because their access restrictions prevent
user-level code from opening them.
If the specified process is a 64-bit process and the caller is a
32-bit process, this function fails and the last error code is
ERROR_PARTIAL_COPY (299).
和:
When taking snapshots that include heaps and modules for a process
other than the current process, the CreateToolhelp32Snapshot function
can fail or return incorrect information for a variety of reasons. For
example, if the loader data table in the target process is corrupted
or not initialized, or if the module list changes during the function
call as a result of DLLs being loaded or unloaded, the function might
fail with ERROR_BAD_LENGTH or other error code. Ensure that the target
process was not started in a suspended state, and try calling the
function again. If the function fails with ERROR_BAD_LENGTH when
called with TH32CS_SNAPMODULE or TH32CS_SNAPMODULE32, call the
function again until it succeeds.
我在 运行 这个时候遇到了一些麻烦:
public MODULEENTRY32 getModule(String ModuleName)
{
MODULEENTRY32 module32;
module32.dwSize = (uint) Marshal.SizeOf(typeof(MODULEENTRY32));
IntPtr hSnap = CreateToolhelp32Snapshot(SnapshotFlags.TH32CS_SNAPMODULE | SnapshotFlags.TH32CS_SNAPMODULE32, (uint) process.Id);
Module32First(hSnap, out module32);
if (hSnap == IntPtr.Zero)
{
return new MODULEENTRY32();
}
do
{
if (module32.szModule.Equals(ModuleName))
{
CloseHandle(hSnap);
return module32;
}
} while (Module32Next(hSnap, out module32));
return new MODULEENTRY32();
}
我试图从进程中获取模块,但它总是 return 0, 我确定模块名称是正确的,进程 ID 也是正确的
我认为您提供的信息不足以确定问题所在。
如果您阅读了 CreateToolHelp32Snapshot 文档,您应该检查返回的 hSnap 是否为 INVALID_HANDLE_VALUE (-1)。如果是,则需要调用GetLastError 来确定失败的原因。
记录失败的可能原因:
If the specified process is the Idle process or one of the CSRSS processes, this function fails and the last error code is ERROR_ACCESS_DENIED because their access restrictions prevent user-level code from opening them.
If the specified process is a 64-bit process and the caller is a 32-bit process, this function fails and the last error code is ERROR_PARTIAL_COPY (299).
和:
When taking snapshots that include heaps and modules for a process other than the current process, the CreateToolhelp32Snapshot function can fail or return incorrect information for a variety of reasons. For example, if the loader data table in the target process is corrupted or not initialized, or if the module list changes during the function call as a result of DLLs being loaded or unloaded, the function might fail with ERROR_BAD_LENGTH or other error code. Ensure that the target process was not started in a suspended state, and try calling the function again. If the function fails with ERROR_BAD_LENGTH when called with TH32CS_SNAPMODULE or TH32CS_SNAPMODULE32, call the function again until it succeeds.