获取进程依赖DLL的版本信息不对的问题

marslycan 2017-10-19 10:36:02
首先我通过参考 帖子 http://blog.csdn.net/caroline_wendy/article/details/29382613 获取了进程的所有依赖DLL
这里给出了一个 MODULEENTRY32 module32;
然后可以获取模块句柄、名字、路径信息;;;

下一步我希望通过以上信息获取相应DLL的版本信息
参照帖子 http://blog.csdn.net/hellokandy/article/details/53992395 给出的类,我通过传入DLL路径获取了版本号
但是我找到相应路径下的DLL,打开该文件属性,发现与我程序找到的版本号对不上!

然后找到帖子 http://blog.csdn.net/feix713555/article/details/29597719 ,博主指出:
1. GetFileVersionInfo内部实现是通过LoadLibrary加载对应模块,并获取其Resource的信息来获取文件信息。

2. LoadLibrary加载DLL时会受到DLL重定向的影响,也就是说,如果确实需要判断系统盘\System32\目录的会重定向的文件的版本时,不能通过GetFileVersionInfo去获取版本信息,因为获取的是重定向路径的dll版本信息。只能采用其他方式获取。


我通过测试,将我找到的一个DLL--C:\Windows\System32\ntdll 拷贝到我当前exe路径下,然后用新的径查找,获取的版本号就对了。
系统将C:\Windows\System32\ntdll 路径重新定位到C:\Windows\winsxs\路径下了


然后我用ProcessHacker测试,发现他找的是C:\Windows\System32\ntdll 的版本

Q1:那么我程序依赖的DLL的版本究竟是哪个才对??目前我想做到跟ProcessHacker一样的效果。应该怎么样在程序中修改?

Q2:上述方式内部LoadLibrary,但是我现在已经有了相应模块的句柄了,MODULEENTRY32 :: module32..hModule;没有必要再静态加载一次了把?有没有方法直接通过该模块句柄获取 文件的属性?

初次接触这方面的东西,望各位大佬指明方向~~~~万分感谢
...全文
733 7 打赏 收藏 转发到动态 举报
写回复
用AI写文章
7 条回复
切换为时间正序
请发表友善的回复…
发表回复
marslycan 2017-10-23
  • 打赏
  • 举报
回复
引用 6 楼 zhao4zhong1 的回复:
64 位 Windows 平台注意点之文件系统重定向 http://www.cnblogs.com/jiake/p/4981555.html
我看了下ProcessHacker中相关代码,发现对读取版本号确实单独做了处理 没有使用VerQueryValueW函数读取字段 而是通过读取根目录下VerQueryValue(lpBlock, L"\\", &valPtr, &valLen),VS_FIXEDFILEINFO结构

               VS_FIXEDFILEINFO *rootBlock;
	
		UINT   valLen  = MAX_PATH;
		LPVOID valPtr  = NULL;

	   if (VerQueryValue(lpBlock, L"\\", &valPtr, &valLen))
		{
			DWORD  dValue = 0;

			char *FileVersion = new char[MAX_PATH];
			std::string  temp;
			memset(FileVersion, 0, MAX_PATH);

			rootBlock = (VS_FIXEDFILEINFO*)valPtr;

			dValue = rootBlock->dwFileVersionMS >> 16;
			itoa(dValue, FileVersion + strlen(FileVersion), 10);
			*(FileVersion + strlen(FileVersion)) = '.';

			dValue = (rootBlock->dwFileVersionMS) & 0xffff;
			itoa(dValue, FileVersion + strlen(FileVersion), 10);
			*(FileVersion + strlen(FileVersion)) = '.';
		
		
			dValue =(rootBlock->dwFileVersionLS >> 16);
			itoa(dValue, FileVersion + strlen(FileVersion), 10);
			*(FileVersion + strlen(FileVersion)) = '.';

			dValue = (rootBlock->dwFileVersionLS) & 0xffff;
			itoa(dValue, FileVersion + strlen(FileVersion), 10);

			temp = FileVersion;

			int nLen = (int)temp.length();
			m_strFileVersion.resize(nLen, L' ');
		
			MultiByteToWideChar(CP_ACP, 0, (LPCSTR)temp.c_str(), nLen, (LPWSTR)m_strFileVersion.c_str(), nLen);

			delete []FileVersion;
			FileVersion = nullptr;
		}
赵4老师 2017-10-19
  • 打赏
  • 举报
回复
Dynamic-Link Library Search Order A system can contain multiple versions of the same dynamic-link library (DLL). Applications can control the location from which a DLL is loaded by specifying a full path, using DLL redirection, or by using a manifest. If none of these methods are used, the system searches for the DLL at load time as described in this topic. Standard Search Order The dynamic-link library (DLL) search order used by the system depends on whether safe DLL search mode is enabled or disabled. Windows Vista, Windows Server 2003, and Windows XP SP2: Safe DLL search mode is enabled by default. To disable this feature, create the HKLM\System\CurrentControlSet\Control\Session Manager\SafeDllSearchMode registry value and set it to 0. Calling the SetDllDirectory function effectively disables SafeDllSearchMode while the specified directory is in the search path and changes the search order as described in this topic. Windows XP and Windows 2000 SP4: Safe DLL search mode is disabled by default. To enable this feature, create the SafeDllSearchMode registry value and set it to 1. If SafeDllSearchMode is enabled, the search order is as follows: The directory from which the application loaded. The system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The current directory. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. If SafeDllSearchMode is disabled, the search order is as follows: The directory from which the application loaded. The current directory. The system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. Note that versions of Windows prior to the ones listed at the beginning of this section do not support SafeDllSearchMode. For more information, see Legacy Search Order below. Alternate Search Order The standard search order used by the system can be changed by calling the LoadLibraryEx function with LOAD_WITH_ALTERED_SEARCH_PATH. The standard search order can also be changed by calling the SetDllDirectory function. Windows XP/2000 and Windows 2000 Server: Changing the standard search order by calling SetDllDirectory is not supported until Windows XP SP1 and Windows Server 2003. If you specify an alternate search strategy, its behavior continues until all associated executable modules have been located. After the system starts processing DLL initialization routines, the system reverts to the standard search strategy. The LoadLibraryEx function supports an alternate search order if the call specifies LOAD_WITH_ALTERED_SEARCH_PATH and the lpFileName parameter specifies an absolute path. Note that the standard search strategy and the alternate search strategy specified by LoadLibraryEx with LOAD_WITH_ALTERED_SEARCH_PATH differ in just one way: The standard search begins in the calling application's directory, and the alternate search begins in the directory of the executable module that LoadLibraryEx is loading. If SafeDllSearchMode is enabled, the alternate search order is as follows: The directory specified by lpFileName. The system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The current directory. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. If SafeDllSearchMode is disabled, the alternate search order is as follows: The directory specified by lpFileName. The current directory. The system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. The SetDllDirectory function supports an alternate search order if the lpPathName parameter specifies a path. The alternate search order is as follows: The directory from which the application loaded. The directory specified by lpPathName. The system directory. Use the GetSystemDirectory function to get the path of this directory. The name of this directory is System32. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched. The name of this directory is System. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The directories that are listed in the PATH environment variable. If the lpPathName parameter is an empty string, the call removes the current directory from the search order. SetDllDirectory effectively disables safe DLL search mode while the specified directory is in the search path. To restore safe DLL search mode based on the SafeDllSearchMode registry value and restore the current directory to the search order, call SetDllDirectory with lpPathName as NULL. Legacy Search Order Versions of Windows earlier than the ones listed under Standard Search Order do not support the SafeDllSearchMode value. The DLL search order is as follows: The directory from which the application loaded. The current directory. The system directory. Use the GetSystemDirectory function to get the path of this directory. The 16-bit system directory. There is no function that obtains the path of this directory, but it is searched. The Windows directory. Use the GetWindowsDirectory function to get the path of this directory. The directories that are listed in the PATH environment variable. Note that this does not include the per-application path specified by the App Paths registry key. See Also Dynamic-Link Library Redirection LoadLibrary LoadLibraryEx SetDllDirectory Side-by-side Components Send comments about this topic to Microsoft Build date: 8/15/2007
marslycan 2017-10-19
  • 打赏
  • 举报
回复
引用 2 楼 smwhotjay 的回复:
进程加载的哪个实际dll就找他的版本吧
可是进程加载找到的是System32目录下的
smwhotjay 2017-10-19
  • 打赏
  • 举报
回复
进程加载的哪个实际dll就找他的版本吧
marslycan 2017-10-19
  • 打赏
  • 举报
回复
http://blog.csdn.net/feix713555/article/details/29597719总结下测试结果: 1. 采用full path加载dll, 如果是加载C:\Windows\system32目录下面,则会重定向去加载C:\Windows\winsxs目录下面的gdiplus.dll,其他情况都能正确加载到给定路径的文件。 2. 采用相对文件名gdiplus.dll加载, 尽管exe目录下面有gdiplus.dll,也会加载到C:\Windows\winsxs目录下面的gdiplus.dll. 也就是说,GetFileVersionInfo能够获取不存在的路径C:\Windows\System32\gdiplus.dll的版本号是因为触发了DLL加载的重定向机制,实际获取的是C:\Windows\winsxs目录下面对应文件的信息。 我的情况跟其类似
赵4老师 2017-10-19
  • 打赏
  • 举报
回复
64 位 Windows 平台注意点之文件系统重定向 http://www.cnblogs.com/jiake/p/4981555.html
marslycan 2017-10-19
  • 打赏
  • 举报
回复
引用 4 楼 zhao4zhong1 的回复:
还是不明白--我给的是绝对路径啊

15,472

社区成员

发帖
与我相关
我的任务
社区描述
VC/MFC 进程/线程/DLL
社区管理员
  • 进程/线程/DLL社区
加入社区
  • 近7日
  • 近30日
  • 至今
社区公告
暂无公告

试试用AI创作助手写篇文章吧