15,471
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
jues 2010-12-21
- 打赏
- 举报
收藏了加工了
yxwsbobo 2009-12-26
- 打赏
- 举报
00000000 Free 65536
00010000 Mapped 65536 1 -RW-
00010000 Mapped 65536 -RW- ---
00020000 Private 4096 1 -RW-
00020000 Private 4096 -RW- ---
00021000 Free 61440
00030000 Private 4096 1 -RW-
00030000 Private 4096 -RW- ---
00031000 Free 61440
00040000 Image 4096 1 ERWC \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
00040000 Image 4096 -R-- ---
00041000 Free 61440
7EFA0000 Mapped 208896 1 -R--
7EFA0000 Mapped 208896 -R-- ---
7EFD3000 Free 20480
7EFD8000 Private 12288 1 -RW-
7EFD8000 Private 12288 -RW- ---
7EFDB000 Private 12288 1 -RW-
7EFDB000 Private 12288 -RW- ---
7EFDE000 Private 4096 1 -RW-
7EFDE000 Private 4096 -RW- ---
7EFDF000 Private 4096 1 -RW-
7EFDF000 Private 4096 -RW- ---
7EFE0000 Mapped 1048576 2 -R--
7EFE0000 Mapped 20480 -R-- ---
7EFE5000 Reserve 1028096 -R-- ---
7F0E0000 Private 15728640 1 -R--
7F0E0000 Reserve 15728640 -R-- ---
7FFE0000 Private 65536 2 -R--
7FFE0000 Private 4096 -R-- ---
7FFE1000 Reserve 61440 -R-- ---
内存结构是这样的
这还真不是几句话就能枚举完的 邮箱我给你发过去
00010000 Mapped 65536 1 -RW-
00010000 Mapped 65536 -RW- ---
00020000 Private 4096 1 -RW-
00020000 Private 4096 -RW- ---
00021000 Free 61440
00030000 Private 4096 1 -RW-
00030000 Private 4096 -RW- ---
00031000 Free 61440
00040000 Image 4096 1 ERWC \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
00040000 Image 4096 -R-- ---
00041000 Free 61440
7EFA0000 Mapped 208896 1 -R--
7EFA0000 Mapped 208896 -R-- ---
7EFD3000 Free 20480
7EFD8000 Private 12288 1 -RW-
7EFD8000 Private 12288 -RW- ---
7EFDB000 Private 12288 1 -RW-
7EFDB000 Private 12288 -RW- ---
7EFDE000 Private 4096 1 -RW-
7EFDE000 Private 4096 -RW- ---
7EFDF000 Private 4096 1 -RW-
7EFDF000 Private 4096 -RW- ---
7EFE0000 Mapped 1048576 2 -R--
7EFE0000 Mapped 20480 -R-- ---
7EFE5000 Reserve 1028096 -R-- ---
7F0E0000 Private 15728640 1 -R--
7F0E0000 Reserve 15728640 -R-- ---
7FFE0000 Private 65536 2 -R--
7FFE0000 Private 4096 -R-- ---
7FFE1000 Reserve 61440 -R-- ---
内存结构是这样的
这还真不是几句话就能枚举完的 邮箱我给你发过去
sams_wang 2009-12-26
- 打赏
- 举报
《Windows核心编程》(第五版)中有这个例子,其源代码的下载链接是:http://www.advancedwindowsdebugging.com/portal/portal_downloads.htm,你可以参考看看,它列出来的信息还是挺详细的,应该能够满足你的要求
MoXiaoRab 2009-12-26
- 打赏
- 举报
枚举模块
BOOL ListProcessModules( DWORD dwPID )
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwPID );
if( hModuleSnap == INVALID_HANDLE_VALUE )
{
printError( "CreateToolhelp32Snapshot (of modules)" );
return( FALSE );
}
// Set the size of the structure before using it.
me32.dwSize = sizeof( MODULEENTRY32 );
// Retrieve information about the first module,
// and exit if unsuccessful
if( !Module32First( hModuleSnap, &me32 ) )
{
printError( "Module32First" ); // Show cause of failure
CloseHandle( hModuleSnap ); // Must clean up the snapshot object!
return( FALSE );
}
// Now walk the module list of the process,
// and display information about each module
do
{
printf( "\n\n MODULE NAME: %s", me32.szModule );
printf( "\n executable = %s", me32.szExePath );
printf( "\n process ID = 0x%08X", me32.th32ProcessID );
printf( "\n ref count (g) = 0x%04X", me32.GlblcntUsage );
printf( "\n ref count (p) = 0x%04X", me32.ProccntUsage );
printf( "\n base address = 0x%08X", (DWORD) me32.modBaseAddr );
printf( "\n base size = %d", me32.modBaseSize );
} while( Module32Next( hModuleSnap, &me32 ) );
// Do not forget to clean up the snapshot object.
CloseHandle( hModuleSnap );
return( TRUE );
}
yangyang__ 2009-12-26
- 打赏
- 举报
CreateToolhelp32Snapshot,然后Module32First,Module32Next,或Heap32First,Heap32Next.也可以直接读取进程对应的PE文件.
