为什么EnumProcessModulesEx不能够全部枚举所有进程下的所在路径

袁梦 2017-06-11 12:11:10 
Option Explicit

Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (Destination As Any, Source As Any, ByVal Length As Long)

Private Declare Sub ZeroMemory Lib "kernel32" Alias "RtlZeroMemory" (Destination As Any, ByVal numBytes As Long)



'进程函数

Private Declare Function GetCurrentProcess Lib "kernel32" () As Long

Private Declare Function IsWow64Process Lib "kernel32" (ByVal hProcess As Long, Wow64Process As Boolean) As Boolean

Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long

Private Declare Function CloseHandle Lib "kernel32" (ByVal Handle As Long) As Long

Private Const PROCESS_TERMINATE = &H1

Private Const PROCESS_VM_OPERATION = &H8

Private Const PROCESS_VM_READ = &H10

Private Const PROCESS_QUERY_INFORMATION = &H400

Private Const PROCESS_QUERY_LIMITED_INFORMATION = &H1000



Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long

Private Declare Function GetModuleFileName Lib "kernel32" Alias "GetModuleFileNameA" (ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long

Private Declare Function GetModuleFileNameEx Lib "Psapi" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long

Private Declare Function GetModuleBaseName Lib "Psapi" Alias "GetModuleBaseNameA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpBaseName As String, ByVal nSize As Long) As Long

Private Declare Function GetMappedFileName Lib "Psapi" Alias "GetMappedFileNameA" (ByVal hProcess As Long, lpv As Any, ByVal lpFileName As String, ByVal nSize As Long) As Long

Private Declare Function GetModuleInformation Lib "Psapi" (ByVal hProcess As Long, ByVal hModule As Long, ModuleInfo As Any, ByVal nSize As Long) As Long

Private Declare Function GetProcessImageFileName Lib "Psapi" Alias "GetProcessImageFileNameA" (ByVal hProcess As Long, ByVal lpImageFileName As String, ByVal nSize As Long) As Long

Private Declare Function GetProcessMemoryInfo Lib "Psapi" (ByVal hProcess As Long, ppsmemCounters As Any, ByVal nSize As Long) As Long

Private Declare Function EnumProcessModules Lib "Psapi" (ByVal hProcess As Long, hModule As Long, ByVal cch As Long, lpcbNeeded As Long) As Long

Private Declare Function EnumProcessModulesEx Lib "Psapi" (ByVal hProcess As Long, hModule As Long, ByVal cch As Long, lpcbNeeded As Long, ByVal dwFilterFlag As Long) As Long

Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long

Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long

Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long

Private Type PROCESSENTRY32

    dwSize As Long

    cntUsage As Long

    th32ProcessID As Long

    th32DefaultHeapID As Long

    th32ModuleID As Long

    cntThreads As Long

    th32ParentProcessID As Long

    pcPriClassBase As Long

    dwFlags As Long

    szExeFile As String * 260

End Type

Private Declare Function ModuleFirst Lib "kernel32" Alias "Module32First" (ByVal hSnapShot As Long, lpModule As MODULEENTRY32) As Long

Private Declare Function ModuleNext Lib "kernel32" Alias "Module32Next" (ByVal hSnapShot As Long, lpModule As MODULEENTRY32) As Long

Private Const MAX_MODULE_NAME32 = 255

Private Type MODULEENTRY32

    dwSize As Long

    th32ModuleID As Long

    th32ProcessID As Long

    GlblcntUsage As Long

    ProccntUsage As Long

    modBaseAddr As Byte

    modBaseSize As Long

    hModule As Long

    szModule As String * 256

    szExePath As String * 260

End Type

Private Const TH32CS_SNAPPROCESS = &H2

Private Const TH32CS_SNAPMODULE = &H8

Private Const TH32CS_SNAPMODULE32 = &H10



'阅历路径

Private Function EnumPathFromProcess() As Long

Dim hProcess  As Long, hModule As Long, NeedByteCount As Long, hProcessSnap As Long, mProcessEntry As PROCESSENTRY32, ProcessCount As Long, sModuleFile As String, sProcessName As String

hProcessSnap = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)

If hProcessSnap <> -1 Then

   mProcessEntry.dwSize = LenB(mProcessEntry)

   If ProcessFirst(hProcessSnap, mProcessEntry) Then

      Do

        sProcessName = mProcessEntry.szExeFile

        If InStr(sProcessName, vbNullChar) > 0 Then sProcessName = VBA.Left(sProcessName, InStr(sProcessName, vbNullChar) - 1)

        hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ Or PROCESS_QUERY_LIMITED_INFORMATION, 0, mProcessEntry.th32ProcessID)

        If hProcess <> -1 Then

           EnumProcessModulesEx hProcess, ByVal 0, 0, NeedByteCount, 3

           If NeedByteCount > 0 Then

              EnumProcessModulesEx hProcess, hModule, 4, NeedByteCount, 3

              sModuleFile = String(260, vbNullChar)

              If GetModuleFileNameEx(hProcess, hModule, sModuleFile, 260) Then

                 If InStr(sModuleFile, vbNullChar) > 0 Then sModuleFile = VBA.Left(sModuleFile, InStr(sModuleFile, vbNullChar) - 1)

              Else

                 sModuleFile = ""

              End If

           End If

           CloseHandle hProcess

        End If

        ProcessCount = ProcessCount + 1

        Debug.Print mProcessEntry.th32ProcessID, mProcessEntry.cntThreads, ProcessCount, sProcessName, sModuleFile

      Loop While ProcessNext(hProcessSnap, mProcessEntry)

   End If

   CloseHandle hProcessSnap

End If

EnumPathFromProcess = ProcessCount

End Function
...全文
907 2 打赏 收藏 转发到动态 举报
写回复
用AI写文章
2 条回复
切换为时间正序
请发表友善的回复…
发表回复
袁梦 2017-06-16
  • 打赏
  • 举报
 回复
EnumProcessModulesEx、ZwQueryInformationProcess好像只能获取当前用户下的进程,算了就结贴吧
赵4老师 2017-06-12
  • 打赏
  • 举报
 回复
参考微软官网在线MSDN
Windows下如何枚举所有进程
要编写一个类似于 Windows 任务管理器的软件,首先遇到的问题是如何实现枚举所有进程。暂且不考虑进入核心态去查隐藏进程一类的,下面提供几种方法。请注意每种方法的使用局限,比如使用这些 API 所需要的操作系统是什么(尤其是是否能在 Windows Mobile 下使用)。   本文参考用户态枚举进程的几种方法,原文对于每一种方法都给出了完整的代码,被我照抄下来。还有一篇:如何用 Win32 ...
枚举进程加载模块
在教程 vb.net 教程 6-3 进程加载的模块 中详细讲解了使用 Process类的modules属性,该属性可以获取进程加载的所有Dll文件,详细使用可以参看上述博文。但是在实际使用中存在一个问题:对于有些程序,不能获得其进程全部的加载模块。例如,获得QQExternal的加载模块,如果使用.Net只能获得5个dll。但是通过其它工具,可以看到实际包含了很多dll: 通过调用系统api可以很好地解决这个问题。.........
四种方法实现VC枚举系统当前进程
    在Windows 2000以上的MS操作系统,通过Windows的任务管理器可以列出当前系统的所有活动进程(如图1所示),在Windows XP中,更是在控制台下增加了一条Tasklist命令,让系统下的所有进程无所遁行(如图2所示)。这一切是怎么实现的呢? 图 1 图 2引用侯捷大师在《深入浅出MFC》的一句话,“知其然而不知其所以然,真不是个好办法”。既然如此,我们干脆自己
C/C++ Windows API——枚举进程、结束进程及提升权限
// EnumProcessDemo.cpp : 定义控制台应用程序的入口点。 //#include "stdafx.h" #include #include //CreateToolhelp32Snapshot #include //EnumProcessesbool GetPrivileges() { // 取得当前进程
通过进程PID获取可执行文件全路径,提取路径中的文件名,提取文件名后缀、提取全路径中的目录、枚举进程加载模块dll
需要用到如下API 32位的程序调用此API同样能获取到64位进程的可执行文件路径。下面是微软在文档中的说明,由于该API很简单就不再复述了hProcess [in]A handle to the process. This handle must be created with the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right. For more information, see Proces
API

1,486

社区成员

23,280

社区内容

发帖
与我相关
我的任务
社区描述
VB API
社区管理员
  • API
加入社区
  • 近7日
  • 近30日
  • 至今

加载中

查看更多榜单
社区公告
暂无公告

试试用AI创作助手写篇文章吧

+ 用AI写文章