#include "pch.h"
#include "GetModuleBase.h"
#include "GetModuleBaseDlg.h"
#include "afxdialogex.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
CGetModuleBaseDlg::CGetModuleBaseDlg(CWnd* pParent/*=nullptr*/)
: CDialogEx(IDD_GETMODULEBASE_DIALOG, pParent)
{
}
voidCGetModuleBaseDlg::DoDataExchange(CDataExchange* pDX)
{
CDialogEx::DoDataExchange(pDX);
DDX_Control(pDX, IDC_EDIT_PROCESS, m_editProcess);
DDX_Control(pDX, IDC_BTN_SEARCH, m_btnSearch);
DDX_Control(pDX, IDC_LIST_MODULES, m_listModules);
}
BEGIN_MESSAGE_MAP(CGetModuleBaseDlg, CDialogEx)
ON_BN_CLICKED(IDC_BTN_SEARCH, &CGetModuleBaseDlg::OnBnClickedBtnSearch)
END_MESSAGE_MAP()
BOOLCGetModuleBaseDlg::OnInitDialog()
{
CDialogEx::OnInitDialog();
// 设置列表控件为报告视图并添加列
m_listModules.SetExtendedStyle(LVS_EX_FULLROWSELECT | LVS_EX_GRIDLINES);
m_listModules.InsertColumn(0, _T("模块名称"), LVCFMT_LEFT, 150);
m_listModules.InsertColumn(1, _T("基址"), LVCFMT_LEFT, 120);
m_listModules.InsertColumn(2, _T("大小"), LVCFMT_LEFT, 100);
m_listModules.InsertColumn(3, _T("路径"), LVCFMT_LEFT, 400);
returnTRUE;
}
// 根据进程名获取 PID(支持大小写不敏感)
DWORDCGetModuleBaseDlg::GetProcessIDByName(LPCTSTRlpProcessName)
{
DWORDdwPID = 0;
HANDLEhSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if(hSnapshot == INVALID_HANDLE_VALUE)
return0;
PROCESSENTRY32 pe32 = {sizeof(pe32) };
if(Process32First(hSnapshot, &pe32))
{
do
{
if(_tcsicmp(pe32.szExeFile, lpProcessName) == 0)// 不区分大小写
{
dwPID = pe32.th32ProcessID;
break;
}
}while(Process32Next(hSnapshot, &pe32));
}
CloseHandle(hSnapshot);
returndwPID;
}
// 枚举指定进程的所有模块(同时支持 32/64 位模块)
BOOLCGetModuleBaseDlg::GetAllModules(DWORDdwPID, CListCtrl& listCtrl)
{
listCtrl.DeleteAllItems();
// 同时使用 TH32CS_SNAPMODULE 和 TH32CS_SNAPMODULE32 可兼容 WOW64 进程的 32 位模块
HANDLEhSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, dwPID);
if(hSnapshot == INVALID_HANDLE_VALUE)
returnFALSE;
MODULEENTRY32 me32 = {sizeof(me32) };
if(Module32First(hSnapshot, &me32))
{
intnItem = 0;
do
{
CString strBase, strSize;
strBase.Format(_T("0x%016I64X"), (ULONGLONG)me32.modBaseAddr);
strSize.Format(_T("0x%08X"), me32.modBaseSize);
listCtrl.InsertItem(nItem, me32.szModule);
listCtrl.SetItemText(nItem, 1, strBase);
listCtrl.SetItemText(nItem, 2, strSize);
listCtrl.SetItemText(nItem, 3, me32.szExePath);
nItem++;
}while(Module32Next(hSnapshot, &me32));
}
CloseHandle(hSnapshot);
returnTRUE;
}
voidCGetModuleBaseDlg::OnBnClickedBtnSearch()
{
CString strProcessName;
m_editProcess.GetWindowText(strProcessName);
strProcessName.Trim();
if(strProcessName.IsEmpty())
{
AfxMessageBox(_T("请输入进程名称!"));
return;
}
DWORDdwPID = GetProcessIDByName(strProcessName);
if(dwPID == 0)
{
AfxMessageBox(_T("未找到指定进程!请确认进程名称正确(包含.exe),且进程正在运行。"));
m_listModules.DeleteAllItems();
return;
}
CString strTitle;
strTitle.Format(_T("进程 %s (PID: %u) 的模块列表"), strProcessName, dwPID);
SetWindowText(strTitle);
if(!GetAllModules(dwPID, m_listModules))
{
AfxMessageBox(_T("枚举模块失败,可能没有足够权限。"));
m_listModules.DeleteAllItems();
}
}
|