Listing all the Windows processes' modules using C program example
Compiler: Visual C++ Express Edition 2005
Compiled on Platform: Windows Xp Pro SP2
Target platform: none, just for learning and fun
Header file: Standard and Windows
Additional library: Windows Platform SDK
Additional project setting: Set project to be compiled as C
Project -> your_project_name Properties -> Configuration Properties -> C/C++ -> Advanced -> Compiled As: Compiled as C Code (/TC)
Other info: non-CLR or unmanaged.
To do: Listing all the Windows OS processes' modules
To show: The various Windows threads and processes functions used in Win32 programming
// For WinXp as a target, change accordingly
#define _WIN32_WINNT 0x0501
#include <windows.h>
// For CreateToolhelp32Snapshot()
#include <tlhelp32.h>
#include <stdio.h>
// Function prototypes...
BOOL ListProcessModules(DWORD dwPID);
void printError(TCHAR* msg);
int main(int argc, char argv[])
{
// 0 means current process, that is this program...
ListProcessModules(0);
return 0;
}
BOOL ListProcessModules(DWORD dwPID)
{
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32;
// Take a snapshot of all modules in the specified process.
hModuleSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID);
if(hModuleSnap == INVALID_HANDLE_VALUE)
{
printError(L"CreateToolhelp32Snapshot()");
return (FALSE);
}
// Set the size of the structure before using it.
me32.dwSize = sizeof(MODULEENTRY32);
// Retrieve information about the first module, and exit if unsuccessful
printf("\n******************************************\n");
printf("* List of module for current process *\n");
printf("******************************************");
if(!Module32First(hModuleSnap, &me32))
{
printError(L"Module32First()"); // Show cause of failure
CloseHandle(hModuleSnap); // Must clean up the snapshot object
return (FALSE);
}
// Now walk the module list of the process, and display information about each module
do
{
printf("\n\n MODULE NAME = %S", me32.szModule);
printf("\n executable = %S", me32.szExePath);
printf("\n process ID = %u", me32.th32ProcessID);
printf("\n ref count (global) = 0x%04X", me32.GlblcntUsage);
printf("\n ref count (process) = 0x%04X", me32.ProccntUsage);
printf("\n base address = 0x%p", me32.modBaseAddr);
printf("\n base size = %d\n", me32.modBaseSize);
} while (Module32Next(hModuleSnap, &me32));
// Do not forget to clean up the snapshot object.
CloseHandle(hModuleSnap);
return (TRUE);
}
// Printing the error if any
void printError(TCHAR* msg)
{
DWORD eNum;
TCHAR sysMsg[256];
TCHAR* p;
eNum = GetLastError();
// FormatMessageW - unicode, FormatMessageA - ANSI
FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
NULL, eNum, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
sysMsg, 256, NULL);
// Trim the end of the line and terminate it with a null
p = sysMsg;
while ((*p > 31) || (*p == 9))
++p;
do { *p-- = 0; }
while ((p >= sysMsg) && ((*p == '.') || (*p < 33)));
// Display the message...
printf("\n WARNING: %S failed with error %d (%s)\n", msg, eNum, sysMsg);
}
Output example:
******************************************
* List of module for current process *
******************************************
MODULE NAME = cplus.exe
executable = f:\vc2005project\cplus\debug\cplus.exe
process ID = 3352
ref count (global) = 0xFFFF
ref count (process) = 0xFFFF
base address = 0x00400000
base size = 106496
MODULE NAME = ntdll.dll
executable = C:\WINDOWS\system32\ntdll.dll
process ID = 3352
ref count (global) = 0xFFFF
ref count (process) = 0xFFFF
base address = 0x7C900000
base size = 720896
MODULE NAME = kernel32.dll
executable = C:\WINDOWS\system32\kernel32.dll
process ID = 3352
ref count (global) = 0xFFFF
ref count (process) = 0xFFFF
base address = 0x7C800000
base size = 999424
MODULE NAME = MSVCR80D.dll
executable = C:\WINDOWS\WinSxS\x86_Microsoft.VC80.DebugCRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_f75eb16c\MSVCR80D.dll
process ID = 3352
ref count (global) = 0xFFFF
ref count (process) = 0xFFFF
base address = 0x10200000
base size = 1179648
MODULE NAME = msvcrt.dll
executable = C:\WINDOWS\system32\msvcrt.dll
process ID = 3352
ref count (global) = 0xFFFF
ref count (process) = 0xFFFF
base address = 0x77C10000