module1.bas

用vb写的能够查看所有系统进程和进程所加载的模块

Attribute VB_Name = "Module1"
Option Explicit
  Public Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, hModule As Long, ByVal cb As Long, cbNeeded As Long) As Long
  Public Declare Function GetModuleBaseName Lib "PSAPI.DLL" Alias "GetModuleBaseNameA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpBaseName As String, ByVal nSize As Long) As Long
  Public Declare Function GetModuleFileNameEx Lib "PSAPI.DLL" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFileName As String, ByVal nSize As Long) As Long
  Public Declare Function GetModuleInformation Lib "PSAPI.DLL" (ByVal hProcess As Long, ByVal hModule As Long, lpModInfo As MODULEINFO, ByVal nSize As Long) As Long
  Public Declare Function OpenProcess Lib "Kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
  Public Declare Function CloseHandle Lib "Kernel32" (ByVal hObject As Long) As Long
   
  Public Type MODULEINFO
          lpBaseOfDll   As Long
          SizeOfImage   As Long
          EntryPoint   As Long
  End Type
   
  Public Const PROCESS_VM_READ = &H10
  Public Const PROCESS_QUERY_INFORMATION = &H400
  Public Const MAX_PATH = 260
  '模   块   名：EnumModule
  '功         能：读出一个进程中所有的模块名和模块路径（第一个就是程序本身的路径）
  '返   回   值：暂无
  '参         数：EnumModule(进程的标识符，读出的模块数组)
  '调用方法：（Form1、Command1、Text1、List1）各一个
          'Private   Sub   Command1_Click()
                  'Dim   Arr()   As   String
                  'EnumModule   CLng(Text1.Text),   Arr
                  'Dim   i
                  'For   Each   i   In   Arr
                          'List1.AddItem   i
                  'Next
                  'MsgBox   List1.ListCount
          'End   Sub
  Public Function EnumModule(ByVal hProc As Long, ByRef sModule() As String) As Long
          On Error Resume Next
          Dim lRet     As Long     '返回值
          Dim i     As Long     '循环计数器
          Dim hProcess     As Long     '进程标识
          Dim hModule()     As Long     '进程中的所有模块
          Dim ModName     As String     '模块名
          Dim ModFilePath     As String     '模块路径
          Dim ModInfo     As MODULEINFO
          Dim cbNeed     As Long     '偶也不知是做什么的，好像是计录进程中的模块数量cbNeed   /   4
           
          hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0&, hProc)
          ReDim hModule(1) As Long
          lRet = EnumProcessModules(hProcess, hModule(1), 1, cbNeed)
          ReDim hModule(1 To cbNeed / 4) As Long
          lRet = EnumProcessModules(hProcess, hModule(1), cbNeed, cbNeed)
           
          For i = 1 To cbNeed / 4
                  If hModule(i) Then
                          ModName = String(MAX_PATH, 0)
                          GetModuleBaseName hProcess, hModule(i), ModName, Len(ModName)
                          ModName = Left(ModName, InStr(1, ModName, Chr(0)) - 1)
                           
                          ModFilePath = String(MAX_PATH, 0)
                          GetModuleFileNameEx hProcess, hModule(i), ModFilePath, Len(ModFilePath)
                          ModFilePath = Left(ModFilePath, InStr(1, ModFilePath, Chr(0)) - 1)
                           
                          GetModuleInformation hProcess, hModule(i), ModInfo, LenB(ModInfo)
                           
                          'sModule()=(模块名CR模块路径CR映像地址CR映像大小CR模块入口点)
                          ReDim Preserve sModule(i - 1) As String
                          sModule(i - 1) = ModName & vbCrLf & ModFilePath & vbCrLf & _
                          ModInfo.lpBaseOfDll & vbCrLf & ModInfo.SizeOfImage & vbCrLf & _
                          ModInfo.EntryPoint
                  End If
          Next
          CloseHandle hProcess
          EnumModule = (Err.Number = 0)
  End Function