能力值:
( LV2,RANK:10 )
|
-
-
2 楼
超级模块
|
能力值:
![]()
(RANK:10 )
|
-
-
3 楼
柒雪天尚
超级模块
C++,另外进程有保护R3不行
|
能力值:
( LV2,RANK:10 )
|
-
-
4 楼
typedef struct _RTL_PROCESS_MODULE_INFORMATION {
HANDLE Section; // Not filled in
PVOID MappedBase;
PVOID ImageBase;
ULONG ImageSize;
ULONG Flags;
USHORT LoadOrderIndex;
USHORT InitOrderIndex;
USHORT LoadCount;
USHORT OffsetToFileName;
UCHAR FullPathName[256];
} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
typedef struct _RTL_PROCESS_MODULES {
ULONG NumberOfModules;
RTL_PROCESS_MODULE_INFORMATION Modules[1];
} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
typedef NTSTATUS(WINAPI *NTQUERYSYSTEMINFORMATION)(__in DWORD SystemInformationClass,
__inout PVOID SystemInformation,
__in ULONG SystemInformationLength,
__out_opt PULONG ReturnLength);
NTQUERYSYSTEMINFORMATION NtQuerySystemInformation = (NTQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle(L"ntdll.dll"), "NtQuerySystemInformation");
int _tmain(int argc, _TCHAR* argv[])
{
PRTL_PROCESS_MODULES Modules;
PRTL_PROCESS_MODULE_INFORMATION ModuleInfo;
PVOID Buffer = NULL;
ULONG ReturnLength;
ULONG i;
ULONG BufferSize = 4096;
NTSTATUS Status;
retry:
Buffer = malloc(BufferSize);
if (!Buffer) {
return STATUS_NO_MEMORY;
}
Status = NtQuerySystemInformation(11,
Buffer,
BufferSize,
&ReturnLength
);
if (Status == 0xC0000004L) {
free(Buffer);
BufferSize = ReturnLength;
goto retry;
}
Modules = (PRTL_PROCESS_MODULES)Buffer;
ModuleInfo = &(Modules->Modules[0]);
for (i = 0; i < Modules->NumberOfModules; i++, ModuleInfo++)
{
cout << ModuleInfo->FullPathName << " " << ModuleInfo ->ImageBase << endl;
}
free(Buffer);
}
|
能力值:
![]()
(RANK:10 )
|
-
-
5 楼
柒雪天尚
typedef struct _RTL_PROCESS_MODULE_INFORMATION {
HANDLE Section; // Not fil ...
R3就可以获取到吗
|
能力值:
( LV1,RANK:0 )
|
-
-
6 楼
帮顶
|
|
|
