//c#遍历系统所有进程
[StructLayout(LayoutKind.Sequential)]
public struct ProcessEntry32
{
public uint dwSize;
public uint cntUsage;
public uint th32ProcessID;
public IntPtr th32DefaultHeapID;
public uint th32ModuleID;
public uint cntThreads;
public uint th32ParentProcessID;
public int pcPriClassBase;
public uint dwFlags;
[MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)]
public string szExeFile;
}
[DllImport("KERNEL32.DLL ")]
public static extern IntPtr CreateToolhelp32Snapshot(uint flags, uint processid);
[DllImport("KERNEL32.DLL ")]
public static extern int CloseHandle(IntPtr handle);
[DllImport("KERNEL32.DLL ")]
public static extern int Process32First(IntPtr handle, ref ProcessEntry32 pe);
[DllImport("KERNEL32.DLL ")]
public static extern int Process32Next(IntPtr handle, ref ProcessEntry32 pe);
private void button1_Click(object sender, EventArgs e)
{
IntPtr handle = CreateToolhelp32Snapshot(0x2, 0);
if ((int)handle > 0)
{
List<ProcessEntry32> list = new List<ProcessEntry32>();
ProcessEntry32 pe32 = new ProcessEntry32();
pe32.dwSize = (uint)Marshal.SizeOf(pe32);
int bMore = Process32First(handle, ref pe32);
while (bMore == 1)
{
IntPtr temp = Marshal.AllocHGlobal((int)pe32.dwSize);
Marshal.StructureToPtr(pe32, temp, true);
ProcessEntry32 pe = (ProcessEntry32)Marshal.PtrToStructure(temp, typeof(ProcessEntry32));
Marshal.FreeHGlobal(temp);
list.Add(pe);
bMore = Process32Next(handle, ref pe32);
}
CloseHandle(handle);
foreach (ProcessEntry32 p in list)
richTextBox1.AppendText(p.szExeFile + "
");
}
}
//VB获取指定进程模块的基址,调用方法:GetModuleAdd(进程PID,模块名)例如:GetModuleAdd(2284,"GameLogin.dll")
Option Explicit
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Module32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function NtUnmapViewOfSection Lib "NTDLL.dll" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long
Private Type PROCESSENTRY32
dwSize As Long
cntUseage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
swFlags As Long
szExeFile As String * 1024
End Type
Private Type MODULEENTRY32
dwSize As Long
th32ModuleID As Long
th32ProcessID As Long
GlblcntUsage As Long
ProccntUsage As Long
modBaseAddr As Long
modBaseSize As Long
hModule As Long
szModule As String * 256
szExePath As String * 1024
End Type
Public Type THREADENTRY32
dwSize As Long
cntusage As Long
th32threadID As Long
th32OwnerProcessID As Long
tpBasePri As Long
tpDeltaPri As Long
dwFlags As Long
End Type
Private Const TH32CS_SNAPPROCESS = &H2
Private Const TH32CS_SNAPmodule = &H8
Public Function GetModuleAdd(PID As Long, ModuleName As String) As Long
Dim pr As PROCESSENTRY32
Dim lp As Long
Dim mo As MODULEENTRY32
Dim LM As Long
Dim i As Long
Dim Temp As Variant
If ModuleName = "" Then GetModuleAdd = 0: Exit Function
pr.dwSize = Len(pr)
LM = CreateToolhelp32Snapshot(TH32CS_SNAPmodule, PID)
If LM > 0 Then
mo.dwSize = Len(mo)
If Module32First(LM, mo) Then
Do
Temp = Left(mo.szExePath, InStr(mo.szExePath, Chr(0)) - 1)
Temp = Mid(Temp, InStrRev(Temp, "") + 1)
If UCase(Temp) = Ucase(ModuleName) Then
GetModuleAdd = mo.modBaseAddr
Exit Function
End If
i = i + 1
Loop Until Module32Next(LM, mo) = 0
End If
CloseHandle (LM)
End If
End Function