//c#遍历系统所有进程 [StructLayout(LayoutKind.Sequential)] public struct ProcessEntry32 { public uint dwSize; public uint cntUsage; public uint th32ProcessID; public IntPtr th32DefaultHeapID; public uint th32ModuleID; public uint cntThreads; public uint th32ParentProcessID; public int pcPriClassBase; public uint dwFlags; [MarshalAs(UnmanagedType.ByValTStr, SizeConst = 260)] public string szExeFile; } [DllImport("KERNEL32.DLL ")] public static extern IntPtr CreateToolhelp32Snapshot(uint flags, uint processid); [DllImport("KERNEL32.DLL ")] public static extern int CloseHandle(IntPtr handle); [DllImport("KERNEL32.DLL ")] public static extern int Process32First(IntPtr handle, ref ProcessEntry32 pe); [DllImport("KERNEL32.DLL ")] public static extern int Process32Next(IntPtr handle, ref ProcessEntry32 pe); private void button1_Click(object sender, EventArgs e) { IntPtr handle = CreateToolhelp32Snapshot(0x2, 0); if ((int)handle > 0) { List list = new List (); ProcessEntry32 pe32 = new ProcessEntry32(); pe32.dwSize = (uint)Marshal.SizeOf(pe32); int bMore = Process32First(handle, ref pe32); while (bMore == 1) { IntPtr temp = Marshal.AllocHGlobal((int)pe32.dwSize); Marshal.StructureToPtr(pe32, temp, true); ProcessEntry32 pe = (ProcessEntry32)Marshal.PtrToStructure(temp, typeof(ProcessEntry32)); Marshal.FreeHGlobal(temp); list.Add(pe); bMore = Process32Next(handle, ref pe32); } CloseHandle(handle); foreach (ProcessEntry32 p in list) richTextBox1.AppendText(p.szExeFile + "\r\n"); } }
//VB获取指定进程模块的基址,调用方法:GetModuleAdd(进程PID,模块名)例如:GetModuleAdd(2284,"GameLogin.dll") Option Explicit Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As LongPrivate Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As LongPrivate Declare Function Module32First Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As LongPrivate Declare Function Module32Next Lib "kernel32" (ByVal hSnapShot As Long, lppe As MODULEENTRY32) As LongPrivate Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As LongPrivate Declare Function NtUnmapViewOfSection Lib "NTDLL.dll" (ByVal ProcessHandle As Long, ByVal BaseAddress As Long) As LongPrivate Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As LongPrivate Declare Function FreeLibrary Lib "kernel32" (ByVal hLibModule As Long) As Long Private Type PROCESSENTRY32 dwSize As Long cntUseage As Long th32ProcessID As Long th32DefaultHeapID As Long th32ModuleID As Long cntThreads As Long th32ParentProcessID As Long pcPriClassBase As Long swFlags As Long szExeFile As String * 1024End Type Private Type MODULEENTRY32 dwSize As Long th32ModuleID As Long th32ProcessID As Long GlblcntUsage As Long ProccntUsage As Long modBaseAddr As Long modBaseSize As Long hModule As Long szModule As String * 256 szExePath As String * 1024 End Type Public Type THREADENTRY32 dwSize As Long cntusage As Long th32threadID As Long th32OwnerProcessID As Long tpBasePri As Long tpDeltaPri As Long dwFlags As LongEnd Type Private Const TH32CS_SNAPPROCESS = &H2Private Const TH32CS_SNAPmodule = &H8 Public Function GetModuleAdd(PID As Long, ModuleName As String) As LongDim pr As PROCESSENTRY32Dim lp As LongDim mo As MODULEENTRY32Dim LM As LongDim i As LongDim Temp As Variant If ModuleName = "" Then GetModuleAdd = 0: Exit Function pr.dwSize = Len(pr) LM = CreateToolhelp32Snapshot(TH32CS_SNAPmodule, PID) If LM > 0 Then mo.dwSize = Len(mo) If Module32First(LM, mo) Then Do Temp = Left(mo.szExePath, InStr(mo.szExePath, Chr(0)) - 1) Temp = Mid(Temp, InStrRev(Temp, "\") + 1) If UCase(Temp) = Ucase(ModuleName) Then GetModuleAdd = mo.modBaseAddr Exit Function End If i = i + 1 Loop Until Module32Next(LM, mo) = 0 End If CloseHandle (LM) End IfEnd Function