package Util
import (
"os"
"fmt"
"syscall"
"unsafe"
)
var (
kernel32 = syscall.MustLoadDLL("kernel32.dll")
psapi = syscall.MustLoadDLL("psapi.dll")
procOpenProcess = kernel32.MustFindProc("OpenProcess")
procEnumProcessModules = psapi.MustFindProc("EnumProcessModules")
procGetModuleFileNameEx = psapi.MustFindProc("GetModuleFileNameExW")
)
const (
PROCESS_QUERY_INFORMATION = 0x0400
PROCESS_VM_READ = 0x0010
MAX_PATH = 260
)
func GetModules(pid int32) []string{
var moduleList []string
if pid <= 0 {
pid = int32(os.Getpid()) // 自身进程
}
handle, _, _ := procOpenProcess.Call(
uintptr(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ),
uintptr(0),
uintptr(pid),
)
if handle == 0 {
fmt.Println("OpenProcess failed")
return moduleList
}
defer syscall.CloseHandle(syscall.Handle(handle))
var modules [2048]syscall.Handle
var needed uint32
ret, _, _ := procEnumProcessModules.Call(
uintptr(handle),
uintptr(unsafe.Pointer(&modules[0])),
uintptr(len(modules)),
uintptr(unsafe.Pointer(&needed)),
)
if ret == 0 {
fmt.Println("EnumProcessModules failed")
return moduleList
}
for i := 0; i < int(needed)/int(unsafe.Sizeof(syscall.Handle(0))); i++ {
var path [MAX_PATH]uint16
ret, _, _ = procGetModuleFileNameEx.Call(
uintptr(handle),
uintptr(modules[i]),
uintptr(unsafe.Pointer(&path[0])),
uintptr(MAX_PATH),
)
if ret == 0 {
fmt.Println("GetModuleFileNameEx failed")
continue
}
// 需要注意的是,`GetModuleFileNameExW` 函数返回的路径是 Unicode 编码的,
// 需要使用 `syscall.UTF16ToString` 函数转换成字符串
modPath := syscall.UTF16ToString(path[:])
moduleList = append(moduleList, modPath)
// fmt.Printf("module path: %s\n", modPath)
}
return moduleList
}
package Test
import (
"fmt"
"testing"
"clientgo/Util"
)
func TestPsUtil(t *testing.T) {
modList := Util.GetModules(0)
for index := 0; index < len(modList); index++{
fmt.Println("Index=", index + 1, modList[index])
}
}=== RUN TestPsUtil
Index= 1 C:\Users\ADMINI~1\AppData\Local\Temp\go-build4126345986\b001\Te
Index= 2 C:\Windows\SYSTEM32\ntdll.dll
Index= 3 C:\Windows\system32\kernel32.dll
Index= 4 C:\Windows\system32\KERNELBASE.dll
Index= 5 C:\Windows\system32\advapi32.dll
Index= 6 C:\Windows\system32\msvcrt.dll
Index= 7 C:\Windows\SYSTEM32\sechost.dll
Index= 8 C:\Windows\system32\RPCRT4.dll
Index= 9 C:\Windows\system32\winmm.dll
Index= 10 C:\Windows\system32\USER32.dll
Index= 11 C:\Windows\system32\GDI32.dll
Index= 12 C:\Windows\system32\LPK.dll
Index= 13 C:\Windows\system32\USP10.dll
Index= 14 C:\Windows\system32\IMM32.DLL
Index= 15 C:\Windows\system32\MSCTF.dll
Index= 16 C:\Windows\system32\nvinitx.dll
Index= 17 C:\Windows\system32\VERSION.dll
Index= 18 C:\Windows\system32\ws2_32.dll
Index= 19 C:\Windows\system32\NSI.dll
Index= 20 C:\Windows\system32\cryptbase.dll
Index= 21 C:\Windows\system32\powrprof.dll
Index= 22 C:\Windows\system32\SETUPAPI.dll
Index= 23 C:\Windows\system32\CFGMGR32.dll
Index= 24 C:\Windows\system32\OLEAUT32.dll
Index= 25 C:\Windows\system32\ole32.dll
Index= 26 C:\Windows\system32\DEVOBJ.dll
Index= 27 C:\Windows\system32\psapi.dll
--- PASS: TestPsUtil (0.00s)
PASS
ok command-line-arguments 0.029s文章来源地址https://www.toymoban.com/news/detail-440017.html
文章来源:https://www.toymoban.com/news/detail-440017.html
到了这里,关于go语言遍历进程模块dll的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!
