下你所需,载你所想!
汇集开发技术源码资料

获取64位进程模块句柄

:1.895KB :1 :2020-11-08 13:30:07

部分简介

NtWow64ReadVirtualMemory64 (ProcessHandle, ldr + 48, ModuleHandle, 8, 0)
.如果真 (ModuleHandle = 0)
跳出循环 ()
.如果真结束
NtWow64ReadVirtualMemory64 (ProcessHandle, ldr + 96, pName, 8, 0)
NtWow64ReadVirtualMemory64_Bin (ProcessHandle, pName, Namebuf, Ulen, 0)
WideCharToMultiByte (936, 0, Namebuf, Ulen, Name, Alen, “”, 0)
.如果真 (到小写 (Name) = 到小写 (ModuleName))
返回 (ModuleHandle)
.如果真结束
NtWow64ReadVirtualMemory64 (ProcessHandle, ldr + 8, ldr, 8, 0)

热门推荐

相关文章