mardi 21 juin 2016

List process modules, can't get it to work for other processes

I want to enumerate the modules of another process (I took the windows 7 calculator, which is indeed an amazing piece of software), so I made up this code:

int main()
{
    char* process_name = "calc.exe";
    DWORD pID = 0; //Used in both parts
    //#######################################################################
    PROCESSENTRY32 process_entry;
    HANDLE process_snapshot;

    process_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    if(Process32First(process_snapshot, &process_entry))
    {
        do
        {
            if(_stricmp(process_entry.szExeFile, process_name) == 0)
            {
                pID = process_entry.th32ProcessID;
                std::cout << "Found process '" << process_entry.szExeFile << "' (PID = '" << pID << "')." << std::endl;
            }
        } while(Process32Next(process_snapshot, &process_entry));
    }

    CloseHandle(process_snapshot);
    //#######################################################################
    std::cout << "  - Modules :" << std::endl;
    //#######################################################################
    MODULEENTRY32 module_entry;
    HANDLE module_snapshot;

    module_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pID);
    if(Module32First(module_snapshot, &module_entry))
    {
        do
        {
            std::cout << "    '" << module_entry.szModule << "'" << std::endl;
        } while(Module32Next(module_snapshot, &module_entry));
    }
    CloseHandle(module_snapshot);
    //#######################################################################
    std::cout << std::endl << "********************************************************" << std::endl;
    getchar();
}

However, when I compile'n'run it, I have this output in my console:

No modules here ! :(

Either there are no modules or I can't access to them. Hopefully this is the second option.

Since I'm curious, I changed this line

module_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, pID);

to

module_snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE | TH32CS_SNAPMODULE32, 0);

in order to enumerate the module of the current app-test process. Here's the output:

Modules everywhere ! :)

So, what's happening, is Windows throwing at me a giant "Sir, you can't access to these modules, got it ? Mind your own process mate and get out now" which would actually be pretty cool for security purposes, or I totally got it wrong ?

Thank you for your time :)

Publié par à

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)