type PHMODULE = ^HMODULE; function EnumProcessModules(hProcess: THandle; lphModule: PHMODULE; dwCb: DWORD; var dwCbNeeded: DWORD): BOOL; stdcall; external 'psapi.dll' name 'EnumProcessModules'; function GetModuleFileNameExW(hProcess: THandle; hMod: HMODULE; lpFilename: PWideChar; nSize: DWORD): DWORD; stdcall; external 'psapi.dll' name 'GetModuleFileNameExW';procedure GetProcessModules(dwProcessID: DWORD; strModules: TStrings); var hProcess: THandle; hMods: Array of HMODULE; dwNeeded: DWORD; dwModNum: DWORD; i: Integer; szModName: Array[0..MAX_PATH] of WideChar; begin hProcess := OpenProcess( PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, dwProcessID); if hProcess = 0 then Exit; try if Win32Check(EnumProcessModules(hProcess, Nil, 0, dwNeeded)) then begin dwModNum := dwNeeded div Sizeof(HMODULE); SetLength(hMods, dwModNum); if Win32Check(EnumProcessModules(hProcess, @hMods[0], dwModNum * Sizeof(HMODULE), dwNeeded)) then begin for i := 0 to dwModNum - 1 do begin if GetModuleFileNameExW(hProcess, hMods[i], szModName, sizeof(szModName)) > 0 then strModules.Add(IntToStr(i) + ' : ' + szModName); end; end; end; finally CloseHandle(hProcess); end; end;procedure TForm1.Button1Click(Sender: TObject); begin Memo1.Lines.Clear; GetProcessModules(GetCurrentProcessId, Memo1.Lines); end;
PHMODULE = ^HMODULE;
function EnumProcessModules(hProcess: THandle;
lphModule: PHMODULE; dwCb: DWORD; var dwCbNeeded: DWORD): BOOL; stdcall;
external 'psapi.dll' name 'EnumProcessModules';
function GetModuleFileNameExW(hProcess: THandle;
hMod: HMODULE; lpFilename: PWideChar; nSize: DWORD): DWORD; stdcall;
external 'psapi.dll' name 'GetModuleFileNameExW';procedure GetProcessModules(dwProcessID: DWORD; strModules: TStrings);
var
hProcess: THandle;
hMods: Array of HMODULE;
dwNeeded: DWORD;
dwModNum: DWORD;
i: Integer;
szModName: Array[0..MAX_PATH] of WideChar;
begin
hProcess := OpenProcess(
PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,
False,
dwProcessID);
if hProcess = 0 then Exit;
try
if Win32Check(EnumProcessModules(hProcess, Nil, 0, dwNeeded)) then
begin
dwModNum := dwNeeded div Sizeof(HMODULE);
SetLength(hMods, dwModNum);
if Win32Check(EnumProcessModules(hProcess, @hMods[0],
dwModNum * Sizeof(HMODULE), dwNeeded)) then
begin
for i := 0 to dwModNum - 1 do
begin
if GetModuleFileNameExW(hProcess, hMods[i], szModName, sizeof(szModName)) > 0 then
strModules.Add(IntToStr(i) + ' : ' + szModName);
end;
end;
end;
finally
CloseHandle(hProcess);
end;
end;procedure TForm1.Button1Click(Sender: TObject);
begin
Memo1.Lines.Clear;
GetProcessModules(GetCurrentProcessId, Memo1.Lines);
end;
0 : D:\Program Files\Borland\Delphi7\Projects\Project1.exe
1 : C:\WINNT\system32\ntdll.dll
2 : C:\WINNT\system32\kernel32.dll
3 : C:\WINNT\system32\user32.dll
4 : C:\WINNT\system32\GDI32.dll
5 : C:\WINNT\system32\advapi32.dll
6 : C:\WINNT\system32\RPCRT4.dll
7 : C:\WINNT\system32\oleaut32.dll
8 : C:\WINNT\system32\msvcrt.dll
9 : C:\WINNT\system32\ole32.dll
10 : C:\WINNT\system32\version.dll
11 : C:\WINNT\system32\comctl32.dll
12 : C:\WINNT\system32\psapi.dll
13 : C:\WINNT\system32\IMM32.DLL
14 : C:\WINNT\system32\LPK.DLL
15 : C:\WINNT\system32\USP10.dll
16 : C:\WINNT\system32\uxtheme.dll
17 : C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASOEHOOK.DLL
18 : C:\WINNT\system32\MSVCR71.dll
19 : C:\WINNT\system32\SHLWAPI.dll
20 : C:\Program Files\Common Files\Symantec Shared\ccL40.dll
21 : C:\WINNT\system32\MSVCP71.dll
22 : C:\WINNT\system32\MSCTF.dll
23 : C:\WINNT\system32\msctfime.ime
这个方法取出的DLL也包括检查程序调用的DLL!