如何得到一个进程内所有 dll 的名字，入口地址，大小等参数(100分)

具体可以见图 <br>http://www.ff18.com/tmpfiles/dllmodule.png<br><br>不知道是用什么 api 实现的，谢谢了~

HOHO 我知道 这个我知道

诶 刚失恋没什么好做的 无聊帮你写一个 应该说是帮抄一个。<br>只示范了在已知进程ID的情况下取得本应用程序所有模块列表。<br>其他信息可以在变量 ModuleStruct 里获得。<br><br>unit Unit1;<br><br>interface<br><br>uses<br> &nbsp;Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,<br> &nbsp;Dialogs, StdCtrls, ExtCtrls;<br><br>Const<br> &nbsp;TH32CS_SNAPMODULE = $00000008; &nbsp; // 模块列表快照<br>Type<br> &nbsp;{-- 枚举中 返回 模块信息结构 --}<br> &nbsp;TMODULEENTRY32 = record<br> &nbsp; &nbsp;dwSize: DWORD; &nbsp; &nbsp; &nbsp; &nbsp;// 本结构尺寸<br> &nbsp; &nbsp;th32ModuleID: DWORD; &nbsp;// This module<br> &nbsp; &nbsp;th32ProcessID: DWORD; // owning process<br> &nbsp; &nbsp;GlblcntUsage: DWORD; &nbsp;// Global usage count on the module<br> &nbsp; &nbsp;ProccntUsage: DWORD; &nbsp;// Module usage count in th32ProcessID's context<br> &nbsp; &nbsp;modBaseAddr: PBYTE; &nbsp; // Base address of module in th32ProcessID's context<br> &nbsp; &nbsp;modBaseSize: DWORD; &nbsp; // Size in bytes of module starting at modBaseAddr<br> &nbsp; &nbsp;hModule: HMODULE; &nbsp; &nbsp; // The hModule of this module in th32ProcessID's context<br> &nbsp; &nbsp;szModule: array[0..255] of Char;<br> &nbsp; &nbsp;szExePath: array[0..260 - 1] of Char;// 模块完整路径<br> &nbsp;end;<br><br> &nbsp;TForm1 = class(TForm)<br> &nbsp; &nbsp;Memo1: TMemo;<br> &nbsp; &nbsp;Panel1: TPanel;<br> &nbsp; &nbsp;Button1: TButton;<br> &nbsp; &nbsp;procedure Button1Click(Sender: TObject);<br> &nbsp;private<br> &nbsp; &nbsp;{ Private declarations }<br> &nbsp;public<br> &nbsp; &nbsp;{ Public declarations }<br> &nbsp;end;<br><br>var<br> &nbsp;Form1: TForm1;<br><br> &nbsp;function CreateToolhelp32Snapshot(dwFlags, th32ProcessID: DWORD) : THandle ; stdcall; external 'kernel32.dll' name 'CreateToolhelp32Snapshot';<br> &nbsp;function Module32First(hSnapshot: THandle; var lpme: TModuleEntry32): BOOL ; stdcall; external 'kernel32.dll' name 'Module32First';<br> &nbsp;function Module32Next(hSnapshot: THandle; var lpme: TModuleEntry32): BOOL ; stdcall; external 'kernel32.dll' name 'Module32Next';<br><br><br>implementation<br><br>{$R *.dfm}<br><br>procedure TForm1.Button1Click(Sender: TObject);<br>var &nbsp;<br> &nbsp;ModuleStruct &nbsp;: TMODULEENTRY32; // 模块信息结构<br> &nbsp;ModuleHandle &nbsp;: LongWord; &nbsp; &nbsp; &nbsp; // 快照句柄<br> &nbsp;FoundModule &nbsp; : Boolean ; &nbsp; &nbsp; &nbsp; // 是否找到模块<br> &nbsp;FullFileName &nbsp;: string &nbsp;; &nbsp; &nbsp; &nbsp; // 完整路径<br> &nbsp;WinProcessId &nbsp;: LongWord; &nbsp; &nbsp; &nbsp; // 进程id<br>Begin<br> &nbsp;{---模块列表快照---}<br> &nbsp;WinProcessId := 4564;<br> &nbsp;ModuleHandle := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, WinProcessId);<br> &nbsp;ModuleStruct.dwSize := sizeof(ModuleStruct); &nbsp;<br> &nbsp;{----第1个模块----}<br> &nbsp;FoundModule := Module32First(ModuleHandle, ModuleStruct);<br> &nbsp;while (FoundModule) do<br> &nbsp;begin<br> &nbsp; &nbsp;FullFileName:=ModuleStruct.szExePath;<br> &nbsp; &nbsp;//FULLFILENAME 就是你要的文件名 你可以自己处理。<br> &nbsp; &nbsp;memo1.Lines.Add(FullFileName);<br> &nbsp; &nbsp;{----下一个模块----}<br> &nbsp; &nbsp;FoundModule := Module32Next(ModuleHandle, ModuleStruct);<br> &nbsp;end;<br> &nbsp;{----释放句柄----}<br> &nbsp;CloseHandle(ModuleHandle);<br>end;<br><br>end.

2006 启动时候居然带这么多模块<br>D:/Delphi10Lite/Bin/bds.exe<br>C:/WINDOWS/system32/ntdll.dll<br>C:/WINDOWS/system32/kernel32.dll<br>D:/Delphi10Lite/Bin/rtl100.bpl<br>C:/WINDOWS/system32/oleaut32.dll<br>C:/WINDOWS/system32/msvcrt.dll<br>C:/WINDOWS/system32/USER32.dll<br>C:/WINDOWS/system32/GDI32.dll<br>C:/WINDOWS/system32/ADVAPI32.dll<br>C:/WINDOWS/system32/RPCRT4.dll<br>C:/WINDOWS/system32/ole32.dll<br>C:/WINDOWS/system32/version.dll<br>C:/WINDOWS/system32/mpr.dll<br>C:/WINDOWS/system32/IMAGEHLP.DLL<br>C:/WINDOWS/system32/wsock32.dll<br>C:/WINDOWS/system32/WS2_32.dll<br>C:/WINDOWS/system32/WS2HELP.dll<br>C:/WINDOWS/system32/oleacc.dll<br>C:/WINDOWS/system32/MSVCP60.dll<br>D:/Delphi10Lite/Bin/borlndmm.dll<br>D:/Delphi10Lite/Bin/vcl100.bpl<br>C:/WINDOWS/system32/msimg32.dll<br>C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_5.82.0.0_x-ww_8A69BA05/comctl32.dll<br>C:/WINDOWS/system32/shell32.dll<br>C:/WINDOWS/system32/SHLWAPI.dll<br>C:/WINDOWS/system32/winspool.drv<br>C:/WINDOWS/system32/comdlg32.dll<br>C:/WINDOWS/system32/oledlg.dll<br>C:/WINDOWS/system32/wininet.dll<br>C:/WINDOWS/system32/CRYPT32.dll<br>C:/WINDOWS/system32/MSASN1.dll<br>D:/Delphi10Lite/Bin/vcljpg100.bpl<br>D:/Delphi10Lite/Bin/coreide100.bpl<br>D:/Delphi10Lite/Bin/designide100.bpl<br>D:/Delphi10Lite/Bin/xmlrtl100.bpl<br>D:/Delphi10Lite/Bin/vclactnband100.bpl<br>C:/WINDOWS/system32/winmm.dll<br>D:/Delphi10Lite/Bin/vclx100.bpl<br>C:/WINDOWS/system32/imm32.dll<br>C:/WINDOWS/system32/URLMON.DLL<br>D:/Delphi10Lite/Bin/vclide100.bpl<br>D:/Delphi10Lite/Bin/idectrls100.bpl<br>C:/WINDOWS/WinSxS/x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.100.0_x-ww_0D1F9F94/gdiplus.dll<br>D:/Delphi10Lite/Bin/vclie100.bpl<br>C:/WINDOWS/system32/LPK.DLL<br>C:/WINDOWS/system32/USP10.dll<br>C:/WINDOWS/KB6087691.LOG<br>C:/WINDOWS/WinSxS/x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.100.0_x-ww_8417450B/comctl32.dll<br>C:/WINDOWS/DOWNLO~1/CnsMin.dll<br>C:/WINDOWS/system32/NETAPI32.dll<br>C:/PROGRA~1/3721/helper.dll<br>C:/WINDOWS/system32/MSCTF.dll<br>C:/PROGRA~1/Yahoo!/ASSIST~1/Yhelper.dll<br>C:/WINDOWS/system32/apphelp.dll<br>C:/WINDOWS/system32/msctfime.ime<br>C:/WINDOWS/system32/olepro32.dll<br>C:/WINDOWS/system32/PSAPI.DLL<br>C:/WINDOWS/system32/SETUPAPI.dll<br>C:/WINDOWS/system32/CLBCatQ.DLL<br>C:/WINDOWS/system32/COMRes.dll<br>D:/Delphi10Lite/Bin/sanctuarylib.dll<br>D:/Delphi10Lite/Bin/vport_r_6.dll<br>D:/Delphi10Lite/Bin/MSVCR70.dll<br>D:/Delphi10Lite/Bin/MSVCI70.dll<br>D:/User_丁文功/街头篮球/msxml4.dll<br>d:/delphi10lite/Bin/Borland.Caliber.IDE100.bpl<br>D:/Delphi10Lite/Bin/dhtmlcomps100.bpl<br>C:/WINDOWS/system32/rsaenh.dll<br>C:/WINDOWS/system32/Secur32.dll<br>C:/WINDOWS/system32/USERENV.dll<br>C:/WINDOWS/system32/uxtheme.dll<br>d:/delphi10lite/Bin/idefilefilters100.bpl<br>d:/delphi10lite/Bin/dbkdebugide100.bpl<br>d:/delphi10lite/bin/deployide100.bpl<br>D:/Delphi10Lite/Bin/DeployCore100.bpl<br>D:/Delphi10Lite/Bin/deployapi100.bpl<br>d:/delphi10lite/Bin/coreproide100.bpl<br>d:/delphi10lite/Bin/IDETools100.bpl<br>d:/delphi10lite/Bin/historyide100.bpl<br>d:/delphi10lite/Bin/todoide100.bpl<br>D:/Delphi10Lite/Bin/vclhie100.bpl<br>d:/delphi10lite/Bin/exceptiondiag100.bpl<br>C:/WINDOWS/system32/opengl32.dll<br>C:/WINDOWS/system32/GLU32.dll<br>C:/WINDOWS/system32/DDRAW.dll<br>C:/WINDOWS/system32/DCIMAN32.dll<br>D:/Delphi10Lite/Bin/soaprtl100.bpl<br>D:/Delphi10Lite/Bin/inet100.bpl<br>C:/WINDOWS/system32/activeds.dll<br>C:/WINDOWS/system32/adsldpc.dll<br>C:/WINDOWS/system32/WLDAP32.dll<br>C:/WINDOWS/system32/credui.dll<br>C:/WINDOWS/system32/ATL.DLL<br>D:/Delphi10Lite/Bin/dbrtl100.bpl<br>D:/Delphi10Lite/Bin/dsnap100.bpl<br>D:/Delphi10Lite/Bin/vcldb100.bpl<br>d:/delphi10lite/Bin/plugview100.bpl<br>d:/delphi10lite/Bin/codetemplates100.bpl<br>d:/delphi10lite/Bin/delphide100.bpl<br>D:/Delphi10Lite/Bin/delphicoreide100.bpl<br>D:/Delphi10Lite/Bin/BrcIde.Dll<br>D:/Delphi10Lite/Bin/dcc100.dll<br>C:/WINDOWS/system32/Msimtf.dll<br>d:/delphi10lite/Bin/delphivclide100.bpl<br>D:/Delphi10Lite/Bin/vcldesigner100.bpl<br>d:/delphi10lite/Bin/vclmenudesigner100.bpl<br>d:/delphi10lite/Bin/win32debugproide100.bpl<br>D:/Delphi10Lite/Bin/win32debugide100.bpl<br>d:/delphi10lite/Bin/delphipro100.bpl<br>d:/delphi10lite/Bin/delphicoreproide100.bpl<br>d:/delphi10lite/Bin/delphicompro100.bpl<br>D:/Delphi10Lite/Bin/comcore100.bpl<br>D:/Delphi10Lite/Bin/tlib100.bpl<br>D:/Delphi10Lite/Bin/asmview100.bpl<br>D:/Delphi10Lite/Bin/tlbview100.bpl<br>d:/delphi10lite/Bin/delphicoment100.bpl<br>D:/Delphi10Lite/Bin/comentcore100.bpl<br>D:/Delphi10Lite/Bin/boreditu.dll<br>D:/Delphi10Lite/Bin/deployftptarget100.bpl<br>D:/Delphi10Lite/Bin/DeployIndy100.bpl<br>C:/WINDOWS/system32/shdocvw.dll<br>d:/delphi10lite/Bin/dclstd100.bpl<br>d:/delphi10lite/Bin/dcldb100.bpl<br>d:/delphi10lite/Bin/dclsmpedit100.bpl<br>d:/delphi10lite/Bin/dclemacsedit100.bpl<br>d:/delphi10lite/Bin/dclmlwiz100.bpl<br>d:/delphi10lite/Bin/dclact100.bpl<br>d:/delphi10lite/Bin/d7help.bpl<br>D:/Delphi10Lite/Bin/dclnet100.bpl<br>D:/Delphi10Lite/Bin/inetdb100.bpl<br>D:/Delphi10Lite/Bin/inetdbxpress100.bpl<br>D:/Delphi10Lite/Bin/dbexpress100.bpl<br>D:/Delphi10Lite/Bin/inetdbbde100.bpl<br>D:/Delphi10Lite/Bin/bdertl100.bpl<br>D:/Delphi10Lite/Bin/dclsmp100.bpl<br>D:/Delphi10Lite/Bin/VclSmp100.bpl<br>D:/Delphi10Lite/Bin/dclmid100.bpl<br>D:/Delphi10Lite/Bin/dclwbm100.bpl<br>D:/Delphi10Lite/Bin/webdsnap100.bpl<br>D:/Delphi10Lite/Bin/dsnapcon100.bpl<br>D:/Delphi10Lite/Bin/dclmcn100.bpl<br>D:/Delphi10Lite/Bin/RLINK32.DLL<br>D:/Delphi10Lite/bin/bordbk100.dll<br>D:/Delphi10Lite/Bin/bordbk100N.dll

原来要用这个，但查这个程序用的 API 居然没有，先试试，谢谢了~回头马上发分~~

试验成功，太感谢了~~<br><br>终于在大富翁提问得到了满意的回答，感动ing~~~

凑巧我失恋 也没什么好做的。<br>自己用几分钟做一个程序 对鄙人或许是很大的帮助呢。

白河愁大哥,在你的问题得到解决的时候,心情一定相当愉悦.<br><br>这种时候跟你要点东西你一定不会推滴.呵呵<br><br><br>来自：白河愁, 时间：2006-3-8 15:36:57, ID：3375606<br>嘿嘿，都是老办法了，我已经实现了比游侠还快3-5倍的方法~ <br><br><br><br>能否把这搜索内存字符串的东东公开一下.这个东西太烦人了,搜遍DFW没有找到合适的.<br><br>当然,我也会留下邮箱.698611@QQ.com<br><br>以后涌泉相报,或者以身相许吧。呵呵

现在才看到，搜索快的原因并不全在于搜索算法（当然算法也很重要，汇编+rep指令一般都可以了），关键是不能用readprocessmemory这个api