Print current process module

VeroFess · Nov 23, 2022 · 5ae32d5 · 5ae32d5
1 parent a0b5d56
commit 5ae32d5
Showing 1 changed file with 40 additions and 2 deletions.
diff --git a/SbieTestConsole/ConsoleEntry.cpp b/SbieTestConsole/ConsoleEntry.cpp
@@ -1,9 +1,47 @@
 #include "MINT.h"
 #include <stdio.h>
+#include <tchar.h>
+#include <stdio.h>
+#include <psapi.h>
 
 char NameBuffer[0x1000] = {};
 PUNICODE_STRING MemoryMappedFilename = reinterpret_cast<PUNICODE_STRING>(NameBuffer);
 
+int PrintModules(DWORD processID)
+{
+	HMODULE hMods[1024];
+	HANDLE hProcess;
+	DWORD cbNeeded;
+	unsigned int i;
+
+	printf("\nProcess ID: %u\n", processID);
+
+	hProcess = OpenProcess(PROCESS_QUERY_INFORMATION |
+		PROCESS_VM_READ,
+		FALSE, processID);
+	if (NULL == hProcess)
+		return 1;
+
+	if (EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
+	{
+		for (i = 0; i < (cbNeeded / sizeof(HMODULE)); i++)
+		{
+			TCHAR szModName[MAX_PATH];
+
+			if (GetModuleFileNameEx(hProcess, hMods[i], szModName,
+				sizeof(szModName) / sizeof(TCHAR)))
+			{
+
+				_tprintf(TEXT("\t%s (0x%08X)\n"), szModName, hMods[i]);
+			}
+		}
+	}
+
+	CloseHandle(hProcess);
+
+	return 0;
+}
+
 VOID CheckSandboxieByGetModuleHandle() {
 	printf("Handle of SbieHide.dll is 0x%016llX\n", reinterpret_cast<UINT64>(GetModuleHandleA("SbieHide.dll")));
 	printf("Handle of SbieDll.dll is 0x%016llX\n", reinterpret_cast<UINT64>(GetModuleHandleA("SbieDll.dll")));
@@ -20,7 +58,7 @@ VOID CheckSandboxieByQueryVirtualMemoryMappedFilename() {
 	}
 
 	Status = NtQueryVirtualMemory(NtCurrentProcess(), GetModuleHandleA("SbieHide.dll"), MemoryMappedFilenameInformation, NameBuffer, 0x1000, &ReturnedLength);
-	
+
 	if (Status != STATUS_ACCESS_DENIED) {
 		printf("Sbiedll found! check hook\n");
 	}
@@ -32,7 +70,7 @@ VOID CheckSandboxieByQueryVirtualMemoryMappedFilename() {
 int main() {
 	CheckSandboxieByGetModuleHandle();
 	CheckSandboxieByQueryVirtualMemoryMappedFilename();
-
+	PrintModules(reinterpret_cast<DWORD>(NtCurrentProcessId()));
 	getchar();
 	return 0;
 }