|
|
// 取得当前模块信息
VOID CCheckModuleDlg::InitModuleVect()
{
this->ModuleVect.clear () ;
DWORD dwProcessId = GetCurrentProcessId () ;
HANDLE hModuleSnap = CreateToolhelp32Snapshot ( TH32CS_SNAPMODULE, dwProcessId ) ;
if ( hModuleSnap == INVALID_HANDLE_VALUE )
return ;
MODULEENTRY32 me32 = { sizeof(MODULEENTRY32) } ;
if ( Module32First ( hModuleSnap, &me32 ) )
{
do{
this->ModuleVect.push_back ( me32.szModule ) ;
}while ( Module32Next ( hModuleSnap, &me32 ) ) ;
}
CloseHandle ( hModuleSnap ) ;
}
// 检测指定模块在存在于起始状态
BOOL CCheckModuleDlg::IsModuleValid( CString szModuleName )
{
// 遍历起始状态的模块列表
for ( int i = 0; i < this->ModuleVect.size(); i++ )
{
if ( this->ModuleVect == szModuleName )
return TRUE ;
}
return FALSE ;
}
// “统计”功能
void CCheckModuleDlg::OnBnClickedFlush()
{
this->InitModuleVect () ;
MY_OutputDebugStringW ( L"当前模块数量:%d", this->ModuleVect.size() ) ;
}
// “检测”功能
void CCheckModuleDlg::OnBnClickedCheck()
{
DWORD dwProcessId = GetCurrentProcessId () ;
HANDLE hModuleSnap = CreateToolhelp32Snapshot ( TH32CS_SNAPMODULE, dwProcessId ) ;
if ( hModuleSnap == INVALID_HANDLE_VALUE )
return ;
DWORD dwCount = 0 ;
MODULEENTRY32 me32 = { sizeof(MODULEENTRY32) } ;
if ( Module32First ( hModuleSnap, &me32 ) )
{
do{
if ( !this->IsModuleValid ( me32.szModule ) )
{
MY_OutputDebugStringW ( L"[可疑模块]%s", me32.szExePath ) ;
dwCount ++ ;
}
}while ( Module32Next ( hModuleSnap, &me32 ) ) ;
}
CloseHandle ( hModuleSnap ) ;
MY_OutputDebugStringW ( L"可疑模块数量:%d", dwCount ) ;
}
[attachment=52]
|
|
发表于 2013-6-8 11:00:40