go语言遍历进程模块dll_golang列出所有dll方法-CSDN博客

本文链接：https://blog.csdn.net/friendan/article/details/130633790

package Util

import (
    "os"
    "fmt"
    "syscall"
    "unsafe"
)

var (
    kernel32 = syscall.MustLoadDLL("kernel32.dll")
    psapi    = syscall.MustLoadDLL("psapi.dll")
    procOpenProcess = kernel32.MustFindProc("OpenProcess")
    procEnumProcessModules = psapi.MustFindProc("EnumProcessModules")
    procGetModuleFileNameEx = psapi.MustFindProc("GetModuleFileNameExW")
)

const (
    PROCESS_QUERY_INFORMATION = 0x0400
    PROCESS_VM_READ            = 0x0010
    MAX_PATH                   = 260
)

func GetModules(pid int32) []string{
    var moduleList []string
    if pid <= 0 {
         pid = int32(os.Getpid()) // 自身进程
    }
    handle, _, _ := procOpenProcess.Call(
        uintptr(PROCESS_QUERY_INFORMATION|PROCESS_VM_READ),
        uintptr(0),
        uintptr(pid),
    )
    if handle == 0 {
        fmt.Println("OpenProcess failed")
        return moduleList
    }
    defer syscall.CloseHandle(syscall.Handle(handle))

    var modules [2048]syscall.Handle
    var needed uint32
    ret, _, _ := procEnumProcessModules.Call(
        uintptr(handle),
        uintptr(unsafe.Pointer(&modules[0])),
        uintptr(len(modules)),
        uintptr(unsafe.Pointer(&needed)),
    )
    if ret == 0 {
        fmt.Println("EnumProcessModules failed")
        return moduleList
    }

    for i := 0; i < int(needed)/int(unsafe.Sizeof(syscall.Handle(0))); i++ {
        var path [MAX_PATH]uint16
        ret, _, _ = procGetModuleFileNameEx.Call(
            uintptr(handle),
            uintptr(modules[i]),
            uintptr(unsafe.Pointer(&path[0])),
            uintptr(MAX_PATH),
        )
        if ret == 0 {
            fmt.Println("GetModuleFileNameEx failed")
            continue
        }
        // 需要注意的是，`GetModuleFileNameExW` 函数返回的路径是 Unicode 编码的，
        // 需要使用 `syscall.UTF16ToString` 函数转换成字符串
        modPath := syscall.UTF16ToString(path[:])
        moduleList = append(moduleList, modPath)
        // fmt.Printf("module path: %s\n", modPath)
    }
    return moduleList
}

package Test

import (
    "fmt"
    "testing"
    "clientgo/Util"
)

func TestPsUtil(t *testing.T) {
    modList := Util.GetModules(0)
    for index := 0; index < len(modList); index++{
    	fmt.Println("Index=", index + 1, modList[index])
    }
}

=== RUN TestPsUtil
Index= 1 C:\Users\ADMINI~1\AppData\Local\Temp\go-build4126345986\b001\Te
Index= 2 C:\Windows\SYSTEM32\ntdll.dll
Index= 3 C:\Windows\system32\kernel32.dll
Index= 4 C:\Windows\system32\KERNELBASE.dll
Index= 5 C:\Windows\system32\advapi32.dll
Index= 6 C:\Windows\system32\msvcrt.dll
Index= 7 C:\Windows\SYSTEM32\sechost.dll
Index= 8 C:\Windows\system32\RPCRT4.dll
Index= 9 C:\Windows\system32\winmm.dll
Index= 10 C:\Windows\system32\USER32.dll
Index= 11 C:\Windows\system32\GDI32.dll
Index= 12 C:\Windows\system32\LPK.dll
Index= 13 C:\Windows\system32\USP10.dll
Index= 14 C:\Windows\system32\IMM32.DLL
Index= 15 C:\Windows\system32\MSCTF.dll
Index= 16 C:\Windows\system32\nvinitx.dll
Index= 17 C:\Windows\system32\VERSION.dll
Index= 18 C:\Windows\system32\ws2_32.dll
Index= 19 C:\Windows\system32\NSI.dll
Index= 20 C:\Windows\system32\cryptbase.dll
Index= 21 C:\Windows\system32\powrprof.dll
Index= 22 C:\Windows\system32\SETUPAPI.dll
Index= 23 C:\Windows\system32\CFGMGR32.dll
Index= 24 C:\Windows\system32\OLEAUT32.dll
Index= 25 C:\Windows\system32\ole32.dll
Index= 26 C:\Windows\system32\DEVOBJ.dll
Index= 27 C:\Windows\system32\psapi.dll
--- PASS: TestPsUtil (0.00s)
PASS
ok command-line-arguments 0.029s