EnumProcessModules
The EnumProcessModules function retrieves a handle for each module in the specified process.
BOOL EnumProcessModules(
HANDLE hProcess,
HMODULE* lphModule,
DWORD cb,
LPDWORD lpcbNeeded
);
Parameters
hProcess
Handle to the process.
lphModule
[out] Pointer to the array that receives the list of module handles.
cb
Size of the lphModule array, in bytes.
lpcbNeeded
[out] Number of bytes required to store all module handles in the lphModule array.
Return Values
If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.
Remarks
It is a good idea to specify a large array of HMODULE values, because it is hard to predict how many modules there will be in the process at the time you call EnumProcessModules. To determine if the lphModule array is too small to hold all module handles for the process, compare the value returned in lpcbNeeded with the value specified in cb. If lpcbNeeded is greater than cb, increase the size of the array and call EnumProcessModules again.
To determine how many modules were enumerated by the call to EnumProcessModules, divide the resulting value in the lpcbNeeded parameter by sizeof(HMODULE).
Do not call CloseHandle on any of the handles returned by this function. The information comes from a snapshot, so there are no resources to be freed.
Requirements
Client Requires Windows XP, Windows 2000 Professional, or Windows NT Workstation 4.0.
Server Requires Windows Server 2003, Windows 2000 Server, or Windows NT Server 4.0.
Header Declared in Psapi.h.
Library Link to Psapi.lib.
DLL Requires psapi.dll.
Example Code
For an example, see Enumerating All Processes or Enumerating All Modules for a Process.
Enumerating All Modules For a Process
To determine which processes have loaded a particular DLL, you must enumerate the modules for each process. The following sample code uses the EnumProcessModules function to enumerate the modules of current processes in the system.
#include
#include
#include "psapi.h"
void PrintModules( DWORD processID )
{
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;
// Print the process identifier.
printf( "\nProcess ID: %u\n", processID );
// Get a list of all the modules in this process.
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
if (NULL == hProcess)
return;
if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )
{
char szModName[ max_path];
// Get the full path to the module's file.
if ( GetModuleFileNameEx( hProcess, hMods, szModName,
sizeof(szModName)))
{
// Print the module name and handle value.
printf("\t%s (0x%08X)\n", szModName, hMods );
}
}
}
CloseHandle( hProcess );
}
void main( )
{
// Get the list of process Identifiers.
DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;
if ( ! EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return;
// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name of the modules for each process.
for ( i = 0; i < cProcesses; i++ )
PrintModules( aProcesses );
}
The main function obtains a list of processes by using the EnumProcesses function. For each process, the main function calls the PrintModules function, passing it the process identifier. PrintModules in turn calls the OpenProcess function to obtain the process handle. If OpenProcess fails, the output shows only the process identifier. For example, OpenProcess fails for the Idle and CSRSS processes because their access restrictions prevent user-level code from opening them. Next, PrintModules calls the EnumProcessModules function to obtain the module handles function. Finally, PrintModules calls the GetModuleFileNameEx function, once for each module, to obtain the module names.