Windows
CreateToolhelp32Snapshot或内部结构如peb等
#include <windows.h>
#include <TlHelp32.h>
HANDLE hModuleSnap = INVALID_HANDLE_VALUE;
MODULEENTRY32 me32 = { sizeof(MODULEENTRY32) };
// 1. 创建一个模块相关的快照句柄
hModuleSnap = CreateToolhelp32Snapshot(
TH32CS_SNAPMODULE, // 指定快照的类型
dwPId); // 指定进程
if (hModuleSnap == INVALID_HANDLE_VALUE)
return false;
// 2. 通过模块快照句柄获取第一个模块信息
if (!Module32First(hModuleSnap, &me32)) {
CloseHandle(hModuleSnap);
return false;
}
// 3. 循环获取模块信息
do {
me32.th32ProcessID;
//...
} while (Module32Next(hModuleSnap, &me32));
// 4. 关闭句柄并退出函数
CloseHandle(hModuleSnap);
linux/android
libdl是第一个加载的模块
#include <dlfcn.h>
soinfo* si = (soinfo*)dlopen("libdl.so",3);
while(si)
{
printf("ptr=%08x name=%s entry=%08x base=%08x size=%08x\n",si,si->name,si->entry,si->base,si->size);
int i;
for(i=0;i<si->preinit_array_count;i++)
{
printf("preinit_array:%08x\n",si->preinit_array[i]);
}
for(i=0;i<si->init_array_count;i++)
{
printf("init_array:%08x\n",si->init_array[i]);
}
for(i=0;i<si->fini_array_count;i++)
{
printf("fini_array:%08x\n",si->fini_array[i]);
}
printf("init_func:%08x,fini_func:%08x\n",si->init_func,si->fini_func);
si = si->next;
}
mac/ios
利用dyld导出接口
#import <Foundation/Foundation.h>
#include <mach-o/dyld.h>
#include <mach-o/dyld_images.h>
// gcc -framework Foundation -l objc -o main main.m
const struct dyld_all_image_infos* _dyld_get_all_image_infos();
void dumpimage()
{
const struct dyld_all_image_infos *allinfo = _dyld_get_all_image_infos();
const struct dyld_image_info* info = allinfo->infoArray;
NSLog(@"version=%d",allinfo->version);
for(int i=0;i<allinfo->infoArrayCount;i++)
{
NSLog(@"\t%p\t%s",info[i].imageLoadAddress,info[i].imageFilePath);
}
}