I’ve been reversing some of the recent Patch Tuesday updates. One of interest to me is MS09-013 which affects the WinHTTP library. I wanted to see which processes were already using the library on my box. I didn’t have a tool to quickly dump all loaded modules, but a quick google found the following code on MSDN:
// enum_modules.cpp : Defines the entry point for the console application.
//#include “stdafx.h”
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include <psapi.h>void PrintModules( DWORD processID )
{
HMODULE hMods[1024];
HANDLE hProcess;
DWORD cbNeeded;
unsigned int i;// Print the process identifier.
printf( “\nProcess ID: %u\n”, processID );
// Get a list of all the modules in this process.
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION |
PROCESS_VM_READ,
FALSE, processID );
if (NULL == hProcess)
return;if( EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbNeeded))
{
for ( i = 0; i < (cbNeeded / sizeof(HMODULE)); i++ )
{
TCHAR szModName[MAX_PATH];// Get the full path to the module’s file.
if ( GetModuleFileNameEx( hProcess, hMods[i], szModName,
sizeof(szModName) / sizeof(TCHAR)))
{
// Print the module name and handle value._tprintf( TEXT(“\t%s (0x%08X)\n”), szModName, hMods[i] );
}
}
}CloseHandle( hProcess );
}int main(int argc, char * argv[] )
{
// Get the list of process identifiers.DWORD aProcesses[1024], cbNeeded, cProcesses;
unsigned int i;if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) )
return -1;// Calculate how many process identifiers were returned.
cProcesses = cbNeeded / sizeof(DWORD);
// Print the name of the modules for each process.
for ( i = 0; i < cProcesses; i++ )
PrintModules( aProcesses[i] );return 0;
}
It works perfect. Just makes sure to link with psapi.lib