VC++实现枚举进程与模块

[cpp] 
#pragma once 
#define _WIN32_WINNT 0x0500  
#include"windows.h" 
#include"tlhelp32.h" 
#include"stdio.h" 
#include"NativeApi.h" 
#include"wchar.h" 
#include"psapi.h"//SDK6.0 
#pragma comment(lib,"psapi.lib")////SDK6.0,不知道为什么vc6好像没有自带这个头文件？？ 
 
int GetUserPath(WCHAR* szModPath); 
BOOL GetProcessModule(DWORD dwPID) 
{ 
    BOOL bRet    =    FALSE; 
    BOOL bFound    =    FALSE; 
    HANDLE hModuleSnap = NULL; 
    MODULEENTRY32 me32 ={0}; 
     
    hModuleSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPID);//创建进程快照 
    if(hModuleSnap == INVALID_HANDLE_VALUE) 
    {    
        printf("获取模块失败!\n"); 
        return FALSE; 
    } 
     
    me32.dwSize = sizeof(MODULEENTRY32); 
    if(::Module32First(hModuleSnap,&me32))//获得第一个模块 
    { 
        do{ 
             
            printf("方法1列模块名：%s\n",me32.szExePath); 
        }while(::Module32Next(hModuleSnap,&me32)); 
    }//递归枚举模块 
     
     
    CloseHandle(hModuleSnap); 
    return bFound; 
} 
bool ForceLookUpModule(DWORD dwPID) 
{ 
     
    typedef DWORD( WINAPI *FunLookModule)( 
        HANDLE ProcessHandle, 
        DWORD BaseAddress, 
        DWORD MemoryInformationClass, 
        DWORD MemoryInformation, 
        DWORD MemoryInformationLength, 
        DWORD ReturnLength ); 
    HMODULE hModule = GetModuleHandle ("ntdll.dll" ) ; 
    if(hModule==NULL) 
    {  
        return FALSE; 
    } 
    FunLookModule ZwQueryVirtualMemory=(FunLookModule)GetProcAddress(hModule,"ZwQueryVirtualMemory"); 
    if(ZwQueryVirtualMemory==NULL) 
    { 
        return FALSE; 
    } 
    HANDLE hProcess=OpenProcess(PROCESS_QUERY_INFORMATION,1,dwPID); 
    if(hProcess==NULL) 
        return FALSE; 
    PMEMORY_SECTION_NAME Out_Data=(PMEMORY_SECTION_NAME)    malloc(0x200u); 
    DWORD retLength; 
    WCHAR Path[256]={0}; 
    wchar_t wstr[256]={0}; 
     
    for(unsigned int i=0;i<0x7fffffff;i=i+0x10000) 
    {  
        if( ZwQueryVirtualMemory(hProcess,(DWORD)i,2,(DWORD)Out_Data,512,(DWORD)&retLength)>0) 
        {  
            if(!IsBadReadPtr((BYTE*)Out_Data->SectionFileName.Buffer,1)) 
            { 
                if(((BYTE*)Out_Data->SectionFileName.Buffer)[0]==0x5c) 
                { 
                    if(wcscmp(wstr, Out_Data->SectionFileName.Buffer)) 
                         
                    {    
                        _wsetlocale(0,L"chs");               
                        GetUserPath(Out_Data->SectionFileName.Buffer); 
                        wprintf(L"方法2列模块%s\n",Out_Data->SectionFileName.Buffer); 
                         
                    } 
                    wcscpy(wstr,   Out_Data->SectionFileName.Buffer); 
                } 
                 
            } 
             
        } 
    } 
    CloseHandle(hProcess); 
    return TRUE; 
     
} 
int GetUserPath(WCHAR* szModPath) 
{    //\Device\HarddiskVolume1,  
     
    WCHAR Path[256]={0}; 
    WCHAR* Temp3=new WCHAR[3];   
    Temp3[2]='\0';   
    Temp3[1]=':'; 
    THead* phead=new THead; 
    phead->Next=NULL; 
    phead->Num=szModPath[22]; 
    for(int i='C';i<='Z';i++) 
    {Temp3[0]=i; 
    if(QueryDosDeviceW(Temp3,Path,30)) 
        if(phead->Num==Path[22]) 
        {   
       &

补充：软件开发 , Vc ,