Remove From My Forums

CreateToolhelp32Snapshot suspended

Frage
0

Anmelden

Hey guys,

I start a process with CREATE_SUSPENDED and CreateProcess and have to enum it's modules after that.

The problem is, that CreateToolhelp32Snapshop does not allow suspended processes.

Is there another method to do this? (It has to be done, bevore the target executes one single line of code)

Thanks!

Freitag, 13. August 2010 20:14

Antworten

|

Zitieren

Alle Antworten

0

Anmelden

Hi,

you're trying to get all modules which are linked to that executable?

This information is part of the PE header. (See here: http://support.microsoft.com/?id=121460)

So you don't need to create a process to get this information.

When you try to create a process and - just in case - when you are able to get the module list directly after the creation, not all modules are loaded at thistime because some are loaded delayed or dynamically.

I hope I could help you a bit.

Best Regards,

Peter

PS: You can also check "Dependency Walker" which is a freeware tool telling you all that module stuff from PE header.
When someone helps you, have a heart and try to help others!

Freitag, 20. August 2010 18:31

Antworten

|

Zitieren