Displays the code for any DLL file that a process loads

  • 2020-04-02 00:47:53
  • OfStack


#include <windows.h>
#include <iostream.h>
#include <tlhelp32.h>
#include <stdio.h>
int main(int argc, char* argv[])
{  
char exename[500]; 
printf("[ENTER EXE FILE NAME]t");
scanf("%s",exename);
printf("n[YOU ENTER]t%sn",exename);
Sleep(3000);
//Raises the permissions of the current process to allow it to operate on other processes
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if ( ! OpenProcessToken( GetCurrentProcess(),
     TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) ){
      //WriteToLog("openprocesstoken error");
      return 1;
}
if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) ){
     CloseHandle( hToken );
     //WriteToLog("lookuprivilegevalue error");
     return 1;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ( ! AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) ){
     CloseHandle( hToken );
     return 1;
}
//Gets the PID of the target process
DWORD pid;
HANDLE snapshot;
snapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
struct tagPROCESSENTRY32 processsnap; 
processsnap.dwSize=sizeof(tagPROCESSENTRY32);
for(Process32First(snapshot,&processsnap);Process32Next(snapshot,&processsnap);){
     if(!stricmp(processsnap.szExeFile,exename))
     {
      pid=processsnap.th32ProcessID;
      break;
     } 
}
CloseHandle(snapshot);
////////////////////////////////////////
      MODULEENTRY32 pe32;

             //Before using the structure, set its size
             pe32.dwSize = sizeof(pe32); 

             //Take a snapshot of all the modules in the process
             //276 is the ID of a process
             HANDLE hProcessSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,pid);

             if(hProcessSnap == INVALID_HANDLE_VALUE)
             {       
              //Snapshot creation failed
                       return -1;  
        printf("[createtoolhelp32snapshot error]n");
      }

             //Walk through the process snapshot, displaying information for each process in turn
             BOOL bMore = Module32First(hProcessSnap, &pe32);
             while(bMore)
             {       
       printf("n[DLL NAME]t%sn",pe32.szModule);
       printf("[DLL PATH]t%sn",pe32.szExePath);

    
       bMore = Module32Next(hProcessSnap, &pe32);
             }
             //Don't forget to clear the snapshot object
             CloseHandle(hProcessSnap);

   
             return 0;
}

Related articles: