func GetProcessModules(pid uint32) ([]ModuleInfo, error) {
hSnapshot, err := wrappers.CreateToolhelp32Snapshot(wrappers.TH32CS_SNAPMODULE, pid)
if err != nil {
return nil, NewWindowsError("CreateToolhelp32Snapshot", err)
}
defer wrappers.CloseHandle(hSnapshot)
me := wrappers.MODULEENTRY32{}
me.Size = uint32(unsafe.Sizeof(me))
if err := wrappers.Module32First(hSnapshot, &me); err != nil {
return nil, NewWindowsError("Module32First", err)
}
mi := []ModuleInfo{}
for {
mi = append(mi, ModuleInfo{
ProcessID: uint(me.ProcessID),
ModuleBaseAddress: me.ModBaseAddr,
ModuleBaseSize: uint(me.ModBaseSize),
ModuleHandle: me.Module,
ModuleName: syscall.UTF16ToString((&me.ModuleName)[:]),
ExePath: syscall.UTF16ToString((&me.ExePath)[:]),
})
err := wrappers.Module32Next(hSnapshot, &me)
if err == wrappers.ERROR_NO_MORE_FILES {
return mi, nil
} else if err != nil {
return nil, NewWindowsError("Module32Next", err)
}
}
}
func GetProcesses() ([]ProcessInfo, error) {
hSnapshot, err := wrappers.CreateToolhelp32Snapshot(wrappers.TH32CS_SNAPPROCESS, 0)
if err != nil {
return nil, NewWindowsError("CreateToolhelp32Snapshot", err)
}
defer wrappers.CloseHandle(hSnapshot)
pe := wrappers.PROCESSENTRY32{}
pe.Size = uint32(unsafe.Sizeof(pe))
if err := wrappers.Process32First(hSnapshot, &pe); err != nil {
return nil, NewWindowsError("Process32First", err)
}
pi := []ProcessInfo{}
for {
pi = append(pi, ProcessInfo{
ProcessID: uint(pe.ProcessID),
Threads: uint(pe.Threads),
ParentProcessID: uint(pe.ParentProcessID),
BasePriority: int(pe.PriClassBase),
ExeFile: syscall.UTF16ToString((&pe.ExeFile)[:]),
})
err := wrappers.Process32Next(hSnapshot, &pe)
if err == wrappers.ERROR_NO_MORE_FILES {
return pi, nil
} else if err != nil {
return nil, NewWindowsError("Process32Next", err)
}
}
}
