EnumProcessModules Function - Windows API Reference

MSDN Documentation > Windows > API Reference > System Services > Process Management > EnumProcessModules

Syntax

BOOL EnumProcessModules(
  <a href="/docs/windows/api/psapi/nf-psapi-openprocess">HANDLE</a> hProcess,
  <a href="/docs/windows/api/psapi/ns-psapi-lpmoduleinfo">LPMODULEINFO</a> lpBaseArr,
  DWORD cb,
  LPDWORD lpcbNeeded
);

Parameters

hProcess [in]
A handle to the process whose module information is to be retrieved. This handle must have the PROCESS_QUERY_INFORMATION or PROCESS_QUERY_LIMITED_INFORMATION access right.
lpBaseArr [out]
A pointer to an array of MODULEINFO structures that receives the module information.
cb [in]
The size of the buffer pointed to by the lpBaseArr parameter, in bytes.
lpcbNeeded [out]
A pointer to a variable that receives the total number of bytes required to store all the module information. If the buffer pointed to by lpBaseArr is not large enough, this variable will contain the number of bytes required.

Return Value

If the function succeeds, the return value is nonzero.
If the function fails, the return value is zero. To get extended error information, call GetLastError.

Remarks

The EnumProcessModules function retrieves information about all the modules that have been loaded into a specified process. The information is returned as an array of MODULEINFO structures.

To get the handle to the process, you can use the OpenProcess function.

The maximum number of modules that can be enumerated for a process is limited by the available memory.

Security Note: Use this function with caution. Enumerating modules of a remote process can expose sensitive information. Always ensure you have the necessary permissions and validate the data obtained.

Tip: It is recommended to call EnumProcessModules twice. The first call retrieves the required buffer size in lpcbNeeded. Then, allocate a buffer of that size and call the function again to fill the buffer with module information.

Example

The following C++ code snippet demonstrates how to use EnumProcessModules to list the modules loaded by a process:


#include <windows.h>
#include <psapi.h>
#include <iostream>
#include <vector>

// Function to get the module name from a module handle
std::wstring GetModuleName(HANDLE hProcess, HMODULE hModule) {
    WCHAR szBuffer[MAX_PATH];
    if (GetModuleFileNameExW(hProcess, hModule, szBuffer, MAX_PATH)) {
        return szBuffer;
    }
    return L"Unknown Module";
}

int main() {
    // Get the handle to the current process
    HANDLE hProcess = GetCurrentProcess();
    if (hProcess == NULL) {
        std::cerr << "Failed to get current process handle. Error: " << GetLastError() << std::endl;
        return 1;
    }

    // Get the number of modules and the required buffer size
    DWORD cbNeeded;
    if (!EnumProcessModules(hProcess, NULL, 0, &cbNeeded)) {
        std::cerr << "Failed to get module count. Error: " << GetLastError() << std::endl;
        CloseHandle(hProcess);
        return 1;
    }

    // Allocate buffer to store module handles
    DWORD cch = cbNeeded / sizeof(HMODULE);
    std::vector<HMODULE> hMods(cch);

    // Enumerate the modules
    if (!EnumProcessModules(hProcess, hMods.data(), cbNeeded, &cbNeeded)) {
        std::cerr << "Failed to enumerate modules. Error: " << GetLastError() << std::endl;
        CloseHandle(hProcess);
        return 1;
    }

    // Print the module names
    std::wcout << L"Modules loaded in current process:" << std::endl;
    for (unsigned int i = 0; i < cch; i++) {
        std::wcout << L"  - " << GetModuleName(hProcess, hMods[i]) << std::endl;
    }

    CloseHandle(hProcess);
    return 0;
}

Syntax

Parameters

Return Value

Remarks

Example

See Also