Skip to content

Instantly share code, notes, and snippets.

@KINGSABRI

KINGSABRI/dlls.rb

Forked from tetsuyainfra/dlls.rb
Created August 2, 2016 19:09
Show Gist options
  • Save KINGSABRI/973e926438b2c161925119089982b9b6 to your computer and use it in GitHub Desktop.
Save KINGSABRI/973e926438b2c161925119089982b9b6 to your computer and use it in GitHub Desktop.
Download ZIP
Windows の Ruby が開いてる dll の一覧を見る@fiddle版
Raw
dlls.rb
require "fiddle/import"
require 'fiddle/types'
# オリジナル(Win32APIライブラリを使う版)はこちら
# https://rubyist.g.hatena.ne.jp/edvakf/20110405/1301973681
module WIN32API
extend Fiddle::Importer
dlload 'C:\\Windows\\System32\\kernel32.dll'
include Fiddle::Win32Types
extern 'DWORD GetCurrentProcessId()'
extern 'HANDLE OpenProcess(DWORD, BOOL, DWORD)'
extern 'DWORD GetModuleFileName(HANDLE, LPSTR, DWORD)'
extern 'BOOL CloseHandle(HANDLE)'
p "sizeof('PVOID'): %s" % sizeof("PVOID")
p "sizeof('void*'): %s" % sizeof("void*")
p "sizeof('DWORD'): %s" % sizeof("DWORD")
end
module PSAPI
extend Fiddle::Importer
dlload 'psapi.dll'
include Fiddle::Win32Types
extern 'BOOL EnumProcessModules(HANDLE, PVOID, DWORD, PDWORD)'
end
_PROCESS_QUERY_INFORMATION = 0x0400
_PROCESS_VM_READ = 0x0010
_MAX_PATH = 260
sizeof_HANDLE = 4
buflen = 1024
hMods = "\0" * sizeof_HANDLE * buflen
pID = WIN32API.GetCurrentProcessId
puts "pID: %s" % pID
hProcess = WIN32API.OpenProcess( _PROCESS_QUERY_INFORMATION | _PROCESS_VM_READ, 0, pID)
raise "Error in OpenProcess" if 0 == hProcess
cbNeeded = "\0" * 4
if 0 != PSAPI.EnumProcessModules(hProcess, hMods, hMods.length, cbNeeded)
len = cbNeeded.unpack("l!")[0] / sizeof_HANDLE
hMods.unpack("l!#{len}").each {|hModule|
szModName = "\0" * _MAX_PATH
if 0 != WIN32API.GetModuleFileName(hModule, szModName, _MAX_PATH)
puts szModName.sub(/\0.*/, '')
end
}
end
puts "CloseHandle: %s" % WIN32API.CloseHandle(hProcess)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment