Retrieving all 32 bit process modules from 64 bit application (C#)

问题:

I have a 64 bit program that retrieving process modules from other processes but when i try to get modules form 32 bit processes i get only:

1. Application executable. - various
2. ntdll.dll - always
3. wow64.dll - always
4. wow64cpu.dll - always
5. wow64win.dll - always

but process have many other modules.

Can i get all 32 bit process modules from 64 bit application(C#)?

Thanks!

回答1:

Yes, but you'll need p/invoke.

• EnumProcessModulesEx

It's possible that the DbgHelp API could be coaxed to do this, but I've been told that despite having appropriately-sized structures, it returns only the 64-bit WOW64 emulation layer DLLs when called against a Win32-on-Win64 process.

• EnumerateLoadedModules64

回答2:

The wow64* modules are the thunking layer to x86. All your x86 modules should show up as being loaded by the thunking modules.

文章来源: Retrieving all 32 bit process modules from 64 bit application (C#)