winproc 0.6.4

Small wrapper over some process-related Windows APIs.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247

use crate::{Error, Handle, Process, WinResult};
use std::{
    ffi::{CString, OsString},
    mem,
    os::windows::{io::AsRawHandle, prelude::*},
    path::PathBuf,
};
use winapi::{
    ctypes::c_void,
    shared::minwindef::{DWORD, HMODULE, MAX_PATH},
    um::{
        libloaderapi::GetProcAddress,
        psapi::{GetModuleBaseNameW, GetModuleFileNameExW, GetModuleInformation, MODULEINFO},
        tlhelp32::{Module32NextW, MODULEENTRY32W},
        winnt::{self, WCHAR},
    },
};

/// A handle to a process's loaded module.
#[derive(Debug)]
pub struct Module<'a> {
    pub(crate) handle: HMODULE,
    pub(crate) process: &'a Process,
}

impl<'a> Module<'a> {
    /// Returns the inner HMODULE handle (address) of the loaded module.
    pub fn handle(&self) -> HMODULE {
        self.handle
    }

    /// Returns the base (file) name of the module.
    pub fn name(&self) -> WinResult<String> {
        unsafe {
            let mut buffer: [WCHAR; MAX_PATH] = mem::zeroed();
            let ret = GetModuleBaseNameW(
                self.process.as_raw_handle() as winnt::HANDLE,
                self.handle,
                buffer.as_mut_ptr(),
                MAX_PATH as _,
            );
            if ret == 0 {
                Err(Error::last_os_error())
            } else {
                Ok(OsString::from_wide(&buffer[0..ret as usize])
                    .to_string_lossy()
                    .into_owned())
            }
        }
    }

    /// Returns the fully qualified path to the file that contains the module.
    pub fn path(&self) -> WinResult<PathBuf> {
        unsafe {
            let mut buffer: [WCHAR; MAX_PATH] = mem::zeroed();
            let ret = GetModuleFileNameExW(
                self.process.as_raw_handle() as winnt::HANDLE,
                self.handle,
                buffer.as_mut_ptr(),
                MAX_PATH as _,
            );
            if ret == 0 {
                Err(Error::last_os_error())
            } else {
                Ok(OsString::from_wide(&buffer[0..ret as usize]).into())
            }
        }
    }

    /// Returns a struct containing the address, size, and entry point of the module.
    pub fn info(&self) -> WinResult<ModuleInfo> {
        unsafe {
            let mut c_info: MODULEINFO = mem::zeroed();
            let ret = GetModuleInformation(
                self.process.as_raw_handle() as winnt::HANDLE,
                self.handle,
                &mut c_info,
                mem::size_of::<MODULEINFO>() as _,
            );
            if ret == 0 {
                Err(Error::last_os_error())
            } else {
                Ok(c_info.into())
            }
        }
    }

    /// Returns a void pointer to the function in the module with the specified name.
    pub fn proc_address(&self, proc_name: &str) -> WinResult<*mut c_void> {
        unsafe {
            let ret = GetProcAddress(self.handle, CString::new(proc_name)?.as_ptr() as _);
            if ret.is_null() {
                Err(Error::last_os_error())
            } else {
                Ok(ret as *mut c_void)
            }
        }
    }
}

/// Holds the address, size, and entry point of a loaded module.
#[derive(Debug, Clone)]
pub struct ModuleInfo {
    /// Base address of the module (equivalent to its HMODULE).
    pub address: *mut c_void,
    /// Size of the module in bytes.
    pub size: usize,
    /// Entry point of the module. While this is not the address of the `DllMain` function,
    /// it should be close enough for most purposes.
    pub entry_point: *mut c_void,
}

impl From<MODULEINFO> for ModuleInfo {
    fn from(mi: MODULEINFO) -> ModuleInfo {
        ModuleInfo {
            address: mi.lpBaseOfDll,
            size: mi.SizeOfImage as usize,
            entry_point: mi.EntryPoint,
        }
    }
}

/// Holds data related to a module of a running process.
///
/// Maps almost directly to a Windows [MODULEENTRY32W][MODULEENTRY32W].
///
/// [MODULEENTRY32W]: https://msdn.microsoft.com/en-us/library/windows/desktop/ms684225(v=vs.85).aspx
#[derive(Debug, Clone)]
pub struct ModuleEntry {
    /// This member is no longer used, and is always set to one.
    pub id: u32,
    /// The module's basename.
    pub name: String,
    /// The path to the module's file.
    pub path: PathBuf,
    /// A handle to the module in the context of the owning process.
    pub hmodule: HMODULE,
    /// The identifier of the process in which the module is loaded.
    pub process_id: u32,
    /// The load count of the module, which is not generally meaningful,
    /// and usually equal to `0xffff`.
    pub global_load_count: u32,
    /// The load count of the module (same as GlblcntUsage), which is not
    /// generally meaningful, and usually equal to `0xffff`.
    pub proc_load_count: u32,
    /// The base address of the module in the context of the owning process.
    pub mod_base_addr: *mut u8,
    /// The size of the module, in bytes.
    pub mod_base_size: u32,
}

impl From<MODULEENTRY32W> for ModuleEntry {
    fn from(me: MODULEENTRY32W) -> ModuleEntry {
        let name_end = me
            .szModule
            .iter()
            .position(|&b| b == 0)
            .unwrap_or_else(|| me.szModule.len());
        let name = OsString::from_wide(&me.szModule[..name_end])
            .to_string_lossy()
            .into_owned();

        let path_end = me
            .szExePath
            .iter()
            .position(|&b| b == 0)
            .unwrap_or_else(|| me.szModule.len());
        let path = OsString::from_wide(&me.szExePath[..path_end]).into();

        ModuleEntry {
            id: me.th32ModuleID,
            name,
            path,
            hmodule: me.hModule,
            process_id: me.th32ProcessID,
            global_load_count: me.GlblcntUsage,
            proc_load_count: me.ProccntUsage,
            mod_base_addr: me.modBaseAddr,
            mod_base_size: me.modBaseSize,
        }
    }
}

#[derive(Debug)]
pub struct ModuleEntryIter<'a> {
    pub(crate) process: &'a Process,
    pub(crate) snapshot: Handle,
}

impl<'a> Iterator for ModuleEntryIter<'a> {
    type Item = ModuleEntry;

    fn next(&mut self) -> Option<ModuleEntry> {
        unsafe {
            let mut entry: MODULEENTRY32W = mem::zeroed();
            entry.dwSize = mem::size_of::<MODULEENTRY32W>() as DWORD;
            let ret = Module32NextW(self.snapshot.as_raw_handle() as winnt::HANDLE, &mut entry);
            if ret == 0 {
                None
            } else {
                Some(entry.into())
            }
        }
    }
}

//mod tests {
//    #[allow(unused_imports)]
//    use super::*;
//
//    #[test]
//    fn lists_modules() {
//        let process = Process::all().unwrap().next().unwrap();
//        let entries: Vec<_> = process.module_entries().unwrap().collect();
//        assert_eq!(entries.is_empty(), false);
//        println!("{:?}", entries);
//    }
//
//    #[test]
//    fn enumerates_module_entries() {
//        let process = Process::all().unwrap().next().unwrap();
//        let modules: Vec<_> = process.module_list().unwrap();
//        assert_eq!(modules.is_empty(), false);
//        println!("{:?}", modules);
//    }
//
//    #[test]
//    fn retrieves_module() {
//        let process = Process::all().unwrap().next().unwrap();
//        let module = process.module("kernel32").unwrap();
//        assert_eq!(module.name().unwrap().to_lowercase(), "kernel32.dll");
//    }
//
//    #[test]
//    fn proc_address() {
//        use winapi::um::winnt::HANDLE;
//        type GetProcessIdFn = extern "system" fn(HANDLE) -> DWORD;
//
//        let process = Process::all().unwrap().next().unwrap();
//        let k32 = process.module("kernel32").unwrap();
//
//        unsafe {
//            let get_process_id: GetProcessIdFn =
//                mem::transmute(k32.proc_address("GetProcessId").unwrap());
//            assert_eq!(get_process_id(process.as_raw_handle()), process.id());
//        }
//}