' api_tlhelp32.sbp Const MAX_MODULE_NAME32 = 255 '----------------------- ' Shapshot function '----------------------- Const TH32CS_SNAPHEAPLIST = &H00000001 Const TH32CS_SNAPPROCESS = &H00000002 Const TH32CS_SNAPTHREAD = &H00000004 Const TH32CS_SNAPMODULE = &H00000008 Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST or TH32CS_SNAPPROCESS or TH32CS_SNAPTHREAD or TH32CS_SNAPMODULE) Const TH32CS_INHERIT = &H80000000 Declare Function CreateToolhelp32Snapshot Lib "kernel32" (dwFlags As DWord, th32ProcessID As DWord) As HANDLE '----------------------- ' heap walking '----------------------- Type HEAPLIST32 dwSize As DWord th32ProcessID As DWord th32HeapID As DWord dwFlags As DWord End Type TypeDef PHEAPLIST32 = *HEAPLIST32 TypeDef LPHEAPLIST32 = *HEAPLIST32 'dwFlags Const HF32_DEFAULT = 1 ' process's default heap Const HF32_SHARED = 2 ' is shared heap Declare Function Heap32ListFirst Lib "kernel32" (hSnapshot As HANDLE, ByRef hi As HEAPLIST32) As BOOL Declare Function Heap32ListNext Lib "kernel32" (hSnapshot As HANDLE, ByRef hi As HEAPLIST32) As BOOL Type HEAPENTRY32 dwSize As DWord hHandle As DWord dwAddress As DWord dwBlockSize As DWord dwFlags As DWord dwLockCount As DWord dwResvd As DWord th32ProcessID As DWord th32HeapID As DWord End Type TypeDef PHEAPENTRY32 = *HEAPENTRY32 TypeDef LPHEAPENTRY32 = *HEAPENTRY32 'dwFlags Const LF32_FIXED = &H00000001 Const LF32_FREE = &H00000002 Const LF32_MOVEABLE = &H00000004 Declare Function Heap32First Lib "kernel32" (ByRef he As HEAPENTRY32, th32ProcessID As DWord, th32HeapID As DWord) As BOOL Declare Function Heap32Next Lib "kernel32" (ByRef he As HEAPENTRY32) As BOOL Declare Function Toolhelp32ReadProcessMemory Lib "kernel32" (th32ProcessID As DWord, lpBaseAddress As VoidPtr, lpBuffer As VoidPtr, cbRead As DWord, ByRef NumberOfBytesRead As DWord) As BOOL '----------------------- ' Process walking '----------------------- Type PROCESSENTRY32 dwSize As DWord cntUsage As DWord th32ProcessID As DWord th32DefaultHeapID As DWord th32ModuleID As DWord cntThreads As DWord th32ParentProcessID As DWord pcPriClassBase As Long dwFlags As DWord szExeFile[ELM(MAX_PATH)] As Byte End Type TypeDef PPROCESSENTRY32 = *PROCESSENTRY32 TypeDef LPPROCESSENTRY32 = *PROCESSENTRY32 Declare Function Process32First Lib "kernel32" (hSnapshot As HANDLE, ByRef pe As PROCESSENTRY32) As BOOL Declare Function Process32Next Lib "kernel32" (hSnapshot As HANDLE, ByRef pe As PROCESSENTRY32) As BOOL '----------------------- ' Thread walking '----------------------- Type THREADENTRY32 dwSize As DWord cntUsage As DWord th32ThreadID As DWord th32OwnerProcessID As DWord tpBasePri As Long tpDeltaPri As Long dwFlags As DWord End Type TypeDef PTHREADENTRY32 = *THREADENTRY32 TypeDef LPTHREADENTRY32 = *THREADENTRY32 Declare Function Thread32First Lib "kernel32" (hSnapshot As HANDLE, ByRef te As THREADENTRY32) As BOOL Declare Function Thread32Next Lib "kernel32" (hSnapshot As HANDLE, ByRef te As THREADENTRY32) As BOOL '----------------------- ' Module walking '----------------------- Type MODULEENTRY32 dwSize As DWord th32ModuleID As DWord th32ProcessID As DWord GlblcntUsage As DWord ProccntUsage As DWord modBaseAddr As *Byte modBaseSize As DWord hModule As HANDLE szModule[ELM(MAX_MODULE_NAME32 + 1)] As Byte szExePath[ELM(MAX_PATH)] As Byte End Type TypeDef PMODULEENTRY32 = *MODULEENTRY32 TypeDef LPMODULEENTRY32 = *MODULEENTRY32 Declare Function Module32First Lib "kernel32" (hSnapshot As HANDLE, ByRef me As MODULEENTRY32) As BOOL Declare Function Module32Next Lib "kernel32" (hSnapshot As HANDLE, ByRef me As MODULEENTRY32) As BOOL