如何检索进程的已加载程序集列表。 [英] How to retrieve the list of loaded assemblies of a process.
本文介绍了如何检索进程的已加载程序集列表。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Hello Everyone,
我正在寻找一种方法来获取正在运行的进程的加载程序集。
我发现可以通过以下方式从当前运行过程中获取装配清单:
Hello Everyone,
I am looking for a way to grab the loaded assemblies of a running process.
I have found it is possible to get the list of assembly from the current running process via:
public static void PrintAssemblies()
{
var assemblies = AppDomain.CurrentDomain.GetAssemblies();
foreach (var assembly in assemblies)
{
Console.WriteLine(assembly.GetName());
}
}
这很好但我不能直接通过一系列进程来使用它,例如:
This works well but I cannot use it directly via a list of Processes like for example:
Process[] Processes = Process.GetProcesses();
foreach (Process Proc in Processes)
{
Console.WriteLine("{0}", Proc.ProcessName);
Console.WriteLine("------------------------");
foreach (var assembly in Proc.[assemblies]) // Ideally
{
Console.WriteLine(assembly.GetName());
}
/*
This iteration is only prompting a few dll but not the .net assemblies
I have referenced to this process.
foreach (ProcessModule ProcMod in Proc.Modules)
{
Console.WriteLine("{0}", ProcMod.ModuleName);
}
*/
}
结果,我只得到:
As results, I only get:
dllhost
------------------------
DllHost.exe
ntdll.dll
wow64.dll
wow64win.dll
wow64cpu.dll
我期望的地方:
Where I would expect:
C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089
\System.dll
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
ListofDomains, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null
log4net, Version=1.2.13.0, Culture=neutral, PublicKeyToken=669e0ddf0bb1aa2a
System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f1
1d50a3a
System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
您认为有办法满足我的期望。
我可以看到所有愉快地通过procexp.exe组装。
然后应该有一种方法可以继续我假设。
非常感谢您提前。
祝你好运。
SuperMiQi
Do you think there is a way to cover my expectation.
I can see all the assemblies happily via procexp.exe.
There should then be a way to proceed I assume.
Thank you very much in advance.
Best regards.
SuperMiQi
推荐答案
这很简单,但您需要了解并非所有处理都与.NET相关。你已经接近但可能错过了一件简单的事情:程序集由模块组成; PE文件不是程序集,而是汇编模块。此外,即使Visual Studio不直接支持它,程序集也可以由多个模块组成,其中只有一个模块通过其程序集清单主模块表示程序集。因此,您需要过滤掉所有其他模块(可能是也可能不是带有程序集清单的模块),然后进入程序集。
有了这种理解,你可以轻松地挖掘模块。首先,您将获得每个流程的模块:
https://msdn.microsoft.com/en-us/library/system.diagnostics.process.modules%28v=vs.110%29.aspx [ ^ ]。
对于每个模块,您都可以获取其文件名。请注意,这是与程序集模块不同的类。这是因为ProcessModule必须实现所有可执行模块,而不仅仅是.NET模块:
https://msdn.microsoft.com/en-us/library/system.diagnostics.processmodule%28v= vs.110%29.aspx [ ^ ],
https://msdn.microsoft.com/en-us/library/system.diagnostics.processmodule.filename(v = vs.110)的.aspx [ ^ ]。
现在,假装这个模块是某个程序集的主要模块,并尝试解释就像这样。准备好处理异常。即使已经在检测到的进程中加载了程序集,您还必须在另一个进程中再次加载(尝试加载):执行进程:
https://msdn.microsoft.com/en-us/library/1009fa28(v = vs.110)的.aspx [ ^ ](不要混淆Assembly.LoadFrom和Assembly.Load;你不需要第二个)。
你只能加载反射: https://msdn.microsoft.com/en-us/library/system.reflection.assembly.reflectiononlyloadfrom%28v=vs.110%29。 aspx [ ^ ]。
现在当你到达某个检测到的进程的System.Assembly的实例时(如果加载成功),你可以继续你的搜索:
https://msdn.microsoft.com/en-us/library/system.reflection.assembly%28v=vs.110%29.aspx [ ^ ],
获取加载的模块: https://msdn.microsoft.com/en- us / library / 4t888ytw(v = vs.110).aspx [ ^ ],
引用的程序集: https://msdn.microsoft.com/en-us/library /system.reflection.assembly.getreferencedassemblies(v=vs.110).aspx [ ^ ],
参见: https://msdn.microsoft.com/en-us/library/43wc4hhs%28v=vs.110%29。 aspx [ ^ ]。
如果你确实需要加载程序集,请不要将它们与引用<混淆/ i>组件。某些引用的程序集可能未加载,某些程序集可以动态加载而无需引用。因此,您需要访问所有已加载的模块(请参阅上面的链接,这次,这些不是流程模块(ProcessModule),但的实例System.Reflection.Module。查看每个程序集:
https://msdn.microsoft.com/en-us/library/system.reflection.module%28v=vs.110%29.aspx [ ^ ],
https://msdn.microsoft.com/en-us/library/system.reflection.module.assembly(v = vs.110).aspx [ ^ ]。< br $>
-SA
This is pretty simple, but you need to understand that not all processed are related to .NET. You have been close but probably missed one simple thing: assemblies are made of modules; and a PE file represents not an assembly, but an assembly module. Moreover, even though Visual Studio does not directly support it, the assemblies can be made of more than one module, only one of them representing the assembly via its assembly manifest, main module. So, you need to filter out all other modules (which may or may not be the modules with assembly manifest) and then get to assemblies.
Armed with this understanding, you can easily dig into modules. First, you get modules of each of your process:
https://msdn.microsoft.com/en-us/library/system.diagnostics.process.modules%28v=vs.110%29.aspx[^].
For each module, you can get its file name. Note that this is a different class from assemblyModule. This is becauseProcessModulehas to implement all executable modules, not only .NET ones:
https://msdn.microsoft.com/en-us/library/system.diagnostics.processmodule%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.diagnostics.processmodule.filename(v=vs.110).aspx[^].
Now, pretend that this module is a main module of some assembly and try to interpret is like this. Be ready to handle exceptions. Even though the assembly is already loaded in that detected process, you have to load (try to load) it again, in another process: you executing process:
https://msdn.microsoft.com/en-us/library/1009fa28(v=vs.110).aspx[^] (don't mix-upAssembly.LoadFromandAssembly.Load; you don't need the second one).
You can load only for reflection: https://msdn.microsoft.com/en-us/library/system.reflection.assembly.reflectiononlyloadfrom%28v=vs.110%29.aspx[^].
Now when you get to the instance of theSystem.Assemblyof some detected process (in case of successful load), you can continue your search with it:
https://msdn.microsoft.com/en-us/library/system.reflection.assembly%28v=vs.110%29.aspx[^],
get loaded modules: https://msdn.microsoft.com/en-us/library/4t888ytw(v=vs.110).aspx[^],
referenced assemblies: https://msdn.microsoft.com/en-us/library/system.reflection.assembly.getreferencedassemblies(v=vs.110).aspx[^],
see also: https://msdn.microsoft.com/en-us/library/43wc4hhs%28v=vs.110%29.aspx[^].
If you really need actually loaded assemblies, don't confuse them with referenced assemblies. Some referenced assemblies may be not loaded, and some assembly can be loaded dynamically without referencing. So, you rather need to get to all loaded modules (see the link above, this time, these are not process modules (ProcessModule) but instances ofSystem.Reflection.Module. Look at the assembly of each:
https://msdn.microsoft.com/en-us/library/system.reflection.module%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.reflection.module.assembly(v=vs.110).aspx[^].
—SA
这篇关于如何检索进程的已加载程序集列表。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
