1

I know how to get this information. (From _PEB_LDR_DATA.)

Question is, how do I get this information atomically from same process? (To get this information from different process, I would suspend it.)

Should I suspend all other threads of current process? Or there is an easier way?

my_stk_oflw_account
  • 339
  • 3
  • 13
  • Here is described how to get list of process modules: http://stackoverflow.com/questions/1553603/how-to-know-if-a-given-dll-is-loaded-by-a-given-process – gomons Apr 21 '15 at 14:07
  • 1
    You should be using the [Tool Help Functions](https://msdn.microsoft.com/en-us/library/ms686832%28VS.85%29.aspx) rather than the PEB. The Tool Help Functions are naturally atomic. – Harry Johnston Apr 21 '15 at 22:48
  • Hi @gomons, are you sure you gave the right link? I don't se there anything related to my question – my_stk_oflw_account Apr 22 '15 at 10:18
  • @my_stk_oflw_account, you can get list of loaded modules using `EnumProcessModules()` function, first parameter you can get using `GetCurrentProcess()`. The function description you can find on MSDN. Is it what you need? – gomons Apr 22 '15 at 10:22
  • Hi @Harry, looks like that's what I need. Can you confirm that MODULEENTRY32 gives correct reference count for dynamically linked modules (DELAYLOADs, COM DLL servers, etc.)? From what is written in reference, it seems to give 0xFFFF for statically linked DLLs and otherwise "not generally meaningful" value. – my_stk_oflw_account Apr 22 '15 at 10:23
  • @gomons, that isn't what I need; EnumProcessModules does not give reference counts – my_stk_oflw_account Apr 22 '15 at 10:24
  • There is an example for pascal http://chee-yang.blogspot.com/2008/12/windows-get-reference-count-of-dll-in.html – gomons Apr 22 '15 at 10:31
  • @gomons, this example uses PEB. I already know how to use PEB. Probably you should have read my question (not only summary) before answering – my_stk_oflw_account Apr 22 '15 at 10:35
  • Sorry, I'm inattentive sometime. But MODULEENTRY32.GlblcntUsage and MODULEENTRY32.ProccntUsage return me 0x0000 or 0xFFFF for all loaded dll in my application. – gomons Apr 22 '15 at 11:07
  • I suspect that by "not generally meaningful" they do just mean "doesn't apply to DLLs linked at load-time" but I don't know for sure. I've never tried using those values for anything. – Harry Johnston Apr 22 '15 at 21:09
  • I will try MODULEENTRY32 this weekend and tell about results – my_stk_oflw_account Apr 23 '15 at 08:43

1 Answers1

1

The answer is to use Tool Help Functions. It provides correct reference counts of runtime-linked dlls, atomically.

Credits to @Harry for his comment.

my_stk_oflw_account
  • 339
  • 3
  • 13