Windows输出进程基址ImageBase

1.使用EnumProcesses函数枚举系统下所有进程
2.使用OpenProcess函数打开进程，获取进程句柄
3.使用EnumProcessModules函数枚举进程所有模块，第一个模块句柄即进程基址

#include <windows.h>
#include <stdio.h>
#include <psapi.h>

void ShowProcessInfo(DWORD pid) {
    /*
     打开一个存在的本地进程对象
     HANDLE OpenProcess(
      DWORD dwDesiredAccess,
      BOOL  bInheritHandle,
      DWORD dwProcessId
    );
    参数：
     dwDesiredAccess 访问权限   https://docs.microsoft.com/windows/desktop/ProcThread/process-security-and-access-rights
     bInheritHandle  TRUE 子进程继承父进程handle， FALSE 子进程不继承父进程handler
     dwProcessId    要打开的进程pid
     doc https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess
     * */
    HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, pid);

    /*
      枚举进程模块
     BOOL EnumProcessModules(
      HANDLE  hProcess,
      HMODULE *lphModule,
      DWORD   cb,
      LPDWORD lpcbNeeded
    );
     参数：
     hProcess   进程句柄
     lphModule  模块句柄数组
     cb         模块句柄数组大小，字节形式
     lpcbNeeded 返回给lphModule的字节数
     * */
    DWORD cbNeeded, moduleCount;
    HMODULE pModuleIds[1024];
    unsigned int ret, i;
    DWORD err;
    ret = EnumProcessModules(hProcess, pModuleIds, sizeof(pModuleIds), &cbNeeded);

    if (ret == 0) {
        err = GetLastError();
        printf("err = %d\n", ret);
        return;
    }

    moduleCount = cbNeeded / sizeof(HMODULE);

    printf("process id [%d], module count [%d]\n", pid, moduleCount);
//    for (i = 0; i < moduleCount; i++) {
//        printf("\t0x%x\n", pModuleIds[i]);
//    }
    printf("ImageBase: 0x%x\n", pModuleIds[0]);

    CloseHandle(hProcess);
}

int main() {
    printf("Print Process ImageBase!\n");
    /*
        枚举系统中的进程
       BOOL EnumProcesses(
          DWORD   *lpidProcess,
          DWORD   cb,
          LPDWORD lpcbNeeded
        );
        参数：
        lpidProcess 接收进程标识符的数组指针
        cb pProcessIds数组大小，字节形式
        lpcbNeeded 返回给lpcbNeeded的字节数
        doc: https://docs.microsoft.com/en-us/windows/win32/api/psapi/nf-psapi-enumprocesses
     * */
    DWORD pProcessIds[1024], cbNeeded, processCount, pid, currPid;
    int ret, i;
    DWORD err;
    ret = EnumProcesses(pProcessIds, sizeof(pProcessIds), &cbNeeded);
    if (ret == 0) {
        err = GetLastError();
        printf("err = %d\n", ret);
        return -1;
    }
    currPid = GetCurrentProcessId();
    processCount = cbNeeded / sizeof(DWORD);
    for (i = 0; i < processCount; i++) {
        pid = pProcessIds[i];
        if (pid != 0 && pid != currPid) {
            ShowProcessInfo(pid);
        }
    }
    system("pause");
    return 0;
}