Module Information

A module is an executable file or DLL. Each process consists of one or more modules. You can retrieve the list of module handles for a process by calling the EnumProcessModules function. This function fills an array of HMODULE values with the module handles for the specified process. The first module is the executable file. Remember that these module handles are most likely from some other process, so you cannot use them with Win32 functions such as GetModuleFileName. However, you can use PSAPI functions to obtain information about a module from another process.

    To obtain module information

1. Call the GetModuleBaseName function. This function takes a process handle and a module handle as input and fills in a buffer with the base name of a module (for example, KERNEL32.DLL). A related function, GetModuleFileNameEx, takes the same parameters as input but returns the full path to the module (for example, C:\WINNT\SYSTEM32\KERNEL32.DLL).
2. Call the GetModuleInformation function. This function takes a process handle and a module handle and fills a MODULEINFO structure with the load address of the module, the size of the linear address space it occupies, and a pointer to its entry point.