check if program is running on memory

[TheMarKs]

hi people,

if you can, help-me!

what i want to do is:

Check if a program is running on memory, using EntryPoint and Offsets ..

pay atention:

my program entrypoint is: 00FFFF (example), and i have 32 offsets at this entrypoint ..

i have a code in C++ that looks at the memory if this program is running,

can I do it in visual basic?

[reacen]

In vb6, you just use:

Code:

msgbox App.PrevInstance

[TheMarKs]

pay atention to what i want to do!
i dont want to check if my app is running, i want to check if an another application is running, just using the entrypoint ...

example:

i know this entrypoint: 00FFFF

i want to search in memory is have some program running with this entrypoint ..

[reacen]

Can this help?--> http://www.vbforums.com/showthread.php?p=2748682

[TheMarKs]

no, i want to find by process entrypoint, and not by process name

[reacen]

How about this? --> http://edais.mvps.org/Tutorials/Memory/Memch1.html
You are trying to read something from RAM memory, right?

[TheMarKs]

i have 3 programs (example):

program1.exe
program2.exe
program3.exe

the entrypoint of the program1.exe is 00FFFF, then, my VB Program search in the process list if some process has the entrypoint 00FFFF,

if yes = msgbox "program1.exe" have the entrypoint 00FFFF

[MartinLiss]

Why do you want, or need, to do that?

[kiymik]

This declaration may help.

Code:

Public Declare Function Process32First Lib "kernel32" ( _
   ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long

Public Declare Function Process32Next Lib "kernel32" ( _
   ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long

Public Declare Function CloseHandle Lib "Kernel32.dll" _
   (ByVal Handle As Long) As Long

Public Declare Function OpenProcess Lib "Kernel32.dll" _
   (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, _
   ByVal dwProcId As Long) As Long

Public Declare Function EnumProcesses Lib "psapi.dll" _
   (ByRef lpidProcess As Long, ByVal cb As Long, _
   ByRef cbNeeded As Long) As Long

Public Declare Function GetModuleFileNameExA Lib "psapi.dll" _
   (ByVal hProcess As Long, ByVal hModule As Long, _
   ByVal ModuleName As String, ByVal nSize As Long) As Long

Public Declare Function EnumProcessModules Lib "psapi.dll" _
   (ByVal hProcess As Long, ByRef lphModule As Long, _
   ByVal cb As Long, ByRef cbNeeded As Long) As Long

Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" ( _
   ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long

Public Declare Function GetVersionExA Lib "kernel32" _
   (lpVersionInformation As OSVERSIONINFO) As Integer

Public Type PROCESSENTRY32
   dwSize As Long
   cntUsage As Long
   th32ProcessID As Long  ' This process
   th32DefaultHeapID As Long
   th32ModuleID As Long ' Associated exe
   cntThreads As Long
   th32ParentProcessID As Long  ' This process's parent process
   pcPriClassBase As Long ' Base priority of process threads
   dwFlags As Long
   szExeFile As String * 260 ' MAX_PATH
End Type

Public Type OSVERSIONINFO
   dwOSVersionInfoSize As Long
   dwMajorVersion As Long
   dwMinorVersion As Long
   dwBuildNumber As Long
   dwPlatformId As Long  '1 = Windows 95,  2 = Windows NT
   szCSDVersion As String * 128
End Type

Public Const PROCESS_QUERY_INFORMATION = 1024
Public Const PROCESS_VM_READ = 16
Public Const MAX_PATH = 260
Public Const STANDARD_RIGHTS_REQUIRED = &HF0000
Public Const SYNCHRONIZE = &H100000
'STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const TH32CS_SNAPPROCESS = &H2&
Public Const hNull = 0