igorsegallafa/CheckModules.cpp

## CheckModules.cpp
if( ( hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, GetCurrentProcessId() ) ) != INVALID_HANDLE_VALUE )
{
    me32.dwSize = sizeof( me32 );

    if( Module32First( hModuleSnap, &me32 ) )
    {
        do
        {
            if( me32.hModule == GetModuleHandle( NULL ) )
                continue;

            PIMAGE_DOS_HEADER pdosheader = (PIMAGE_DOS_HEADER)me32.modBaseAddr;
            PIMAGE_NT_HEADERS pntheaders = (PIMAGE_NT_HEADERS)( (DWORD)me32.modBaseAddr + pdosheader->e_lfanew );
            PIMAGE_SECTION_HEADER psectionheader = (PIMAGE_SECTION_HEADER)(pntheaders + 1);

            if( !IsKnownDLL( me32.szExePath, pntheaders->Signature, szModuleName ) )
            {
                //Unknown DLL Detected!
                //Do something...
                break;
            }
        } while( Module32Next( hModuleSnap, &me32 ) );
    }
}

CloseHandle( hModuleSnap );
	if( ( hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, GetCurrentProcessId() ) ) != INVALID_HANDLE_VALUE )
	{
	me32.dwSize = sizeof( me32 );

	if( Module32First( hModuleSnap, &me32 ) )
	{
	do
	{
	if( me32.hModule == GetModuleHandle( NULL ) )
	continue;

	PIMAGE_DOS_HEADER pdosheader = (PIMAGE_DOS_HEADER)me32.modBaseAddr;
	PIMAGE_NT_HEADERS pntheaders = (PIMAGE_NT_HEADERS)( (DWORD)me32.modBaseAddr + pdosheader->e_lfanew );
	PIMAGE_SECTION_HEADER psectionheader = (PIMAGE_SECTION_HEADER)(pntheaders + 1);

	if( !IsKnownDLL( me32.szExePath, pntheaders->Signature, szModuleName ) )
	{
	//Unknown DLL Detected!
	//Do something...
	break;
	}
	} while( Module32Next( hModuleSnap, &me32 ) );
	}
	}

	CloseHandle( hModuleSnap );