VB中如何用ZwQueryVirtualMemory枚举进程模块？

VB中如何用ZwQueryVirtualMemory枚举进程模块，然后将模块的基址等信息显示在List1控件上？希望能提供详细的过程，包括声明等，谢谢！

我之所以用ZwQueryVirtualMemory是因为我要枚举隐藏模块

声明自寻
Public Sub PrintProcessModules(ByVal dwProcessId As Long)
Dim ntStatus As Long
Dim objCid As CLIENT_ID
Dim objOa As OBJECT_ATTRIBUTES
Dim hProcess As Long
Dim dwVirtualAddr As Long
Dim pName As UNICODE_STRING1
Dim dwRet As Long
Dim intRet As Integer
Dim strModuleName As String
Dim pDosHeader As IMAGE_DOS_HEADER
Dim pNtHeaders As IMAGE_NT_HEADERS
Dim dwImageSize As Long
Dim MemoryBase As MEMORY_BASIC_INFORMATION
objOa.Length = Len(objOa)
objCid.UniqueProcess = dwProcessId
ntStatus = NtOpenProcess(hProcess, PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, objOa, objCid)
If hProcess = 0 Then
hProcess = GetHandleByProcessId(dwProcessId)
If hProcess = 0 Then
Exit Sub
End If
End If
dwVirtualAddr = &H1000
Do While dwVirtualAddr <> &H7FFF0000
ntStatus = ZwQueryVirtualMemory(hProcess, dwVirtualAddr, 0, VarPtr(MemoryBase), LenB(MemoryBase), dwRet)
If NT_SUCCESS(ntStatus) Then
If MemoryBase.AllocationBase = 0 Then
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize Mod &H1000
GoTo NextLoop
Else
ntStatus = ZwQueryVirtualMemory(hProcess, dwVirtualAddr, 2, VarPtr(pName), LenB(pName), dwRet)
If NT_SUCCESS(ntStatus) Then
ReadProcessMemory hProcess, ByVal MemoryBase.AllocationBase, pDosHeader, LenB(pDosHeader), ByVal 0&
If pDosHeader.Magic <> &H5A4D Then
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize Mod &H1000
GoTo NextLoop
End If
ReadProcessMemory hProcess, ByVal MemoryBase.AllocationBase + pDosHeader.lfanew, pNtHeaders, LenB(pNtHeaders), ByVal 0&
If pNtHeaders.Signature <> IMAGE_NT_SIGNATURE Then
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize Mod &H1000
GoTo NextLoop
End If
strModuleName = Left(pName.pBuffer, InStr(pName.pBuffer, vbNullChar) - 1)
'Debug.Print strModuleName; MemoryBase.AllocationBase; pNtHeaders.OptionalHeader.ImageSize
If MemoryBase.Type = &H1000000 Then
Form1.List1.AddItem strModuleName & ";" & Hex(MemoryBase.AllocationBase) & ";" & Hex(pNtHeaders.OptionalHeader.ImageSize) & ";State：" & Hex(MemoryBase.State) & ";Type：" & Hex(MemoryBase.Type) & ";AllocationProtect：" & Hex(MemoryBase.AllocationProtect) & ";Protect：" & Hex(MemoryBase.Protect)
End If
'dwVirtualAddr = dwVirtualAddr + pNtHeaders.OptionalHeader.ImageSize
dwVirtualAddr = MemoryBase.AllocationBase + pNtHeaders.OptionalHeader.ImageSize
dwVirtualAddr = dwVirtualAddr + pNtHeaders.OptionalHeader.ImageSize Mod &H1000
Else
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize
dwVirtualAddr = dwVirtualAddr + MemoryBase.RegionSize Mod &H1000
End If
End If
Else
dwVirtualAddr = dwVirtualAddr + &H1000
End If
NextLoop:
Loop
NtClose hProcess
End Sub

通过进程pid枚举 相关窗口句柄 private sub command1_click() list1.clear find_window val(text1.text) end sub private sub form_load() text1.text = "" command1.caption = "枚举窗口" end sub 模块代码如下 option explicit private declare function enumwindows lib "user32" (byval lpenumfunc as long, byval lparam as long) as long private declare function getwindowthreadprocessid lib "user32" (byval hwnd as long, lpdwprocessid as long) as long private declare function getwindowtext lib "user32" alias "getwindowtexta" (byval hwnd as long, byval lpstring as string, byval cch as long) as long dim ifpid as long private function enumwindowsproc(byval hwnd as long, byval lparam as long) as long dim pid1 as long dim wtext as string * 255 getwindowthreadprocessid hwnd, pid1 if ifpid = pid1 then getwindowtext hwnd, wtext, 100 form1.list1.additem "句柄:" & hwnd & " 标题:" & wtext end if enumwindowsproc = true end function public sub find_window(byval pid as long) ifpid = pid enumwindows addressof enumwindowsproc, 0 end sub