首页 诗词 字典 板报 句子 名言 友答 励志 学校 网站地图
当前位置: 首页 > 教程频道 > 开发语言 > VB >

Win8上枚举任意进程的句柄表。(VB6 Code)

2013-01-08 
Win8下枚举任意进程的句柄表。。。(VB6 Code)添加一个Command1、一个List1,代码:Private Type PROCESS_HANDLE_

Win8下枚举任意进程的句柄表。。。(VB6 Code)

添加一个Command1、一个List1,代码:

Private Type PROCESS_HANDLE_TABLE_ENTRY_INFOHandleValue As LongHandleCount As LongPointerCount As LongGrantedAccess As LongObjectTypeIndex As LongHandleAttributes As LongReserved As LongEnd TypePrivate Type PROCESS_HANDLE_SNAPSHOT_INFORMATIONNumberOfHandles As LongReserved As Long'Handles(0) As PROCESS_HANDLE_TABLE_ENTRY_INFOEnd TypePrivate Const ProcessHandleInformation = 51Private Declare Function NtQueryInformationProcess& Lib "ntdll" (ByVal ProcessHandle&, ByVal ProcessInformationClass&, ByVal ProcessInformation&, ByVal ProcessInformationLength&, ByRef ReturnLength&)Private Declare Sub RtlMoveMemory Lib "ntdll" (ByVal Dst&, ByVal Src&, ByVal Length&)Private Sub Command1_Click()Dim i As PROCESS_HANDLE_SNAPSHOT_INFORMATIONMe.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(i), 8, s)) '取缓冲区大小ReDim buf(s * 2) As Byte '句柄表变化很大,空间最好开多Me.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(buf(0)), s * 2, s))Dim p As PROCESS_HANDLE_TABLE_ENTRY_INFODim pp&, c&, j&RtlMoveMemory VarPtr(c), VarPtr(buf(0)), 4pp = VarPtr(buf(0)) + 8For j = pp To (pp + c * LenB(p)) - LenB(p) Step LenB(p)RtlMoveMemory VarPtr(p), j, LenB(p)List1.AddItem p.HandleValueNextEnd Sub

这个代码是枚举自己进程的,可以OpenThread其他线程再枚举。。。

PS:只能在Win8以上运行。。。Win8以下NtQuerySystemInformation或者读csrss进程。

热点排行