VB 运用 ZwQueryInformationProcess

2012-09-29

VB 使用 ZwQueryInformationProcess(ByVal ProcessHandle As Long, _ByVal ProcessInformationClass As PR

VB 使用 ZwQueryInformationProcess

(ByVal ProcessHandle As Long, _
ByVal ProcessInformationClass As PROCESSINFOCLASS, _
ByVal ProcessInformation As Long, _
ByVal ProcessInformationLength As Long, _
ByRef ReturnLength As Long) As Long

Public Enum PROCESSINFOCLASS
ProcessBasicInformation
ProcessQuotaLimits
ProcessIoCounters
ProcessVmCounters
ProcessTimes
ProcessBasePriority
ProcessRaisePriority
ProcessDebugPort
ProcessExceptionPort
ProcessAccessToken
ProcessLdtInformation
ProcessLdtSize
ProcessDefaultHardErrorMode
ProcessIoPortHandlers '// Note: this is kernel mode only
ProcessPooledUsageAndLimits
ProcessWorkingSetWatch
ProcessUserModeIOPL
ProcessEnableAlignmentFaultFixup
ProcessPriorityClass
ProcessWx86Information
ProcessHandleCount
ProcessAffinityMask
ProcessPriorityBoost
ProcessDeviceMap
ProcessSessionInformation
ProcessForegroundInformation
ProcessWow64Information
ProcessImageFileName
ProcessLUIDDeviceMapsEnabled
ProcessBreakOnTermination
ProcessDebugObjectHandle
ProcessDebugFlags
ProcessHandleTracing
ProcessIoPriority
ProcessExecuteFlags
ProcessResourceManagement
ProcessCookie
ProcessImageInformation
MaxProcessInfoClass '// MaxProcessInfoClass should always be the last enum
End Enum

Public Type PROCESS_BASIC_INFORMATION
ExitStatus As Long 'NTSTATUS
PebBaseAddress As Long 'PPEB
AffinityMask As Long 'ULONG_PTR
BasePriority As Long 'KPRIORITY
UniqueProcessId As Long 'ULONG_PTR
InheritedFromUniqueProcessId As Long 'ULONG_PTR
End Type

Private Function GetProcessId(ByVal hProcess As Long) As Long
Dim st As Long
Dim pbi As PROCESS_BASIC_INFORMATION: pbi = GetProcessBasicInfo(hProcess)
GetProcessId = pbi.UniqueProcessId
End Function

Private Function GetProcessBasicInfo(ByVal hProcess As Long) As PROCESS_BASIC_INFORMATION
Dim st As Long
Dim pbi As PROCESS_BASIC_INFORMATION
st = ZwQueryInformationProcess(hProcess, ProcessBasicInformation, VarPtr(pbi), LenB(pbi), 0)

If (Not NT_SUCCESS(st)) Then Exit Function
GetProcessBasicInfo = pbi
End Function

Public Function NT_SUCCESS(ByVal Status As Long) As Boolean
NT_SUCCESS = (Status >= 0)
End Function

热点排行