Win8下枚举任意进程的句柄表。。。(VB6 Code)
添加一个Command1、一个List1,代码:
Private Type PROCESS_HANDLE_TABLE_ENTRY_INFO HandleValue As Long HandleCount As Long PointerCount As Long GrantedAccess As Long ObjectTypeIndex As Long HandleAttributes As Long Reserved As Long End Type Private Type PROCESS_HANDLE_SNAPSHOT_INFORMATION NumberOfHandles As Long Reserved As Long 'Handles(0) As PROCESS_HANDLE_TABLE_ENTRY_INFO End Type Private Const ProcessHandleInformation = 51 Private Declare Function NtQueryInformationProcess& Lib "ntdll" (ByVal ProcessHandle&, ByVal ProcessInformationClass&, ByVal ProcessInformation&, ByVal ProcessInformationLength&, ByRef ReturnLength&) Private Declare Sub RtlMoveMemory Lib "ntdll" (ByVal Dst&, ByVal Src&, ByVal Length&) Private Sub Command1_Click() Dim i As PROCESS_HANDLE_SNAPSHOT_INFORMATION Me.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(i), 8, s)) '取缓冲区大小 ReDim buf(s * 2) As Byte '句柄表变化很大,空间最好开多 Me.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(buf(0)), s * 2, s)) Dim p As PROCESS_HANDLE_TABLE_ENTRY_INFO Dim pp&, c&, j& RtlMoveMemory VarPtr(c), VarPtr(buf(0)), 4 pp = VarPtr(buf(0)) + 8 For j = pp To (pp + c * LenB(p)) - LenB(p) Step LenB(p) RtlMoveMemory VarPtr(p), j, LenB(p) List1.AddItem p.HandleValue Next End Sub
这个代码是枚举自己进程的,可以OpenThread其他线程再枚举。。。
PS:只能在Win8以上运行。。。Win8以下NtQuerySystemInformation或者读csrss进程。