主题:困难 api 一问
tang2005
[专家分:0] 发布于 2006-03-19 07:57:00
这个 API 在 VB 的调用方法不明
我想得知父程序但是 MSDN 好像却看不明可以有兄弟指教使调用法吗 ?
在 MSDN 看 API 感到很困扰
Private Type PROCESS_BASIC_INFORMATION
ExitStatus As Long
PebBaseAddress As Long
AffinityMask As Long
BasePriority As Long
UniqueProcessId As Long
InheritedFromUniqueProcessId As Long
End Type
Private Declare Function NtQueryInformationProcess _
Lib "ntdll" (ByVal ProcessHandle As Long, _
ByVal ProcessInformationClass As Long, _
ByRef ProcessInformation As PROCESS_BASIC_INFORMATION, _
ByVal lProcessInformationLength As Long, _
ByRef lReturnLength As Long) As Long
回复列表 (共6个回复)
沙发
凡尘 [专家分:9680] 发布于 2006-03-19 11:48:00
(hangwire发表于2001-12-26 17:00:47)
从所周知,在Windows NT/2000系统的API黑洞之一便是NTDLL.DLL,此DLL包含了许多未公开的API函数。本文将列举一、二,并用它们示范如何获取任何指定进程的父进程ID。
NTDLL.DLL中有一个函数叫NtQueryInformationProcess,用它可以将指定类型的进程信息拷贝到某个缓冲。其原型如下:
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationProcess (
IN HANDLE ProcessHandle, // 进程句柄
IN PROCESSINFOCLASS InformationClass, // 信息类型
OUT PVOID ProcessInformation, // 缓冲指针
IN ULONG ProcessInformationLength, // 以字节为单位的缓冲大小
OUT PULONG ReturnLength OPTIONAL // 写入缓冲的字节数
);
第一个参数是希望操作的进程句柄,这个句柄必须以PROCESS_QUERY_INFORMATION模式存取。为了取得一个句柄,我们必须用OpenProcess函数:
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwProcessID);
第二个参数是请求信息的类型,这个参数可以有许多个值,本文例子中将用ProcessBasicInformation (值为0)。
因此,如果第二个参数是ProcessBasicInformation的话,则第三个参数必须为一个指针指向结构PROCESS_BASIC_INFORMATION:
typedef struct
{
DWORD ExitStatus; // 接收进程终止状态
DWORD PebBaseAddress; // 接收进程环境块地址
DWORD AffinityMask; // 接收进程关联掩码
DWORD BasePriority; // 接收进程的优先级类
ULONG UniqueProcessId; // 接收进程ID
ULONG InheritedFromUniqueProcessId; //接收父进程ID
} PROCESS_BASIC_INFORMATION;
这个结构的最后一个参数是InheritedFromUniqueProcessId,它就是我们所要的东西。
DWORD dwParentPID;
LONG status;
PROCESS_BASIC_INFORMATION pbi;
status = NtQueryInformationProcess( hProcess,
ProcessBasicInformation,
(PVOID)&pbi,
sizeof(PROCESS_BASIC_INFORMATION),
NULL );
if (!status)
dwParentPID = pbi.InheritedFromUniqueProcessId;
板凳
凡尘 [专家分:9680] 发布于 2006-03-19 11:49:00
实例代码下载
http://www.vckbase.com/sourcecode/system/parent.zip
3 楼
tang2005 [专家分:0] 发布于 2006-03-19 22:05:00
凡尘大大 这个不是 vb 我程序码
我们需要 vb 的宣告及使用方法唷...........
4 楼
tang2005 [专家分:0] 发布于 2006-03-19 22:07:00
有 vb 的宣告方法不过不知道怎样使用
5 楼
GhostE [专家分:0] 发布于 2010-01-02 13:31:00
Private Declare Function NtQueryInformationProcess _
Lib "ntdll" (ByVal ProcessHandle As Long, _
ByVal ProcessInformationClass As Long, _
ByRef ProcessInformation As Any, _
ByVal lProcessInformationLength As Long, _
ByRef lReturnLength As Long) As Long
Private Declare Function ZwOpenProcess Lib "ntdll.dll" (hP As Long, _
ByVal DA As Long, _
pOA As Any, pCID As Any) As Long
'GhostE@BaiduHi
Private Function PsOpen(ByVal d As Long, ByVal p As Long) As Long
Dim o(5) As Long, c(1) As Long, r As Long
c(0) = p
ZwOpenProcess r, d, o(0), c(0)
PsOpen = r
End Function
Function GetParentProcess(ByVal dwProcessId As Long) As Long
Dim p(5) As Long
NtQueryInformationProcess PsOpen(&H1F0FFF, dwProcessId), 0, p(0), 24, 0
GetParentProcess = p(5)
End Function
6 楼
*指针* [专家分:80] 发布于 2010-01-15 19:24:00
初学VB
我来回复
您所在位置: