RING3下打开进程的第三种方法
新建一个mod,把代码复制进去,窗体里直接调用FxOpenProcess(PROCESS_ALL_ACCESS, pid)即可:OptionExplicit
'**************
'Code by Naylon
'**************
PrivateDeclareFunction GetCurrentProcessId Lib "kernel32" () AsLong
PrivateDeclareFunction ZwQueryInformationProcess Lib "NTDLL.DLL" (ByVal ProcessHandle AsLong, ByVal InformationClass AsLong, ByRef ProcessInformation As Any, ByVal ProcessInformationLength AsLong, ByRef ReturnLenght AsLong) AsLong
PrivateDeclareFunction ZwGetNextProcess Lib "NTDLL.DLL" (ByVal ProcessHandle AsLong, ByVal DesiredAccess AsLong, ByVal HandleAttributes AsLong, ByVal Flags AsLong, ByRef NewProcessHandle AsLong) AsLong
PrivateDeclareFunction CloseHandle Lib "kernel32" (ByVal Handle AsLong) AsLong
PrivateType PROCESS_BASIC_INFORMATION
ExitStatus AsLong
PebBaseAddress AsLong
AffinityMask AsLong
BasePriority AsLong
UniqueProcessId AsLong
InheritedFromUniqueProcessId AsLong
EndType
PublicConst STANDARD_RIGHTS_REQUIRED = &HF0000
PublicConst SYNCHRONIZE = &H100000
PublicConst PROCESS_TERMINATE = &H1
PublicConst PROCESS_CREATE_THREAD = &H2
PublicConst PROCESS_SET_SESSIONID = &H4
PublicConst PROCESS_VM_OPERATION = &H8
PublicConst PROCESS_VM_READ = &H10
PublicConst PROCESS_VM_WRITE = &H20
PublicConst PROCESS_DUP_HANDLE = &H40
PublicConst PROCESS_CREATE_PROCESS = &H80
PublicConst PROCESS_SET_QUOTA = &H100
PublicConst PROCESS_SET_INFORMATION = &H200
PublicConst PROCESS_QUERY_INFORMATION = &H400
PublicConst PROCESS_SUSPEND_RESUME = &H800
PublicConst PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
PublicFunction FxOpenProcess(ByVal dwDesiredAccess AsLong, ByVal dwProcessId AsLong) AsLong
Dim pbi As PROCESS_BASIC_INFORMATION
Dim hCurrent AsLong
Dim hNext AsLong
Dim Status AsLong
Dim errStr AsString
Status = ZwGetNextProcess(0, dwDesiredAccess, 0, 0, hNext)
If Status >= 0 Then
Do
hCurrent = hNext
Status = ZwQueryInformationProcess(hCurrent, 0, pbi, LenB(pbi), 0)
If Status < 0 Then
errStr = "获取进程信息失败"
GoTo errors
EndIf
If pbi.UniqueProcessId = dwProcessId Then
FxOpenProcess = hCurrent
ExitFunction
EndIf
Status = ZwGetNextProcess(hCurrent, dwDesiredAccess, 0, 0, hNext)
CloseHandle hCurrent
If Status < 0 Then
errStr = "获取下一个进程失败"
GoTo errors
EndIf
LoopWhile hCurrent <> 0
errStr = "打开进程失败"
GoTo errors
Else
errStr = "开始获取进程失败"
GoTo errors
EndIf
ExitFunction
errors:
'Debug.Print errStr
MsgBox errStr
FxOpenProcess = 0
EndFunction
页:
[1]