| | | | | | | | 1 | | 2 | 3 | 4 | 5 | 6 | 7 | 8 | | 9 | 10 | 11 | 12 | 13 | 14 | 15 | | 16 | 17 | 18 | 19 | 20 | 21 | 22 | | 23 | 24 | 25 | 26 | 27 | 28 | 29 | | 30 | 31 | | | |     |
|
收藏一个列举进程的代码,不是使用快照,还可以列出一些隐藏进程(VB6.0) [ 2007-09-10
| 作者:马大哈 | 来自:本站原创]
 |
这个代码里面使用的关键API并不是常见的CreateToolhelp32Snapshot那一套API.
它使用的是位于psapi.dll里的EnumProcesses函数
具体代码如下:
'工程需要一个窗体,上面添加一个按钮,一个列表框控件,名称不改,默认.
Option Explicit
Private Declare Function EnumProcesses Lib "psapi.dll" (ByRef lpidProcess As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function OpenProcess Lib "kernel32.dll" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function EnumProcessModules Lib "psapi.dll" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef lpcbNeeded As Long) As Long
Private Declare Function GetModuleFileNameEx Lib "psapi.dll" Alias "GetModuleFileNameExA" (ByVal hProcess As Long, ByVal hModule As Long, ByVal lpFilename As String, ByVal nSize As Long) As Long
Private Declare Function CloseHandle Lib "kernel32.dll" (ByVal hObject As Long) As Long
Private Declare Function GetProcessImageFileName Lib "psapi.dll" Alias "GetProcessImageFileNameA" (ByVal hProcess As Long, ByVal lpImageFileName As String, ByVal nSize As Long) As Long
Private Const PROCESS_QUERY_INFORMATION As Long = (&H400)
Private Const PROCESS_VM_READ As Long = (&H10)
Private Sub Form_Load()
Command1.Caption = "Refresh"
Command1_Click
End Sub
Private Sub Command1_Click()
Dim aProcesses(1023) As Long, cProcesses As Long
Dim cbNeeded As Long, PidFor As Long, hModule As Long
Dim hProcess As Long, sHide As Boolean
Dim i As Long, szName As String
On Error Resume Next
List1.Clear
If EnumProcesses(aProcesses(0), 4& * 1024, cbNeeded) <> 0 Then
cProcesses = cbNeeded \ 4&
For PidFor = &HC& To &HFFFF& Step 4&
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, PidFor)
If hProcess <> 0 Then
sHide = True
szName = "" + Space(1024 - 9)
For i = 0 To cProcesses - 1
If PidFor = aProcesses(i) Then
sHide = False
Exit For
End If
Next i
If EnumProcessModules(hProcess, hModule, 4&, 0&) <> 0 Then
GetModuleFileNameEx hProcess, hModule, szName, 1024
szName = Left(szName, InStr(1, szName, vbNullChar) - 1)
szName = CStr(PidFor) + vbTab + szName
If sHide Then szName = szName + vbTab + "--[Hidden]--"
List1.AddItem szName
Else
GetProcessImageFileName hProcess, szName, 1024
szName = Left(szName, InStr(1, szName, vbNullChar) - 1)
szName = CStr(PidFor) + vbTab + szName + vbTab + "--[Zombie]--"
List1.AddItem szName
End If
CloseHandle hProcess
End If
Next PidFor
End If
End Sub
使用了之前我收集的隐藏进程DLL与隐藏进程BAS进行了测试,的确可以在系统自带任务管理器里看不见的情况下,正确列举出隐藏进程.
不知道这个API实现的原理是什么....?
以下是工程完整压缩包:
 点击下载此文件
|
|
|
|
|
|
搞笑动物图片系列之一