#include<windows.h>
#include<stdio.h>
#include<ntsecapi.h>
typedef DWORD (WINAPI *ZWQUERYSYSTEMINFORMATION)(DWORD,PVOID,DWORD,PDWORD);
typedef struct _SYSTEM_PROCESS_INFORMATION{
DWORD NextEntryDelta;
DWORD ThreadCount;
DWORD Reserved1[6];
FILETIME ftCreateTime;
FILETIME ftUserTime;
FILETIME ftKernelTime;
UNICODE_STRING ProcessName;
DWORD BasePriority;
DWORD ProcessId;
DWORD InheritedFromProcessId;
DWORD HandleCount;
DWORD Reserved2[2];
DWORD VmCounters;
DWORD dCommitCharge;
PVOID ThreadInfos[1];
}SYSTEM_PROCEESS_INFORMATION,*PSYSTEM_PROCEESS_INFORMATION;
#define SystemProcessesAndThreadsInformation 5
int main(){
HMODULE hNtDll=GetModuleHandle("ntdll.dll");
if(hNtDll==NULL)
return -1;
ZWQUERYSYSTEMINFORMATION ZwQuerySystemInformation=
(ZWQUERYSYSTEMINFORMATION)GetProcAddress(hNtDll,"ZwQuerySystemInformation");
if(ZwQue
利用ZwQuerySystemInformation和paspi枚举进程
最新推荐文章于 2019-10-09 10:03:59 发布