曾经基于兴趣搞过很多小功能,但后来工作中比较少用到,代码也就安静的沉没在磁盘中。最近打算整理下之前弄过的东西,也不算荒废之前的付出吧。。。
void InitProcessList()
{
ZWQUERYSYSSTEMINFORMATION MyZwQuerySystemInformation = (ZWQUERYSYSSTEMINFORMATION)GetProcAddress(GetModuleHandle(_T("ntdll")), "ZwQuerySystemInformation");
if (MyZwQuerySystemInformation)
{
PVOID pBuff = malloc(PROCESSINFO_BUF_SIZE);
memset(pBuff, 0, PROCESSINFO_BUF_SIZE);
LONG lStatus = MyZwQuerySystemInformation(SystemProcessInformation, pBuff, PROCESSINFO_BUF_SIZE, NULL);
if (lStatus == 0)
{
PSYSTEM_PROCESS_INFORMATION_MY pInfo = (PSYSTEM_PROCESS_INFORMATION_MY)pBuff;
WCHAR wchProcessName[MAX_PATH] = {0};
CString strProcessId = _T("");
for (; ;)
{
memset(wchProcessName, 0, MAX_PATH);
memcpy(wchProcessName, pInfo->ProcessName.Buffer, pInfo->ProcessName.Length);
if (pInfo->ProcessId == 0)
{
memcpy(wchProcessName, L"System Process", MAX_PATH);
}
int nRow = m_List.InsertItem(0, wchProcessName);
strProcessId.Format(_T("%d"), (DWORD)pInfo->ProcessId);
m_List.SetItemText(nRow, 1, strProcessId);
if (pInfo->NextEntryOffset == 0)
{
break;
}
pInfo = (PSYSTEM_PROCESS_INFORMATION_MY)(((PUCHAR)pInfo) + pInfo->NextEntryOffset);
}
}
}
}
扫一扫
1594
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
