Ring3下获取HideToolz的PID
本帖最后由 imlot 于 2009-11-6 20:15 编辑Public Function somouseGetProcess() As Long()
Dim pId As Long
Dim i As Long
Dim szPIDs As String
Dim szPID() As String
For i = 0 To 100000
pId = GetPIDByTID(i)
If pId <> 0 And InStr(1, szPIDs, CStr(pId)) = 0 Then
szPIDs = szPIDs & CStr(pId) & ";"
End If
Next ':MsgBox szPIDs
szPIDs = Left(szPIDs, Len(szPIDs) - 1)
szPID = Split(szPIDs, ";")
ReDim aryPids(UBound(szPID)) As Long
For i = 0 To UBound(szPID)
aryPids(i) = CLng(szPID(i))
Next
somouseGetProcess = aryPids()
End Function
Private Function GetPIDByTID(ByVal ThreadID As Long) As Long
Dim hThread As Long
Dim TBI As THREAD_BASIC_INFORMATION
hThread = OpenThread(THREAD_QUERY_INFORMATION, 0, ThreadID)
If hThread > 0 Then
ZwQueryInformationThread hThread, 0&, VarPtr(TBI), Len(TBI), ByVal 0&
GetPIDByTID = TBI.ClientId.UniqueProcess
ZwClose hThread
Else
GetPIDByTID = 0
End If
End Function
以上为代码,偶学习VB时无聊写的,会列举出所有进程的PID,包括HideToolz的PID. 似乎“走私老鼠”在易语言论坛看到过
页:
[1]