Friend Const PROCESS_ALL_ACCESS = &H1F0FFF = 2035711
Friend Const PROCESS_VM_READ = &H10
Friend Const PROCESS_VM_WRITE = &H20
Friend Const PAGE_READONLY = &H2
Friend Const PAGE_READWRITE = &H4
Friend Const TH32CS_SNAPHEAPLIST = &H1 '在快照中包含在th42ProcessID中指定的进程的所有的堆。
Friend Const TH32CS_SNAPPROCESS = &H2 '在快照中包含系统中所有的进程。
Friend Const TH32CS_SNAPTHREAD = &H4 '在快照中包含系统中所有的线程。
Friend Const TH32CS_SNAPMODULE = &H8 '在快照中包含在th42ProcessID中指定的进程的所有的模块。
Friend Const TH32CS_GETALLMODS = &H80000000
Declare Function Process32First Lib "KERNEL32.DLL " (ByVal handle As IntPtr, ByRef pe As PROCESSENTRY32) As Integer
Declare Function Process32Next Lib "KERNEL32.DLL " (ByVal handle As IntPtr, ByRef pe As PROCESSENTRY32) As Integer
Declare Function CreateToolhelp32Snapshot Lib "KERNEL32.DLL " (ByVal flags As Integer, ByVal processid As Integer) As IntPtr
Declare Function CloseHandle Lib "KERNEL32.DLL " (ByVal handle As IntPtr) As Integer
Declare Function Module32First Lib "kernel32" Alias "Module32FirstW" (ByVal hSnapshot As IntPtr, ByRef lppe As MODULEENTRY32) As Boolean
Declare Function Module32Next Lib "kernel32" (ByVal hSnapshot As IntPtr, ByVal lppe As MODULEENTRY32) As Integer
<StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto)>
Public Structure MODULEENTRY32
Public dwSize As Integer
Public th42ModuleID As Integer
Public th42ProcessID As Integer
Public GlblcntUsage As Integer
Public ProccntUsage As Integer
Public modBaseAddr As IntPtr
Public modBaseSize As Integer
Public hModule As IntPtr
<MarshalAs(UnmanagedType.ByValTStr, SizeConst:=256)>
Public szModule As String
<MarshalAs(UnmanagedType.ByValTStr, SizeConst:=260)>
Public szExePath As String
End Structure
<StructLayout(LayoutKind.Sequential)>
Public Structure ProcessEntry32
Public dwSize As Integer
Public cntUsage As Integer
Public th42ProcessID As Integer
Public th42DefaultHeapID As IntPtr
Public th42ModuleID As Integer
Public cntThreads As Integer
Public th42ParentProcessID As Integer
Public pcPriClassBase As Integer
Public dwFlags As Integer
<MarshalAs(UnmanagedType.ByValTStr, SizeConst:=260)>
Public szExeFile As String
End Structure
注:<StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto)>说明符不能丢,丢了就会报命令长度不正确的错误
Private Sub Pro32first()
Dim kzhw As IntPtr
kzhw = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
If kzhw.ToInt32 > 0 Then
Dim mp As ProcessEntry32 = Nothing
mp.dwSize = Marshal.SizeOf(mp)
If (Process32First(kzhw, mp) > 0) Then '遍历第一个进程
Do
ListBox2.Items.Add(mp.szExeFile)
Loop While Process32Next(kzhw, mp) > 0 '遍历所有进程知道返回值为False
End If
End If
End Sub
Private Sub Mod32first()
Dim kzhw As IntPtr
Dim pid As Integer = 3176
kzhw = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pid)
If kzhw.ToInt32 > 0 Then
Dim mp As MODULEENTRY32 = Nothing
mp.dwSize = Marshal.SizeOf(mp)
' MsgBox(Module32First(kzhw, mp))
If Module32First(kzhw, mp) Then
ListBox1.Items.Add("进程ID:" & mp.th42ProcessID)
ListBox1.Items.Add("szModule:" & mp.szModule)
ListBox1.Items.Add("dwSize:" & mp.dwSize)
ListBox1.Items.Add("modBaseAddr:" & mp.modBaseAddr.ToString)
End If
End If
End Sub
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。