1,486
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
fmaliang 2008-04-30
- 打赏
- 举报
调试的时候出现“用户定义类型未定义”是怎么回事:
Private Declare Function NtQueryInformationProcess Lib "NTDLL.DLL" (ByVal ProcessHandle As Long, ByVal ProcessInformationClass As PROCESSINFOCLASS, ByVal ProcessInformation As Long, ByVal ProcessInformationLength As Long, ByRef ReturnLength As Long) As Long
' 第一个参数是希望操作的进程句柄,这个句柄必须以PROCESS_QUERY_INFORMATION模式存取。为了取得一个句柄,我们必须用OpenProcess函数:
'HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwProcessID);
'第二个参数是请求信息的类型,这个参数可以有许多个值,本文例子中将用ProcessBasicInformation (值为0)。
'因此,如果第二个参数是ProcessBasicInformation的话,则第三个参数必须为一个指针指向结构
Private Type PROCESS_BASIC_INFORMATION
ExitStatus As Long 'NTSTATUS 接收进程终止状态
PebBaseAddress As Long 'PPEB 接收进程环境块地址
AffinityMask As Long 'ULONG_PTR 接收进程关联掩码
BasePriority As Long 'KPRIORITY 接收进程的优先级类
UniqueProcessId As Long 'ULONG_PTR 接收进程ID
InheritedFromUniqueProcessId As Long 'ULONG_PTR 接收父进程ID
End Type
'Private Const PROCESS_QUERY_INFORMATION As Long = (&H400)
'Dim objBasic As PROCESS_BASIC_INFORMATION
'ProcessBasicInformation = 0
'ntStatus = NtQueryInformationProcess(hProcessHandle, ProcessBasicInformation, VarPtr(objBasic), Len(objBasic), 0)
Private Declare Function NtQueryInformationProcess Lib "NTDLL.DLL" (ByVal ProcessHandle As Long, ByVal ProcessInformationClass As PROCESSINFOCLASS, ByVal ProcessInformation As Long, ByVal ProcessInformationLength As Long, ByRef ReturnLength As Long) As Long
' 第一个参数是希望操作的进程句柄,这个句柄必须以PROCESS_QUERY_INFORMATION模式存取。为了取得一个句柄,我们必须用OpenProcess函数:
'HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwProcessID);
'第二个参数是请求信息的类型,这个参数可以有许多个值,本文例子中将用ProcessBasicInformation (值为0)。
'因此,如果第二个参数是ProcessBasicInformation的话,则第三个参数必须为一个指针指向结构
Private Type PROCESS_BASIC_INFORMATION
ExitStatus As Long 'NTSTATUS 接收进程终止状态
PebBaseAddress As Long 'PPEB 接收进程环境块地址
AffinityMask As Long 'ULONG_PTR 接收进程关联掩码
BasePriority As Long 'KPRIORITY 接收进程的优先级类
UniqueProcessId As Long 'ULONG_PTR 接收进程ID
InheritedFromUniqueProcessId As Long 'ULONG_PTR 接收父进程ID
End Type
'Private Const PROCESS_QUERY_INFORMATION As Long = (&H400)
'Dim objBasic As PROCESS_BASIC_INFORMATION
'ProcessBasicInformation = 0
'ntStatus = NtQueryInformationProcess(hProcessHandle, ProcessBasicInformation, VarPtr(objBasic), Len(objBasic), 0)
是是非非 2008-04-30
- 打赏
- 举报
NTDLL.DLL中有一个函数叫NtQueryInformationProcess,用它可以将指定类型的进程信息拷贝到某个缓冲。其原型如下:
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationProcess (
IN HANDLE ProcessHandle, // 进程句柄
IN PROCESSINFOCLASS InformationClass, // 信息类型
OUT PVOID ProcessInformation, // 缓冲指针
IN ULONG ProcessInformationLength, // 以字节为单位的缓冲大小
OUT PULONG ReturnLength OPTIONAL // 写入缓冲的字节数
);
第一个参数是希望操作的进程句柄,这个句柄必须以PROCESS_QUERY_INFORMATION模式存取。为了取得一个句柄,我们必须用OpenProcess函数:
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwProcessID);
第二个参数是请求信息的类型,这个参数可以有许多个值,本文例子中将用ProcessBasicInformation (值为0)。
因此,如果第二个参数是ProcessBasicInformation的话,则第三个参数必须为一个指针指向结构PROCESS_BASIC_INFORMATION:
typedef struct
{
DWORD ExitStatus; // 接收进程终止状态
DWORD PebBaseAddress; // 接收进程环境块地址
DWORD AffinityMask; // 接收进程关联掩码
DWORD BasePriority; // 接收进程的优先级类
ULONG UniqueProcessId; // 接收进程ID
ULONG InheritedFromUniqueProcessId; //接收父进程ID
} PROCESS_BASIC_INFORMATION;
这个结构的最后一个参数是InheritedFromUniqueProcessId,它就是我们所要的东西。
DWORD dwParentPID;
LONG status;
PROCESS_BASIC_INFORMATION pbi;
status = NtQueryInformationProcess( hProcess,
ProcessBasicInformation,
(PVOID)&pbi,
sizeof(PROCESS_BASIC_INFORMATION),
NULL );
if (!status)
dwParentPID = pbi.InheritedFromUniqueProcessId;
这个改成VB的不难吧?
NTSYSAPI
NTSTATUS
NTAPI
NtQueryInformationProcess (
IN HANDLE ProcessHandle, // 进程句柄
IN PROCESSINFOCLASS InformationClass, // 信息类型
OUT PVOID ProcessInformation, // 缓冲指针
IN ULONG ProcessInformationLength, // 以字节为单位的缓冲大小
OUT PULONG ReturnLength OPTIONAL // 写入缓冲的字节数
);
第一个参数是希望操作的进程句柄,这个句柄必须以PROCESS_QUERY_INFORMATION模式存取。为了取得一个句柄,我们必须用OpenProcess函数:
HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION,FALSE,dwProcessID);
第二个参数是请求信息的类型,这个参数可以有许多个值,本文例子中将用ProcessBasicInformation (值为0)。
因此,如果第二个参数是ProcessBasicInformation的话,则第三个参数必须为一个指针指向结构PROCESS_BASIC_INFORMATION:
typedef struct
{
DWORD ExitStatus; // 接收进程终止状态
DWORD PebBaseAddress; // 接收进程环境块地址
DWORD AffinityMask; // 接收进程关联掩码
DWORD BasePriority; // 接收进程的优先级类
ULONG UniqueProcessId; // 接收进程ID
ULONG InheritedFromUniqueProcessId; //接收父进程ID
} PROCESS_BASIC_INFORMATION;
这个结构的最后一个参数是InheritedFromUniqueProcessId,它就是我们所要的东西。
DWORD dwParentPID;
LONG status;
PROCESS_BASIC_INFORMATION pbi;
status = NtQueryInformationProcess( hProcess,
ProcessBasicInformation,
(PVOID)&pbi,
sizeof(PROCESS_BASIC_INFORMATION),
NULL );
if (!status)
dwParentPID = pbi.InheritedFromUniqueProcessId;
这个改成VB的不难吧?
是是非非 2008-04-30
- 打赏
- 举报
http://data.csai.cn/View_6154.html
