【对面的高手看过来】
//==================================================================================
typedef unsigned long (WINAPI *NtDll)(unsigned int,void *,unsigned long,unsigned long*);
NtDll NtQuerySystemInformation;
NtQuerySystemInformation = (NtDll)GetProcAddress(GetModuleHandle("ntdll"),"NtQuerySystemInformation");
if(!NtQuerySystemInformation)
return false;
void *Buffer = NULL;
size_t Length = 0;
unsigned long hNtDll;
unsigned long Need = 0;
do
{
Length += 0x1000;
Buffer = realloc(Buffer, Length);
if(!Buffer)return false;
hNtDll = NtQuerySystemInformation(5, Buffer, Length, &Need);
}while(hNtDll == 0xc0000004);
if(hNtDll < 0)
{
free(Buffer);
return false;
}
struct ProcessInfo *PI;
PI = (struct ProcessInfo*)Buffer;
printf(" %-20s%s\n","ProcessName","PID");
while(PI->NextEntryDelta != 0)
{
if(PI->ProcessName.Buffer != 0)
{
printf(" %-20S%d\n",PI->ProcessName.Buffer,PI->ProcessId);
}
PI = (struct ProcessInfo *)(((char *)PI) + PI->NextEntryDelta);
}
free(Buffer);
//==================================================================================
里面的 printf(" %-20S%d\n",PI->ProcessName.Buffer,PI->ProcessId); 这句用 COUT 怎么实现????
还有个问题 注册表里的服务路径键值都是很奇怪~~~~`比如:
\??\C:\WINDOWS\system32\drivers\kmsinput.sys
%SystemRoot%\system32\svchost.exe -k netsvcs
system32\DRIVERS\cdrom.sys
\??\E:\X-Scan\dat\xpf.sys
怎么才能把他们转换成正常的路径呢?我想一定有办法吧,要不 WINDOWS 怎么识别他们的。