引用:
程序/程序物件⁄
**思路如下:
1. 利用zwqueryinformationprocess得到當前程序的nt路徑
2. 用zwopenfile開啟nt路徑,獲得程序的控制代碼
3. 用obreferenceobjectbyhandle獲得核心物件(fileobj)
4. 獲得碟符(c:\),rtlvolumedevicetodosname(fileobj->deviceobject, &dosname);
好了廢話不多,直接上**:
void getprocessimagename(pansi_string imagefilename)
; punicode_string buffer = null;
ulong returnlength = 0;
ntstatus status = 0;
handle filehandle = null;
object_attributes objectattributes = ;
io_status_block iostatusblock = ;
pfile_object fileobj = null;
unicode_string dosname = ;
status = zwqueryinformationprocess(
ntcurrentprocess(),
processimagefilename,
null,
0, &returnlength);
if(status_info_length_mismatch != status || 0 == returnlength)
buffer = exallocatepool(nonpagedpool, returnlength);
if(null == buffer)
status = zwqueryinformationprocess(
ntcurrentprocess(),
processimagefilename,
buffer,
returnlength,
&returnlength);
if(!nt_success(status))
initializeobjectattributes( &objectattributes,
buffer,
obj_kernel_handle,
null,
null );
status = zwopenfile(&filehandle, 0, &objectattributes, &iostatusblock, 0, 0);
if (!nt_success (status))
status = obreferenceobjectbyhandle(filehandle, 0, null, kernelmode, &fileobj, null);
if (!nt_success (status))
if(fileobj->deviceobject && fileobj->filename.buffer)
clean:
if(buffer)
if(filehandle)
if(fileobj)
}
獲得當前程序的列表
2007 12 12 出處 pcdog.com 程序描述資訊 typedef struct tagprocessinfo processinfo,lpprocessinfo 獲取程序資訊列表 bool enumprocessesinfo processinfo lppsinfo,ulong ulsi...
C 得到當前程序所占用的記憶體
使用sdk的psapi process status helper 中的boolgetprocessmemoryinfo handle process pprocess memory counters ppsmemcounters dword cb typedef struct process me...
C 得到當前程序所占用的記憶體
使用sdk的psapi process status helper 中的boolgetprocessmemoryinfo handle process pprocess memory counters ppsmemcounters dword cb typedef struct process me...