新增一個Command1、一個List1,程式碼:
Private Type PROCESS_HANDLE_TABLE_ENTRY_INFO HandleValue As Long HandleCount As Long PointerCount As Long GrantedAccess As Long ObjectTypeIndex As Long HandleAttributes As Long Reserved As Long End Type Private Type PROCESS_HANDLE_SNAPSHOT_INFORMATION NumberOfHandles As Long Reserved As Long 'Handles(0) As PROCESS_HANDLE_TABLE_ENTRY_INFO End Type Private Const ProcessHandleInformation = 51 Private Declare Function NtQueryInformationProcess& Lib "ntdll" (ByVal ProcessHandle&, ByVal ProcessInformationClass&, ByVal ProcessInformation&, ByVal ProcessInformationLength&, ByRef ReturnLength&) Private Declare Sub RtlMoveMemory Lib "ntdll" (ByVal Dst&, ByVal Src&, ByVal Length&) Private Sub Command1_Click() Dim i As PROCESS_HANDLE_SNAPSHOT_INFORMATION Me.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(i), 8, s)) '取緩衝區大小 ReDim buf(s * 2) As Byte '控制程式碼表變化很大,空間最好開多 Me.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(buf(0)), s * 2, s)) Dim p As PROCESS_HANDLE_TABLE_ENTRY_INFO Dim pp&, c&, j& RtlMoveMemory VarPtr(c), VarPtr(buf(0)), 4 pp = VarPtr(buf(0)) + 8 For j = pp To (pp + c * LenB(p)) - LenB(p) Step LenB(p) RtlMoveMemory VarPtr(p), j, LenB(p) List1.AddItem p.HandleValue Next End Sub
這個程式碼是列舉自己程式的,可以OpenThread其他執行緒再列舉。。。
PS:只能在Win8以上執行。。。Win8以下NtQuerySystemInformation或者讀csrss程式。