//非常簡短的 16 byte,就可以做許多件不同 的事情,列舉2例。高手就不用看了,完全是忽悠那些小孩子們的!
typedef unsigned short USHORT;
typedef unsigned long ULONG;
typedef __int64 LARGE_INTEGER;
typedef wchar_t* LPWSTR;
typedef void* LPVOID;
struct ustring
{
USHORT Length;
USHORT MaximUMLength;
LPWSTR Buffer;
};
struct process//Information Class 5
{
ULONG NextEntryDelta;
ULONG ThreadCount;
ULONG Reserved1[6];
LARGE_INTEGER CreateTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER KernelTime;
ustring ProcessName;
/*KPRIORITY*/
ULONG BasePriority;
ULONG ProcessId;
ULONG InheritedFromProcessId;
ULONG HandleCount;
};
struct module//Information Class 11
{
ULONG Reserved[2];
LPVOID Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT Unknown;
USHORT LoadCount;
USHORT ModuleNameOffset;
char ImageName[256];
};
typedef bool (__cdecl *QuerySystemInfo)(int val, void* ret_buf, long retbuf_size, long* ret_len);
ULONG Addr[]=
{
0x0000ADB8,
0x0300BA00,
0x12FF7FFE,
0x909090C3
};
char buf[128*1024];
int main(int argc, char* argv[])
{
QuerySystemInfo QueryInfo=(QuerySystemInfo)(ULONG)Addr;
printf("//進程信息//進程信息//進程信息//進程信息//進程信息//進程信息//進程信息//進程信息\n");
QueryInfo(5,buf,128*1024,NULL);
process* p1=(process*)buf;
printf(" 進程ID 父進程ID 線程數 打開句柄 進程名\n");
while(p1->NextEntryDelta)
{
printf("%6d %8d %6d %8d %ws\n",p1->ProcessId,p1->InheritedFromProcessId,p1->ThreadCount,p1->HandleCount,p1->ProcessName.Buffer);
p1=(process*)((ULONG)p1+p1->NextEntryDelta);
}
