如何获取进程内所有句柄(搞定了我14xx分全送了) 同上 解决方案 » 免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货 (██ 严重抗议板举把我的贴册除 ██) 一不是有色宣传,再不是政治反动思想,这是why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??vvvvvvvvv EnumChildWindows啊,最多递归查找啦。 2000的方法:6、应用(2)-- 查询当前进程所拥有的对象 首先得到当前系统所有的句柄信息,然后再查询指定进程的句柄的属性。 PVOID HandleInfoBuf; SYSTEM_HANDLE_INFORMATION *HandleInfo; DWORD dwInfoSize = sizeof(SYSTEM_HANDLE) * 10000; HandleInfoBuf = (PVOID)new byte[dwInfoSize]; PNTQUERYSYSTEMINFORMATION NtQuerySystemInformation; PNTQUERYOBJECT NtQueryObject; PNTDUPLICATEOBJECT NtDuplicateObject; ///////////////////////////////// NtQuerySystemInformation = (PNTQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle( "ntdll.dll" ),"NtQuerySystemInformation"); NtQueryObject = (PNTQUERYOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtQueryObject"); NtDuplicateObject = (PNTDUPLICATEOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtDuplicateObject"); NtQuerySystemInformation(16,HandleInfoBuf,dwInfoSize,0); HandleInfo = (SYSTEM_HANDLE_INFORMATION*)HandleInfoBuf; for(int i=0; i < HandleInfo->dwCount; i++) { if(HandleInfo->HandleEntries[i].ProcessId == GetCurrentProcessId()) { DWORD Ret; DWORD dwRead; DWORD dwNameBuffer; OBJECT_BASIC_INFORMATION BasicInfo; OBJECT_NAME_INFORMATION *NameInfo; OBJECT_TYPE_INFORMATION *TypeInfo; HANDLE hDupObject; Ret = NtDuplicateObject(GetCurrentProcess(),(HANDLE)HandleInfo->HandleEntries[i].Handle, GetCurrentProcess(),&hDupObject, 0,0,DUPLICATE_SAME_ATTRIBUTES); if(Ret != 0) { Memo1->Lines->Add("Error Duplicate Object Handle.Err = " + SysErrorMessage(Ret)); continue; } //基本信息 Ret = NtQueryObject(hDupObject,ObjectBasicInformation,&BasicInfo,sizeof(OBJECT_BASIC_INFORMATION),&dwRead); if(Ret != 0) { Memo1->Lines->Add("Error Query Object Basic.Err = " + SysErrorMessage(Ret) + " Code = " + IntToHex((int)Ret,8)); CloseHandle(hDupObject); continue; } //类型信息 TypeInfo = (OBJECT_TYPE_INFORMATION *) new char[BasicInfo.TypeInformationLength + 2]; Ret = NtQueryObject(hDupObject,ObjectTypeInformation,TypeInfo,BasicInfo.TypeInformationLength + 2,&dwRead); if(Ret != 0) { Memo1->Lines->Add("Error Query Object Type.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8)); CloseHandle(hDupObject); continue; } //名字信息 dwNameBuffer = (BasicInfo.NameInformationLength == 0) ? (MAX_PATH * sizeof (WCHAR)) : BasicInfo.NameInformationLength; NameInfo = (OBJECT_NAME_INFORMATION *)new char[dwNameBuffer]; Ret = NtQueryObject(hDupObject,ObjectNameInformation,NameInfo,dwNameBuffer,&dwRead); if(Ret != 0) { Memo1->Lines->Add("Error Query Object Name.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8)); CloseHandle(hDupObject); continue; } //没有名字信息 if(NameInfo->Name.Length == 0) continue; //结果 Memo1->Lines->Add(IntToHex((int)HandleInfo->HandleEntries[i].Handle,4) + " == " + AnsiString(TypeInfo->Name.Buffer) + " " + " == " + AnsiString(NameInfo->Name.Buffer)); delete[] TypeInfo; delete[] NameInfo; CloseHandle(hDupObject); } } delete[] HandleInfoBuf; W9X的话,可以参考《Windows95编程奥秘》,里边有关于进程句柄表的描述,可以得到一个进程所打开的所有句柄。 //繁体中文版(友情提示:金山快译里边附带的内码转换工具不错,可以很容易地把繁体转换成简体)http://jjhou.csdn.net///配书源代码http://www.unow.net/xzxt2/list.asp?id=1083 还没有搞定啊? 你有没有看过《Windows95编程奥秘》的源代码?里边有你需要的一切! 当不了???你在哪个地方上的网?源代码有346K(包括Source和Bin,如果只是Source,只有160K),如果不嫌大,给出E-Mail,我发给你!(如果怕E-Mail泄漏的话,给我发短讯就可以了^_^) 这是咋回事? 请教关于DELPHI的数据类型及运算的几个问题 delphi中文字段的查询,到底怎么写? 怎样得出DBGrid某一列的汇总? treeview拖拽问题,在线等 cuteant接分,谢谢帮我解决问题,剩下的分数给你-2. ADO连接数据库失败问题...不解. adoquery.fieldByName('ip').asString,找不到'ip'这个字段 怎么用SQL语言在Delphi里面添加一个临时的表啊。 cxgrid和ehlib有什么区别 深空 来吧 help:打不开.res文件
SYSTEM_HANDLE_INFORMATION *HandleInfo; DWORD dwInfoSize = sizeof(SYSTEM_HANDLE) * 10000; HandleInfoBuf = (PVOID)new byte[dwInfoSize]; PNTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
PNTQUERYOBJECT NtQueryObject;
PNTDUPLICATEOBJECT NtDuplicateObject; ///////////////////////////////// NtQuerySystemInformation = (PNTQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle( "ntdll.dll" ),"NtQuerySystemInformation");
NtQueryObject = (PNTQUERYOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtQueryObject");
NtDuplicateObject = (PNTDUPLICATEOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtDuplicateObject"); NtQuerySystemInformation(16,HandleInfoBuf,dwInfoSize,0);
HandleInfo = (SYSTEM_HANDLE_INFORMATION*)HandleInfoBuf; for(int i=0; i < HandleInfo->dwCount; i++)
{
if(HandleInfo->HandleEntries[i].ProcessId == GetCurrentProcessId())
{
DWORD Ret;
DWORD dwRead;
DWORD dwNameBuffer;
OBJECT_BASIC_INFORMATION BasicInfo;
OBJECT_NAME_INFORMATION *NameInfo;
OBJECT_TYPE_INFORMATION *TypeInfo;
HANDLE hDupObject; Ret = NtDuplicateObject(GetCurrentProcess(),(HANDLE)HandleInfo->HandleEntries[i].Handle,
GetCurrentProcess(),&hDupObject,
0,0,DUPLICATE_SAME_ATTRIBUTES);
if(Ret != 0)
{
Memo1->Lines->Add("Error Duplicate Object Handle.Err = " + SysErrorMessage(Ret));
continue;
} //基本信息
Ret = NtQueryObject(hDupObject,ObjectBasicInformation,&BasicInfo,sizeof(OBJECT_BASIC_INFORMATION),&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Basic.Err = " + SysErrorMessage(Ret) + " Code = " + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
} //类型信息
TypeInfo = (OBJECT_TYPE_INFORMATION *) new char[BasicInfo.TypeInformationLength + 2];
Ret = NtQueryObject(hDupObject,ObjectTypeInformation,TypeInfo,BasicInfo.TypeInformationLength + 2,&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Type.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
} //名字信息
dwNameBuffer = (BasicInfo.NameInformationLength == 0) ?
(MAX_PATH * sizeof (WCHAR)) : BasicInfo.NameInformationLength;
NameInfo = (OBJECT_NAME_INFORMATION *)new char[dwNameBuffer];
Ret = NtQueryObject(hDupObject,ObjectNameInformation,NameInfo,dwNameBuffer,&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Name.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
} //没有名字信息
if(NameInfo->Name.Length == 0)
continue; //结果
Memo1->Lines->Add(IntToHex((int)HandleInfo->HandleEntries[i].Handle,4) +
" == " + AnsiString(TypeInfo->Name.Buffer) + " " +
" == " + AnsiString(NameInfo->Name.Buffer)); delete[] TypeInfo;
delete[] NameInfo; CloseHandle(hDupObject);
}
} delete[] HandleInfoBuf;
//繁体中文版(友情提示:金山快译里边附带的内码转换工具不错,可以很容易地把繁体转换成简体)
http://jjhou.csdn.net///配书源代码
http://www.unow.net/xzxt2/list.asp?id=1083