HANDLE hProcess = ::OpenProcess(PROCESS_ALL_ACCESS,FALSE,m_dwProcessID);
if(hProcess == NULL){
ERR
goto exit;
}
{
PROCESS_BASIC_INFORMATION pbi;
ULONG ulReturnLength;
NTSTATUS lNtStatus = NtQueryInformationProcess (hProcess,ProcessBasicInformation,&pbi,sizeof(pbi),&ulReturnLength);
if(lNtStatus == STATUS_SUCCESS && ulReturnLength == sizeof(pbi)) {
char buf[128];
PROCESS_ENVIRONMENT_BLOCK peb;
BOOL bResult = ReadProcessMemory(hProcess,pbi.PebBaseAddress,&peb,sizeof(peb),&ulReturnLength);
if (bResult == 0) {
ERR
goto exit;
}
wsprintf(buf,"%d",pbi.BasePriority);
m_szBasePriority = buf;
wsprintf(buf,"%s",(pbi.ExitStatus == 0) ? "EXITED":"STATUS_PENDING");
m_szExitStatus = buf;
wsprintf(buf,"%lu",pbi.UniqueProcessId);
m_szProcID = buf;
PROCESS_PARAMETRS pp;
bResult = ReadProcessMemory(hProcess,peb.pi,&pp,sizeof(pp),&ulReturnLength);
if (bResult == 0) {
ERR
goto exit;
}
WCHAR sz_buf[_MAX_PATH];
bResult = ReadProcessMemory(hProcess,pp.CurrentDirectory.Buffer,sz_buf,sizeof(sz_buf),&ulReturnLength);
if (bResult == 0) {
ERR
goto exit;
}
m_szLocation = sz_buf;
bResult = ReadProcessMemory(hProcess,pp.ApplicationName.Buffer,sz_buf,sizeof(sz_buf),&ulReturnLength);
if (bResult == 0) {
ERR
goto exit;
}
m_szName = sz_buf;
bResult = ReadProcessMemory(hProcess,pp.CommandLine.Buffer,sz_buf,sizeof(sz_buf),&ulReturnLength);
if (bResult == 0) {
ERR
goto exit;
}
m_szCommandLine = sz_buf;
}
}
вот так - прямо из ядра=))))))))
|