■ NtQueryInformationProcess API 함수를 선언하는 방법을 보여준다.
▶ 예제 코드 (C#)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
using System; using System.Runtime.InteropServices; #region NT 프로세스 정보 질의하기 - NtQueryInformationProcess(processHandle, processInformationClass, processInformation, processInformationLength, returnLength) /// <summary> /// NT 프로세스 정보 질의하기 /// </summary> /// <param name="processHandle">프로세스 핸들</param> /// <param name="processInformationClass">프로세스 정보 클래스</param> /// <param name="processInformation">프로세스 정보</param> /// <param name="processInformationLength">프로세스 정보 길이</param> /// <param name="returnLength">반환 길이</param> /// <returns>처리 결과</returns> [DllImport("ntdll")] private static extern int NtQueryInformationProcess ( IntPtr processHandle, int processInformationClass, ref ProcessInformation processInformation, int processInformationLength, out int returnLength ); #endregion /// <summary> /// 프로세스 정보 /// </summary> [StructLayout(LayoutKind.Sequential)] public struct ProcessInformation { //////////////////////////////////////////////////////////////////////////////////////////////////// Field ////////////////////////////////////////////////////////////////////////////////////////// Public #region Field /// <summary> /// 예약 /// </summary> public IntPtr Reserved; /// <summary> /// PEB 기준 주소 /// </summary> public IntPtr PEbBaseAddress; /// <summary> /// 예약 2-0 /// </summary> public IntPtr Reserved2_0; /// <summary> /// 예약 2-1 /// </summary> public IntPtr Reserved2_1; /// <summary> /// 고유 프로세스 ID /// </summary> public IntPtr UniqueProcessID; /// <summary> /// 프로세스 ID /// </summary> public IntPtr InheritedFromUniqueProcessID; #endregion } |