易语言遍历CSRSS进程源码

易语言遍历CSRSS进程源码系统结构:LoadLibrary,Process32First,Process32Next,CreateToolhelp32Snapshot,FreeLibrary,GetProcAddress,CopyMemory,CopyMemory2,CloseHandle,OpenProcess,Module32Next,Module32First,ReadProcessMemory,RtlAdjustPrivilege, ======窗口程序集1 || ||------_按钮1_被单击 || ||------__启动窗口_创建完毕 || || ======调用的Dll || ||---[dll]------LoadLibrary || ||---[dll]------Process32First || ||---[dll]------Process32Next || ||---[dll]------CreateToolhelp32Snapshot || ||---[dll]------FreeLibrary || ||---[dll]------GetProcAddress || ||---[dll]------CopyMemory || ||---[dll]------CopyMemory2 || ||---[dll]------CloseHandle || ||---[dll]------OpenProcess || ||---[dll]------Module32Next || ||---[dll]------Module32First || ||---[dll]------ReadProcessMemory || ||---[dll]------RtlAdjustPrivilege 调用的DLL命令: .DLL命令LoadLibrary,整数型,"kernel32","LoadLibraryA" .参数lpLibFileName,文本型 .DLL命令Process32First,整数型,"kernel32","Process32First" .参数a,整数型 .参数b,PROCESSENTRY32 .DLL命令Process32Next,整数型,"kernel32","Process32Next" .参数a,整数型 .参数b,PROCESSENTRY32 .DLL命令CreateToolhelp32Snapshot,整数型,"kernel32","CreateToolhelp32Snapshot" .参数a,整数型 .参数v,整数型 .DLL命令FreeLibrary,整数型,"kernel32","FreeLibrary" .参数hLibModule,整数型 .DLL命令GetProcAddress,整数型,"kernel32","GetProcAddress" .参数hModule,整数型 .参数lpProcName,文本型 .DLL命令CopyMemory,,"kernel32","RtlMoveMemory" .参数Destination,整数型,传址 .参数Source,字节集 .参数Length,整数型 .DLL命令CopyMemory2,,"kernel32","RtlMoveMemory" .参数Destination,_CSR_PROCESS,传址 .参数Source,字节集,传址 .参数Length,整数型 .DLL命令CloseHandle,整数型,"kernel32","CloseHandle" .参数hObject,整数型 .DLL命令OpenProcess,整数型,"kernel32","OpenProcess" .参数dwDesiredAccess,整数型 .参数bInheritHandle,整数型 .参数dwProcessId,整数型 .DLL命令Module32Next,整数型 .参数CreatHelde,整数型 .参数ModuleMsg,ModuleMsg .DLL命令Module32First,整数型 .参数CreatHelde,整数型 .参数ModuleMsg,ModuleMsg .DLL命令ReadProcessMemory,整数型,,,公开 .参数hProcess,整数型 .参数lpBaseAddress,整数型 .参数lpBuffer,字节集,传址 .参数nSize,整数型 .参数lpNumberOfBytesWritten,整数型 .DLL命令RtlAdjustPrivilege,整数型,"ntdll.dll" .参数se_,整数型 .参数true_,逻辑型 .参数hprocess,整数型 .参数ret,整数型,传址