Win8下枚举任意进程的句柄表。。。(VB6 Code)

添加一个Command1、一个List1，代码：

Private Type PROCESS_HANDLE_TABLE_ENTRY_INFO
HandleValue As Long
HandleCount As Long
PointerCount As Long
GrantedAccess As Long
ObjectTypeIndex As Long
HandleAttributes As Long
Reserved As Long
End Type
Private Type PROCESS_HANDLE_SNAPSHOT_INFORMATION
NumberOfHandles As Long
Reserved As Long
'Handles(0) As PROCESS_HANDLE_TABLE_ENTRY_INFO
End Type
Private Const ProcessHandleInformation = 51
Private Declare Function NtQueryInformationProcess& Lib "ntdll" (ByVal ProcessHandle&, ByVal ProcessInformationClass&, ByVal ProcessInformation&, ByVal ProcessInformationLength&, ByRef ReturnLength&)
Private Declare Sub RtlMoveMemory Lib "ntdll" (ByVal Dst&, ByVal Src&, ByVal Length&)
Private Sub Command1_Click()
Dim i As PROCESS_HANDLE_SNAPSHOT_INFORMATION
Me.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(i), 8, s)) '取缓冲区大小
ReDim buf(s * 2) As Byte '句柄表变化很大，空间最好开多
Me.Caption = Hex(NtQueryInformationProcess(-1, ProcessHandleInformation, VarPtr(buf(0)), s * 2, s))
Dim p As PROCESS_HANDLE_TABLE_ENTRY_INFO
Dim pp&, c&, j&
RtlMoveMemory VarPtr(c), VarPtr(buf(0)), 4
pp = VarPtr(buf(0)) + 8
For j = pp To (pp + c * LenB(p)) - LenB(p) Step LenB(p)
RtlMoveMemory VarPtr(p), j, LenB(p)
List1.AddItem p.HandleValue
Next
End Sub

这个代码是枚举自己进程的，可以OpenThread其他线程再枚举。。。

PS：只能在Win8以上运行。。。Win8以下NtQuerySystemInformation或者读csrss进程。