写了一个进程枚举代码，未实现ring0级的进程枚举。

Option Explicit Private Declare Function EnumProcesses Lib "psapi.dll" (lpidProcess As Long,ByVal cb As Long,cbNeeded As Long) As Long Private Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal hProcess As Long,ByVal hModule As Long,ByVal ModuleName As String,ByVal nSize As Long) As Long Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long,ByVal bInheritHandle As Long,ByVal dwProcessId As Long) As Long Private Const PROCESS_ALL_ACCESS = &H1F0FFF Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Sub Main() Dim i As Long Dim strFileName As String Dim hMod As Long,pId(1024) As Long,hProcess As Long,dwNeeded As Long,dwTemp As Long EnumProcesses pId(0),1024 * 4,dwNeeded For i = 1 To dwNeeded If pId(i) = 0 Then Exit For hProcess = OpenProcess(PROCESS_ALL_ACCESS,pId(i)) If hProcess <> 0 Then strFileName = String(200,vbNullChar) strFileName = Left(strFileName,GetModuleFileNameExA(hProcess,strFileName,Len(strFileName))) CloseHandle hProcess If Len(strFileName) > 0 Then Debug.Print strFileName End If Next End Sub