Windows常用API库（导入未文档化API）

class ImpApi {
public:

#define MY_PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x0FFF)
    typedef struct _MY_LSA_UNICODE_STRING {
        USHORT Length;
        USHORT MaximumLength;
        PWSTR Buffer;
    } MY_LSA_UNICODE_STRING, * PMY_LSA_UNICODE_STRING, MY_UNICODE_STRING, * PMY_UNICODE_STRING;

#define MY_OBJ_INHERIT                         0x00000002L
#define MY_OBJ_PERMANENT                       0x00000010L
#define MY_OBJ_EXCLUSIVE                       0x00000020L
#define MY_OBJ_CASE_INSENSITIVE                0x00000040L
#define MY_OBJ_OPENIF                          0x00000080L
#define MY_OBJ_OPENLINK                        0x00000100L
#define MY_OBJ_KERNEL_HANDLE                   0x00000200L
#define MY_OBJ_FORCE_ACCESS_CHECK              0x00000400L
#define MY_OBJ_IGNORE_IMPERSONATED_DEVICEMAP   0x00000800L
#define MY_OBJ_DONT_REPARSE                    0x00001000L
#define MY_OBJ_VALID_ATTRIBUTES                0x00001FF2L

    typedef struct _MY_OBJECT_ATTRIBUTES {
        ULONG           Length;
        HANDLE          RootDirectory;
        PMY_UNICODE_STRING ObjectName;
        ULONG           Attributes;
        PVOID           SecurityDescriptor;
        PVOID           SecurityQualityOfService;
    } MY_OBJECT_ATTRIBUTES, * PMY_OBJECT_ATTRIBUTES;
    typedef struct _MY_CLIENT_ID {
        HANDLE UniqueProcess;
        HANDLE UniqueThread;
    } MY_CLIENT_ID, * PMY_CLIENT_ID;
    typedef NTSTATUS(NTAPI* PFN_ZwOpenProcess)(
        PHANDLE            ProcessHandle,
        ACCESS_MASK        DesiredAccess,
        PMY_OBJECT_ATTRIBUTES ObjectAttributes,
        PMY_CLIENT_ID         ClientId
        );

    typedef NTSTATUS(NTAPI* PFN_ZwClose)(
        HANDLE Handle
        );
    typedef void (WINAPI* PFN_GetNativeSystemInfo)(LPSYSTEM_INFO);

    typedef BOOL(WINAPI* PFN_IsWow64Process)(HANDLE, PBOOL);

    PFN_GetNativeSystemInfo GetNativeSystemInfo = (PFN_GetNativeSystemInfo)GetProcAddress(GetModuleHandle(TEXT("KERNEL32")), "GetNativeSystemInfo");
    PFN_IsWow64Process IsWow64Process = (PFN_IsWow64Process)GetProcAddress(GetModuleHandle(TEXT("KERNEL32")), "IsWow64Process");
    PFN_ZwOpenProcess ZwOpenProcess = (PFN_ZwOpenProcess)GetProcAddress(GetModuleHandle(TEXT("NTDLL")), "ZwOpenProcess");
    PFN_ZwClose ZwClose = (PFN_ZwClose)GetProcAddress(GetModuleHandle(TEXT("NTDLL")), "ZwClose");
    HANDLE MyOpenProcess( DWORD ProcessID, DWORD dwDesiredAccess = MY_PROCESS_ALL_ACCESS)
    {
        HANDLE hProcess = NULL;
        MY_OBJECT_ATTRIBUTES ObjectAttributes = { 0 };
        ObjectAttributes.Length = sizeof(MY_OBJECT_ATTRIBUTES);
        MY_CLIENT_ID myClientId = { 0 };
        myClientId.UniqueProcess = (HANDLE)ProcessID;
        myClientId.UniqueThread = 0;
        ZwOpenProcess(&hProcess, dwDesiredAccess, &ObjectAttributes, &myClientId);
        printf("ZwOpenProcess, hProcess=0x%X, flag=0x%X result=0x%X\n", hProcess, dwDesiredAccess, GetLastError());
        return hProcess;
    }
    bool IsWindows32Bits(HANDLE hProcess)
    {
        BOOL bIsWow64 = FALSE;
        SYSTEM_INFO si = { 0 };
        GetNativeSystemInfo(&si);
        if (si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_AMD64 || si.wProcessorArchitecture == PROCESSOR_ARCHITECTURE_IA64)
        {
            //64 位操作系统
            ImpApi::Inst()->IsWow64Process(hProcess, &bIsWow64);
            if (bIsWow64 == FALSE)
            {
                return false;
            }
        }
        // 32 位操作系统
        return true;
    }
public:
    static ImpApi* Inst() {
        static ImpApi ImpApiInstance;
        return &ImpApiInstance;
    }
};

使用案例：枚举进程并检测是否可以打开

void CppsappDlg::OnOK()
{
    GetDlgItemText(IDC_EDIT_DLL, m_strDllName);
    CListCtrl* pListProcess = (CListCtrl*)GetDlgItem(IDC_LIST_PROCESS);
    pListProcess->DeleteAllItems();
    PROCESSENTRY32 pe32 = { 0 };
    //在使用这个结构之前，先设置它的大小
    pe32.dwSize = sizeof(pe32);

    //给系统内所有的进程拍一个快照
    HANDLE hProcessSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    if (hProcessSnap != INVALID_HANDLE_VALUE)
    {
        //遍历进程快照，轮流显示每个进程的信息
        BOOL bMore = ::Process32First(hProcessSnap, &pe32);
        while (bMore)
        {
            HANDLE hProcess = NULL;
            
            hProcess = ImpApi::Inst()->MyOpenProcess(pe32.th32ProcessID);
            if (hProcess != NULL)
            {
                BOOL bIsWindows32Bits = FALSE;
                TCHAR tPID[128] = { 0 };
                TCHAR tPName[MAX_PATH + MAX_PATH] = { 0 };
                _sntprintf(tPID, sizeof(tPID) / sizeof(*tPID), TEXT("%u"), pe32.th32ProcessID);
                ImpApi::Inst()->ZwClose(hProcess);
                bIsWindows32Bits = ImpApi::Inst()->IsWindows32Bits(hProcess);
                if (bIsWindows32Bits == TRUE)
                {
                    _sntprintf(tPName, sizeof(tPName) / sizeof(*tPName), TEXT("%s (32)"), pe32.szExeFile);
                }
                else
                {
                    _sntprintf(tPName, sizeof(tPName) / sizeof(*tPName), TEXT("%s (64)"), pe32.szExeFile);
                }
                if (((sizeof(void*) == 8) && (bIsWindows32Bits == FALSE))
                    || ((sizeof(void*) == 4) && (bIsWindows32Bits == TRUE)))
                {
                    LV_ITEM lvi = { 0 };
                    lvi.mask = LVIF_TEXT;
                    lvi.iItem = pListProcess->GetItemCount();
                    lvi.iSubItem = 0;
                    lvi.pszText = tPName;
                    pListProcess->InsertItem(&lvi);
                    lvi.iSubItem = 1;
                    lvi.pszText = tPID;
                    pListProcess->SetItem(&lvi);
                    pListProcess->SetItemData(lvi.iItem, (DWORD_PTR)lvi.iItem);
                }
            }
            bMore = ::Process32Next(hProcessSnap, &pe32);
        }

        //不要忘记清除snapshot对象
        ::CloseHandle(hProcessSnap);
    }
}