怎么用VB代码把正在运行的程序磁盘路径截获下来我写写就不懂了，

应该使用Toolhelp，好像你使用是WMI这是我写的一个例子，应该是正确的。

'获得进程信息

Private

Const

TH32CS_SNAPHEAPLIST

=

&H1

Private

Const

TH32CS_SNAPPROCESS

=

&H2

Private

Const

TH32CS_SNAPTHREAD

=

&H4

Private

Const

TH32CS_SNAPMODULE

=

&H8

Private

Const

TH32CS_SNAPALL

=

(TH32CS_SNAPHEAPLIST

Or

TH32CS_SNAPPROCESS

Or

TH32CS_SNAPTHREAD

Or

TH32CS_SNAPMODULE)

Private

Const

TH32CS_INHERIT

=

&H80000000

Private

Const

MAX_PATH

As

Integer

=

260

Private

Const

PROCESS_VM_READ

=

16

Private

Type

PROCESSENTRY32

dwSize

As

Long

cntUsage

As

Long

th32ProcessID

As

Long

th32DefaultHeapID

As

Long

th32ModuleID

As

Long

cntThreads

As

Long

th32ParentProcessID

As

Long

pcPriClassBase

As

Long

dwFlags

As

Long

szExeFile

As

String

MAX_PATH

End

Type

Private

Declare

Function

CreateToolhelp32Snapshot

Lib

"kernel32"

(ByVal

lFlags

As

Long,

ByVal

lProcessID

As

Long)

As

Long

Private

Declare

Function

Process32First

Lib

"kernel32"

(ByVal

hSnapshot

As

Long,

uProcess

As

PROCESSENTRY32)

As

Long

Private

Declare

Function

Process32Next

Lib

"kernel32"

(ByVal

hSnapshot

As

Long,

uProcess

As

PROCESSENTRY32)

As

Long

Private

Declare

Sub

CloseHandle

Lib

"kernel32"

(ByVal

hPass

As

Long)

'打开模块的函数

Private

Declare

Function

EnumProcessModules

Lib

"PSAPIDLL"

(ByVal

hProcess

As

Long,

ByRef

lphModule

As

Long,

ByVal

cb

As

Long,

ByRef

cbNeeded

As

Long)

As

Long

Private

Declare

Function

GetModuleFileNameExA

Lib

"PSAPIDLL"

(ByVal

hProcess

As

Long,

ByVal

hModule

As

Long,

ByVal

ModuleName

As

String,

ByVal

nSize

As

Long)

As

Long

Dim

hSnapshot

As

Long

Dim

hProcess

As

Long

Dim

uProcess

As

frmWatcherPROCESSENTRY32

Dim

r

As

Long

Dim

lpszPath

As

String

Dim

lngReturn

As

Long

Dim

lngModules(1

To

200)

As

Long

Dim

lngCBSize

As

Long

'打开进程快照

hSnapshot

=

CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,

0&)

'设置长度

uProcessdwSize

=

Len(uProcess)

'检索快照

r

=

Process32First(hSnapshot,

uProcess)

Do

While

r

'获得进程的文件名

hProcess

=

OpenProcess(Process_Query_Information

Or

PROCESS_VM_READ,

0,

uProcessth32ProcessID)

lngReturn

=

EnumProcessModules(hProcess,

lngModules(1),

200,

lngCBSize)

If

lngReturn

<>

0

Then

lpszPath

=

Space(MAX_PATH)

lngReturn

=

GetModuleFileNameExA(hProcess,

lngModules(1),

lpszPath,

500)

lpszPath

=

Left(lpszPath,

lngReturn)

lpszPath

=

UCase(ShortName(lpszPath))

End

If

CloseHandle

hProcess

'检查进程

If

Len(lpszPath)

<>

0

Then

'

<lpszPath

是进程的路径>

End

If

'查找下一个程序

r

=

Process32Next(hSnapshot,

uProcess)

Loop

在应用层上不好截获，通过写协议驱动，可以截获通过你电脑上所有的网卡的数据包，在下个WDK，里面有一个现成的例子Ndisprot,可以参照修改成适合自己的驱动，然后通过应用层来调用下层的这个协议驱动，回到应用层后再对这个包进行解析。

还是用CMD，CALL命令就可以。

比如，你要截获"C:\123bat"输出结果。

你就这样写

CALL "C:\123bat">C:\123运行结果txt

截获的信息就保存在“C:\123运行结果txt”文件里面了。

关键要看wpe用的是什么方法去查看进程

进程要是简单的利用hook系统函数（只能欺骗下任务管理器）的方法进行隐藏估计大多数的软件可以查看

但是进程用修改进程链表或其他的方法就难说了

以上就是关于怎么用VB代码把正在运行的程序磁盘路径截获下来我写写就不懂了，全部的内容，包括:怎么用VB代码把正在运行的程序磁盘路径截获下来我写写就不懂了，、VC如何截获指定网卡封包、怎么用程序截获cmd的输出信息等相关内容解答，如果想了解更多相关内容，可以关注我们，你们的支持是我们更新的动力！