如何得知某个进程打开了那些设备？

Owner Process For Open COMM Port?

Process Explorer 可以知道进程打开了那些设备和文件，注册表等，那么自己的程序如何来做呢？

首先duplicate 需要处理的进程的句柄，然后用NtQueryInformationProcess， NtQuerySystemInformation 获取所有的句柄列表，然后对每一个句柄duplicate 其句柄到你的程序，然后用NtQueryObject查询句柄的信息即可

'///////////////////////////// Constants and Types ////////////////////////

Private Const OFFSET_2 = 65536

Private Const MAXINT_2 = 32767

Private Const MAX_PATH As Long = 260

Private Const SE_DEBUG_NAME As String = "SeDebugPrivilege"

Private Const TOKEN_ADJUST_PRIVILEGES As Long = &H20

Private Const TOKEN_QUERY As Long = &H8

Private Const SE_PRIVILEGE_ENABLED As Long = &H2

Private Const PROCESS_VM_READ = &H10

Private Const PROCESS_DUP_HANDLE = &H40

Private Const PROCESS_QUERY_INFORMATION = &H400

Private Const STANDARD_RIGHTS_ALL = &H1F0000

Private Const GENERIC_ALL = &H10000000

Private Const INVALID_HANDLE_VALUE = -1

Private Const SystemHandleInformation = 16&

Private Const ObjectNameInformation = 1&

Private Const STATUS_INFO_LENGTH_MISMATCH = &HC0000004

Private Type LARGE_INTEGER

   LowPart As Long

   HighPart As Long

End Type

Private Type LUID

   LowPart As Long

   HighPart As Long

End Type

Private Type LUID_AND_ATTRIBUTES

   pLuid As LUID

   Attributes As Long

End Type

Private Type TOKEN_PRIVILEGES

   PrivilegeCount As Long

   TheLuid As LUID

   Attributes As Long

End Type

Private Type SECURITY_ATTRIBUTES

   nLength As Long

   lpSecurityDescriptor As Long

   bInheritHandle As Long

End Type

Private Type SYSTEM_HANDLE_TABLE_ENTRY_INFO

   UniqueProcessId  As Integer

   CreatorBackTraceIndex  As Integer

   ObjectTypeIndex As Byte

   HandleAttributes As Byte

   HandleValue As Integer

   Object  As Long

   GrantedAccess As Long

End Type

Private Type SYSTEM_HANDLE_INFORMATION

   NumberOfHandles As Long

   Handles() As SYSTEM_HANDLE_TABLE_ENTRY_INFO

End Type

Private Type OBJECT_NAME_PRIVATE

   Length          As Integer

   MaximumLength   As Integer

   Buffer          As Long

   ObjName(23)     As Byte

End Type

Private Type TDI_CONNECTION_INFO

   State               As Long

   Event               As Long

   TransmittedTsdus    As Long

   ReceivedTsdus       As Long

   TransmissionErrors  As Long

   ReceiveErrors       As Long

   Throughput          As LARGE_INTEGER

   Delay               As LARGE_INTEGER

   SendBufferSize      As Long

   ReceiveBufferSize   As Long

   Unreliable          As Boolean

End Type

Private Type TDI_CONNECTION_INFORMATION

   UserDataLength      As Long

   UserData            As Long

   OptionsLength       As Long

   Options             As Long

   RemoteAddressLength As Long

   RemoteAddress       As Long

End Type

Private Type IO_STATUS_BLOCK

   Status As Long

   Information As Long

End Type

'///////////////////////////// Declarations ///////////////////////////////

'Undocumented Native API

Private Declare Function NtQuerySystemInformation Lib "ntdll.dll" ( _

   ByVal dwInfoType As Long, _

   ByVal lpStructure As Long, _

   ByVal dwSize As Long, _

   dwReserved As Long) As Long

Private Declare Function NtQueryObject Lib "ntdll.dll" ( _

   ByVal ObjectHandle As Long, _

   ByVal ObjectInformationClass As Long, _

   ObjectInformation As OBJECT_NAME_PRIVATE, _

   ByVal Length As Long, _

   ResultLength As Long) As Long

Private Declare Function NtDeviceIoControlFile Lib "ntdll.dll" ( _

   ByVal FileHandle As Long, _

   ByVal pEvent As Long, _

   ApcRoutine As Long, _

   ApcContext As Long, _

   IoStatusBlock As IO_STATUS_BLOCK, _

   ByVal IoControlCode As Long, _

   InputBuffer As TDI_CONNECTION_INFORMATION, _

   ByVal InputBufferLength As Long, _

   OutputBuffer As TDI_CONNECTION_INFO, _

   ByVal OutputBufferLength As Long) As Long