Option Explicit
'ProcessHandle 为输出 其余为输入
Private Declare Function NtOpenProcess Lib "ntdll.dll" ( _
ByRef ProcessHandle As Long, _
ByVal AccessMask As Long, _
ByRef ObjectAttributes As OBJECT_ATTRIBUTES, _
ByRef ClientId As CLIENT_ID) As Long
Private Type OBJECT_ATTRIBUTES
Length As Long
RootDirectory As Long
ObjectName As Long 'PUNICODE_STRING 的指针
Attributes As Long
SecurityDescriptor As Long
SecurityQualityOfService As Long
End Type
Private Type CLIENT_ID
UniqueProcess As Long
UniqueThread As Long
End Type

Private Sub Form_Load()
Dim oa As OBJECT_ATTRIBUTES, ci As CLIENT_ID
oa.Length = Len(oa)
ci.UniqueProcess = 364 '需要打开的PID
ci.UniqueThread = 0
Dim ret As Long
MsgBox NtOpenProcess(ret, &H400, oa, ci)
MsgBox ret
End Sub