导出ZwQueryInformationProcess函数
ZwQueryInformationProces是系统内核函数，在NtDLL.dll中，要导出时要用到GetProcAddress和LoadLibrary函数。问题是：GetProcAddress返回的是函数的地址，也就是指针，那我首先得声明一个函数指针，可是我这样声明有错误：
typedef NTSTATUS (*ZwQueryInformationProcess)(
HANDLE, PROCESSINFOCLASS,
LPVOID, DWORD, PDWORD);

typedef <error-type>(*ZwQueryInformationProcess)(HANDLE, PROCESSINFOCLASS,LPVOID, DWORD, PDWORD);不允许使用返回函数的函数

哪位大哥知道这个应该怎么声明才正确？感激不尽！

[解决办法]
typedef NTSTATUS (__stdcall* pZwQueryInformationProcess)(
HANDLE, PROCESSINFOCLASS,
LPVOID, DWORD, PDWORD);

[解决办法]
typedef <error-type>(*ZwQueryInformationProcess)(HANDLE, PROCESSINFOCLASS,LPVOID, DWORD, PDWORD);不允许使用返回函数的函数


这是报错么？

typedef NTSTATUS (WINAPI* pZwQueryInformationProcess)(
HANDLE, PROCESSINFOCLASS,
LPVOID, DWORD, PDWORD);

这就是官方写法啊
[解决办法]

C/C++ code

#include "stdafx.h"#include <Windows.h>typedef enum _PROCESSINFOCLASS {    ProcessBasicInformation,    ProcessQuotaLimits,    ProcessIoCounters,    ProcessVmCounters,    ProcessTimes,    ProcessBasePriority,    ProcessRaisePriority,    ProcessDebugPort,    ProcessExceptionPort,    ProcessAccessToken,    ProcessLdtInformation,    ProcessLdtSize,    ProcessDefaultHardErrorMode,    ProcessIoPortHandlers,    ProcessPooledUsageAndLimits,    ProcessWorkingSetWatch,    ProcessUserModeIOPL,    ProcessEnableAlignmentFaultFixup ,    ProcessPriorityClass,    ProcessWx86Information,    ProcessHandleCount,    ProcessAffinityMask,    ProcessPriorityBoost,    ProcessDeviceMap,    ProcessSessionInformation,    ProcessForegroundInformation,    ProcessWow64Information,    ProcessImageFileName,    ProcessLUIDDeviceMapsEnabled,    ProcessBreakOnTermination,    ProcessDebugObjectHandle,    ProcessDebugFlags,    ProcessHandleTracing,    ProcessUnknown33,    ProcessUnknown34,    ProcessUnknown35,    ProcessCookie,    MaxProcessInfoClass} PROCESSINFOCLASS;typedef NTSTATUS (WINAPI *PFN_ZwQueryInformationProcess)(HANDLE ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, PVOID ProcessInformation, ULONG ProcessInformationLength, PULONG ReturnLength);int main(){    HMODULE hDll = LoadLibrary(_T("Ntdll.dll"));    if(NULL != hDll)    {        PFN_ZwQueryInformationProcess pFn_ZwQueryInformationProcess = (PFN_ZwQueryInformationProcess)GetProcAddress(hDll, "ZwQueryInformationProcess");        if(NULL != pFn_ZwQueryInformationProcess)        {            printf("Found it!!!\n");        }    }    if(NULL != hDll)    {        FreeLibrary(hDll);        hDll = NULL;    }    return 0;}
[解决办法]
//
#define NTAPI __stdcall  
typedef long NTSTATUS;  
#define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)  
#define STATUS_SUCCESS ((NTSTATUS)0L)  

enum PROCESS_INFO_CLASS { ProcessDebugPort = 7 };  


typedef NTSTATUS (NTAPI *ZW_QUERY_INFORMATION_PROCESS)
(IN HANDLE ProcessHandle,
  IN PROCESS_INFO_CLASS ProcessInformationClass,
  OUT PVOID ProcessInformation,
  IN ULONG ProcessInformationLength,
  OUT PULONG ReturnLength);