枚举该进程的所有线程后,再调用 EnumThreadWindows 吧!

又好了点, 谢谢!!

不知还有更好的方法吗?

还有,

_SYSTEM_PROCESSES = record // Information Class 5
    NextEntryDelta: ULONG;
    ThreadCount: ULONG;
    Reserved1: array[0..5] of ULONG;
    CreateTime: LARGE_INTEGER;    // 这个是进程创建的时间
    UserTime: LARGE_INTEGER;
    KernelTime: LARGE_INTEGER;
    ProcessName: UNICODE_STRING;
    BasePriority: KPRIORITY;
    ProcessId: ULONG;
    InheritedFromProcessId: ULONG;
    HandleCount: ULONG;
    // next two were Reserved2: array [0..1] of ULONG; thanks to Nico Bendlin
    SessionId: ULONG;
    Reserved2: ULONG;
    VmCounters: VM_COUNTERS;
    PrivatePageCount: ULONG;
    IoCounters: IO_COUNTERSEX; // Windows 2000 only
    Threads: array[0..0] of SYSTEM_THREADS;
  end;

NtQuerySystemInformation(5, SYSTEM_PROCESSES_Info); 这个API 得到的进程创建时间, 好像不是时间格式的, 是“纳秒”吗?

  进程创建时间:=SYSTEM_PROCESSES_Info.CreateTime.QuadPart  div (除多少啊??  );

  请问如何转换成 时/分/秒 的格式

不想用 GetProcessTimes...

[QUOTE=kagayaki;696235]还有,
_SYSTEM_PROCESSES = record // Information Class 5
    NextEntryDelta: ULONG;
    ThreadCount: ULONG;
    Reserved1: array[0..5] of ULONG;
...[/QUOTE]
没区别，如果你会用GetProcessTime 就会用这个。
去看看 时间转换的API吧
好象叫 Filetimetosystemtime

........已解决, 好像是文件时间。

....包含了UTC时间信息的一个结构, 这个 UTC 指什么?

还有， 我在网上看到下面的几行代码，好像都不用时间的 API：

llTempTime  = pSystemProc->KernelTime.QuadPart + pSystemProc->UserTime.QuadPart;
                        llTempTime /= 10000;
                        printf("%3d:",llTempTime/(60*60*1000));
                        llTempTime %= 60*60*1000;
                        printf("%.2d:",llTempTime/(60*1000));
                        llTempTime %= 60*1000;
                        printf("%.2d.",llTempTime/1000);
                        llTempTime %= 1000;
                        printf("%.3d",llTempTime);

                        printf("\n");

手上没 VC++, 不过, 看计算时间的代码好像有问题:

#include <windows.h>
/* NOTE: W32API ddk/ntapi.h header has wrong definition of SYSTEM_PROCESSES. */
#include <ntos/types.h>

/* 0000 0000 0:00:00 0:00:00 0000 () */
static char* title = "PID PPID KTime UTime Hwnd NAME\n";
static char* title1 = " TID KTime UTime\n";

int main()
{
DWORD r, r1, i, tid = 0;
HANDLE pl;
HANDLE stdout = GetStdHandle(STD_OUTPUT_HANDLE);
PSYSTEM_PROCESSES SystemProcesses = NULL;
PSYSTEM_PROCESSES CurrentProcess;
ULONG BufferSize, ReturnSize;
NTSTATUS Status;
char buf[256];
char buf1[256];

WriteFile(stdout, title, lstrlen(title), &r, NULL);
WriteFile(stdout, title1, lstrlen(title1), &r1, NULL);

/* Get process information. */
BufferSize = 0;
do
{
BufferSize += 0x10000;
SystemProcesses = HeapAlloc(GetProcessHeap(), 0, BufferSize);
Status = NtQuerySystemInformation(SystemProcessInformation,
SystemProcesses, BufferSize,
&ReturnSize);
if (Status == STATUS_INFO_LENGTH_MISMATCH)
HeapFree(GetProcessHeap(), 0, SystemProcesses);
} while (Status == STATUS_INFO_LENGTH_MISMATCH);

/* If querying system information failed, bail out. */
if (!NT_SUCCESS(Status))
return 1;

/* For every process print the information. */
CurrentProcess = SystemProcesses;
while (CurrentProcess->NextEntryDelta != 0)
{
int hour, hour1, thour, thour1;
int minute, minute1, tmin, tmin1;
int seconds, seconds1, tsec, tsec1;
int ti;
SYSTEMTIME systime;
FILETIME kt, ut;

kt.dwLowDateTime = CurrentProcess->KernelTime.LowPart;
kt.dwHighDateTime = CurrentProcess->KernelTime.HighPart;

FileTimeToSystemTime( &kt, &systime );
hour = systime.wHour;
minute = systime.wMinute;
seconds = systime.wSecond;

ut.dwLowDateTime = CurrentProcess->UserTime.LowPart;
ut.dwHighDateTime = CurrentProcess->UserTime.HighPart;

FileTimeToSystemTime( &ut, &systime );
hour1 = systime.wHour;
minute1 = systime.wMinute;
seconds1 = systime.wSecond;

wsprintf(buf,"%4d %4d %2d:%02d:%02d %2d:%02d:%02d %4d %S\n",
CurrentProcess->ProcessId,
CurrentProcess->InheritedFromProcessId,
hour, minute, seconds, hour1, minute1, seconds1 , 0,
CurrentProcess->ProcessName.Buffer);
WriteFile(stdout, buf, lstrlen(buf), &r, NULL);

for (ti = 0; ti < CurrentProcess->ThreadCount; ti++)
{
kt.dwLowDateTime =
CurrentProcess->Threads[ti].KernelTime.LowPart;
kt.dwHighDateTime =
CurrentProcess->Threads[ti].KernelTime.HighPart;

FileTimeToSystemTime( &kt, &systime );
thour = systime.wHour;
tmin = systime.wMinute;
tsec = systime.wSecond;

ut.dwLowDateTime = CurrentProcess->Threads[ti].UserTime.LowPart;
ut.dwHighDateTime =
CurrentProcess->Threads[ti].UserTime.HighPart;

FileTimeToSystemTime( &ut, &systime );
thour1 = systime.wHour;
tmin1 = systime.wMinute;
tsec1 = systime.wSecond;

wsprintf(buf1," %4d %2d:%02d:%02d %2d:%02d:%02d\n",
CurrentProcess->Threads[ti].ClientId.UniqueThread,
thour, tmin, tsec, thour1, tmin1, tsec1);
WriteFile(stdout, buf1, lstrlen(buf1), &r1, NULL);
}
CurrentProcess = (PSYSTEM_PROCESSES)((ULONG_PTR)CurrentProcess +
CurrentProcess->NextEntryDelta);
}

CloseHandle(pl);
}

FileTimeToSystemTime 转后后的是格林标准时间 还要加上当前时区

谢谢!!!!!!!