用CreateToolHelp32Snapshot 查看进程及其模块列表 |
|
thf
一般會員 發表:1 回覆:3 積分:10 註冊:2009-03-02 發送簡訊給我 |
经常看到类似"用CreateToolHelp32Snapshot 查看进程及其模块列表"的问题,但好象还没有看到真正完美解决的,虽然主要部份有很多人给出了方法,但因为一些细节问题,很多人即使照搬了代码也不成功,下面给出用DELPHI写的解决方法.
主要思路其实网上有很多,无非是先用 CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS,0) 得到所有进程 列表,然后用 CreateToolHelp32Snapshot(TH32CS_SNAPMODULE,pid) 得到相应进程的模块列表,但一个最关键的问题是如果没有系统权限(不仅仅是属于 ADMINISTRATORS组)是不能查看其它进程的模块信息的. 解决这个问题最重要的细节是要提升当前进程的权限. unit Unit1; interface uses Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, Dialogs, StdCtrls,TLHelp32, ComCtrls, ExtCtrls; type TForm1 = class(TForm) Panel1: TPanel; ListView1: TListView; Splitter1: TSplitter; ListView2: TListView; Panel2: TPanel; Button1: TButton; Button2: TButton; procedure Button1Click(Sender: TObject); procedure Button2Click(Sender: TObject); procedure ListView1DblClick(Sender: TObject); procedure FormCreate(Sender: TObject); private { Private declarations } public { Public declarations } procedure getmodulelist(pid:integer); end; var Form1: TForm1; implementation function AdjustProcessPrivilege(Processhandle:Thandle;Token_Name:pchar):boolean; var Token:cardinal; TokenPri:_TOKEN_PRIVILEGES; processDest:int64; i:DWORD; begin Result:=false; if OpenProcessToken(Processhandle,TOKEN_ADJUST_PRIVILEGES,Token) then begin if LookupPrivilegeValue(nil,Token_Name,processDest) then begin TokenPri.PrivilegeCount:=1; TokenPri.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED; TokenPri.Privileges[0].Luid:=processDest; i:=0; if AdjustTokenPrivileges(Token,false,TokenPri,sizeof(TokenPri),nil,i) then Result:=true; end; end; end; {$R *.dfm} procedure TForm1.Button1Click(Sender: TObject); var th32handle:THandle;procstruct:TProcessEntry32;pid:string; finded:boolean;proname:string;mdfn:array[0..255] of char; begin //列出所有进程 th32handle:=CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS,0); try procstruct.dwSize:=sizeof(procstruct); ListView1.Clear; finded:=Process32First(th32handle,procstruct); while finded do begin proname:=String(procstruct.szExeFile); pid:=inttostr(procstruct.th32ProcessID); with ListView1.Items.Add do begin Caption:=pid; SubItems.Add(proname); //SubItems.Add(''); end; //CloseHandle(hproc); finded:=Process32Next(th32handle,procstruct); end; finally CloseHandle(th32handle); end; end; procedure TForm1.Button2Click(Sender: TObject); begin getmodulelist(0); //可以先试下得到当前进程的模块列表 end; procedure TForm1.getmodulelist(pid: integer); var th32handle:THandle;procstruct:TModuleEntry32; finded:boolean; begin th32handle:=CreateToolHelp32Snapshot(TH32CS_SNAPMODULE,pid); try procstruct.dwSize:=sizeof(procstruct); ListView2.Clear; finded:=Module32First(th32handle,procstruct); while finded do begin with ListView2.Items.Add do begin Caption:=inttostr(procstruct.th32ProcessID); SubItems.Add(inttostr(procstruct.th32ModuleID)); SubItems.Add(inttostr(procstruct.hModule)); SubItems.Add(procstruct.szModule); SubItems.Add(procstruct.szExePath); end; finded:=Module32Next(th32handle,procstruct); end; finally CloseHandle(th32handle); end; end; procedure TForm1.ListView1DblClick(Sender: TObject); begin if listview1.selected<> nil then getmodulelist(strtoint(ListView1.Selected.Caption)); end; procedure TForm1.FormCreate(Sender: TObject); begin AdjustProcessPrivilege(GetCurrentProcess,'SeDebugPrivilege');//要先提升至系统权限才能查看其它进程的信息 end; end. |
本站聲明 |
1. 本論壇為無營利行為之開放平台,所有文章都是由網友自行張貼,如牽涉到法律糾紛一切與本站無關。 2. 假如網友發表之內容涉及侵權,而損及您的利益,請立即通知版主刪除。 3. 請勿批評中華民國元首及政府或批評各政黨,是藍是綠本站無權干涉,但這裡不是政治性論壇! |