作者在 2010-07-31 19:04:47 发布以下内容
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls,TLHelp32,PSAPI, ComCtrls;
type
TForm1 = class(TForm)
Panel1: TPanel;
Panel2: TPanel;
Button1: TButton;
ListView1: TListView;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
lpidProcess:Array[0..1024] of DWORD;
cbNeeded:DWORD;
i:Integer;
item:TListItem;
hProcessHandle:DWORD;
ModuleFileName:Array[0..1024] of char;
begin
ListView1.Clear;
{lpidProcess:返回进程ID标识的数组。}
{cb:是进程组数的大小。}
{cbNeeded返回进程数组的大小(单位:字节).}
{返回值:如果函数执行成功,返回True。如果函数执行失败,返回False.}
{function EnumProcesses(lpidProcess: LPDWORD; cb: DWORD; var cbNeeded: DWORD): BOOL;}
{此函数在PSAPI模块}
if not EnumProcesses(LPDWORD(@lpidProcess), SizeOf(lpidProcess),cbNeeded) then begin
ShowMessage('枚举进程失败!');
Abort();
end;
for i:=0 to cbNeeded div SizeOf(DWORD)-1 do begin
{dwDesiredAccess:访问进程的权限}
{bInheritHandle:句柄是否继承进程属性。}
{dwProcessId:进程ID。}
{返回值:函数调用成功将返回一个进程句柄值,否则将返回0}
{注意:在使用完所获得的进程句柄后一定要调用CloseHandle(handle)来关闭进程的句柄。}
{此函数在Windows模块}
{function OpenProcess(dwDesiredAccess: DWORD; bInheritHandle:
BOOL; dwProcessId: DWORD): THandle; stdcall;}
{dwDesiredAccess参数详细说明:
PROCESS_ALL_ACCESS 所有能获得的权限
PROCESS_CREATE_PROCESS 需要创建一个进程
PROCESS_CREATE_THREAD 需要创建一个线程
PROCESS_DUP_HANDLE 重复使用DuplicateHandle句柄
PROCESS_QUERY_INFORMATION 获得进程信息的权限,如它的退出代码、优先级
PROCESS_QUERY_LIMITED_INFORMATION /*获得某些信息的权限,如果获得了
PROCESS_QUERY_INFORMATION,
也拥有PROCESS_QUERY_LIMITED_INFORMATION权限*/
PROCESS_SET_INFORMATION 设置某些信息的权限,如进程优先级
PROCESS_SET_QUOTA 设置内存限制的权限,使用SetProcessWorkingSetSize
PROCESS_SUSPEND_RESUME 暂停或恢复进程的权限
PROCESS_TERMINATE 终止一个进程的权限,使用TerminateProcess
PROCESS_VM_OPERATION 操作进程内存空间的权限(可用VirtualProtectEx和WriteProcessMemory)
PROCESS_VM_READ 读取进程内存空间的权限,可使用ReadProcessMemory
PROCESS_VM_WRITE 读取进程内存空间的权限,可使用WriteProcessMemory
SYNCHRONIZE 等待进程终止
}
hProcessHandle:=OpenProcess(PROCESS_ALL_ACCESS,False,lpidProcess[i]);
if hProcessHandle=0 then continue;
item:=ListView1.Items.Add();
item.Caption:=IntToStr(lpidProcess[i]);
{hProcess:用OpenProcesses函数打开进程返回的句柄}
{HMODULE:hModule是目标模块的句柄(当此参数为0时函数返回的是进程可执行文件的路径)}
{lpFilename:模块名字字符串缓冲区}
{nSize:模块名字字符串缓冲区大小}
{返回值:函数调用成功将返回非0,否则将返回0}
{GetModuleFileNameEx函数功能:获得可执行文件的模块路径}
{此函数在PsAPI模块}
{function GetModuleFileNameEx(hProcess: THandle; hModule: HMODULE;
lpFilename: PChar; nSize: DWORD): DWORD;}
if GetModuleFileNameEx(hProcessHandle,0,PChar(@ModuleFileName),SizeOf(ModuleFileName))=0 then continue;
item.SubItems.Text:=ModuleFileName;
CloseHandle(hProcessHandle);
end;
end;
end.
演示工程下载地址:http://excel.5d6d.com/viewthread.php?tid=45&extra=interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, ExtCtrls,TLHelp32,PSAPI, ComCtrls;
type
TForm1 = class(TForm)
Panel1: TPanel;
Panel2: TPanel;
Button1: TButton;
ListView1: TListView;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
var
lpidProcess:Array[0..1024] of DWORD;
cbNeeded:DWORD;
i:Integer;
item:TListItem;
hProcessHandle:DWORD;
ModuleFileName:Array[0..1024] of char;
begin
ListView1.Clear;
{lpidProcess:返回进程ID标识的数组。}
{cb:是进程组数的大小。}
{cbNeeded返回进程数组的大小(单位:字节).}
{返回值:如果函数执行成功,返回True。如果函数执行失败,返回False.}
{function EnumProcesses(lpidProcess: LPDWORD; cb: DWORD; var cbNeeded: DWORD): BOOL;}
{此函数在PSAPI模块}
if not EnumProcesses(LPDWORD(@lpidProcess), SizeOf(lpidProcess),cbNeeded) then begin
ShowMessage('枚举进程失败!');
Abort();
end;
for i:=0 to cbNeeded div SizeOf(DWORD)-1 do begin
{dwDesiredAccess:访问进程的权限}
{bInheritHandle:句柄是否继承进程属性。}
{dwProcessId:进程ID。}
{返回值:函数调用成功将返回一个进程句柄值,否则将返回0}
{注意:在使用完所获得的进程句柄后一定要调用CloseHandle(handle)来关闭进程的句柄。}
{此函数在Windows模块}
{function OpenProcess(dwDesiredAccess: DWORD; bInheritHandle:
BOOL; dwProcessId: DWORD): THandle; stdcall;}
{dwDesiredAccess参数详细说明:
PROCESS_ALL_ACCESS 所有能获得的权限
PROCESS_CREATE_PROCESS 需要创建一个进程
PROCESS_CREATE_THREAD 需要创建一个线程
PROCESS_DUP_HANDLE 重复使用DuplicateHandle句柄
PROCESS_QUERY_INFORMATION 获得进程信息的权限,如它的退出代码、优先级
PROCESS_QUERY_LIMITED_INFORMATION /*获得某些信息的权限,如果获得了
PROCESS_QUERY_INFORMATION,
也拥有PROCESS_QUERY_LIMITED_INFORMATION权限*/
PROCESS_SET_INFORMATION 设置某些信息的权限,如进程优先级
PROCESS_SET_QUOTA 设置内存限制的权限,使用SetProcessWorkingSetSize
PROCESS_SUSPEND_RESUME 暂停或恢复进程的权限
PROCESS_TERMINATE 终止一个进程的权限,使用TerminateProcess
PROCESS_VM_OPERATION 操作进程内存空间的权限(可用VirtualProtectEx和WriteProcessMemory)
PROCESS_VM_READ 读取进程内存空间的权限,可使用ReadProcessMemory
PROCESS_VM_WRITE 读取进程内存空间的权限,可使用WriteProcessMemory
SYNCHRONIZE 等待进程终止
}
hProcessHandle:=OpenProcess(PROCESS_ALL_ACCESS,False,lpidProcess[i]);
if hProcessHandle=0 then continue;
item:=ListView1.Items.Add();
item.Caption:=IntToStr(lpidProcess[i]);
{hProcess:用OpenProcesses函数打开进程返回的句柄}
{HMODULE:hModule是目标模块的句柄(当此参数为0时函数返回的是进程可执行文件的路径)}
{lpFilename:模块名字字符串缓冲区}
{nSize:模块名字字符串缓冲区大小}
{返回值:函数调用成功将返回非0,否则将返回0}
{GetModuleFileNameEx函数功能:获得可执行文件的模块路径}
{此函数在PsAPI模块}
{function GetModuleFileNameEx(hProcess: THandle; hModule: HMODULE;
lpFilename: PChar; nSize: DWORD): DWORD;}
if GetModuleFileNameEx(hProcessHandle,0,PChar(@ModuleFileName),SizeOf(ModuleFileName))=0 then continue;
item.SubItems.Text:=ModuleFileName;
CloseHandle(hProcessHandle);
end;
end;
end.
运行界面:
