unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, psAPI, StdCtrls, TLHelp32, md5;
type
TForm1 = class(TForm)
btn1: TButton;
Label1: TLabel;
edt1: TEdit;
procedure btn1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function EnableDebugPrivilege: Boolean;
function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
var
TP: TOKEN_PRIVILEGES;
Dummy: Cardinal;
begin
TP.PrivilegeCount := 1;
LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);
if bEnable then
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else TP.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy); Result := GetLastError = ERROR_SUCCESS;
end;
var
hToken: Cardinal;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
result := EnablePrivilege(hToken, 'SeDebugPrivilege', True);
CloseHandle(hToken);
end;
procedure FindProcess(Name: string);
var
lppe: TProcessEntry32;
found: boolean;
Hand: THandle;
l_pPMCSize: Cardinal;
l_pPMC: PPROCESS_MEMORY_COUNTERS;
l_nTmpHandle: HWND;
_nMemSize: Cardinal;
ModName: array[0..Max_Path - 1] of Char;
hMod: HModule;
n: DWORD;
XServerName, PathMd5, ExePath: string;
begin
Hand := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); //创建一个进程快照
lppe.dwSize := sizeof(lppe);
found := Process32First(Hand, lppe); //获取第一个进程
while found do
begin
if LowerCase(lppe.szExeFile) = LowerCase(Name) then
begin
l_pPMCSize := SizeOf(PROCESS_MEMORY_COUNTERS);
GetMem(l_pPMC, l_pPMCSize);
try
l_pPMC^.cb := l_pPMCSize;
l_nTmpHandle := OpenProcess(PROCESS_ALL_ACCESS, False, lppe.th32ProcessID);
if (GetProcessMemoryInfo(l_nTmpHandle, l_pPMC, l_pPMCSize)) then
begin
_nMemSize := l_pPMC^.WorkingSetSize;
if (_nMemSize > (100 * 1024 * 1024)) then
begin //大于100M 就要重启PID对应服务名。
try
ENumProcessModules(l_nTmpHandle, @hMod, Sizeof(hMod), n);
ZeroMemory(@ModName, SizeOf(ModName));
if GetModuleFileNameEx(l_nTmpHandle, hMod, ModName, Sizeof(ModName)) > 0 then
begin
ExePath := Trim(ModName); //得到了进程的全路径,下面算出服务名。
/
PathMd5 := RivestStr(UpperCase(ExePath), 0, 32);
XServerName := 'SanSve' + PathMd5; //服务名
WinExec(PChar('net stop ' + XServerName), 0); //停止服务
Sleep(8000);
WinExec(PChar('net start ' + XServerName), 0); //启动服务
Sleep(3000);
/
end;
except
end;
end;
end;
finally
FreeMem(l_pPMC);
end;
end;
found := Process32Next(Hand, lppe);
end;
end;
procedure TForm1.btn1Click(Sender: TObject);
begin
EnableDebugPrivilege; //提权,操作服务进程
FindProcess(edt1.Text);
end;
end.
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, psAPI, StdCtrls, TLHelp32, md5;
type
TForm1 = class(TForm)
btn1: TButton;
Label1: TLabel;
edt1: TEdit;
procedure btn1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function EnableDebugPrivilege: Boolean;
function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
var
TP: TOKEN_PRIVILEGES;
Dummy: Cardinal;
begin
TP.PrivilegeCount := 1;
LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);
if bEnable then
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else TP.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy); Result := GetLastError = ERROR_SUCCESS;
end;
var
hToken: Cardinal;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
result := EnablePrivilege(hToken, 'SeDebugPrivilege', True);
CloseHandle(hToken);
end;
procedure FindProcess(Name: string);
var
lppe: TProcessEntry32;
found: boolean;
Hand: THandle;
l_pPMCSize: Cardinal;
l_pPMC: PPROCESS_MEMORY_COUNTERS;
l_nTmpHandle: HWND;
_nMemSize: Cardinal;
ModName: array[0..Max_Path - 1] of Char;
hMod: HModule;
n: DWORD;
XServerName, PathMd5, ExePath: string;
begin
Hand := CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); //创建一个进程快照
lppe.dwSize := sizeof(lppe);
found := Process32First(Hand, lppe); //获取第一个进程
while found do
begin
if LowerCase(lppe.szExeFile) = LowerCase(Name) then
begin
l_pPMCSize := SizeOf(PROCESS_MEMORY_COUNTERS);
GetMem(l_pPMC, l_pPMCSize);
try
l_pPMC^.cb := l_pPMCSize;
l_nTmpHandle := OpenProcess(PROCESS_ALL_ACCESS, False, lppe.th32ProcessID);
if (GetProcessMemoryInfo(l_nTmpHandle, l_pPMC, l_pPMCSize)) then
begin
_nMemSize := l_pPMC^.WorkingSetSize;
if (_nMemSize > (100 * 1024 * 1024)) then
begin //大于100M 就要重启PID对应服务名。
try
ENumProcessModules(l_nTmpHandle, @hMod, Sizeof(hMod), n);
ZeroMemory(@ModName, SizeOf(ModName));
if GetModuleFileNameEx(l_nTmpHandle, hMod, ModName, Sizeof(ModName)) > 0 then
begin
ExePath := Trim(ModName); //得到了进程的全路径,下面算出服务名。
/
PathMd5 := RivestStr(UpperCase(ExePath), 0, 32);
XServerName := 'SanSve' + PathMd5; //服务名
WinExec(PChar('net stop ' + XServerName), 0); //停止服务
Sleep(8000);
WinExec(PChar('net start ' + XServerName), 0); //启动服务
Sleep(3000);
/
end;
except
end;
end;
end;
finally
FreeMem(l_pPMC);
end;
end;
found := Process32Next(Hand, lppe);
end;
end;
procedure TForm1.btn1Click(Sender: TObject);
begin
EnableDebugPrivilege; //提权,操作服务进程
FindProcess(edt1.Text);
end;
end.
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
