uses
TlHelp32;
var
ModuArr: array of TModuleEntry32; //用来装载TModuleEntry32模块信息
PidList: TStrings;
count: DWORD;
function GetProcessPid: TStrings; //引声获取进程PID
var
Pname: string;
hProc: THandle;
isFind: Boolean;
Proc: TProcessEntry32;
Pid: DWORD;
begin
try
Result := TStringList.Create;
hProc := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
Proc.dwSize := SizeOf(Proc);
isFind := Process32First(hProc, Proc);
while isFind do
begin
Pname := string(Proc.szExeFile);
Form1.cbb1.Items.Add(Pname);
Pid := Proc.th32ProcessID;
Result.Add(IntToStr(Pid));
isFind := Process32Next(hProc, Proc);
end;
Form1.cbb1.ItemIndex := 0;
finally
CloseHandle(hProc);
end
end;
procedure GetProcessModule(Pid: dword); //声明根据进程PID获取模块信息
var
hPm: THandle;
Pm: TModuleEntry32;
canFind: Boolean;
j: DWORD;
begin
try
hPm := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, Pid);
Pm.dwSize := SizeOf(Pm);
canFind := Module32First(hPm, Pm);
j := 0;
while canFind do
begin
SetLength(ModuArr, j + 1);
ModuArr[j] := Pm;
Form1.lst1.Items.Add(pm.szExePath);
canFind := Module32Next(hPm, Pm);
inc(j);
end;
finally
CloseHandle(hPm);
end;
end;
procedure TForm1.FormCreate(Sender: TObject);
begin
PidList := TStringList.Create;
PidList.Clear;
PidList := GetProcessPid;
end;
procedure TForm1.cbb1Click(Sender: TObject);
var
Pid, i: DWORD;
begin
lst1.Clear;
Pid := StrToInt(PidList[cbb1.ItemIndex]);
count := cbb1.ItemIndex;
GetProcessModule(Pid);
end;
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
FreeAndNil(PidList);
end;
procedure TForm1.lst1Click(Sender: TObject);
var
i: integer;
begin
lst2.Clear;
if lst1.Items[lst1.ItemIndex] <> '' then
for i := 0 to Length(ModuArr) - 1 do
if SameText(lst1.Items[lst1.ItemIndex], ModuArr[i].szExePath) then
begin
lst2.Items.Add('模块名称 :' + moduarr[i].szModule);
lst2.Items.Add('模块 ID:' + inttostr(moduarr[i].th32ModuleID));
lst2.Items.Add('所属进程 ID:' + inttostr(moduarr[i].th32ProcessID));
lst2.Items.Add('进程使用数 :' + inttostr(moduarr[i].ProccntUsage));
lst2.Items.Add('全局使用数 :' + inttostr(moduarr[i].GlblcntUsage));
lst2.Items.Add('进程大小 :' + inttostr(moduarr[i].dwSize));
lst2.Items.Add(format('模块大小 :%.8x', [moduarr[i].modBaseSize]));
lst2.Items.Add(Format('模块句柄 :%.8x', [moduarr[i].hModule]));
lst2.Items.Add(format('模块基地址:%.8x', [integer(moduarr[i].modBaseAddr)]));
end;
end;
自制简易获取系统进程模块信息
最新推荐文章于 2021-12-29 17:54:19 发布