关闭

自己动手写进程管理器

1600人阅读 评论(1) 收藏 举报

    机器好久没装过杀毒软件了,前几天发现机器中了不少以DLL注入方式加载的垃圾插件,载个木马克星,能查到内存存在哪些垃圾DLL,可没说出在哪个进程,也不会帮你释放掉,于是再到网上载了个能浏览已加载模块的进程管理器(WINDOWS自带进程管理器没这功能),但没有查找DLL所在进程的功能,搞得还得手动遂个进程的查找,好麻烦。。算了,还是自己写个支持查找模块功能的。。代码写得很烂,还有很多多余的垃圾代码,还请各位高手指点。。代码参考于网上资料,VERINFO单元来源网上..

下载地址:http://www.unieasy.com/software/process.rar

process

{===========================
    Lanyus
    QQ:231221
    Email:greathjw#163.com
============================}

========类单元========

unit ProcessInfoClass;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ExtCtrls, Buttons, ComCtrls, TlHelp32, ShellAPI, StdCtrls, VerInfo;

const
VerStr: array[1..9] of string = (
    'ProductName',
    'ProductVersion',
    'FileDescription',
    'LegalCopyright',
    'FileVersion',
    'CompanyName',
    'LegalTradeMarks',
    'InternalName',
    'OriginalFileName'
  );

Type
EFException = class(Exception);

TFileInfo = Record
     viCompanyName,
     viFileDescription,
     viFileVersion,
     viInternalName,
     viLegalCopyright,
     viLegalTrademarks,
     viOriginalFilename,
     viProductName,
     viProductVersion,
     viComments: string;
     viOperatingSystem,
     viCreationTime,
     viLastAccessTime,
     viLastWriteTime,
     viAttrib,
     viSize:string;
end;

Type
  TProcessInfo = class
  private
    FProcessCount : Integer;
    FModuleCount  : Integer;
    FAssignFile   : String;
    FErrMsg       : String;
    Procedure IniLV(LV:Tlistview);
    procedure AddListViewItem(const aCaption, aValue: String; LV: TListView);
  public
    FFileInfo : TFileInfo;
    property ProcessCount: Integer Read FProcessCount Write FProcessCount Default 0;
    property ModuleCount: Integer Read FModuleCount Write FModuleCount Default 0;
    property AssignFile: String Read FAssignFile Write FAssignFile;
    property ErrMsg: String Read FErrMsg;
  public
    Procedure ShowProcess(LV:TListView);
    Procedure ShowModules(ProcessID:THandle; LV:TListView);
   // Procedure ShowMemModules(LV:TListView);
    Function AdjustProcessPrivilege:boolean;
    Function KillProcess(ProcessID:THandle):boolean;
    Function KillModule(ModuleName:Pchar):boolean;
    Procedure GetFileVerInfo(FileName:String; LV:TListView);
    Procedure FindModules(ModuleName:string);
  end;

implementation

procedure TProcessInfo.AddListViewItem(const aCaption, aValue: String; LV: TListView);
var
  NItem: TListItem;
begin
  NItem := LV.Items.Add;
  NItem.Caption := aCaption;
  NItem.SubItems.Add(aValue);
end;

procedure TProcessInfo.GetFileVerInfo(FileName: string; LV: TlistView);
var
  VerString: String;
  i: integer;
  sFFlags: String;
  VerInfoREs: TVerInfoRes;
  NColumn:TlistColumn;
  FI: TByHandleFileInformation;
  OFI: TOFStruct;
  FH: THandle;
  SysTime : TSystemTime;
  LocalFileTime : TFileTime;
begin
  if not FileExists(FileName) then raise EFException.Create(FileName+' 文件不存在');
  VerInfoRes := TVerInfoRes.Create(FileName);
  if LV <> nil then
  begin
    IniLV(LV);
    for i:=1 to 2 do
    begin
      NColumn:= LV.Columns.Add;
      Ncolumn.Width:= 280;
      case i of
        1: begin
            Ncolumn.Caption:= '关键字';
            Ncolumn.Width:= 90;
           end;
        2: Ncolumn.Caption:= '值';
      end;
    end;
  end;
  for i := ord(viCompanyName) to ord(viComments) do
  begin
    VerString := VerInfoRes.GetPreDefKeyString(TVerInfoType(i));
    if VerString <> '' then
    begin
      if LV <> nil then
        AddListViewItem(VerNameArrayCN[TVerInfoType(i)], VerString,LV);
      case i of
        ord(viCompanyName)   : FFileInfo.viCompanyName:= VerString;
        ord(viCompanyName)+1 : FFileInfo.viFileDescription:= VerString;
        ord(viCompanyName)+2 : FFileInfo.viFileVersion:= VerString;
        ord(viCompanyName)+3 : FFileInfo.viInternalName:= VerString;
        ord(viCompanyName)+4 : FFileInfo.viLegalCopyright:= VerString;
        ord(viCompanyName)+5 : FFileInfo.viLegalTrademarks:= VerString;
        ord(viCompanyName)+6 : FFileInfo.viOriginalFilename:= VerString;
        ord(viCompanyName)+7 : FFileInfo.viProductName:= VerString;
        ord(viCompanyName)+8 : FFileInfo.viProductVersion:= VerString;
        ord(viCompanyName)+9 : FFileInfo.viComments:= VerString;
      end;    
    end;
  end;
  if LV <> nil then
    AddListViewItem('操作系统', VerINfoRes.FileOS,LV);
  FFileInfo.viOperatingSystem:= VerINfoRes.FileOS;
  VerInfoRes.free;
  FH:= OpenFile(Pchar(FileName),OFI,of_read);
  GetFileInformationByHandle(FH, FI);
  FileTimeToLocalFileTime(FI.ftCreationTime,LocalFileTime);
  FileTimeToSystemTime(LocalFileTime,SysTime);
  if LV <> nil then
    AddListViewItem('创建时间', datetimetostr(systemtimetodatetime(SysTime)),LV);
  FFileInfo.viCreationTime:= datetimetostr(systemtimetodatetime(SysTime));
  //VerINfoRes.
  FileTimeToLocalFileTime(FI.ftLastAccessTime,LocalFileTime);
  FileTimeToSystemTime(LocalFileTime,SysTime);
  if LV <> nil then
    AddListViewItem('最后访问时间', datetimetostr(systemtimetodatetime(SysTime)),LV);
  FFileInfo.viLastAccessTime:= datetimetostr(systemtimetodatetime(SysTime));
  FileTimeToLocalFileTime(FI.ftLastWriteTime,LocalFileTime);
  FileTimeToSystemTime(LocalFileTime,SysTime);
  if LV <> nil then
    AddListViewItem('最后修改时间', datetimetostr(systemtimetodatetime(SysTime)),LV);
  FFileInfo.viLastWriteTime:= datetimetostr(systemtimetodatetime(SysTime));
  if LV <> nil then
    AddListViewItem('文件属性',IntToStr(Fi.dwFileAttributes),LV);
  FFileInfo.viAttrib:= IntToStr(Fi.dwFileAttributes);
  if LV <> nil then
    AddListViewItem('文件大小',FloatToStr((FI.nFileSizeHigh+FI.nFileSizeLow)/1000)+' K',LV);
  FFileInfo.viSize:= FloatToStr((FI.nFileSizeHigh+FI.nFileSizeLow)/1000)+' K';
  closeHandle(FH);
end;

Procedure TProcessInfo.IniLV(LV:Tlistview);
begin
  LV.Columns.Clear;
  LV.Items.Clear;
  LV.GridLines := True;
  LV.ViewStyle := vsReport;
  LV.RowSelect := True;
end;

Procedure TProcessInfo.ShowProcess(LV:TListView);
var
  i:integer;
  Pover: Boolean;
  ProcessListHandle: THandle;
  PStruct: TProcessEntry32;
  CNew : TListColumn;
  PNew : TListitem;
begin
  IniLV(LV);
  FProcessCount:= 0;
  for i:=0 to 7 do
  begin
    CNew := LV.Columns.Add;
    cNew.Width := 100;
    case i of
      0 : CNew.Caption := '进程';
      1 : CNew.Caption := '进程ID';
      2 : CNew.Caption := '线程数';
      3 : CNew.Caption := '进程引用计数';
      4 : CNew.Caption := '进程默认堆ID';
      5 : CNew.Caption := '进程模块ID';
      6 : CNew.Caption := '父进程ID';
      7 : CNew.Caption := '线程优先权';
    end;
  end;
  ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  PStruct.dwSize := Sizeof(PStruct);
  Pover := Process32First(ProcessListHandle, PStruct);
  while Pover do
  begin
    inc(FProcessCount);
    PNew := LV.Items.Add;
    PNew.Caption := PStruct.szExeFile;
    PNew.SubItems.Add(IntToStr(PStruct.th32ProcessID));
    PNew.SubItems.Add(IntToStr(PStruct.cntThreads));
    PNew.SubItems.Add(IntToStr(PStruct.cntUsage));
    PNew.SubItems.Add(IntToStr(PStruct.th32DefaultHeapID));
    PNew.SubItems.Add(IntToStr(PStruct.th32ModuleID));
    PNew.SubItems.Add(IntToStr(PStruct.th32ParentProcessID));
    PNew.SubItems.Add(IntToStr(PStruct.pcPriClassBase));
    Pover := Process32Next(ProcessListHandle, PStruct);
  end;
  CloseHandle(ProcessListHandle);
end;

Procedure TProcessInfo.ShowModules(ProcessID:THandle; LV:TListView);
var
  i:integer;
  Pover: Boolean;
  MListHandle: THandle;
  MStruct: TModuleEntry32;
  CNew : TListColumn;
  PNew : TListitem;
begin
  IniLV(LV);
  ModuleCount:= 0;
  for i:=0 to 8 do
  begin
    CNew := LV.Columns.Add;
    case i of
      0 : begin
            CNew.Width := 80;
            CNew.Caption := '模块';
          end;
      1 : begin
            CNew.Width := 60;
            CNew.Caption := '进程ID';
          end;
      2 : begin
            CNew.Width := 230;
            CNew.Caption := '映像路径';
          end;
      3 : begin
            CNew.Width := 120;
            CNew.Caption:= '公司名称';
          end;
      4 : begin
            CNew.Width := 110;
            CNew.Caption:= '创建时间';
          end;
      5 : begin
            CNew.Width := 110;
            CNew.Caption:= '最后修改时间';
          end;
      6 : begin
            CNew.Width := 70;
            CNew.Caption:= '文件属性';
          end;
      7 : begin
            CNew.Width := 70;
            CNew.Caption:= '文件大小';
          end;
      8 : begin
            CNew.Width := 100;
            CNew.Caption:= '全局引用计数';
          end;
    end;
  end;
  MListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPMODULE, ProcessID);
  MStruct.dwSize := Sizeof(MStruct);
  Pover := Module32First(MListHandle, MStruct);
  while Pover do
  begin
    inc(FModuleCount);
    PNew := LV.Items.Add;
    PNew.Caption := MStruct.szModule;
    //PNew.SubItems.Add(IntToStr(MStruct.th32ModuleID));
    PNew.SubItems.Add(IntToStr(MStruct.th32ProcessID));
    PNew.SubItems.Add(MStruct.szExePath);
    try
      GetFileVerInfo(MStruct.szExePath,nil);
      PNew.SubItems.Add(FFileInfo.viCompanyName);
      PNew.SubItems.Add(FFileInfo.viCreationTime);
      PNew.SubItems.Add(FFileInfo.viLastWriteTime);
      PNew.SubItems.Add(FFileInfo.viAttrib);
      PNew.SubItems.Add(FFileInfo.viSize);
      PNew.SubItems.Add(IntToStr(MStruct.GlblcntUsage));
    except
    end;
    Pover := Module32Next(MListHandle, MStruct);
  end;
  CloseHandle(MListHandle);
end;

Function TProcessInfo.AdjustProcessPrivilege:boolean;
var
Token:Cardinal;   
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest:int64; 
l:DWORD;
begin
  Result:=False;
  if OpenProcessToken(GetCurrentProcess,TOKEN_Adjust_Privileges,Token) then
  begin
    if LookupPrivilegeValue(nil,'SeDebugPrivilege',ProcessDest) then   //SeDebugPrivilege
    begin
      TokenPri.PrivilegeCount:=1;
      TokenPri.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
      TokenPri.Privileges[0].Luid:=ProcessDest;
      l:=0;
      if AdjustTokenPrivileges(Token,False,TokenPri,sizeof(TokenPri),nil,l) then
        Result:=True;
    end;
  end;
end;
procedure TProcessInfo.FindModules(ModuleName:string);
var
  i:integer;
  Pover: Boolean;
  ProcessListHandle: THandle;
  PStruct: TProcessEntry32;
  Mover: Boolean;
  MListHandle: THandle;
  MStruct: TModuleEntry32;
  ProcessName: string;
  UseCount: integer;
begin
  UseCount:= 0;
  ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
  PStruct.dwSize := Sizeof(PStruct);
  Pover := Process32First(ProcessListHandle, PStruct);
  while Pover do
  begin
   // PNew.Caption := PStruct.szExeFile;
    //if PStruct.th32ProcessID = 0 then continue;
    MListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPMODULE, PStruct.th32ProcessID);
    MStruct.dwSize := Sizeof(MStruct);
    Mover := Module32First(MListHandle, MStruct);
    ProcessName:= MStruct.szExePath;
    while Mover do
    begin
      if (UpperCase(ModuleName) = UpperCase(MStruct.szModule)) or
          (pos(UpperCase(ModuleName),UpperCase(MStruct.szExePath))>0) then
      begin
         MessageBox(0,Pchar('在进程 '+ProcessName+' 发现模块 '+MStruct.szModule
              +#13#10+'进程ID为 '+IntToStr(PStruct.th32ProcessID)),'提示',mb_OK+mb_IconInformation);
         inc(UseCount);
      end;
      Mover := Module32Next(MListHandle, MStruct);
    end;
    CloseHandle(MListHandle);
    Pover := Process32Next(ProcessListHandle, PStruct);
  end;
  CloseHandle(ProcessListHandle);
  MessageBox(0,Pchar('查找完毕'+#13#10+'使用该模块进程数 '+IntToStr(UseCount)),'提示',mb_OK+mb_IconInformation);
end;

Function TProcessInfo.KillProcess(ProcessID:THandle):boolean;
var
  PHnd : Thandle;
begin
  PHnd := OpenProcess(PROCESS_ALL_ACCESS ,False,ProcessID);
  result := TerminateProcess(PHnd,0);
end;

Function TProcessInfo.KillModule(ModuleName:Pchar):boolean;
var
  MHnd : Thandle;
begin
 // MHnd := OpenProcess(PROCESS_ALL_ACCESS ,False,ProcessID);
  MHnd := GetModuleHandle(ModuleName);//LoadLibrary(ModuleName);//
  showmessage(ModuleName+'  '+inttostr(mhnd));
 // result := FreeLibrary(MHnd);
end;

end.

===============VERINFO.PAS本单元来源于网上=======

unit VerInfo;

interface

uses SysUtils, WinTypes, Dialogs, Classes;

type
  { define a generic exception class for version info, and an exception
    to indicate that no version info is available. }
  EVerInfoError   = class(Exception);
  ENoVerInfoError = class(Exception);
  eNoFixeVerInfo  = class(Exception);

  // define enum type representing different types of version info
  TVerInfoType =
    (viCompanyName,
     viFileDescription,
     viFileVersion,
     viInternalName,
     viLegalCopyright,
     viLegalTrademarks,
     viOriginalFilename,
     viProductName,
     viProductVersion,
     viComments);

const

  // define an array constant of strings representing the pre-defined
  // version information keys.
  VerNameArray: array[viCompanyName..viComments] of String[20] =
  ('CompanyName',
   'FileDescription',
   'FileVersion',
   'InternalName',
   'LegalCopyright',
   'LegalTrademarks',
   'OriginalFilename',
   'ProductName',
   'ProductVersion',
   'Comments');

  VerNameArrayCN: array[viCompanyName..viComments] of String[20] =
  ('公司名称',
   '文件描述',
   '文件版本',
   '内部名称',
   '合法版权',
   '合法商标',
   '源文件名',
   '产品名称',
   '产品版本',
   '备注');

type

  // Define the version info class
  TVerInfoRes = class
  private
    Handle            : DWord;
    Size              : Integer;
    RezBuffer         : String;
    TransTable        : PLongint;
    FixedFileInfoBuf  : PVSFixedFileInfo;
    FFileFlags        : TStringList;
    FFileName         : String;
    procedure FillFixedFileInfoBuf;
    procedure FillFileVersionInfo;
    procedure FillFileMaskInfo;
  protected
    function GetFileVersion   : String;
    function GetProductVersion: String;
    function GetFileOS        : String;
  public
    constructor Create(AFileName: String);
    destructor Destroy; override;
    function GetPreDefKeyString(AVerKind: TVerInfoType): String;
    function GetUserDefKeyString(AKey: String): String;
    property FileVersion    : String read GetFileVersion;
    property ProductVersion : String read GetProductVersion;
    property FileFlags      : TStringList read FFileFlags;
    property FileOS         : String read GetFileOS;
  end;

implementation

uses Windows;

const
  // strings that must be fed to VerQueryValue() function
  SFInfo                = '/StringFileInfo/';
  VerTranslation: PChar = '/VarFileInfo/Translation';
  FormatStr             = '%s%.4x%.4x/%s%s';


constructor TVerInfoRes.Create(AFileName: String);
begin
  FFileName := aFileName;
  FFileFlags := TStringList.Create;
  // Get the file version information
  FillFileVersionInfo;
  //Get the fixed file info
  FillFixedFileInfoBuf;
  // Get the file mask values
  FillFileMaskInfo;
end;


destructor TVerInfoRes.Destroy;
begin
  FFileFlags.Free;
end;

procedure TVerInfoRes.FillFileVersionInfo;
var
  SBSize: UInt;
begin
  // Determine size of version information
  Size := GetFileVersionInfoSize(PChar(FFileName), Handle);
  if Size <= 0 then { raise exception if size <= 0 }
raise ENoVerInfoError.Create('No Version Info Available.');

// Set the length accordingly
SetLength(RezBuffer, Size);
// Fill the buffer with version information, raise exception on error
if not GetFileVersionInfo(PChar(FFileName), Handle, Size, PChar(RezBuffer)) then
raise EVerInfoError.Create('Cannot obtain version info.');

// Get translation info, raise exception on error
if not VerQueryValue(PChar(RezBuffer), VerTranslation, pointer(TransTable),
SBSize) then
raise EVerInfoError.Create('No language info.');
end;

procedure TVerInfoRes.FillFixedFileInfoBuf;
var
Size: Cardinal;
begin
if VerQueryValue(PChar(RezBuffer), '/', Pointer(FixedFileInfoBuf), Size) then begin
if Size < SizeOf(TVSFixedFileInfo) then
raise eNoFixeVerInfo.Create('No fixed file info');
end
else
raise eNoFixeVerInfo.Create('No fixed file info')
end;

procedure TVerInfoRes.FillFileMaskInfo;
begin
with FixedFileInfoBuf^ do begin
if (dwFileFlagsMask and dwFileFlags and VS_FF_PRERELEASE) <> 0then
      FFileFlags.Add('Pre-release');
    if (dwFileFlagsMask and dwFileFlags and VS_FF_PRIVATEBUILD) <> 0 then
      FFileFlags.Add('Private build');
    if (dwFileFlagsMask and dwFileFlags and VS_FF_SPECIALBUILD) <> 0 then
      FFileFlags.Add('Special build');
    if (dwFileFlagsMask and dwFileFlags and VS_FF_DEBUG) <> 0 then
      FFileFlags.Add('Debug');
  end;
end;

function TVerInfoRes.GetPreDefKeyString(AVerKind: TVerInfoType): String;
var
  P: PChar;
  S: UInt;
begin
  Result := Format(FormatStr, [SfInfo, LoWord(TransTable^),HiWord(TransTable^),
    VerNameArray[aVerKind], #0]);
  // get and return version query info, return empty string on error
  if VerQueryValue(PChar(RezBuffer), @Result[1], Pointer(P), S) then
    Result := StrPas(P)
  else
    Result := '';
end;

function TVerInfoRes.GetUserDefKeyString(AKey: String): String;
var
  P: Pchar;
  S: UInt;
begin
  Result := Format(FormatStr, [SfInfo, LoWord(TransTable^),HiWord(TransTable^),
    aKey, #0]);
  // get and return version query info, return empty string on error
  if VerQueryValue(PChar(RezBuffer), @Result[1], Pointer(P), S) then
    Result := StrPas(P)
  else
    Result := '';
end;


function VersionString(Ms, Ls: Longint): String;
begin
  Result := Format('%d.%d.%d.%d', [HIWORD(Ms), LOWORD(Ms),
     HIWORD(Ls), LOWORD(Ls)]);
end;

function TVerInfoRes.GetFileVersion: String;
begin
  with FixedFileInfoBuf^ do
    Result := VersionString(dwFileVersionMS, dwFileVersionLS);
end;

function TVerInfoRes.GetProductVersion: String;
begin
  with FixedFileInfoBuf^ do
    Result := VersionString(dwProductVersionMS, dwProductVersionLS);
end;

function TVerInfoRes.GetFileOS: String;
begin
  with FixedFileInfoBuf^ do
    case dwFileOS of
      VOS_UNKNOWN:  // Same as VOS__BASE
        Result := 'Unknown';
      VOS_DOS:
        Result := 'Designed for MS-DOS';
      VOS_OS216:
        Result := 'Designed for 16-bit OS/2';
      VOS_OS232:
        Result := 'Designed for 32-bit OS/2';
      VOS_NT:
        Result := 'Designed for Windows NT';


      VOS__WINDOWS16:
        Result := 'Designed for 16-bit Windows';
      VOS__PM16:
        Result := 'Designed for 16-bit PM';
      VOS__PM32:
        Result := 'Designed for 32-bit PM';
      VOS__WINDOWS32:
        Result := 'Designed for 32-bit Windows';

      VOS_DOS_WINDOWS16:
        Result := 'Designed for 16-bit Windows, running on MS-DOS';
      VOS_DOS_WINDOWS32:
        Result := 'Designed for Win32 API, running on MS-DOS';
      VOS_OS216_PM16:
        Result := 'Designed for 16-bit PM, running on 16-bit OS/2';
      VOS_OS232_PM32:
        Result := 'Designed for 32-bit PM, running on 32-bit OS/2';
      VOS_NT_WINDOWS32:
        Result := 'Designed for Win32 API, running on Windows/NT';
    else
      Result := 'Unknown';
    end;
end;
end.

==============界面单元==============

unit UtMain;

interface

uses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, ExtCtrls, Buttons, ComCtrls, TlHelp32, ShellAPI, StdCtrls, ProcessInfoClass,
  Menus, WinTypes;

type
  TFmMain = class(TForm)
    ppmProcess: TPopupMenu;
    N1: TMenuItem;
    ppmModule: TPopupMenu;
    N2: TMenuItem;
    pnlTop: TPanel;
    Panel2: TPanel;
    pnlTool: TPanel;
    spbProcess: TSpeedButton;
    spbPort: TSpeedButton;
    spbService: TSpeedButton;
    nbkMain: TNotebook;
    Splitter1: TSplitter;
    pnlProcess: TPanel;
    LVProcess: TListView;
    pnlModule: TPanel;
    LVModule: TListView;
    nbkTop: TNotebook;
    Label1: TLabel;
    lbProcessCount: TLabel;
    Label3: TLabel;
    lbModuleCount: TLabel;
    Label2: TLabel;
    spbCheckDLL: TSpeedButton;
    Label4: TLabel;
    Panel1: TPanel;
    Splitter2: TSplitter;
    Panel3: TPanel;
    LVAllModule: TListView;
    BitBtn1: TBitBtn;
    N7: TMenuItem;
    N8: TMenuItem;
    spbAbout: TSpeedButton;
    N3: TMenuItem;
    N4: TMenuItem;
    procedure spbProcessClick(Sender: TObject);
    procedure LVProcessClick(Sender: TObject);
    procedure FormShow(Sender: TObject);
    procedure FormClose(Sender: TObject; var Action: TCloseAction);
    procedure N1Click(Sender: TObject);
    procedure N2Click(Sender: TObject);
    procedure N4Click(Sender: TObject);
    procedure spbCheckDLLClick(Sender: TObject);
    procedure nbkMainPageChanged(Sender: TObject);
    procedure spbServiceClick(Sender: TObject);
    procedure LVModuleDblClick(Sender: TObject);
    procedure spbAboutClick(Sender: TObject);
    procedure FormResize(Sender: TObject);
    procedure N3Click(Sender: TObject);
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  FmMain: TFmMain;
  P : TProcessInfo;

implementation

uses UtAbout, UtFileInfo;

{$R *.dfm}

procedure TFmMain.spbProcessClick(Sender: TObject);
begin
  nbkMain.PageIndex:= 0;
  P.ShowProcess(LVProcess);
  lbProcessCount.Caption:= IntToStr(P.ProcessCount);
end;

procedure TFmMain.LVProcessClick(Sender: TObject);
begin
  if LVProcess.Selected= nil then exit;
  P.ShowModules(StrToInt(Trim(LVProcess.Selected.SubItems.Strings[0])),LVModule);
  lbModuleCount.Caption:= IntToStr(P.ModuleCount);
end;

procedure TFmMain.FormShow(Sender: TObject);
begin
  P := TProcessInfo.Create;   // FILE_ATTRIBUTE_HIDDEN
  if not P.AdjustProcessPrivilege then showmessage('提升进程权限失败');
  spbAbout.Left := FmMain.Width-100;
  spbProcessClick(Sender);
  P.ShowModules(0,LVModule);
  lbModuleCount.Caption:= IntToStr(P.ModuleCount);
end;

procedure TFmMain.FormClose(Sender: TObject; var Action: TCloseAction);
begin
  P.Free;
end;

procedure TFmMain.N1Click(Sender: TObject);
begin
  if LVProcess.Selected <> nil then
  begin
    if MessageBox(handle,Pchar('确定要结束 '+LVProcess.Selected.Caption+' 吗'),'提示',mb_YESNO+mb_IconQuestion)=idNO then exit;
    if P.KillProcess(StrToInt(LVProcess.Selected.SubItems.Strings[0])) then
      LVProcess.Selected.Delete
    else
    begin
      Winexec(Pchar('ntsd -c q -p '+LVProcess.Selected.SubItems.Strings[0]),SW_Hide);
      showmessage('不能确定是否已结束,请刷新检查');
    end;
  end;
end;

procedure TFmMain.N2Click(Sender: TObject);
begin
  if LVModule.Selected <> nil then
    if P.KillModule(Pchar(LVModule.Selected.SubItems.Strings[1])) then
      LVModule.Selected.Delete;
end;

procedure TFmMain.N4Click(Sender: TObject);
begin
   N3Click(Sender);
end;

procedure TFmMain.spbCheckDLLClick(Sender: TObject);
begin
  //nbkMain.PageIndex:= 1;
  //P.ShowMemModules(LVAllModule);
end;

procedure TFmMain.nbkMainPageChanged(Sender: TObject);
begin
  nbkTop.PageIndex:= nbkMain.PageIndex;
end;

procedure TFmMain.LVModuleDblClick(Sender: TObject);
begin
  if LVModule.Selected= nil then exit;
  Application.CreateForm(TFmFileInfo,FmFileInfo);
  FmFileInfo.fileName:= LVModule.Selected.SubItems.Strings[1];
  FmFileInfo.ShowModal;
end;

procedure TFmMain.spbAboutClick(Sender: TObject);
begin
 FmAbout.showmodal;
end;

procedure TFmMain.FormResize(Sender: TObject);
begin
  spbAbout.Left := FmMain.Width-100;
end;

procedure TFmMain.N3Click(Sender: TObject);
var
  ModuleName: string;
begin
  ModuleName:= InputBox('查找','请输入要查找的DLL名称','');
  if Trim(ModuleName)='' then exit;
  P.FindModules(ModuleName);
end;

end.

0
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:235227次
    • 积分:3719
    • 等级:
    • 排名:第8637名
    • 原创:131篇
    • 转载:18篇
    • 译文:0篇
    • 评论:117条
    最新评论