简易枚举进程模块信息演示

最新推荐文章于 2023-05-23 09:20:34 发布

seagull327

最新推荐文章于 2023-05-23 09:20:34 发布

阅读量721

点赞数

分类专栏：进程模块线程指针函数 ListView 文章标签： integer module action

本文链接：https://blog.csdn.net/haiou327/article/details/6686174

版权

指针函数同时被 3 个专栏收录

23 篇文章 0 订阅

订阅专栏

进程模块线程

21 篇文章 1 订阅

订阅专栏

ListView

12 篇文章 0 订阅

订阅专栏

将上例数组改成用指针存放模块信息演示

uses
  TlHelp32;
var
  PidL: TStringList;                   //存放PID列表              [全局]
  EntryL: Tlist;                       //存放模块信息的指针列表   [全局]
  Pem: ^TModuleEntry32;                //存放模块信息指针         [全局]

procedure EnumProcess(PidList: TStringList);
var
  hProc: THandle;
  isFind: Boolean;
  ProcEntry: TProcessEntry32;
begin
  try
    hProc := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
    ProcEntry.dwSize := SizeOf(ProcEntry);
    isFind := Process32First(hProc, ProcEntry);
    while isFind do
    begin
      Form1.cbb1.Items.Add(ProcEntry.szExeFile);
      PidList.Add(IntToStr(ProcEntry.th32ProcessID));
      isFind := Process32Next(hProc, ProcEntry);
    end;
    Form1.cbb1.ItemIndex := 0;
  finally
    CloseHandle(hProc);
  end;
end;

procedure EnumModele(Pid: DWORD);
var
  hMode: THandle;
  ModeEntry: TModuleEntry32;
  canFind: Boolean;
begin
  try
    hMode := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, Pid);
    ModeEntry.dwSize := SizeOf(ModeEntry);
    canFind := Module32First(hMode, ModeEntry);
    EntryL := TList.Create;
    while canFind do
    begin
      New(Pem);
      Pem^ := ModeEntry;
      EntryL.Add(Pem);
      Form1.lst1.Items.Add(Pem^.szExePath);
      canFind := Module32Next(hMode, ModeEntry);
    end;
  finally
    CloseHandle(hMode);
  end;
end;

procedure TForm1.FormCreate(Sender: TObject);
begin
  PidL := TStringList.Create;
  PidL.Clear;
  EnumProcess(PidL);
end;

procedure TForm1.cbb1Click(Sender: TObject);
var
  i, Pid: DWORD;
begin
  if cbb1.ItemIndex <> -1 then
  begin
    lst1.Clear;
    i := cbb1.ItemIndex;
    Pid := StrToInt(Pidl[i]);
    EnumModele(Pid);
  end;
end;

procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
  Dispose(Pem);               //释放存放TModuleEntry32指针
  Pem:=Nil;
  FreeAndNil(EntryL);         //释放存放TModuleEntry32指针列表
  FreeAndNil(Pidl);           //释放存放Pid列表
end;

procedure TForm1.lst1Click(Sender: TObject);
var
  i, t: Integer;
  item: TListItem;
begin
  lv1.Clear;
  t := 1;
  if lst1.Items[lst1.ItemIndex] <> '' then
    for i := 0 to EntryL.Count - 1 do
    begin
      Pem := EntryL[i];
      if SameText(lst1.Items[lst1.ItemIndex], Pem.szExePath) then
      begin
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add('模块名称     ：'+pem.szModule);
        inc(t);
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add('模块         ID：'+inttostr(Pem.th32ModuleID));
        inc(t);
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add('模块大小     ：'+inttostr(Pem.dwSize));
        Inc(t);
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add('全局使用数 ：'+inttostr(Pem.GlblcntUsage));
        inc(t);
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add('进程使用数 ：'+inttostr(Pem.ProccntUsage));
        inc(t);
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add('所属进程 ID：'+inttostr(Pem.th32ProcessID));
        inc(t);
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add(format('模块基址     ：%.8x',[Integer(Pem.modBaseAddr)]));
        inc(t);
        item := lv1.Items.Add;
        item.Caption := IntToStr(T);
        item.SubItems.Add(format('模块句柄     ：%.8x',[Pem.hModule]));
      end;
    end;
end;