代码如下,如果是获取当前进程的已经可以实现,但是获取别的进程的跟XueTr里面不一致,请教
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, jwaNative, JwaWinType, ComCtrls, TLHelp32;type
TForm1 = class(TForm)
Button1: TButton;
ListBox1: TListBox;
Memo1: TMemo;
Edit1: TEdit;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
procedure GetEProcess(pid: Cardinal);
public
{ Public declarations }
end; TProcessInfo=Record
ExeFileName:String;
ProcessID:DWord;
end; TQuerySystemInformation = class
private
fSysInfo : PVOID;
fSysInfoClass : SYSTEM_INFORMATION_CLASS;
procedure SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
public
constructor Create;
destructor Destroy; override;
function RefreshSysInfo:PVOID; property SysInfo : PVOID read fSysInfo;
property SysInfoClass : SYSTEM_INFORMATION_CLASS read fSysInfoClass write SetSysInfoClass;
end;var
Form1: TForm1;implementation{$R *.dfm}{ TQuerySystemInformation }{******************************************************************************}
constructor TQuerySystemInformation.Create;
begin
fSysInfoClass:=SystemBasicInformation;
end;{******************************************************************************}
destructor TQuerySystemInformation.Destroy;
begin
ReallocMem (fSysInfo, 0);
inherited;
end;{******************************************************************************}
function TQuerySystemInformation.RefreshSysInfo: PVOID;
const
STATUS_INFO_LENGTH_MISMATCH = NTSTATUS($C0000004);
var
rs,res : ULONG;
rv:NTSTATUS;
d:dword ; //fuck delphi
begin
rs := $10000; repeat
ReallocMem (fSysInfo, rs);
rv := NtQuerySystemInformation (fSysInfoClass, fSysInfo, rs, @res);
rs := rs * 2;
until rv <> STATUS_INFO_LENGTH_MISMATCH; if rv <> 0 then
begin
ReallocMem (fSysInfo, 0);
RaiseLastOSError
end; Result := fSysInfo;
end;{******************************************************************************}
procedure TQuerySystemInformation.SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
begin
if aVal <> fSysInfoClass then
begin
fSysInfoClass := aVal;
RefreshSysInfo;
end;
end;procedure TForm1.GetEProcess(pid: Cardinal);
type
HANDLE_INFORMATION = record
count : ULONG;
Handles : array [0..0] of SYSTEM_HANDLE_INFORMATION;
end;
var
FQuery : TQuerySystemInformation;
Info: ^HANDLE_INFORMATION;
I:integer;
hProcess, CPID: THandle;
begin
FQuery := TQuerySystemInformation.Create ;
FQuery.SysInfoClass := SystemHandleInformation;
FQuery.RefreshSysInfo ;
Info := FQuery.SysInfo ;
//EnableDebugPrivilege;
//hProcess := OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, pid);
//CPID := GetCurrentProcessId;
for i:=0 to Info.count -1 do
begin
//采用Button1Click事件中注释部分可以取得EProcess
if (Info.Handles[i].ProcessId = pid) and (Info.Handles[i].ObjectTypeNumber = 5) then
begin
ListBox1.Items.Add( intTohex(Cardinal(Info.Handles[i].Object_ ),8));
Break;
end;
end;
FQuery.Free;
end;function EnableDebugPrivilege: Boolean;
function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
var
TP: TOKEN_PRIVILEGES;
Dummy: Cardinal;
begin
TP.PrivilegeCount := 1;
LookupPrivilegevalue(nil, pchar(PrivName), TP.Privileges[0].Luid);
if bEnable then
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else TP.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);
Result := GetLastError = ERROR_SUCCESS;
end;
var
hToken: Cardinal;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
//if EnablePrivilege(hToken, 'SeDebugPrivilege', True) then ShowMessage('OK');
EnablePrivilege(hToken, 'SeDebugPrivilege', True);
CloseHandle(hToken);
end;procedure TForm1.Button1Click(Sender: TObject);
var
p:TProcessInfo;
OK:Bool;
ProcessListHandle:THandle;
ProcessStruct:TProcessEntry32;
begin
EnableDebugPrivilege;
ProcessListHandle:=CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);
ProcessStruct.dwSize:=SizeOf(ProcessStruct);
OK:=Process32First(ProcessListHandle,ProcessStruct);
while Integer(OK) <> 0 do
begin
p.ExeFileName:=ProcessStruct.szExeFile;
// if p.ExeFileName = 'Project1.exe' then
// begin
// //采用下面方式可以取得本进程的EProcess是正确的
// OpenProcess( PROCESS_ALL_ACCESS,FALSE,GetCurrentProcessId);
// GetEProcess(DWORD(GetCurrentProcessId));
// Break;
// end;
OK:=Process32Next(ProcessListHandle,ProcessStruct);
memo1.lines.add(p.ExeFileName);
end;
closehandle(ProcessListHandle);
end;procedure TForm1.Button2Click(Sender: TObject);
begin
//这样就不行
GetEProcess(DWORD(EDIT1.TEXT));
end;end.
unit Unit1;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, jwaNative, JwaWinType, ComCtrls, TLHelp32;type
TForm1 = class(TForm)
Button1: TButton;
ListBox1: TListBox;
Memo1: TMemo;
Edit1: TEdit;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
procedure GetEProcess(pid: Cardinal);
public
{ Public declarations }
end; TProcessInfo=Record
ExeFileName:String;
ProcessID:DWord;
end; TQuerySystemInformation = class
private
fSysInfo : PVOID;
fSysInfoClass : SYSTEM_INFORMATION_CLASS;
procedure SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
public
constructor Create;
destructor Destroy; override;
function RefreshSysInfo:PVOID; property SysInfo : PVOID read fSysInfo;
property SysInfoClass : SYSTEM_INFORMATION_CLASS read fSysInfoClass write SetSysInfoClass;
end;var
Form1: TForm1;implementation{$R *.dfm}{ TQuerySystemInformation }{******************************************************************************}
constructor TQuerySystemInformation.Create;
begin
fSysInfoClass:=SystemBasicInformation;
end;{******************************************************************************}
destructor TQuerySystemInformation.Destroy;
begin
ReallocMem (fSysInfo, 0);
inherited;
end;{******************************************************************************}
function TQuerySystemInformation.RefreshSysInfo: PVOID;
const
STATUS_INFO_LENGTH_MISMATCH = NTSTATUS($C0000004);
var
rs,res : ULONG;
rv:NTSTATUS;
d:dword ; //fuck delphi
begin
rs := $10000; repeat
ReallocMem (fSysInfo, rs);
rv := NtQuerySystemInformation (fSysInfoClass, fSysInfo, rs, @res);
rs := rs * 2;
until rv <> STATUS_INFO_LENGTH_MISMATCH; if rv <> 0 then
begin
ReallocMem (fSysInfo, 0);
RaiseLastOSError
end; Result := fSysInfo;
end;{******************************************************************************}
procedure TQuerySystemInformation.SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
begin
if aVal <> fSysInfoClass then
begin
fSysInfoClass := aVal;
RefreshSysInfo;
end;
end;procedure TForm1.GetEProcess(pid: Cardinal);
type
HANDLE_INFORMATION = record
count : ULONG;
Handles : array [0..0] of SYSTEM_HANDLE_INFORMATION;
end;
var
FQuery : TQuerySystemInformation;
Info: ^HANDLE_INFORMATION;
I:integer;
hProcess, CPID: THandle;
begin
FQuery := TQuerySystemInformation.Create ;
FQuery.SysInfoClass := SystemHandleInformation;
FQuery.RefreshSysInfo ;
Info := FQuery.SysInfo ;
//EnableDebugPrivilege;
//hProcess := OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, pid);
//CPID := GetCurrentProcessId;
for i:=0 to Info.count -1 do
begin
//采用Button1Click事件中注释部分可以取得EProcess
if (Info.Handles[i].ProcessId = pid) and (Info.Handles[i].ObjectTypeNumber = 5) then
begin
ListBox1.Items.Add( intTohex(Cardinal(Info.Handles[i].Object_ ),8));
Break;
end;
end;
FQuery.Free;
end;function EnableDebugPrivilege: Boolean;
function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
var
TP: TOKEN_PRIVILEGES;
Dummy: Cardinal;
begin
TP.PrivilegeCount := 1;
LookupPrivilegevalue(nil, pchar(PrivName), TP.Privileges[0].Luid);
if bEnable then
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else TP.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);
Result := GetLastError = ERROR_SUCCESS;
end;
var
hToken: Cardinal;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
//if EnablePrivilege(hToken, 'SeDebugPrivilege', True) then ShowMessage('OK');
EnablePrivilege(hToken, 'SeDebugPrivilege', True);
CloseHandle(hToken);
end;procedure TForm1.Button1Click(Sender: TObject);
var
p:TProcessInfo;
OK:Bool;
ProcessListHandle:THandle;
ProcessStruct:TProcessEntry32;
begin
EnableDebugPrivilege;
ProcessListHandle:=CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);
ProcessStruct.dwSize:=SizeOf(ProcessStruct);
OK:=Process32First(ProcessListHandle,ProcessStruct);
while Integer(OK) <> 0 do
begin
p.ExeFileName:=ProcessStruct.szExeFile;
// if p.ExeFileName = 'Project1.exe' then
// begin
// //采用下面方式可以取得本进程的EProcess是正确的
// OpenProcess( PROCESS_ALL_ACCESS,FALSE,GetCurrentProcessId);
// GetEProcess(DWORD(GetCurrentProcessId));
// Break;
// end;
OK:=Process32Next(ProcessListHandle,ProcessStruct);
memo1.lines.add(p.ExeFileName);
end;
closehandle(ProcessListHandle);
end;procedure TForm1.Button2Click(Sender: TObject);
begin
//这样就不行
GetEProcess(DWORD(EDIT1.TEXT));
end;end.
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货