呵呵 知道这里高手多 所以来问了,我看了一个上午实在没琢磨出来
解决方案 »
- Delphi 中如何刷新DBGrid!!!
- adodataset进行batch显示删除数据时出错fgPredicate
- 对象打开时不许操作(COM+)??急
- 非常简单的pageControl问题
- delphi人士和使用过Tomcat的高手请进来指点迷津。没用过的也请搬个板凳进来一起学习(听课有分共120分)。
- 我想学 DELPHI 我要拜师父~~~~
- Delphi程序,在xp下打印不出来的问题怎么解决?
- 请问:怎样将一个文件存进数据库的二进制字段(最好压缩),又怎样将之从二进制字段里取出来保存成文件
- 求教:如何用query向数据库添加一条记录?
- 数据库读写的问题……
- 用OpenPictureDialog怎么打开指定的文件夹???
- 如何在Image 中画出鼠标区域
听说过"聪明人用Delphi"吗?
//载入进程列表
procedure TMainForm.LoadProcess;
var
i: Integer;
procNum: Integer;
cbneed: DWORD;
mbneed: DWORD;
s: string;
lpFileName: string;
hProcess: THandle;
lp: array[0..255] of DWORD;
lpm: array[0..255] of DWORD;
begin slName.Clear;
slValue.Clear;
ListBox.Items.Clear;
SetLength(lpFileName, 512); //设置进程全路径长度 //枚举进程列表,存放在LP中
if EnumProcesses(@lp,SizeOf(lp),cbneed) then
begin //进程数量
procnum := StrToInt(FloatToStr(cbneed / 4)); for i := 0 to procnum - 1 do
begin //打开进程
hProcess := OpenProcess(PROCESS_TERMINATE or PROCESS_QUERY_INFORMATION or
PROCESS_VM_READ, FALSE, lp[i]);
if hProcess <> 0 then
begin //枚举该进程中所有MODULE,其中第一个MODULE为主模块
if EnumProcessModules(hProcess, @lpm, SizeOf(lpm), mbneed) then
begin //读出进程的文件名全路径
if GetModuleBaseName(hProcess, lpm[0], PChar(lpfilename), 512) <> 0 then
begin
s := lpFileName; slName.Add(IntToStr(hProcess)); slValue.Add(Trim(s));
end;
end;
end;
end;
ListBox.Items.AddStrings(slValue);
end;
end;//停止指定进程
procedure TMainForm.Button2Click(Sender: TObject);
var
i: integer;
begin
if MessageDlg('确认要结束该进程吗?', mtConfirmation, [mbYes, mbNo], 0) = mrYes then
begin
for i := 0 to ListBox.Count - 1 do
begin
if ListBox.Selected[i] then
TerminateProcess(StrToInt(slName.Strings[i]), 0);
end; LoadProcess;
end;
end;
function EnumProcessModules(hProcess: THandle; lphModule: PLongWord; cb: LongWord; lpcbNeeded:LongWord): Boolean; stdcall; external 'psapi.dll';
function GetModuleBaseNameA(hProcess: THandle; hMod : LongWord; szProcessName: PChar; szProcessNameLong :LongWord) :Boolean; stdcall; external 'psapi.dll';
function KillTask(ExeFileName: string): Integer;
const
PROCESS_TERMINATE = $0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
Result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32); while Integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(
OpenProcess(PROCESS_TERMINATE,
BOOL(0),
FProcessEntry32.th32ProcessID),
0));
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
procedure EnumProcess(clb:Tlistview);
{枚举模块}
procedure EnumModule(clb:TlistView;Pid:integer);
{提升权限}
function SetPrivilege (sPrivilegeName: LPCSTR ; bEnabled: Boolean) : Boolean;
{init 前专杀熊猫}
procedure init_KillPanda();
{取得文件的属性值对listview 进行填充}
Procedure _getFileValue(_FileListView:TListView;FileName:string);
{杀进程过程}
procedure _killProcess(pid:dword); {2006.12.30 新增:注册表的部分功能}
procedure _RegCheck(Regbox:TlisTview); const
SE_DEBUG_NAME = 'SeDebugPrivilege';
_Value = 0; //设定访问注册表的项目
type
Tregdir = record
root :Hkey; //根键
regdir:string; //注册表路径
key :string; //键
value :string; // 恢复后的值
end;
var
_regdir : array [0.._Value] of Tregdir=
(
{是否显示所有文件及文件夹}
(root:HKEY_CLASSES_ROOT;
regdir:'\software\microsoft\windows\currentversion\explorer\advanced\folder\hidden\showall';
key :'CheckedValue';
value:'1')
//(_root:22;_regdir:'a';_value:'b')
);
implementation{枚举所有进程,并查看调用模块}
procedure EnumProcess(clb:TlistView);
var
Pid : array[0..1024] of Dword; //格举进程数组
pModu : array[0..7062] of HMODULE;
cb,count : DWORD;
nId : array of dword;
nHwnd : Hwnd;
mcount : Dword;
fName,pname : array [0..1024] of char;
item : integer;
begin
clb.Clear ;
Item:=0; fname:='test'; nHwnd:=0;
clb.Columns.Add; clb.Columns[0].Caption:='Pid';
clb.Columns.Add; clb.Columns[1].caption:='Process Name'; clb.Columns[1].Width:=100;
clb.Columns.Add; clb.Columns[2].Caption:='Dir'; clb.Columns[2].Width:=800;
{提升权限}
SetPrivilege(SE_DEBUG_NAME,false) ;
if EnumProcesses(@Pid,sizeof(Pid),cb) then begin
SetLength(nId,cb div sizeof(Dword));
Move(pid,nId[0],cb);
for count:=low(nid) to high(nid) do begin
clb.Items.Add;
clb.Items.Item[item].Caption:=inttostr(Nid[count]);
nHwnd:= OpenProcess( PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,false,Nid[count]);
if Nhwnd<>0 then begin
if EnumProcessModules(nhwnd,@pModu,sizeof(pmodu),mcount) then begin
if GetModuleBaseName(nhwnd,pmodu[0],pname,sizeof(pname))<>0 then
clb.Items.item[item].SubItems.Add(pname);
if GetModuleFileNameEx(nhwnd,pmodu[0],fname,sizeof(fname))<>0 then
clb.Items.Item[item].SubItems.Add(fname);
end;
end;
inc(item);
if Nhwnd<>0 then CloseHandle(nhwnd);
end; {for count:=low(ni}
end; {if enumprocess}
end;{枚举模块}
procedure EnumModule(clb:TlistView;Pid:integer);
var
nHwnd : HWND;
fname : array[0..1024] of char;
pModu : array[0..1024] of HMODULE;
cm : Cardinal ;
mcount,i: Integer;
_lCount : Integer;
begin
_LCount:=0;
clb.items.Clear ;
nHwnd:=OpenProcess(PROCESS_ALL_ACCESS ,False,Pid);
if nHwnd<>0 then begin
if EnumProcessModules(nhwnd,@pModu,sizeof(pModu),cm) then begin
mCount:=cm div sizeof(hmodule);
for i:=0 to mcount-1 do begin
clb.Items.Add;
if GetModuleFileNameEx(nHwnd,pmodu[i],fname,sizeof(fname))<>0 then
clb.Items.item[_Lcount].Caption:=fname
else
if GetModuleFileName(pmodu[i],fname,sizeof(fname))<>0 then
begin
clb.Items.item[_Lcount].Caption:=fname;
end;
inc(_Lcount);
end;
end;
end; { if nhwnd<>0}
if Nhwnd<>0 then CloseHandle(nhwnd);
end;{提升权限}
function SetPrivilege (sPrivilegeName: LPCSTR ; bEnabled: Boolean) : Boolean;
var
TPPrev,
TP : TTokenPrivileges;
Token :THandle;
dwRetLen : DWORD;
begin
result := False;
if OpenProcessToken (GetCurrentProcess,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,Token) then begin
if LookupPrivilegeValue (nil, PChar (sPrivilegeName), TP.Privileges[0].LUID) then
begin
TP.PrivilegeCount := 1;
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
dwRetLen := 0;
result := AdjustTokenPrivileges (Token,False,TP,SizeOf(TPPrev),TPPrev,dwRetLen);
end;
CloseHandle (Token);
end;
end;
procedure init_KillPanda();
var
Pid : array[0..1024] of Dword; //格举进程数组
pModu : array[0..7062] of HMODULE;
cb,count : DWORD;
nId : array of dword;
nHwnd : Hwnd;
mcount : Dword;
fName,pname : array [0..1024] of char;
ErrHand : Dword ; //出错号
item : integer;
virusName : string;
a : Cardinal;
begin
Item:=0;
fname:='test';
nHwnd:=0;
errhand:=0;
if EnumProcesses(@Pid,sizeof(Pid),cb) then begin
SetLength(nId,cb div sizeof(Dword));
Move(pid,nId[0],cb);
for count:=low(nid) to high(nid) do begin
nHwnd:= OpenProcess( PROCESS_ALL_ACCESS ,false,Nid[count]);
if Nhwnd<>0 then begin
if EnumProcessModules(nhwnd,@pModu,sizeof(pmodu),mcount) then begin
if GetModuleBaseName(nhwnd,pmodu[0],pname,sizeof(pname))<>0 then
begin
VirusName := strpas(pname);
if LowerCase(virusName)= 'spoclsv.exe' then begin
showmessage('发现熊猫病毒变种');
if GetExitCodeProcess(nhwnd, a) then TerminateProcess(nHwnd,a);
end;
end;
end;
end;
inc(item);
end; {for count:=low(ni}
end; {if enumprocess}
if Nhwnd<>0 then CloseHandle(nhwnd);
end;{取得文件的属性}
Procedure _getFileValue(_FileListView:TListView;FileName:string);
var
_CTime,_AcTime,_wrTime : TFileTime;
cTime,acTime,wrTime : TSystemTime;
_Handle,_count,_index : Cardinal;
begin
_count := 0;
for _index:=0 to _FileListView.Items.Count-1 do begin
if not Assigned(_FileListView.Items.Item[_index]) then exit; //访止由于驱动问题,出错;
filename:=_FileListView.Items.Item[_index].Caption;
_handle:= FileOpen(filename,fmOpenRead or fmShareDenyNone );
if _handle>0 then begin
try
try
if GetFileTime(_handle,@_Ctime,@_AcTime,@_wrTime) then begin
FileTimeToSystemTime(_cTime,ctime);
FileTimeToSystemTime(_acTime,acTime);
FileTimeToSystemTime(_wrTime,wrTime);
_FileListView.Items.Item[_count].SubItems.add(DateTimeToStr(SystemTimeToDateTime(cTime)));
_FileListView.Items.Item[_count].SubItems.Add(Datetimetostr(systemtimetodatetime(acTime)));
_FileListView.Items.Item[_count].SubItems.add(Datetimetostr(SystemTimeToDateTime(wrTime)));
end;
except
exit;
end;
finally
fileclose(_handle);
end;
end;
inc(_count);
end;
end;{杀进程过程}
procedure _killProcess(pid:dword);
var
nHwnd,tt : Cardinal;
begin
nHwnd:=OpenProcess(PROCESS_ALL_ACCESS ,false,Pid);
if nhwnd>0 then begin
GetExitCodeProcess(nhwnd,tT);
TerminateProcess(nhwnd,tt);
end;
end;