unit UMain;interfaceuses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
TProcessStruct=Record
ProcId:THandle;
ProcName:String;
End;
TDowrdPoint=^DWord;
TInteger=Array [1..2000] Of dword;
TFun=Function (ProcessId:TInteger;Cb:dword;CbNeeded:dword):Boolean;Stdcall;//获得进程句柄
TGetModuleFileNameEx=Function(hProcess:Dword;hModule:LongWord;lpFilename:LPSTR;nSize:DWORD):DWord;Stdcall;//获得模块句柄
TEnumProcessModules=Function ( hProcess:Dword;lphModule:TInteger;cb:DWORD;lpcbNeeded:LPDWORD):BOOLean;Stdcall;//获得模块文件名
TIdProcess=Record//进程id记录结构
Arr:TInteger;
OneHandle:THandLe;
ArrSize:DWord;
End;
TNameProcess=Record //进程名和模块id记录结构
hProcess:DWord; //进程id。
lphModule:Array [1..2000] Of DWord;
lpFilename:LPSTR;
nSize:DWORD;
End;
TModule=Record //枚举进程模块用到的记录结构。
hProcess:DWord; //进程id。
lphModule:HMODULE;//模块句柄!
cb:DWord; //数组大小!
lpcbNeeded:LPDWORD;//存放文件名的字符串变量
nSize:DWORD;//字符串大小!
End;
var
Form1: TForm1;
VPStruct:TProcessStruct;
EnumProcesses:TFun;
GetModuleFileNameEx:TGetModuleFileNameEx;
EnumProcessModules:TEnumProcessModules;
{$R *.dfm}implementationprocedure TForm1.Button1Click(Sender: TObject);
Var
Arr:TInteger;
OneHandle : THandle;
A:dword;
hProcess:Dword;
hModule:LongWord;
lpFilename:LPSTR;
nSize:DWORD; lphModule:TInteger;
cb:DWORD;
lpcbNeeded:LPDWORD;
Begin
lpFileName:=' ';
OneHandle:=LoadLibrary('E:\My\DLLInformation\Psapi.dll');
If OneHandle<>0 Then
Begin
@EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
If NOt (@EnumProcesses=Nil) Then
EnumProcesses(Arr,SizeOf(Arr),a);
@EnumProcessModules:=GetProcAddRess(OneHandle,'EnumProcessModules');
If Not (@EnumProcessModules=Nil) Then
Begin
cb:=SizeOf(lphModule);
EnumProcessModules(Arr[1],lphModule,Cb,lpcbNeeded);
End
Else
Begin
ShowMessage('调用枚举进程模块失败!');
Exit;
End; @GetModuleFileNameEx:=GetProcAddRess(OneHandle,'GetModuleFileNameExW');
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
End;end;end.运行后出现这样的提示:
Project PMain.exe raised exception class EAccessViolation with
message' Access violation at address 00434949 in module '
PMain.exe'.Read of Address 00000074'.
跟踪的知道是运行到时候出错了!:
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
各位大虾请赐教呀!我的问题很简单,在内存中找到特定的进程(根据程序的名称来查找),然后杀掉这个进程。请问有更好的方法吗?
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;type
TForm1 = class(TForm)
Button1: TButton;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
TProcessStruct=Record
ProcId:THandle;
ProcName:String;
End;
TDowrdPoint=^DWord;
TInteger=Array [1..2000] Of dword;
TFun=Function (ProcessId:TInteger;Cb:dword;CbNeeded:dword):Boolean;Stdcall;//获得进程句柄
TGetModuleFileNameEx=Function(hProcess:Dword;hModule:LongWord;lpFilename:LPSTR;nSize:DWORD):DWord;Stdcall;//获得模块句柄
TEnumProcessModules=Function ( hProcess:Dword;lphModule:TInteger;cb:DWORD;lpcbNeeded:LPDWORD):BOOLean;Stdcall;//获得模块文件名
TIdProcess=Record//进程id记录结构
Arr:TInteger;
OneHandle:THandLe;
ArrSize:DWord;
End;
TNameProcess=Record //进程名和模块id记录结构
hProcess:DWord; //进程id。
lphModule:Array [1..2000] Of DWord;
lpFilename:LPSTR;
nSize:DWORD;
End;
TModule=Record //枚举进程模块用到的记录结构。
hProcess:DWord; //进程id。
lphModule:HMODULE;//模块句柄!
cb:DWord; //数组大小!
lpcbNeeded:LPDWORD;//存放文件名的字符串变量
nSize:DWORD;//字符串大小!
End;
var
Form1: TForm1;
VPStruct:TProcessStruct;
EnumProcesses:TFun;
GetModuleFileNameEx:TGetModuleFileNameEx;
EnumProcessModules:TEnumProcessModules;
{$R *.dfm}implementationprocedure TForm1.Button1Click(Sender: TObject);
Var
Arr:TInteger;
OneHandle : THandle;
A:dword;
hProcess:Dword;
hModule:LongWord;
lpFilename:LPSTR;
nSize:DWORD; lphModule:TInteger;
cb:DWORD;
lpcbNeeded:LPDWORD;
Begin
lpFileName:=' ';
OneHandle:=LoadLibrary('E:\My\DLLInformation\Psapi.dll');
If OneHandle<>0 Then
Begin
@EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
If NOt (@EnumProcesses=Nil) Then
EnumProcesses(Arr,SizeOf(Arr),a);
@EnumProcessModules:=GetProcAddRess(OneHandle,'EnumProcessModules');
If Not (@EnumProcessModules=Nil) Then
Begin
cb:=SizeOf(lphModule);
EnumProcessModules(Arr[1],lphModule,Cb,lpcbNeeded);
End
Else
Begin
ShowMessage('调用枚举进程模块失败!');
Exit;
End; @GetModuleFileNameEx:=GetProcAddRess(OneHandle,'GetModuleFileNameExW');
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
End;end;end.运行后出现这样的提示:
Project PMain.exe raised exception class EAccessViolation with
message' Access violation at address 00434949 in module '
PMain.exe'.Read of Address 00000074'.
跟踪的知道是运行到时候出错了!:
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
各位大虾请赐教呀!我的问题很简单,在内存中找到特定的进程(根据程序的名称来查找),然后杀掉这个进程。请问有更好的方法吗?
@EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
If NOt (@EnumProcesses=Nil) Then
EnumProcesses(Arr,SizeOf(Arr),a);
应该是:
EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
if Assigned(EnumProcesses) Then
EnumProcesses(Arr,SizeOf(Arr),a);同理,你下面的
@EnumProcessModules:=GetProcAddRess(OneHandle,'EnumProcessModules');
也是同样的错误,这主要是你没有搞清楚PASCAL的语法,:)。
---------
其他的我还没看,你先把这里更正了再调试吧。
顺便说一句,你只需要uses PSAPI单元就可以了,不用写这么多,DELPHI已有关于PSAPI的声明和封装,还有,98不支持PSAPI。
function FindProcessRun(sExeName:Pchar;Kill:boolean=false):boolean;
var ProcessId:Cardinal;
hProcess:THandle;
PROCESSENTRY32:tagPROCESSENTRY32;
loop:boolean;
ExitCode:DWord;
begin
Result:=false;
ProcessId:=CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);//创建快照
if ProcessId<>-1 then
begin
PROCESSENTRY32.dwSize:=SizeOf(tagPROCESSENTRY32);//初始化大小
loop:=Process32First(ProcessId,PROCESSENTRY32);查找
while loop do
begin
if UpperCase(ExtractFileName(PROCESSENTRY32.szExeFile))=UpperCase(sExeName) then //根据exe的名称进行比较是不是要找的进程
begin
Result:=true;
if Kill then //开始杀死
begin
hProcess:=OpenProcess(PROCESS_TERMINATE or PROCESS_QUERY_INFORMATION,false,PROCESSENTRY32.th32ProcessID);//打开进程
if hProcess<>0 then
begin
GetExitCodeProcess(hProcess,ExitCode);
TerminateProcess(hProcess,ExitCode);//结束进程
end;
end;
break;
end;
loop:=Process32Next(ProcessId,PROCESSENTRY32);
end;
CloseHandle(ProcessId);
end;
end;
**********************************************function EnableDebugPrivilege: Boolean;function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;varTP: TOKEN_PRIVILEGES;Dummy: Cardinal;beginTP.PrivilegeCount := 1;LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);if bEnable thenTP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLEDelse TP.Privileges[0].Attributes := 0;AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);Result := GetLastError = ERROR_SUCCESS;end;varhToken: Cardinal;beginOpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);if EnablePrivilege(hToken, 'SeDebugPrivilege', True) then ShowMessage('OK');CloseHandle(hToken);end;function KillTask(ExeFileName: string): Integer;constPROCESS_TERMINATE = $0001;varContinueLoop: BOOL;FSnapshotHandle: THandle;FProcessEntry32: TProcessEntry32;beginResult := 0;FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);FProcessEntry32.dwSize := SizeOf(FProcessEntry32);ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);while Integer(ContinueLoop) <> 0 dobeginif ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =UpperCase(ExeFileName))) thenResult := Integer(TerminateProcess(OpenProcess(PROCESS_TERMINATE,BOOL(0),FProcessEntry32.th32ProcessID),0));ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);end;CloseHandle(FSnapshotHandle);end;procedure TForm1.Button1Click(Sender: TObject);beginEnableDebugPrivilege;Caption := SysErrorMessage(KillTask('lsass.exe'));end;