PProcessInfo=^TProcessInfo;
TProcessInfo=record
aPID:DWORD;
aProcessName:array[0..20] of Char;
Next:Pointer;
end;var
Form1: TForm1;
Base,NodeBase:Pointer;
implementation{$R *.dfm}
{--把进程信息写到内存中--}
procedure EnumProcess;
var
Snap:DWORD;
ISNext:Boolean;
tagProcess:tagPROCESSENTRY32;
P:Pointer;
I,J:Integer;
begin
Snap:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
tagProcess.dwSize:=Sizeof(tagPROCESSENTRY32);
IsNext:=Process32First(Snap,tagProcess);
J:=0;
while IsNext do
begin
Integer(P):=Integer(Base)+4+(J*Sizeof(TProcessInfo));
PPRocessInfo(P)^.aPID:=tagProcess.th32ProcessID;
for I:=0 to 259 do
begin
PPRocessInfo(P)^.aProcessName[I]:=tagProcess.szExeFile[I];
end;
Inc(J);
if J>1 then
PProcessInfo(Integer(P)-Sizeof(TProcessInfo))^.Next:=P;
IsNext:=Process32Next(Snap,tagProcess);
end;
Integer(Base^):=J;
end;
{---------分配内存-----------}
procedure GetMems;
begin
Base:=VirtualAlloc(nil,$1000,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
end;procedure TForm1.Button1Click(Sender: TObject);
begin
MessageBox(0,'llllllllllll','',0);
GetMems;
EnumProcess;
{ asm
PUSH EAX
MOV EAX,BASE
JMP EAX
POP EAX
end; } //这段ASM是我方便跟踪的,没有其他意义
end;{--读取内存进程信息--}
procedure TForm1.Button2Click(Sender: TObject);
var
PB:Pointer;
I:Integer;
begin
PB:=Pointer(Integer(Base)+4);
for I:=0 to Integer(Base^)-1 do
begin
PB:=pointer(Sizeof(TProcessInfo)*I+Integer(PB));
ShowMessage(InttoStr(Integer(PB)));
MessageBox(Form1.Handle,PPRocessInfo(PB)^.aProcessName,'',0); end;
end;{--读了6个进程就没有了(出错了)--}
TProcessInfo=record
aPID:DWORD;
aProcessName:array[0..20] of Char;
Next:Pointer;
end;var
Form1: TForm1;
Base,NodeBase:Pointer;
implementation{$R *.dfm}
{--把进程信息写到内存中--}
procedure EnumProcess;
var
Snap:DWORD;
ISNext:Boolean;
tagProcess:tagPROCESSENTRY32;
P:Pointer;
I,J:Integer;
begin
Snap:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
tagProcess.dwSize:=Sizeof(tagPROCESSENTRY32);
IsNext:=Process32First(Snap,tagProcess);
J:=0;
while IsNext do
begin
Integer(P):=Integer(Base)+4+(J*Sizeof(TProcessInfo));
PPRocessInfo(P)^.aPID:=tagProcess.th32ProcessID;
for I:=0 to 259 do
begin
PPRocessInfo(P)^.aProcessName[I]:=tagProcess.szExeFile[I];
end;
Inc(J);
if J>1 then
PProcessInfo(Integer(P)-Sizeof(TProcessInfo))^.Next:=P;
IsNext:=Process32Next(Snap,tagProcess);
end;
Integer(Base^):=J;
end;
{---------分配内存-----------}
procedure GetMems;
begin
Base:=VirtualAlloc(nil,$1000,MEM_COMMIT,PAGE_EXECUTE_READWRITE);
end;procedure TForm1.Button1Click(Sender: TObject);
begin
MessageBox(0,'llllllllllll','',0);
GetMems;
EnumProcess;
{ asm
PUSH EAX
MOV EAX,BASE
JMP EAX
POP EAX
end; } //这段ASM是我方便跟踪的,没有其他意义
end;{--读取内存进程信息--}
procedure TForm1.Button2Click(Sender: TObject);
var
PB:Pointer;
I:Integer;
begin
PB:=Pointer(Integer(Base)+4);
for I:=0 to Integer(Base^)-1 do
begin
PB:=pointer(Sizeof(TProcessInfo)*I+Integer(PB));
ShowMessage(InttoStr(Integer(PB)));
MessageBox(Form1.Handle,PPRocessInfo(PB)^.aProcessName,'',0); end;
end;{--读了6个进程就没有了(出错了)--}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货