简易枚举进程模块信息演示

来源：互联网发布：windows 10原版下载编辑：程序博客网时间：2024/05/22 02:08
将上例数组改成用指针存放模块信息演示
uses  TlHelp32;var  PidL: TStringList;                   //存放PID列表              [全局]  EntryL: Tlist;                       //存放模块信息的指针列表   [全局]  Pem: ^TModuleEntry32;                //存放模块信息指针         [全局]procedure EnumProcess(PidList: TStringList);var  hProc: THandle;  isFind: Boolean;  ProcEntry: TProcessEntry32;begin  try    hProc := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);    ProcEntry.dwSize := SizeOf(ProcEntry);    isFind := Process32First(hProc, ProcEntry);    while isFind do    begin      Form1.cbb1.Items.Add(ProcEntry.szExeFile);      PidList.Add(IntToStr(ProcEntry.th32ProcessID));      isFind := Process32Next(hProc, ProcEntry);    end;    Form1.cbb1.ItemIndex := 0;  finally    CloseHandle(hProc);  end;end;procedure EnumModele(Pid: DWORD);var  hMode: THandle;  ModeEntry: TModuleEntry32;  canFind: Boolean;begin  try    hMode := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, Pid);    ModeEntry.dwSize := SizeOf(ModeEntry);    canFind := Module32First(hMode, ModeEntry);    EntryL := TList.Create;    while canFind do    begin      New(Pem);      Pem^ := ModeEntry;      EntryL.Add(Pem);      Form1.lst1.Items.Add(Pem^.szExePath);      canFind := Module32Next(hMode, ModeEntry);    end;  finally    CloseHandle(hMode);  end;end;procedure TForm1.FormCreate(Sender: TObject);begin  PidL := TStringList.Create;  PidL.Clear;  EnumProcess(PidL);end;procedure TForm1.cbb1Click(Sender: TObject);var  i, Pid: DWORD;begin  if cbb1.ItemIndex <> -1 then  begin    lst1.Clear;    i := cbb1.ItemIndex;    Pid := StrToInt(Pidl[i]);    EnumModele(Pid);  end;end;procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);begin  Dispose(Pem);               //释放存放TModuleEntry32指针  Pem:=Nil;  FreeAndNil(EntryL);         //释放存放TModuleEntry32指针列表  FreeAndNil(Pidl);           //释放存放Pid列表end;procedure TForm1.lst1Click(Sender: TObject);var  i, t: Integer;  item: TListItem;begin  lv1.Clear;  t := 1;  if lst1.Items[lst1.ItemIndex] <> '' then    for i := 0 to EntryL.Count - 1 do    begin      Pem := EntryL[i];      if SameText(lst1.Items[lst1.ItemIndex], Pem.szExePath) then      begin        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add('模块名称     ：'+pem.szModule);        inc(t);        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add('模块         ID：'+inttostr(Pem.th32ModuleID));        inc(t);        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add('模块大小     ：'+inttostr(Pem.dwSize));        Inc(t);        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add('全局使用数 ：'+inttostr(Pem.GlblcntUsage));        inc(t);        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add('进程使用数 ：'+inttostr(Pem.ProccntUsage));        inc(t);        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add('所属进程 ID：'+inttostr(Pem.th32ProcessID));        inc(t);        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add(format('模块基址     ：%.8x',[Integer(Pem.modBaseAddr)]));        inc(t);        item := lv1.Items.Add;        item.Caption := IntToStr(T);        item.SubItems.Add(format('模块句柄     ：%.8x',[Pem.hModule]));      end;    end;end;