5,916
社区成员
发帖
与我相关
我的任务
分享我这样做有错吗?
unit UMain;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
TProcessStruct=Record
ProcId:THandle;
ProcName:String;
End;
TDowrdPoint=^DWord;
TInteger=Array [1..2000] Of dword;
TFun=Function (ProcessId:TInteger;Cb:dword;CbNeeded:dword):Boolean;Stdcall;//获得进程句柄
TGetModuleFileNameEx=Function(hProcess:Dword;hModule:LongWord;lpFilename:LPSTR;nSize:DWORD):DWord;Stdcall;//获得模块句柄
TEnumProcessModules=Function ( hProcess:Dword;lphModule:TInteger;cb:DWORD;lpcbNeeded:LPDWORD):BOOLean;Stdcall;//获得模块文件名
TIdProcess=Record//进程id记录结构
Arr:TInteger;
OneHandle:THandLe;
ArrSize:DWord;
End;
TNameProcess=Record //进程名和模块id记录结构
hProcess:DWord; //进程id。
lphModule:Array [1..2000] Of DWord;
lpFilename:LPSTR;
nSize:DWORD;
End;
TModule=Record //枚举进程模块用到的记录结构。
hProcess:DWord; //进程id。
lphModule:HMODULE;//模块句柄!
cb:DWord; //数组大小!
lpcbNeeded:LPDWORD;//存放文件名的字符串变量
nSize:DWORD;//字符串大小!
End;
var
Form1: TForm1;
VPStruct:TProcessStruct;
EnumProcesses:TFun;
GetModuleFileNameEx:TGetModuleFileNameEx;
EnumProcessModules:TEnumProcessModules;
{$R *.dfm}
implementation
procedure TForm1.Button1Click(Sender: TObject);
Var
Arr:TInteger;
OneHandle : THandle;
A:dword;
hProcess:Dword;
hModule:LongWord;
lpFilename:LPSTR;
nSize:DWORD;
lphModule:TInteger;
cb:DWORD;
lpcbNeeded:LPDWORD;
Begin
lpFileName:=' ';
OneHandle:=LoadLibrary('E:\My\DLLInformation\Psapi.dll');
If OneHandle<>0 Then
Begin
@EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
If NOt (@EnumProcesses=Nil) Then
EnumProcesses(Arr,SizeOf(Arr),a);
@EnumProcessModules:=GetProcAddRess(OneHandle,'EnumProcessModules');
If Not (@EnumProcessModules=Nil) Then
Begin
cb:=SizeOf(lphModule);
EnumProcessModules(Arr[1],lphModule,Cb,lpcbNeeded);
End
Else
Begin
ShowMessage('调用枚举进程模块失败!');
Exit;
End;
@GetModuleFileNameEx:=GetProcAddRess(OneHandle,'GetModuleFileNameExW');
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
End;
end;
end.
运行后出现这样的提示:
Project PMain.exe raised exception class EAccessViolation with
message' Access violation at address 00434949 in module '
PMain.exe'.Read of Address 00000074'.
跟踪的知道是运行到时候出错了!:
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
各位大虾请赐教呀!
我的问题很简单,在内存中找到特定的进程(根据程序的名称来查找),然后杀掉这个进
程。请问有更好的方法吗?
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
Memo1: TMemo;
procedure Button1Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
TProcessStruct=Record
ProcId:THandle;
ProcName:String;
End;
TDowrdPoint=^DWord;
TInteger=Array [1..2000] Of dword;
TFun=Function (ProcessId:TInteger;Cb:dword;CbNeeded:dword):Boolean;Stdcall;//获得进程句柄
TGetModuleFileNameEx=Function(hProcess:Dword;hModule:LongWord;lpFilename:LPSTR;nSize:DWORD):DWord;Stdcall;//获得模块句柄
TEnumProcessModules=Function ( hProcess:Dword;lphModule:TInteger;cb:DWORD;lpcbNeeded:LPDWORD):BOOLean;Stdcall;//获得模块文件名
TIdProcess=Record//进程id记录结构
Arr:TInteger;
OneHandle:THandLe;
ArrSize:DWord;
End;
TNameProcess=Record //进程名和模块id记录结构
hProcess:DWord; //进程id。
lphModule:Array [1..2000] Of DWord;
lpFilename:LPSTR;
nSize:DWORD;
End;
TModule=Record //枚举进程模块用到的记录结构。
hProcess:DWord; //进程id。
lphModule:HMODULE;//模块句柄!
cb:DWord; //数组大小!
lpcbNeeded:LPDWORD;//存放文件名的字符串变量
nSize:DWORD;//字符串大小!
End;
var
Form1: TForm1;
VPStruct:TProcessStruct;
EnumProcesses:TFun;
GetModuleFileNameEx:TGetModuleFileNameEx;
EnumProcessModules:TEnumProcessModules;
{$R *.dfm}
implementation
procedure TForm1.Button1Click(Sender: TObject);
Var
Arr:TInteger;
OneHandle : THandle;
A:dword;
hProcess:Dword;
hModule:LongWord;
lpFilename:LPSTR;
nSize:DWORD;
lphModule:TInteger;
cb:DWORD;
lpcbNeeded:LPDWORD;
Begin
lpFileName:=' ';
OneHandle:=LoadLibrary('E:\My\DLLInformation\Psapi.dll');
If OneHandle<>0 Then
Begin
@EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
If NOt (@EnumProcesses=Nil) Then
EnumProcesses(Arr,SizeOf(Arr),a);
@EnumProcessModules:=GetProcAddRess(OneHandle,'EnumProcessModules');
If Not (@EnumProcessModules=Nil) Then
Begin
cb:=SizeOf(lphModule);
EnumProcessModules(Arr[1],lphModule,Cb,lpcbNeeded);
End
Else
Begin
ShowMessage('调用枚举进程模块失败!');
Exit;
End;
@GetModuleFileNameEx:=GetProcAddRess(OneHandle,'GetModuleFileNameExW');
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
End;
end;
end.
运行后出现这样的提示:
Project PMain.exe raised exception class EAccessViolation with
message' Access violation at address 00434949 in module '
PMain.exe'.Read of Address 00000074'.
跟踪的知道是运行到时候出错了!:
If Not (@GetModuleFileNameEx=Nil) Then
Begin
nSize:=SizeOf(lpFileName);
Memo1.Lines.Add(IntToStr(lphModule[1]));
GetModulefileNameEx(Arr[1],lphModule[1],lpFilename,nSize);
End;
各位大虾请赐教呀!
我的问题很简单,在内存中找到特定的进程(根据程序的名称来查找),然后杀掉这个进
程。请问有更好的方法吗?
...全文
请发表友善的回复…
发表回复
jtg98g3 2003-12-17
- 打赏
- 举报
好的,谢谢!
delphi2java 2003-12-09
- 打赏
- 举报
不是不想回答,是代码太长了。。问问题时把最关键的代码贴出来就行,要不人家看了会很累的哦。
aibeyond2003 2003-12-09
- 打赏
- 举报
高手做答,up接分
Jasonn 2003-12-09
- 打赏
- 举报
up
up
up
outer2000 2003-12-09
- 打赏
- 举报
石头的好象没有提升权限,看看这个;FROM 超级猛料
**********************************************
function EnableDebugPrivilege: Boolean;
function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
var
TP: TOKEN_PRIVILEGES;
Dummy: Cardinal;
begin
TP.PrivilegeCount := 1;
LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);
if bEnable then
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else TP.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);
Result := GetLastError = ERROR_SUCCESS;
end;
var
hToken: Cardinal;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
if EnablePrivilege(hToken, 'SeDebugPrivilege', True) then ShowMessage('OK');
CloseHandle(hToken);
end;
function KillTask(ExeFileName: string): Integer;
const
PROCESS_TERMINATE = $0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
Result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while Integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(
OpenProcess(PROCESS_TERMINATE,
BOOL(0),
FProcessEntry32.th32ProcessID),
0));
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
EnableDebugPrivilege;
Caption := SysErrorMessage(KillTask('lsass.exe'));
end;
**********************************************
function EnableDebugPrivilege: Boolean;
function EnablePrivilege(hToken: Cardinal; PrivName: string; bEnable: Boolean): Boolean;
var
TP: TOKEN_PRIVILEGES;
Dummy: Cardinal;
begin
TP.PrivilegeCount := 1;
LookupPrivilegeValue(nil, pchar(PrivName), TP.Privileges[0].Luid);
if bEnable then
TP.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else TP.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, TP, SizeOf(TP), nil, Dummy);
Result := GetLastError = ERROR_SUCCESS;
end;
var
hToken: Cardinal;
begin
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken);
if EnablePrivilege(hToken, 'SeDebugPrivilege', True) then ShowMessage('OK');
CloseHandle(hToken);
end;
function KillTask(ExeFileName: string): Integer;
const
PROCESS_TERMINATE = $0001;
var
ContinueLoop: BOOL;
FSnapshotHandle: THandle;
FProcessEntry32: TProcessEntry32;
begin
Result := 0;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := SizeOf(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while Integer(ContinueLoop) <> 0 do
begin
if ((UpperCase(ExtractFileName(FProcessEntry32.szExeFile)) =
UpperCase(ExeFileName)) or (UpperCase(FProcessEntry32.szExeFile) =
UpperCase(ExeFileName))) then
Result := Integer(TerminateProcess(
OpenProcess(PROCESS_TERMINATE,
BOOL(0),
FProcessEntry32.th32ProcessID),
0));
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
EnableDebugPrivilege;
Caption := SysErrorMessage(KillTask('lsass.exe'));
end;
jtg98g3 2003-12-09
- 打赏
- 举报
To rockswj(石头) :你的函数还没有去测试,等我测试完就给分。
xiaoqiang123 2003-12-01
- 打赏
- 举报
学习,听课
rockswj 2003-12-01
- 打赏
- 举报
//sExeName是exe的文件名,kill是否要杀死进程。
function FindProcessRun(sExeName:Pchar;Kill:boolean=false):boolean;
var ProcessId:Cardinal;
hProcess:THandle;
PROCESSENTRY32:tagPROCESSENTRY32;
loop:boolean;
ExitCode:DWord;
begin
Result:=false;
ProcessId:=CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);//创建快照
if ProcessId<>-1 then
begin
PROCESSENTRY32.dwSize:=SizeOf(tagPROCESSENTRY32);//初始化大小
loop:=Process32First(ProcessId,PROCESSENTRY32);查找
while loop do
begin
if UpperCase(ExtractFileName(PROCESSENTRY32.szExeFile))=UpperCase(sExeName) then //根据exe的名称进行比较是不是要找的进程
begin
Result:=true;
if Kill then //开始杀死
begin
hProcess:=OpenProcess(PROCESS_TERMINATE or PROCESS_QUERY_INFORMATION,false,PROCESSENTRY32.th32ProcessID);//打开进程
if hProcess<>0 then
begin
GetExitCodeProcess(hProcess,ExitCode);
TerminateProcess(hProcess,ExitCode);//结束进程
end;
end;
break;
end;
loop:=Process32Next(ProcessId,PROCESSENTRY32);
end;
CloseHandle(ProcessId);
end;
end;
function FindProcessRun(sExeName:Pchar;Kill:boolean=false):boolean;
var ProcessId:Cardinal;
hProcess:THandle;
PROCESSENTRY32:tagPROCESSENTRY32;
loop:boolean;
ExitCode:DWord;
begin
Result:=false;
ProcessId:=CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);//创建快照
if ProcessId<>-1 then
begin
PROCESSENTRY32.dwSize:=SizeOf(tagPROCESSENTRY32);//初始化大小
loop:=Process32First(ProcessId,PROCESSENTRY32);查找
while loop do
begin
if UpperCase(ExtractFileName(PROCESSENTRY32.szExeFile))=UpperCase(sExeName) then //根据exe的名称进行比较是不是要找的进程
begin
Result:=true;
if Kill then //开始杀死
begin
hProcess:=OpenProcess(PROCESS_TERMINATE or PROCESS_QUERY_INFORMATION,false,PROCESSENTRY32.th32ProcessID);//打开进程
if hProcess<>0 then
begin
GetExitCodeProcess(hProcess,ExitCode);
TerminateProcess(hProcess,ExitCode);//结束进程
end;
end;
break;
end;
loop:=Process32Next(ProcessId,PROCESSENTRY32);
end;
CloseHandle(ProcessId);
end;
end;
SeaWave 2003-12-01
- 打赏
- 举报
初看了一下,你的这段有错:
@EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
If NOt (@EnumProcesses=Nil) Then
EnumProcesses(Arr,SizeOf(Arr),a);
应该是:
EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
if Assigned(EnumProcesses) Then
EnumProcesses(Arr,SizeOf(Arr),a);
同理,你下面的
@EnumProcessModules:=GetProcAddRess(OneHandle,'EnumProcessModules');
也是同样的错误,这主要是你没有搞清楚PASCAL的语法,:)。
---------
其他的我还没看,你先把这里更正了再调试吧。
顺便说一句,你只需要uses PSAPI单元就可以了,不用写这么多,DELPHI已有关于PSAPI的声明和封装,还有,98不支持PSAPI。
@EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
If NOt (@EnumProcesses=Nil) Then
EnumProcesses(Arr,SizeOf(Arr),a);
应该是:
EnumProcesses:=GetProcAddRess(OneHandle,'EnumProcesses');
if Assigned(EnumProcesses) Then
EnumProcesses(Arr,SizeOf(Arr),a);
同理,你下面的
@EnumProcessModules:=GetProcAddRess(OneHandle,'EnumProcessModules');
也是同样的错误,这主要是你没有搞清楚PASCAL的语法,:)。
---------
其他的我还没看,你先把这里更正了再调试吧。
顺便说一句,你只需要uses PSAPI单元就可以了,不用写这么多,DELPHI已有关于PSAPI的声明和封装,还有,98不支持PSAPI。
jtg98g3 2003-12-01
- 打赏
- 举报
我切,各位高手,如果你们知道,请赐教,分数不是个问题!
要多少我就给多少,不够的话可以开贴在加啊!
要多少我就给多少,不够的话可以开贴在加啊!
jtg98g3 2003-11-19
- 打赏
- 举报
没有人回答我吗?
