急关于获取别的过程的EProcess
急急急,关于获取别的进程的EProcess
代码如下,如果是获取当前进程的已经可以实现,但是获取别的进程的跟XueTr里面不一致,请教
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, jwaNative, JwaWinType, ComCtrls, TLHelp32;
type
TForm1 = class(TForm)
Button1: TButton;
ListBox1: TListBox;
Memo1: TMemo;
Edit1: TEdit;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
procedure GetEProcess(pid: Cardinal);
public
{ Public declarations }
end;
TProcessInfo=Record
ExeFileName:String;
ProcessID:DWord;
end;
TQuerySystemInformation = class
private
fSysInfo : PVOID;
fSysInfoClass : SYSTEM_INFORMATION_CLASS;
procedure SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
public
constructor Create;
destructor Destroy; override;
function RefreshSysInfo:PVOID;
property SysInfo : PVOID read fSysInfo;
property SysInfoClass : SYSTEM_INFORMATION_CLASS read fSysInfoClass write SetSysInfoClass;
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
{ TQuerySystemInformation }
{******************************************************************************}
constructor TQuerySystemInformation.Create;
begin
fSysInfoClass:=SystemBasicInformation;
end;
{******************************************************************************}
destructor TQuerySystemInformation.Destroy;
begin
ReallocMem (fSysInfo, 0);
inherited;
end;
{******************************************************************************}
function TQuerySystemInformation.RefreshSysInfo: PVOID;
const
STATUS_INFO_LENGTH_MISMATCH = NTSTATUS($C0000004);
var
rs,res : ULONG;
rv:NTSTATUS;
d:dword ; //fuck delphi
begin
rs := $10000;
repeat
ReallocMem (fSysInfo, rs);
rv := NtQuerySystemInformation (fSysInfoClass, fSysInfo, rs, @res);
rs := rs * 2;
until rv <> STATUS_INFO_LENGTH_MISMATCH;
if rv <> 0 then
begin
ReallocMem (fSysInfo, 0);
RaiseLastOSError
end;
Result := fSysInfo;
end;
{******************************************************************************}
procedure TQuerySystemInformation.SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
begin
if aVal <> fSysInfoClass then
begin
fSysInfoClass := aVal;
RefreshSysInfo;
end;
end;
procedure TForm1.GetEProcess(pid: Cardinal);
type
HANDLE_INFORMATION = record
count : ULONG;
Handles : array [0..0] of SYSTEM_HANDLE_INFORMATION;
end;
var
FQuery : TQuerySystemInformation;
Info: ^HANDLE_INFORMATION;
I:integer;
hProcess, CPID: THandle;
begin
FQuery := TQuerySystemInformation.Create ;
FQuery.SysInfoClass := SystemHandleInformation;
FQuery.RefreshSysInfo ;
Info := FQuery.SysInfo ;
//EnableDebugPrivilege;
//hProcess := OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, pid);
//CPID := GetCurrentProcessId;
for i:=0 to Info.count -1 do
begin
//采用Button1Click事件中注释部分可以取得EProcess
if (Info.Handles[i].ProcessId = pid) and (Info.Handles[i].ObjectTypeNumber = 5) then
代码如下,如果是获取当前进程的已经可以实现,但是获取别的进程的跟XueTr里面不一致,请教
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, jwaNative, JwaWinType, ComCtrls, TLHelp32;
type
TForm1 = class(TForm)
Button1: TButton;
ListBox1: TListBox;
Memo1: TMemo;
Edit1: TEdit;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }
procedure GetEProcess(pid: Cardinal);
public
{ Public declarations }
end;
TProcessInfo=Record
ExeFileName:String;
ProcessID:DWord;
end;
TQuerySystemInformation = class
private
fSysInfo : PVOID;
fSysInfoClass : SYSTEM_INFORMATION_CLASS;
procedure SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
public
constructor Create;
destructor Destroy; override;
function RefreshSysInfo:PVOID;
property SysInfo : PVOID read fSysInfo;
property SysInfoClass : SYSTEM_INFORMATION_CLASS read fSysInfoClass write SetSysInfoClass;
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
{ TQuerySystemInformation }
{******************************************************************************}
constructor TQuerySystemInformation.Create;
begin
fSysInfoClass:=SystemBasicInformation;
end;
{******************************************************************************}
destructor TQuerySystemInformation.Destroy;
begin
ReallocMem (fSysInfo, 0);
inherited;
end;
{******************************************************************************}
function TQuerySystemInformation.RefreshSysInfo: PVOID;
const
STATUS_INFO_LENGTH_MISMATCH = NTSTATUS($C0000004);
var
rs,res : ULONG;
rv:NTSTATUS;
d:dword ; //fuck delphi
begin
rs := $10000;
repeat
ReallocMem (fSysInfo, rs);
rv := NtQuerySystemInformation (fSysInfoClass, fSysInfo, rs, @res);
rs := rs * 2;
until rv <> STATUS_INFO_LENGTH_MISMATCH;
if rv <> 0 then
begin
ReallocMem (fSysInfo, 0);
RaiseLastOSError
end;
Result := fSysInfo;
end;
{******************************************************************************}
procedure TQuerySystemInformation.SetSysInfoClass(aVal: SYSTEM_INFORMATION_CLASS);
begin
if aVal <> fSysInfoClass then
begin
fSysInfoClass := aVal;
RefreshSysInfo;
end;
end;
procedure TForm1.GetEProcess(pid: Cardinal);
type
HANDLE_INFORMATION = record
count : ULONG;
Handles : array [0..0] of SYSTEM_HANDLE_INFORMATION;
end;
var
FQuery : TQuerySystemInformation;
Info: ^HANDLE_INFORMATION;
I:integer;
hProcess, CPID: THandle;
begin
FQuery := TQuerySystemInformation.Create ;
FQuery.SysInfoClass := SystemHandleInformation;
FQuery.RefreshSysInfo ;
Info := FQuery.SysInfo ;
//EnableDebugPrivilege;
//hProcess := OpenProcess(PROCESS_QUERY_INFORMATION, TRUE, pid);
//CPID := GetCurrentProcessId;
for i:=0 to Info.count -1 do
begin
//采用Button1Click事件中注释部分可以取得EProcess
if (Info.Handles[i].ProcessId = pid) and (Info.Handles[i].ObjectTypeNumber = 5) then