机器好久没装过杀毒软件了,前几天发现机器中了不少以DLL注入方式加载的垃圾插件,载个木马克星,能查到内存存在哪些垃圾DLL,可没说出在哪个进程,也不会帮你释放掉,于是再到网上载了个能浏览已加载模块的进程管理器(WINDOWS自带进程管理器没这功能),但没有查找DLL所在进程的功能,搞得还得手动遂个进程的查找,好麻烦。。算了,还是自己写个支持查找模块功能的。。代码写得很烂,还有很多多余的垃圾代码,还请各位高手指点。。代码参考于网上资料,VERINFO单元来源网上..
下载地址:http://www.unieasy.com/software/process.rar
{===========================
Lanyus
QQ:231221
Email:greathjw#163.com
============================}
========类单元========
unit ProcessInfoClass;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ExtCtrls, Buttons, ComCtrls, TlHelp32, ShellAPI, StdCtrls, VerInfo;
const
VerStr: array[1..9] of string = (
'ProductName',
'ProductVersion',
'FileDescription',
'LegalCopyright',
'FileVersion',
'CompanyName',
'LegalTradeMarks',
'InternalName',
'OriginalFileName'
);
Type
EFException = class(Exception);
TFileInfo = Record
viCompanyName,
viFileDescription,
viFileVersion,
viInternalName,
viLegalCopyright,
viLegalTrademarks,
viOriginalFilename,
viProductName,
viProductVersion,
viComments: string;
viOperatingSystem,
viCreationTime,
viLastAccessTime,
viLastWriteTime,
viAttrib,
viSize:string;
end;
Type
TProcessInfo = class
private
FProcessCount : Integer;
FModuleCount : Integer;
FAssignFile : String;
FErrMsg : String;
Procedure IniLV(LV:Tlistview);
procedure AddListViewItem(const aCaption, aValue: String; LV: TListView);
public
FFileInfo : TFileInfo;
property ProcessCount: Integer Read FProcessCount Write FProcessCount Default 0;
property ModuleCount: Integer Read FModuleCount Write FModuleCount Default 0;
property AssignFile: String Read FAssignFile Write FAssignFile;
property ErrMsg: String Read FErrMsg;
public
Procedure ShowProcess(LV:TListView);
Procedure ShowModules(ProcessID:THandle; LV:TListView);
// Procedure ShowMemModules(LV:TListView);
Function AdjustProcessPrivilege:boolean;
Function KillProcess(ProcessID:THandle):boolean;
Function KillModule(ModuleName:Pchar):boolean;
Procedure GetFileVerInfo(FileName:String; LV:TListView);
Procedure FindModules(ModuleName:string);
end;
implementation
procedure TProcessInfo.AddListViewItem(const aCaption, aValue: String; LV: TListView);
var
NItem: TListItem;
begin
NItem := LV.Items.Add;
NItem.Caption := aCaption;
NItem.SubItems.Add(aValue);
end;
procedure TProcessInfo.GetFileVerInfo(FileName: string; LV: TlistView);
var
VerString: String;
i: integer;
sFFlags: String;
VerInfoREs: TVerInfoRes;
NColumn:TlistColumn;
FI: TByHandleFileInformation;
OFI: TOFStruct;
FH: THandle;
SysTime : TSystemTime;
LocalFileTime : TFileTime;
begin
if not FileExists(FileName) then raise EFException.Create(FileName+' 文件不存在');
VerInfoRes := TVerInfoRes.Create(FileName);
if LV <> nil then
begin
IniLV(LV);
for i:=1 to 2 do
begin
NColumn:= LV.Columns.Add;
Ncolumn.Width:= 280;
case i of
1: begin
Ncolumn.Caption:= '关键字';
Ncolumn.Width:= 90;
end;
2: Ncolumn.Caption:= '值';
end;
end;
end;
for i := ord(viCompanyName) to ord(viComments) do
begin
VerString := VerInfoRes.GetPreDefKeyString(TVerInfoType(i));
if VerString <> '' then
begin
if LV <> nil then
AddListViewItem(VerNameArrayCN[TVerInfoType(i)], VerString,LV);
case i of
ord(viCompanyName) : FFileInfo.viCompanyName:= VerString;
ord(viCompanyName)+1 : FFileInfo.viFileDescription:= VerString;
ord(viCompanyName)+2 : FFileInfo.viFileVersion:= VerString;
ord(viCompanyName)+3 : FFileInfo.viInternalName:= VerString;
ord(viCompanyName)+4 : FFileInfo.viLegalCopyright:= VerString;
ord(viCompanyName)+5 : FFileInfo.viLegalTrademarks:= VerString;
ord(viCompanyName)+6 : FFileInfo.viOriginalFilename:= VerString;
ord(viCompanyName)+7 : FFileInfo.viProductName:= VerString;
ord(viCompanyName)+8 : FFileInfo.viProductVersion:= VerString;
ord(viCompanyName)+9 : FFileInfo.viComments:= VerString;
end;
end;
end;
if LV <> nil then
AddListViewItem('操作系统', VerINfoRes.FileOS,LV);
FFileInfo.viOperatingSystem:= VerINfoRes.FileOS;
VerInfoRes.free;
FH:= OpenFile(Pchar(FileName),OFI,of_read);
GetFileInformationByHandle(FH, FI);
FileTimeToLocalFileTime(FI.ftCreationTime,LocalFileTime);
FileTimeToSystemTime(LocalFileTime,SysTime);
if LV <> nil then
AddListViewItem('创建时间', datetimetostr(systemtimetodatetime(SysTime)),LV);
FFileInfo.viCreationTime:= datetimetostr(systemtimetodatetime(SysTime));
//VerINfoRes.
FileTimeToLocalFileTime(FI.ftLastAccessTime,LocalFileTime);
FileTimeToSystemTime(LocalFileTime,SysTime);
if LV <> nil then
AddListViewItem('最后访问时间', datetimetostr(systemtimetodatetime(SysTime)),LV);
FFileInfo.viLastAccessTime:= datetimetostr(systemtimetodatetime(SysTime));
FileTimeToLocalFileTime(FI.ftLastWriteTime,LocalFileTime);
FileTimeToSystemTime(LocalFileTime,SysTime);
if LV <> nil then
AddListViewItem('最后修改时间', datetimetostr(systemtimetodatetime(SysTime)),LV);
FFileInfo.viLastWriteTime:= datetimetostr(systemtimetodatetime(SysTime));
if LV <> nil then
AddListViewItem('文件属性',IntToStr(Fi.dwFileAttributes),LV);
FFileInfo.viAttrib:= IntToStr(Fi.dwFileAttributes);
if LV <> nil then
AddListViewItem('文件大小',FloatToStr((FI.nFileSizeHigh+FI.nFileSizeLow)/1000)+' K',LV);
FFileInfo.viSize:= FloatToStr((FI.nFileSizeHigh+FI.nFileSizeLow)/1000)+' K';
closeHandle(FH);
end;
Procedure TProcessInfo.IniLV(LV:Tlistview);
begin
LV.Columns.Clear;
LV.Items.Clear;
LV.GridLines := True;
LV.ViewStyle := vsReport;
LV.RowSelect := True;
end;
Procedure TProcessInfo.ShowProcess(LV:TListView);
var
i:integer;
Pover: Boolean;
ProcessListHandle: THandle;
PStruct: TProcessEntry32;
CNew : TListColumn;
PNew : TListitem;
begin
IniLV(LV);
FProcessCount:= 0;
for i:=0 to 7 do
begin
CNew := LV.Columns.Add;
cNew.Width := 100;
case i of
0 : CNew.Caption := '进程';
1 : CNew.Caption := '进程ID';
2 : CNew.Caption := '线程数';
3 : CNew.Caption := '进程引用计数';
4 : CNew.Caption := '进程默认堆ID';
5 : CNew.Caption := '进程模块ID';
6 : CNew.Caption := '父进程ID';
7 : CNew.Caption := '线程优先权';
end;
end;
ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PStruct.dwSize := Sizeof(PStruct);
Pover := Process32First(ProcessListHandle, PStruct);
while Pover do
begin
inc(FProcessCount);
PNew := LV.Items.Add;
PNew.Caption := PStruct.szExeFile;
PNew.SubItems.Add(IntToStr(PStruct.th32ProcessID));
PNew.SubItems.Add(IntToStr(PStruct.cntThreads));
PNew.SubItems.Add(IntToStr(PStruct.cntUsage));
PNew.SubItems.Add(IntToStr(PStruct.th32DefaultHeapID));
PNew.SubItems.Add(IntToStr(PStruct.th32ModuleID));
PNew.SubItems.Add(IntToStr(PStruct.th32ParentProcessID));
PNew.SubItems.Add(IntToStr(PStruct.pcPriClassBase));
Pover := Process32Next(ProcessListHandle, PStruct);
end;
CloseHandle(ProcessListHandle);
end;
Procedure TProcessInfo.ShowModules(ProcessID:THandle; LV:TListView);
var
i:integer;
Pover: Boolean;
MListHandle: THandle;
MStruct: TModuleEntry32;
CNew : TListColumn;
PNew : TListitem;
begin
IniLV(LV);
ModuleCount:= 0;
for i:=0 to 8 do
begin
CNew := LV.Columns.Add;
case i of
0 : begin
CNew.Width := 80;
CNew.Caption := '模块';
end;
1 : begin
CNew.Width := 60;
CNew.Caption := '进程ID';
end;
2 : begin
CNew.Width := 230;
CNew.Caption := '映像路径';
end;
3 : begin
CNew.Width := 120;
CNew.Caption:= '公司名称';
end;
4 : begin
CNew.Width := 110;
CNew.Caption:= '创建时间';
end;
5 : begin
CNew.Width := 110;
CNew.Caption:= '最后修改时间';
end;
6 : begin
CNew.Width := 70;
CNew.Caption:= '文件属性';
end;
7 : begin
CNew.Width := 70;
CNew.Caption:= '文件大小';
end;
8 : begin
CNew.Width := 100;
CNew.Caption:= '全局引用计数';
end;
end;
end;
MListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPMODULE, ProcessID);
MStruct.dwSize := Sizeof(MStruct);
Pover := Module32First(MListHandle, MStruct);
while Pover do
begin
inc(FModuleCount);
PNew := LV.Items.Add;
PNew.Caption := MStruct.szModule;
//PNew.SubItems.Add(IntToStr(MStruct.th32ModuleID));
PNew.SubItems.Add(IntToStr(MStruct.th32ProcessID));
PNew.SubItems.Add(MStruct.szExePath);
try
GetFileVerInfo(MStruct.szExePath,nil);
PNew.SubItems.Add(FFileInfo.viCompanyName);
PNew.SubItems.Add(FFileInfo.viCreationTime);
PNew.SubItems.Add(FFileInfo.viLastWriteTime);
PNew.SubItems.Add(FFileInfo.viAttrib);
PNew.SubItems.Add(FFileInfo.viSize);
PNew.SubItems.Add(IntToStr(MStruct.GlblcntUsage));
except
end;
Pover := Module32Next(MListHandle, MStruct);
end;
CloseHandle(MListHandle);
end;
Function TProcessInfo.AdjustProcessPrivilege:boolean;
var
Token:Cardinal;
TokenPri:_TOKEN_PRIVILEGES;
ProcessDest:int64;
l:DWORD;
begin
Result:=False;
if OpenProcessToken(GetCurrentProcess,TOKEN_Adjust_Privileges,Token) then
begin
if LookupPrivilegeValue(nil,'SeDebugPrivilege',ProcessDest) then //SeDebugPrivilege
begin
TokenPri.PrivilegeCount:=1;
TokenPri.Privileges[0].Attributes:=SE_PRIVILEGE_ENABLED;
TokenPri.Privileges[0].Luid:=ProcessDest;
l:=0;
if AdjustTokenPrivileges(Token,False,TokenPri,sizeof(TokenPri),nil,l) then
Result:=True;
end;
end;
end;
procedure TProcessInfo.FindModules(ModuleName:string);
var
i:integer;
Pover: Boolean;
ProcessListHandle: THandle;
PStruct: TProcessEntry32;
Mover: Boolean;
MListHandle: THandle;
MStruct: TModuleEntry32;
ProcessName: string;
UseCount: integer;
begin
UseCount:= 0;
ProcessListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPPROCESS, 0);
PStruct.dwSize := Sizeof(PStruct);
Pover := Process32First(ProcessListHandle, PStruct);
while Pover do
begin
// PNew.Caption := PStruct.szExeFile;
//if PStruct.th32ProcessID = 0 then continue;
MListHandle := CreateToolHelp32Snapshot(TH32CS_SNAPMODULE, PStruct.th32ProcessID);
MStruct.dwSize := Sizeof(MStruct);
Mover := Module32First(MListHandle, MStruct);
ProcessName:= MStruct.szExePath;
while Mover do
begin
if (UpperCase(ModuleName) = UpperCase(MStruct.szModule)) or
(pos(UpperCase(ModuleName),UpperCase(MStruct.szExePath))>0) then
begin
MessageBox(0,Pchar('在进程 '+ProcessName+' 发现模块 '+MStruct.szModule
+#13#10+'进程ID为 '+IntToStr(PStruct.th32ProcessID)),'提示',mb_OK+mb_IconInformation);
inc(UseCount);
end;
Mover := Module32Next(MListHandle, MStruct);
end;
CloseHandle(MListHandle);
Pover := Process32Next(ProcessListHandle, PStruct);
end;
CloseHandle(ProcessListHandle);
MessageBox(0,Pchar('查找完毕'+#13#10+'使用该模块进程数 '+IntToStr(UseCount)),'提示',mb_OK+mb_IconInformation);
end;
Function TProcessInfo.KillProcess(ProcessID:THandle):boolean;
var
PHnd : Thandle;
begin
PHnd := OpenProcess(PROCESS_ALL_ACCESS ,False,ProcessID);
result := TerminateProcess(PHnd,0);
end;
Function TProcessInfo.KillModule(ModuleName:Pchar):boolean;
var
MHnd : Thandle;
begin
// MHnd := OpenProcess(PROCESS_ALL_ACCESS ,False,ProcessID);
MHnd := GetModuleHandle(ModuleName);//LoadLibrary(ModuleName);//
showmessage(ModuleName+' '+inttostr(mhnd));
// result := FreeLibrary(MHnd);
end;
end.
===============VERINFO.PAS本单元来源于网上=======
unit VerInfo;
interface
uses SysUtils, WinTypes, Dialogs, Classes;
type
{ define a generic exception class for version info, and an exception
to indicate that no version info is available. }
EVerInfoError = class(Exception);
ENoVerInfoError = class(Exception);
eNoFixeVerInfo = class(Exception);
// define enum type representing different types of version info
TVerInfoType =
(viCompanyName,
viFileDescription,
viFileVersion,
viInternalName,
viLegalCopyright,
viLegalTrademarks,
viOriginalFilename,
viProductName,
viProductVersion,
viComments);
const
// define an array constant of strings representing the pre-defined
// version information keys.
VerNameArray: array[viCompanyName..viComments] of String[20] =
('CompanyName',
'FileDescription',
'FileVersion',
'InternalName',
'LegalCopyright',
'LegalTrademarks',
'OriginalFilename',
'ProductName',
'ProductVersion',
'Comments');
VerNameArrayCN: array[viCompanyName..viComments] of String[20] =
('公司名称',
'文件描述',
'文件版本',
'内部名称',
'合法版权',
'合法商标',
'源文件名',
'产品名称',
'产品版本',
'备注');
type
// Define the version info class
TVerInfoRes = class
private
Handle : DWord;
Size : Integer;
RezBuffer : String;
TransTable : PLongint;
FixedFileInfoBuf : PVSFixedFileInfo;
FFileFlags : TStringList;
FFileName : String;
procedure FillFixedFileInfoBuf;
procedure FillFileVersionInfo;
procedure FillFileMaskInfo;
protected
function GetFileVersion : String;
function GetProductVersion: String;
function GetFileOS : String;
public
constructor Create(AFileName: String);
destructor Destroy; override;
function GetPreDefKeyString(AVerKind: TVerInfoType): String;
function GetUserDefKeyString(AKey: String): String;
property FileVersion : String read GetFileVersion;
property ProductVersion : String read GetProductVersion;
property FileFlags : TStringList read FFileFlags;
property FileOS : String read GetFileOS;
end;
implementation
uses Windows;
const
// strings that must be fed to VerQueryValue() function
SFInfo = '/StringFileInfo/';
VerTranslation: PChar = '/VarFileInfo/Translation';
FormatStr = '%s%.4x%.4x/%s%s';
constructor TVerInfoRes.Create(AFileName: String);
begin
FFileName := aFileName;
FFileFlags := TStringList.Create;
// Get the file version information
FillFileVersionInfo;
//Get the fixed file info
FillFixedFileInfoBuf;
// Get the file mask values
FillFileMaskInfo;
end;
destructor TVerInfoRes.Destroy;
begin
FFileFlags.Free;
end;
procedure TVerInfoRes.FillFileVersionInfo;
var
SBSize: UInt;
begin
// Determine size of version information
Size := GetFileVersionInfoSize(PChar(FFileName), Handle);
if Size <= 0 then { raise exception if size <= 0 }
raise ENoVerInfoError.Create('No Version Info Available.');
// Set the length accordingly
SetLength(RezBuffer, Size);
// Fill the buffer with version information, raise exception on error
if not GetFileVersionInfo(PChar(FFileName), Handle, Size, PChar(RezBuffer)) then
raise EVerInfoError.Create('Cannot obtain version info.');
// Get translation info, raise exception on error
if not VerQueryValue(PChar(RezBuffer), VerTranslation, pointer(TransTable),
SBSize) then
raise EVerInfoError.Create('No language info.');
end;
procedure TVerInfoRes.FillFixedFileInfoBuf;
var
Size: Cardinal;
begin
if VerQueryValue(PChar(RezBuffer), '/', Pointer(FixedFileInfoBuf), Size) then begin
if Size < SizeOf(TVSFixedFileInfo) then
raise eNoFixeVerInfo.Create('No fixed file info');
end
else
raise eNoFixeVerInfo.Create('No fixed file info')
end;
procedure TVerInfoRes.FillFileMaskInfo;
begin
with FixedFileInfoBuf^ do begin
if (dwFileFlagsMask and dwFileFlags and VS_FF_PRERELEASE) <> 0then
FFileFlags.Add('Pre-release');
if (dwFileFlagsMask and dwFileFlags and VS_FF_PRIVATEBUILD) <> 0 then
FFileFlags.Add('Private build');
if (dwFileFlagsMask and dwFileFlags and VS_FF_SPECIALBUILD) <> 0 then
FFileFlags.Add('Special build');
if (dwFileFlagsMask and dwFileFlags and VS_FF_DEBUG) <> 0 then
FFileFlags.Add('Debug');
end;
end;
function TVerInfoRes.GetPreDefKeyString(AVerKind: TVerInfoType): String;
var
P: PChar;
S: UInt;
begin
Result := Format(FormatStr, [SfInfo, LoWord(TransTable^),HiWord(TransTable^),
VerNameArray[aVerKind], #0]);
// get and return version query info, return empty string on error
if VerQueryValue(PChar(RezBuffer), @Result[1], Pointer(P), S) then
Result := StrPas(P)
else
Result := '';
end;
function TVerInfoRes.GetUserDefKeyString(AKey: String): String;
var
P: Pchar;
S: UInt;
begin
Result := Format(FormatStr, [SfInfo, LoWord(TransTable^),HiWord(TransTable^),
aKey, #0]);
// get and return version query info, return empty string on error
if VerQueryValue(PChar(RezBuffer), @Result[1], Pointer(P), S) then
Result := StrPas(P)
else
Result := '';
end;
function VersionString(Ms, Ls: Longint): String;
begin
Result := Format('%d.%d.%d.%d', [HIWORD(Ms), LOWORD(Ms),
HIWORD(Ls), LOWORD(Ls)]);
end;
function TVerInfoRes.GetFileVersion: String;
begin
with FixedFileInfoBuf^ do
Result := VersionString(dwFileVersionMS, dwFileVersionLS);
end;
function TVerInfoRes.GetProductVersion: String;
begin
with FixedFileInfoBuf^ do
Result := VersionString(dwProductVersionMS, dwProductVersionLS);
end;
function TVerInfoRes.GetFileOS: String;
begin
with FixedFileInfoBuf^ do
case dwFileOS of
VOS_UNKNOWN: // Same as VOS__BASE
Result := 'Unknown';
VOS_DOS:
Result := 'Designed for MS-DOS';
VOS_OS216:
Result := 'Designed for 16-bit OS/2';
VOS_OS232:
Result := 'Designed for 32-bit OS/2';
VOS_NT:
Result := 'Designed for Windows NT';
VOS__WINDOWS16:
Result := 'Designed for 16-bit Windows';
VOS__PM16:
Result := 'Designed for 16-bit PM';
VOS__PM32:
Result := 'Designed for 32-bit PM';
VOS__WINDOWS32:
Result := 'Designed for 32-bit Windows';
VOS_DOS_WINDOWS16:
Result := 'Designed for 16-bit Windows, running on MS-DOS';
VOS_DOS_WINDOWS32:
Result := 'Designed for Win32 API, running on MS-DOS';
VOS_OS216_PM16:
Result := 'Designed for 16-bit PM, running on 16-bit OS/2';
VOS_OS232_PM32:
Result := 'Designed for 32-bit PM, running on 32-bit OS/2';
VOS_NT_WINDOWS32:
Result := 'Designed for Win32 API, running on Windows/NT';
else
Result := 'Unknown';
end;
end;
end.
==============界面单元==============
unit UtMain;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, ExtCtrls, Buttons, ComCtrls, TlHelp32, ShellAPI, StdCtrls, ProcessInfoClass,
Menus, WinTypes;
type
TFmMain = class(TForm)
ppmProcess: TPopupMenu;
N1: TMenuItem;
ppmModule: TPopupMenu;
N2: TMenuItem;
pnlTop: TPanel;
Panel2: TPanel;
pnlTool: TPanel;
spbProcess: TSpeedButton;
spbPort: TSpeedButton;
spbService: TSpeedButton;
nbkMain: TNotebook;
Splitter1: TSplitter;
pnlProcess: TPanel;
LVProcess: TListView;
pnlModule: TPanel;
LVModule: TListView;
nbkTop: TNotebook;
Label1: TLabel;
lbProcessCount: TLabel;
Label3: TLabel;
lbModuleCount: TLabel;
Label2: TLabel;
spbCheckDLL: TSpeedButton;
Label4: TLabel;
Panel1: TPanel;
Splitter2: TSplitter;
Panel3: TPanel;
LVAllModule: TListView;
BitBtn1: TBitBtn;
N7: TMenuItem;
N8: TMenuItem;
spbAbout: TSpeedButton;
N3: TMenuItem;
N4: TMenuItem;
procedure spbProcessClick(Sender: TObject);
procedure LVProcessClick(Sender: TObject);
procedure FormShow(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure N1Click(Sender: TObject);
procedure N2Click(Sender: TObject);
procedure N4Click(Sender: TObject);
procedure spbCheckDLLClick(Sender: TObject);
procedure nbkMainPageChanged(Sender: TObject);
procedure spbServiceClick(Sender: TObject);
procedure LVModuleDblClick(Sender: TObject);
procedure spbAboutClick(Sender: TObject);
procedure FormResize(Sender: TObject);
procedure N3Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
FmMain: TFmMain;
P : TProcessInfo;
implementation
uses UtAbout, UtFileInfo;
{$R *.dfm}
procedure TFmMain.spbProcessClick(Sender: TObject);
begin
nbkMain.PageIndex:= 0;
P.ShowProcess(LVProcess);
lbProcessCount.Caption:= IntToStr(P.ProcessCount);
end;
procedure TFmMain.LVProcessClick(Sender: TObject);
begin
if LVProcess.Selected= nil then exit;
P.ShowModules(StrToInt(Trim(LVProcess.Selected.SubItems.Strings[0])),LVModule);
lbModuleCount.Caption:= IntToStr(P.ModuleCount);
end;
procedure TFmMain.FormShow(Sender: TObject);
begin
P := TProcessInfo.Create; // FILE_ATTRIBUTE_HIDDEN
if not P.AdjustProcessPrivilege then showmessage('提升进程权限失败');
spbAbout.Left := FmMain.Width-100;
spbProcessClick(Sender);
P.ShowModules(0,LVModule);
lbModuleCount.Caption:= IntToStr(P.ModuleCount);
end;
procedure TFmMain.FormClose(Sender: TObject; var Action: TCloseAction);
begin
P.Free;
end;
procedure TFmMain.N1Click(Sender: TObject);
begin
if LVProcess.Selected <> nil then
begin
if MessageBox(handle,Pchar('确定要结束 '+LVProcess.Selected.Caption+' 吗'),'提示',mb_YESNO+mb_IconQuestion)=idNO then exit;
if P.KillProcess(StrToInt(LVProcess.Selected.SubItems.Strings[0])) then
LVProcess.Selected.Delete
else
begin
Winexec(Pchar('ntsd -c q -p '+LVProcess.Selected.SubItems.Strings[0]),SW_Hide);
showmessage('不能确定是否已结束,请刷新检查');
end;
end;
end;
procedure TFmMain.N2Click(Sender: TObject);
begin
if LVModule.Selected <> nil then
if P.KillModule(Pchar(LVModule.Selected.SubItems.Strings[1])) then
LVModule.Selected.Delete;
end;
procedure TFmMain.N4Click(Sender: TObject);
begin
N3Click(Sender);
end;
procedure TFmMain.spbCheckDLLClick(Sender: TObject);
begin
//nbkMain.PageIndex:= 1;
//P.ShowMemModules(LVAllModule);
end;
procedure TFmMain.nbkMainPageChanged(Sender: TObject);
begin
nbkTop.PageIndex:= nbkMain.PageIndex;
end;
procedure TFmMain.LVModuleDblClick(Sender: TObject);
begin
if LVModule.Selected= nil then exit;
Application.CreateForm(TFmFileInfo,FmFileInfo);
FmFileInfo.fileName:= LVModule.Selected.SubItems.Strings[1];
FmFileInfo.ShowModal;
end;
procedure TFmMain.spbAboutClick(Sender: TObject);
begin
FmAbout.showmodal;
end;
procedure TFmMain.FormResize(Sender: TObject);
begin
spbAbout.Left := FmMain.Width-100;
end;
procedure TFmMain.N3Click(Sender: TObject);
var
ModuleName: string;
begin
ModuleName:= InputBox('查找','请输入要查找的DLL名称','');
if Trim(ModuleName)='' then exit;
P.FindModules(ModuleName);
end;
end.