www.pudn.com > ProcessSpy.rar > ProcessSpyFm.pas
unit ProcessSpyFm;
interface
uses
Windows, Messages,tlhelp32,define, ComCtrls, StdCtrls, Controls, Classes,
SysUtils, Graphics, Forms, Dialogs, ExtCtrls, Grids;
type
TForm1 = class(TForm)
Label1: TLabel;
TreeView1: TTreeView;
Panel1: TPanel;
Label2: TLabel;
Edit1: TEdit;
Label3: TLabel;
Label4: TLabel;
Label5: TLabel;
Label6: TLabel;
Label7: TLabel;
Label8: TLabel;
Label9: TLabel;
Label10: TLabel;
Edit2: TEdit;
Edit3: TEdit;
Edit4: TEdit;
Edit5: TEdit;
Edit6: TEdit;
Edit7: TEdit;
Edit8: TEdit;
Edit9: TEdit;
StringGrid1: TStringGrid;
StringGrid2: TStringGrid;
StringGrid3: TStringGrid;
procedure FormActivate(Sender: TObject);
procedure Button1Click(Sender: TObject);
procedure TreeView1Click(Sender: TObject);
private
{ Private declarations }
procedure InitProcessInfo;
procedure InItTree;
procedure InitStrGrid;
function getStr(Schar:Pchar;dStr:String):String;
procedure InitModuleInfo(ProcessId: DWORD);
procedure InitThreadInfo(ProcessId: DWORD);
procedure InitHeapInfo(ProcessId,ThreadId: DWORD);
public
{ Public declarations }
end;
var
Form1: TForm1;
ProcessInfo: array[0..100] of TProcessInfo;
ModuleInfo: array[0..1023] of TModuleInfo ;
ThreadInfo: array[0..1023] of TThreadInfo ;
HeapInfo : array[0..1024] of THeapInfo ;
hProcessSnap,hModuleSnap,hThreadSnap,hHeapSnap:LongWord;
pe32 :PROCESSENTRY32;
me32 :MODULEENTRY32;
te32 :THREADENTRY32;
he32 :heapentry32;
InfoStr:String;
found : boolean;
Pcount,Mcount,Tcount,Hcount : integer;
implementation
{$R *.DFM}
procedure TForm1.FormActivate(Sender: TObject);
begin
OnActivate:=nil;
Mcount:=0;
InitProcessInfo;
InitTree;
InitStrGrid;
//Init
end;
procedure TForm1.InitStrGrid;
begin
StringGrid1.Cells[0,0]:='结构大小';
StringGrid1.Cells[1,0]:='模块号';
StringGrid1.Cells[2,0]:='进程号';
StringGrid1.Cells[3,0]:='全局引用计数';
StringGrid1.Cells[4,0]:='模块引用计数';
StringGrid1.Cells[5,0]:='模块基地址';
StringGrid1.Cells[6,0]:='模块大小';
StringGrid1.Cells[7,0]:='句柄';
StringGrid1.Cells[8,0]:='模块名';
StringGrid1.Cells[9,0]:='路径';
StringGrid2.Cells[0,0]:='结构大小';
StringGrid2.Cells[1,0]:='线程引用计数';
StringGrid2.Cells[2,0]:='线程号';
StringGrid2.Cells[3,0]:='进程号';
StringGrid2.Cells[4,0]:='优先级';
StringGrid2.Cells[5,0]:='改变量';
StringGrid3.Cells[0,0]:='结构大小';
StringGrid3.Cells[1,0]:='堆的句柄';
StringGrid3.Cells[2,0]:='堆起始地址';
StringGrid3.Cells[3,0]:='堆的大小';
StringGrid3.Cells[4,0]:='标志';
StringGrid3.Cells[5,0]:='进程号';
StringGrid3.Cells[6,0]:='堆号';
end;
procedure TForm1.InitProcessInfo;
begin
hProcessSnap := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
if hProcessSnap = INVALID_HANDLE_VALUE then
begin
Exit;
end;
pe32.dwSize := SizeOf(pe32);
found:=Process32First(hProcessSnap, pe32);
pcount:=0;
while found do
begin
ProcessInfo[pcount].dwSize :=pe32.dwSize;
ProcessInfo[pcount].cntUsage :=pe32.cntUsage;
ProcessInfo[pcount].th32ProcessID :=pe32.th32ProcessID;
ProcessInfo[pcount].th32DefaultHeapID :=pe32.th32DefaultHeapID;
ProcessInfo[pcount].th32ModuleID :=pe32.th32ModuleID;
ProcessInfo[pcount].cntThreads :=pe32.cntThreads;
ProcessInfo[pcount].th32ParentProcessID:=pe32.th32ParentProcessID;
ProcessInfo[pcount].pcPriClassBase :=pe32.pcPriClassBase;
ProcessInfo[pcount].dwFlags :=pe32.dwFlags;
StrPLCopy(ProcessInfo[pcount].szExeFile,pe32.szExeFile,StrLen(pe32.szExeFile));
InitModuleInfo(ProcessInfo[pcount].th32ProcessID); //获取模块信息
InitThreadInfo(pe32.th32ProcessID); //获取线程隹息
inc(pcount);
found := Process32Next(hProcessSnap,pe32);
end;
// caption:=inttostr(pcount);
CloseHandle(hProcessSnap);
end;
procedure TForm1.InitModuleInfo(ProcessId: DWORD);
begin
hModuleSnap := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,ProcessId);
if (hModuleSnap = INVALID_HANDLE_VALUE) then
begin
Exit;
end;
me32.dwSize := SizeOf(me32);
found:=Module32First(hModuleSnap, me32);
while found do
begin
ModuleInfo[Mcount].dwSize :=me32.dwSize;
ModuleInfo[Mcount].th32ModuleID :=me32.th32ModuleID;
ModuleInfo[Mcount].th32ProcessID:=me32.th32ProcessID;
ModuleInfo[Mcount].GlblcntUsage :=me32.GlblcntUsage;
ModuleInfo[Mcount].ProccntUsage :=me32.ProccntUsage;
ModuleInfo[Mcount].modBaseAddr :=me32.modBaseAddr;
ModuleInfo[Mcount].modBaseSize :=me32.modBaseSize;
ModuleInfo[Mcount].hModule :=me32.hModule;
StrPLCopy(ModuleInfo[Mcount].szModule,me32.szModule,StrLen(me32.szModule));
StrPLCopy(ModuleInfo[Mcount].szExePath,me32.szExePath,StrLen(me32.szModule));
ModuleInfo[Mcount].ProcessId :=ProcessId;
inc(Mcount);
found := Module32Next(hModuleSnap,me32);
end;
CloseHandle(hModuleSnap);
end;
procedure TForm1.InitThreadInfo(ProcessId: DWORD);
begin
hThreadSnap := CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,ProcessId);
if (hThreadSnap = INVALID_HANDLE_VALUE) then
begin
Exit;
end;
te32.dwSize := SizeOf(te32);
found:=Thread32First(hThreadSnap, te32);
Tcount:=0;
while found do
begin
ThreadInfo[Tcount].dwSize :=Te32.dwSize;
ThreadInfo[Tcount].cntUsage :=Te32.cntUsage;
ThreadInfo[Tcount].th32ThreadID :=Te32.th32ThreadID;
ThreadInfo[Tcount].th32OwnerProcessID :=Te32.th32OwnerProcessID;
ThreadInfo[Tcount].tpBasePri :=Te32.tpBasePri;
ThreadInfo[Tcount].tpDeltaPri :=Te32.tpDeltaPri;
ThreadInfo[Tcount].dwFlags :=Te32.dwFlags;
InitHeapInfo(Te32.th32OwnerProcessID,Te32.th32ThreadID);
inc(Tcount);
found := Thread32Next(hThreadSnap,Te32);
end;
CloseHandle(hThreadSnap);
// hSnapshot := CreateToolhelp32Snapshot(TH32CS_SNAPHEAPLIST, ProcessId);
end;
procedure TForm1.InitHeapInfo(ProcessId,ThreadId: DWORD);
begin
hHeapSnap := CreateToolhelp32Snapshot(TH32CS_SNAPHEAPLIST,ProcessId);
if (hHeapSnap = INVALID_HANDLE_VALUE) then
begin
Exit;
end;
He32.dwSize := SizeOf(he32);
found:=Heap32First(he32, ProcessId, ThreadId);
Hcount:=0;
while found do
begin
HeapInfo[Hcount].dwSize :=he32.dwSize;
HeapInfo[Hcount].hHandle :=he32.hHandle;
HeapInfo[Hcount].dwAddress :=he32.dwAddress;
HeapInfo[Hcount].dwBlockSize :=he32.dwBlockSize;
HeapInfo[Hcount].dwFlags :=he32.dwFlags;
HeapInfo[Hcount].dwLockCount :=he32.dwLockCount;
HeapInfo[Hcount].dwResvd :=he32.dwResvd;
HeapInfo[Hcount].th32ProcessID:=he32.th32ProcessID;
HeapInfo[Hcount].th32HeapID :=he32.th32HeapID;
inc(Hcount);
found := Heap32Next(he32);
end;
CloseHandle(hHeapSnap);
end;
procedure TForm1.Button1Click(Sender: TObject);
var
K:integer;
begin
end;
procedure TForm1.InItTree;
var
MyTreeNode1, MyTreeNode2: TTreeNode;
MyTreeNode : array[0..100] of TTreeNode;
MyTreeStr: String;
I,j:integer;
Str:String;
begin
with TreeView1.Items do
begin
Clear;
for I:=0 to Pcount-1 do
begin
MytreeStr:=String(ProcessInfo[i].szExeFile);
if i=0 then
MyTreeNode[i]:=Add(nil,MytreeStr)
else
begin
MyTreeNode[i]:=AddChild(MyTreeNode[0],MytreeStr);
MyTreeNode[i] := TreeView1.Items[i];
end;
end;
end;
end;
function TForm1.getStr(Schar:Pchar;dStr:String):String;
begin
Result:='';
StrPCopy(Schar,dStr);
Result:=dStr;
end;
procedure TForm1.TreeView1Click(Sender: TObject);
var
I,K,C :integer;
MytreeStr,Str:String;
begin
for I:=0 to Pcount-1 do
begin
MytreeStr:=String(ProcessInfo[i].szExeFile);
if (TreeView1.Selected.Text=MytreeStr) then
begin
Edit1.Text:=intToStr(ProcessInfo[i].dwSize);
Edit2.Text:=IntToStr(ProcessInfo[i].cntUsage);
Edit3.Text:=IntTOStr(ProcessInfo[i].th32ProcessID);
Edit4.Text:=IntToStr(ProcessInfo[i].th32DefaultHeapID);
Edit5.Text:=IntToStr(ProcessInfo[i].th32ModuleID);
Edit6.Text:=IntToStr(ProcessInfo[i].cntThreads);
Edit7.Text:=IntToStr(ProcessInfo[i].th32ParentProcessID);
Edit8.Text:=IntToStr(ProcessInfo[i].pcPriClassBase);
Edit9.Text:=String(ProcessInfo[i].szExeFile);
c:=1;
for K:=0 to Mcount-1 do
begin
if (ProcessInfo[I].th32ProcessID=ModuleInfo[K].th32ProcessID) then
begin
if C>5 then
StringGrid1.ROWCount:=c;
StringGrid1.Cells[0,c]:=IntToStr(ModuleInfo[K].dwSize);
StringGrid1.Cells[1,c]:=IntToStr(ModuleInfo[K].th32ModuleID);
StringGrid1.Cells[2,c]:=IntToStr(ModuleInfo[K].th32ProcessID);
StringGrid1.Cells[3,c]:=IntToStr(ModuleInfo[K].GlblcntUsage);
StringGrid1.Cells[4,c]:=IntToStr(ModuleInfo[K].ProccntUsage);
// StringGrid1.Cells[5,c]:=IntToStr(ModuleInfo[K].modBaseAddr);
StringGrid1.Cells[6,c]:=IntToStr(ModuleInfo[K].modBaseSize);
StringGrid1.Cells[7,c]:=IntToStr(ModuleInfo[K].hModule);
StringGrid1.Cells[8,c]:=String(ModuleInfo[K].szModule);
StringGrid1.Cells[9,c]:=String(ModuleInfo[K].szExePath);
inc(c);
end;
end;
c:=1;
for K:=0 to Tcount-1 do
begin
if (ProcessInfo[I].th32ProcessID=ThreadInfo[K].th32OwnerProcessID) then
begin
if C>5 then
StringGrid2.ROWCount:=c;
StringGrid2.Cells[0,c]:=IntToStr(ThreadInfo[K].dwSize);
StringGrid2.Cells[1,c]:=IntToStr(ThreadInfo[K].cntUsage);
StringGrid2.Cells[2,c]:=IntToStr(ThreadInfo[K].th32ThreadID);
StringGrid2.Cells[3,c]:=IntToStr(ThreadInfo[K].th32OwnerProcessID);
StringGrid2.Cells[4,c]:=IntToStr(ThreadInfo[K].tpBasePri);
StringGrid2.Cells[5,c]:=IntToStr(ThreadInfo[K].tpDeltaPri);
inc(c);
end;
end;
c:=1;
for K:=0 to Tcount-1 do
begin
if (ProcessInfo[I].th32ProcessID=HeapInfo[K].th32ProcessID) then
begin
if c>5 then
StringGrid3.ROWCount:=c;
StringGrid3.Cells[0,c]:=IntToStr(HeapInfo[K].dwSize);
StringGrid3.Cells[1,c]:=IntToStr(HeapInfo[K].hHandle);
StringGrid3.Cells[2,c]:=IntToStr(HeapInfo[K].dwAddress);
StringGrid3.Cells[3,c]:=IntToStr(HeapInfo[K].dwBlockSize);
StringGrid3.Cells[4,c]:=IntToStr(HeapInfo[K].dwFlags);
StringGrid3.Cells[5,c]:=IntToStr(HeapInfo[K].dwLockCount);
StringGrid3.Cells[6,c]:=IntToStr(HeapInfo[K].th32ProcessID);
StringGrid3.Cells[7,c]:=IntToStr(HeapInfo[K].th32HeapID);
inc(c);
end;
end;
end;
end;
end;
end.