|
پیدا کردن یک پروسه در پروسه های دیگر با نام
فایلش
با استفاده از تابع FindInProcessEx می توانید
هندل (Handle) یک پروسه مانند با آدرس فایل آن بدست بیاورید.
توجه: این تابع بر روی پروسه های سیستمی ویندوز های نوع NT مانند NT ، 2000 و XP
کار نخواهد کرد. برخی پروسه های سیستمی عبارتند از mdm.exe , inetinfo.exe , svhost.exe و...
type
DWORD = Longword;
BOOL=Boolean;
UINT=Cardinal;
const
TH32CS_SNAPHEAPLIST = $00000001;
TH32CS_SNAPPROCESS = $00000002;
TH32CS_SNAPTHREAD = $00000004;
TH32CS_SNAPMODULE = $00000008;
TH32CS_INHERIT = $80000000;
TH32CS_SNAPALL =
TH32CS_SNAPHEAPLIST or TH32CS_SNAPPROCESS or
TH32CS_SNAPTHREAD or
TH32CS_SNAPMODULE;
MAX_MODULE_NAME32 = 255;
SYNCHRONIZE = $00100000;
PROCESS_TERMINATE = $0001;
MAX_PATH = 260;
kernel32 = 'kernel32.dll';
type
TProcessEntry32 = packed record
dwSize:
DWORD;
cntUsage:
DWORD;
th32ProcessID: DWORD; // this process
th32DefaultHeapID: DWORD;
th32ModuleID: DWORD; // associated exe
cntThreads:
DWORD;
th32ParentProcessID: DWORD; // this process's parent process
pcPriClassBase: Longint; // Base priority of process's threads
dwFlags:
DWORD;
szExeFile:
array[0..MAX_PATH - 1] of Char;// Path
end;
TModuleEntry32 = record
dwSize: DWORD;
th32ModuleID: DWORD; // This module
th32ProcessID: DWORD; // owning
process
GlblcntUsage: DWORD; // Global
usage count on the module
ProccntUsage: DWORD; // Module
usage count in th32ProcessID's context
modBaseAddr: PBYTE; // Base address
of module in th32ProcessID's context
modBaseSize: DWORD; // Size in
bytes of module starting at modBaseAddr
hModule: HMODULE; // The hModule of
this module in th32ProcessID's context
szModule:
array[0..MAX_MODULE_NAME32] of Char;
szExePath: array[0..MAX_PATH - 1]
of Char;
end;
function CreateToolhelp32Snapshot (dwFlags, th32ProcessID: DWORD): THandle
stdcall;external kernel32 name 'CreateToolhelp32Snapshot';
function Process32First(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL
stdcall;external kernel32 name 'Process32First';
function Process32Next(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL
stdcall;external kernel32 name 'Process32Next';
function OpenProcess(dwDesiredAccess: DWORD; bInheritHandle: BOOL; dwProcessId:
DWORD): THandle; stdcall;external
kernel32 name 'OpenProcess';
function TerminateProcess(hProcess: THandle; uExitCode: UINT): BOOL;
stdcall;external kernel32 name 'TerminateProcess';
function Module32First(hSnapshot: THandle; var lpme: TModuleEntry32): BOOL
stdcall;external kernel32 name 'Module32First';
function Module32Next(hSnapshot: THandle; var lpme: TModuleEntry32): BOOL
stdcall;external kernel32 name 'Module32Next';
Function FindInProcess(name:string;SearchInOther:Boolean;var
FileName:string):THandle;
Function FindInProcessEx(name:string;SearchInOther:Boolean;var
FileName:string):THandle;
Function GetProcessFilePath(name:string;ProcessID:DWORD;findexe:boolean):string;
implementation
Function FindInProcess(name:string;SearchInOther:Boolean;var
FileName:string):THandle;
var
fData: TProcessEntry32;
fHandler: THandle;
fFileN:string;
Function SearchProcess:THandle;
begin
fFileN:=fData.szExeFile;
fFileN:=extractFileName(fFileN);
result:=0;
name:=LowerCase(name);
fFileN:=LowerCase(fFileN);
If
name=fFileN then
Result:=OpenProcess(SYNCHRONIZE or PROCESS_TERMINATE ,
False,fData.th32ProcessID)
else begin
If
SearchInOther then
If
pos(name,fFileN)<>0 then begin
Result:=OpenProcess(SYNCHRONIZE or PROCESS_TERMINATE,
False,fData.th32ProcessID);
FileName:=fData.szExeFile ;
end;
end;
end;
begin
fData.dwSize := SizeOf(fData);
fHandler :=
CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
result:=0;
FileName:='';
try
if Process32First(fHandler, fData)
then
begin
result:=SearchProcess;
If result<>0 then exit;
while Process32Next(fHandler,
fData) do
begin
result:=SearchProcess;
If result<>0 then exit;
end;
end;
finally
CloseHandle(fHandler);
end;
end;
Function FindInProcessEx(name:string;SearchInOther:Boolean;var
FileName:string):THandle;
var
fData: TProcessEntry32;
fHandler: THandle;
fFileN:string;
Function SearchProcess:THandle;
begin
fFileN:=fData.szExeFile;
fFileN:=extractFileName(fFileN);
result:=0;
name:=LowerCase(name);
fFileN:=LowerCase(fFileN);
If name=fFileN then
Result:=OpenProcess(SYNCHRONIZE or PROCESS_TERMINATE ,
False,fData.th32ProcessID)
else begin
If SearchInOther then
If pos(name,fFileN)<>0 then begin
Result:=OpenProcess(SYNCHRONIZE or PROCESS_TERMINATE,
False,fData.th32ProcessID);
FileName:=GetProcessFilePath(name,fData.th32ProcessID,true);
if FileName='' then
FileName:=fData.szExeFile;
end;
end;
end;
begin
fData.dwSize := SizeOf(fData);
fHandler := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
result:=0;
FileName:='';
try
if Process32First(fHandler, fData) then
begin
result:=SearchProcess;
If result<>0 then exit;
while Process32Next(fHandler, fData) do
begin
result:=SearchProcess;
If result<>0 then exit;
end;
end;
finally
CloseHandle(fHandler);
end;
end;
Function GetProcessFilePath(name:string;ProcessID:DWORD;findexe:boolean):string;
var
fData: TModuleEntry32;
fHandler: THandle;
fFileN:string;
tmpResult:string;
function GetFileName:string ;
begin
result:='';
If pos(name,fFileN)<>0 then begin
if findexe then begin
if pos('.exe',fFileN)<>0 then
result:=fData.szExePath;
end else
result:=fData.szExePath;
tmpResult:=fData.szExePath;
end;
end;
begin
fData.dwSize := SizeOf(fData);
fHandler := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProcessID);
tmpResult:='';
result:='';
fFileN:='';
name:=LowerCase(name);
try
if Module32First(fHandler, fData) then
begin
fFileN:=extractFileName(LowerCase(fData.szExePath));
result:=GetFileName;
if result<>'' then
exit;
while Module32Next(fHandler, fData) do
begin
fFileN:=extractFileName(LowerCase(fData.szExePath));
result:=GetFileName;
if result<>'' then
exit;
end;
end;
if (findexe) and (result='') then
result:=tmpResult;
finally
CloseHandle(fHandler);
end;
end;
| |
|
