www.pudn.com > process.rar > list_pro.pas, change:2014-10-25,size:29146b


unit list_pro; 
interface 
uses 
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms, 
  Dialogs, tlHelp32,ExtCtrls, ComCtrls, Buttons,psAPI, StdCtrls, ToolWin, 
  Spin, Menus,clipbrd, StrUtils,IoCtrl,PsClass; 
  const 
  STATUS_INFO_LENGTH_MISMATCH: LongWord= $C0000004; 
  ntdll                                 = 'ntdll.dll'; 
  THREAD_ALL_ACCESS=(STANDARD_RIGHTS_REQUIRED or SYNCHRONIZE or $3FF); 
 type 
    TPsDrvInputData = record 
      dwProcessId: DWord; 
      ExitStatus: DWord; 
      SystemMajorVer: DWord; 
      SystemMinorVer: DWord; 
      ServicePackVer: DWord; 
    end; 
    //////////////////////////////// 
type 
  TForm1 = class(TForm) 
    Panel1: TPanel; 
    Panel2: TPanel; 
    ListView_pro: TListView; 
    ListView_mod: TListView; 
    SpeedButton1: TSpeedButton; 
    SpeedButton2: TSpeedButton; 
    SpeedButton3: TSpeedButton; 
    SpeedButton4: TSpeedButton; 
    SpeedButton5: TSpeedButton; 
    CoolBar1: TCoolBar; 
    StatusBar1: TStatusBar; 
    SpeedButton6: TSpeedButton; 
    SpeedButton7: TSpeedButton; 
    Listview_thr: TListView; 
    Button1: TButton; 
    SpeedButton8: TSpeedButton; 
    SpeedButton9: TSpeedButton; 
    SpeedButton10: TSpeedButton; 
    SpeedButton11: TSpeedButton; 
    Button2: TButton; 
    procedure FormActivate(Sender: TObject); 
    procedure ListView_proDblClick(Sender: TObject); 
    procedure SpeedButton2Click(Sender: TObject); 
    procedure SpeedButton1Click(Sender: TObject); 
    procedure SpeedButton3Click(Sender: TObject); 
    procedure SpeedButton4Click(Sender: TObject); 
    procedure ListView_proClick(Sender: TObject); 
    procedure SpeedButton5Click(Sender: TObject); 
    procedure ListView_proColumnClick(Sender: TObject; 
      Column: TListColumn); 
    procedure ListView_modColumnClick(Sender: TObject; 
      Column: TListColumn); 
    procedure ListView_thrColumnClick(Sender: TObject; 
      Column: TListColumn); 
    procedure FormCreate(Sender: TObject); 
    procedure Refresh(); 
    procedure SpeedButton6Click(Sender: TObject); 
    procedure SpeedButton7Click(Sender: TObject); 
    function GetProcessPath(ProcessID: DWORD): string; 
    procedure Button1Click(Sender: TObject); 
    procedure SpeedButton8Click(Sender: TObject); 
    procedure SpeedButton9Click(Sender: TObject); 
    procedure SpeedButton10Click(Sender: TObject); 
    procedure SpeedButton11Click(Sender: TObject); 
    procedure Button2Click(Sender: TObject); 
    procedure FormClose(Sender: TObject; var Action: TCloseAction); 
  private 
    { Private declarations } 
    procedure GetModules( ProcessID: DWORD); 
    procedure GetProcesses; 
  public 
    { Public declarations } 
        FSnapshotHandle: THandle; 
  end; 
  TCustomSortStyle = (cssAlphaNum, cssNumeric, cssDateTime); 
  ///////////////////////////////////////////////////////// 
  PVOID = Pointer; 
  LONG = Longint; 
  NTSTATUS = LONG; 
  _CLIENT_ID = record 
    UniqueProcess:THANDLE; 
    UniqueThread:THANDLE; 
  end; 
  CLIENT_ID = _CLIENT_ID; 
  PCLIENT_ID = ^CLIENT_ID; 
  PSYSTEM_THREAD_INFORMATION = ^TSystemThreadInfo; 
  _SYSTEM_THREAD_INFORMATION = packed record 
  KernelTime: LARGE_INTEGER; // 100 nsec units //$000 
  UserTime: LARGE_INTEGER; // 100 nsec units //$008 
  CreateTime: LARGE_INTEGER; // relative to 01-01-1601 //$010 
  WaitTime: DWORD; //$018 
  pStartAddress: PVOID; //$01C 
  Cid: CLIENT_ID; // process/thread ids //$020 
  Priority: DWORD; //$028 
  BasePriority: DWORD; //$02C 
  ContextSwitches: DWORD; //$030 
  ThreadState: DWORD; // 2=running, 5=waiting //$034 
  WaitReason: DWORD; //KWAIT_REASON; //$038 
  uReserved01: DWORD; //$03C 
  end; //$040 
  TSystemThreadInfo = _SYSTEM_THREAD_INFORMATION; 
  SYSTEM_THREAD_INFORMATION = _SYSTEM_THREAD_INFORMATION; 
  USHORT = Word; 
  PWSTR = LPWSTR; 
  _UNICODE_STRING = record 
    Length : USHORT; 
    MaximumLength : USHORT; 
    Buffer : PWSTR; 
  end; 
  ULONG_PTR = Longword; 
  UNICODE_STRING = _UNICODE_STRING; 
  PCUNICODE_STRING = ^UNICODE_STRING; 
  SIZE_T = ULONG_PTR; 
  PVM_COUNTERS = ^TVmCounters; 
  _VM_COUNTERS = packed record 
  uPeakVirtualSize: ULONG; 
  uVirtualSize: ULONG; 
  uPageFaultCount: ULONG; 
  uPeakWorkingSetSize: ULONG; 
  uWorkingSetSize: ULONG; 
  uQuotaPeakPagedPoolUsage: ULONG; 
  uQuotaPagedPoolUsage: ULONG; 
  uQuotaPeakNonPagedPoolUsage: ULONG; 
  uQuotaNonPagedPoolUsage: ULONG; 
  uPagefileUsage: ULONG; 
  uPeakPagefileUsage: ULONG; 
  end; 
  TVmCounters = _VM_COUNTERS; 
  VM_COUNTERS = _VM_COUNTERS; 
 
  PIO_COUNTERSEX = ^TIoCountersex; 
  _IO_COUNTERSEX = packed record 
  ReadOperationCount: LARGE_INTEGER; 
  WriteOperationCount: LARGE_INTEGER; 
  OtherOperationCount: LARGE_INTEGER; 
  ReadTransferCount: LARGE_INTEGER; 
  WriteTransferCount: LARGE_INTEGER; 
  OtherTransferCount: LARGE_INTEGER; 
  end; 
  TIoCountersex = _IO_COUNTERSEX; 
  IO_COUNTERSEX = _IO_COUNTERSEX; 
 
  _SYSTEM_PROCESS_INFORMATION = record 
    NextEntryOffset : ULONG; 
    NumberOfThreads : ULONG; 
    dwUnknown1 : array[0..5] of DWORD; 
    CreationTime : FILETIME; 
    UserTime : FILETIME; 
    KernelTime : FILETIME; 
    ImageName : UNICODE_STRING; 
    BasePriority : LONG; 
    UniqueProcessId : THandle; 
    InheritedFromUniqueProcessId : THandle; 
    HandleCount : ULONG; 
    SessionId : ULONG; 
    PageDirectoryFrame : ULONG; 
    PrivatePageCount : ULONG; 
    vmCounters : VM_COUNTERS; 
    ioCounters : IO_COUNTERSEX; 
    Threads : array[0..0] of SYSTEM_THREAD_INFORMATION; 
    //----------------------------------------- 
  end; 
  SYSTEM_PROCESS_INFORMATION = _SYSTEM_PROCESS_INFORMATION; 
  PSYSTEM_PROCESS_INFORMATION = ^SYSTEM_PROCESS_INFORMATION; 
    _SYSTEM_INFORMATION_CLASS = ( 
    SystemBasicInformation, 
    SystemProcessorInformation, 
    SystemPerformanceInformation, 
    SystemTimeOfDayInformation, 
    SystemPathInformation,              /// Obsolete: Use KUSER_SHARED_DATA 
    SystemProcessInformation, 
    SystemCallCountInformation, 
    SystemDeviceInformation, 
    SystemProcessorPerformanceInformation, 
    SystemFlagsInformation, 
    SystemCallTimeInformation, 
    SystemModuleInformation, 
    SystemLocksInformation, 
    SystemStackTraceInformation, 
    SystemPagedPoolInformation, 
    SystemNonPagedPoolInformation, 
    SystemHandleInformation, 
    SystemObjectInformation, 
    SystemPageFileInformation, 
    SystemVdmInstemulInformation, 
    SystemVdmBopInformation, 
    SystemFileCacheInformation, 
    SystemPoolTagInformation, 
    SystemInterruptInformation, 
    SystemDpcBehaviorInformation, 
    SystemFullMemoryInformation, 
    SystemLoadGdiDriverInformation, 
    SystemUnloadGdiDriverInformation, 
    SystemTimeAdjustmentInformation, 
    SystemSummaryMemoryInformation, 
    SystemNextEventIdInformation, 
    SystemEventIdsInformation, 
    SystemCrashDumpInformation, 
    SystemExceptionInformation, 
    SystemCrashDumpStateInformation, 
    SystemKernelDebuggerInformation, 
    SystemContextSwitchInformation, 
    SystemRegistryQuotaInformation, 
    SystemExtendServiceTableInformation, 
    SystemPrioritySeperation, 
    SystemPlugPlayBusInformation, 
    SystemDockInformation, 
    SystemPowerInformationNative, 
    SystemProcessorSpeedInformation, 
    SystemCurrentTimeZoneInformation, 
    SystemLookasideInformation, 
    SystemTimeSlipNotification, 
    SystemSessionCreate, 
    SystemSessionDetach, 
    SystemSessionInformation, 
    SystemRangeStartInformation, 
    SystemVerifierInformation, 
    SystemAddVerifier, 
    SystemSessionProcessesInformation, 
    SystemInformationClassMax); 
  SYSTEM_INFORMATION_CLASS = _SYSTEM_INFORMATION_CLASS; 
  TSystemInformationClass = SYSTEM_INFORMATION_CLASS; 
function NtQuerySystemInformation( 
                                SystemInformationClass : SYSTEM_INFORMATION_CLASS; 
                                SystemInformation : PVOID; 
                                SystemInformationLength : ULONG; 
                                ReturnLength : PULONG 
                                ) : NTSTATUS; stdcall; external ntdll; 
function   OpenThread(dwDesiredAccess:   DWORD; 
                      bInheritHandle: BOOL; 
                      dwProcessId:   DWORD 
                      ): THandle; stdcall; external kernel32; 
  ///////////////////////////////////////////////////////// 
var 
  Form1: TForm1; 
  LvSortStyle: TCustomSortStyle; 
  LvSortOrder: array[0..2] of Boolean; 
  //////////////////////////// 
  lpFilePart: PAnsiChar; 
   InData: TPsDrvInputData; 
   PsDrvCtrl: TDriverControl; 
   dwProcessId, dwReturn: DWord; 
   lpDrvPath: Array [0..255] of Char; 
   //////////////////////////////////////// 
   type 
  PUnicodeString = ^TUnicodeString;  
  TUnicodeString = packed record  
    Length: Word;  
    MaximumLength: Word;  
    Buffer: PWideChar;  
  end;  
type  
  PObjectAttributes = ^TObjectAttributes;  
  TObjectAttributes = packed record  
    Length: Cardinal;  
    RootDirectory: THandle;  
    ObjectName: PUnicodeString;  
    Attributes: Cardinal;  
    SecurityDescriptor: Pointer;  
    SecurityQualityOfService: Pointer;  
  end;  
type  
  PClientId = ^TClientId;  
  TClientId = packed record  
    UniqueProcess: Cardinal;  
    UniqueThread: Cardinal;  
  end;  
type  
  PROCESS_BASIC_INFORMATION = ^TPROCESS_BASIC_INFORMATION;  
  TPROCESS_BASIC_INFORMATION = packed record  
    ExitStatus: NTSTATUS;  
    PebBaseAddress: ULONG;  
    AffinityMask: ULONG;  
    BasePriority: ULONG;  
    UniqueProcessId: ULONG;  
    InheritedFromUniqueProcessId: ULONG;  
  end;  
type  
  PTSYSTEM_HANDLE_TABLE_ENTRY_INFO = ^TSYSTEM_HANDLE_TABLE_ENTRY_INFO;  
  TSYSTEM_HANDLE_TABLE_ENTRY_INFO = record  
    UniqueProcessId : SHORT;  
    CreatorBackTraceIndex : SHORT;  
    ObjectTypeIndex : BYTE ;  
    HandleAttributes : BYTE ;  
    HandleValue : SHORT; 
    pObject : DWORD ;  
    GrantedAccess : ULONG ;  
  end;  
function ZwQueryInformationProcess(ProcessHandle: THANDLE; ProcessInformationClass: ULONG; ProcessInformation: PVOID; ProcessInformationLength: ULONG; ReturnLength: PULONG): NTSTATUS; stdcall; external 'ntdll.dll';  
function ZwQuerySystemInformation(SystemInformationClass: cardinal; SystemInformation: PVOID; SystemInformationLength: ULONG; lpReturnLength: PULONG): NTSTATUS; stdcall; external 'ntdll.dll'; 
function ZwDuplicateObject(SourceProcessHandle: THANDLE; SourceHandle: THANDLE; TargetProcessHandle: THANDLE; TargetHandle: PHANDLE; DesiredAccess: ACCESS_MASK; Attributes: ULONG; Options: ULONG): NTSTATUS; stdcall; external 'ntdll.dll';  
function ZwOpenProcess(ProcessHandle: PHandle; DesiredAccess: ACCESS_MASK; ObjectAttributes: PObjectAttributes; ClientId: PClientId): NTSTATUS; stdcall; external 'ntdll.dll';  
function ZwClose(Handle: THandle): NTSTATUS; stdcall; external 'ntdll.dll';  
function LzOpenProcess(dwDesiredAccess, ProcessId: Cardinal; TryZwFirst: Boolean): Cardinal; 
implementation 
{$R *.dfm} 
function SuspendProcess(hProcess:THandle):DWORD;stdcall;external 'ntdll.dll' Name 'ZwSuspendProcess'; 
function ResumeProcess(hProcess:THandle):DWORD;stdcall;external 'ntdll.dll' Name 'ZwResumeProcess'; 
/////////////////////////////////// 
function NT_SUCCESS(Status : NTSTATUS) : BOOL; 
begin 
  Result := Status >= 0; 
end; 
////////////////////////////////// 
function LzOpenProcess(dwDesiredAccess, ProcessId: Cardinal; TryZwFirst: Boolean): Cardinal;  
var  
  st: cardinal; 
  cid: TClientId;  
  oa: TObjectAttributes;  
  NumOfHandle: Integer;  
  pbi: TPROCESS_BASIC_INFORMATION;  
  I: Integer;  
  hProcessToDup,hProcessCur,hProcessToRet: Cardinal;  
  arySize: Cardinal;  
  TempNum: Cardinal;  
  bytBuf: array of Byte; 
  h_info: array of TSYSTEM_HANDLE_TABLE_ENTRY_INFO;  
begin  
  Result:=0;  
  ZeroMemory(@oa, SizeOf(oa));  
  ZeroMemory(@cid, SizeOf(cid)); 
  oa.Length:=SizeOf(oa);  
  if TryZwFirst then  
  begin  
    {首先尝试ZwOpenProcess}  
    cid.UniqueProcess:=ProcessId;  
    st:=ZwOpenProcess(@hProcessToRet, dwDesiredAccess, @oa, @cid); 
    if NT_SUCCESS(st) then  
    begin  
      Result:=hProcessToRet;  
      Exit;  
    end;  
  end; 
  SetLength(bytBuf,1024); 
  st:=ZwQuerySystemInformation(16{SystemModuleInformation}, @bytBuf[0], Length(bytBuf), @arySize); 
  if not NT_SUCCESS(st) then  
  begin  
    if st<>$C0000004{STATUS_INFO_LENGTH_MISMATCH} then Exit;  
    SetLength(bytBuf, arySize);  
    st:=ZwQuerySystemInformation(16{SystemModuleInformation}, @bytBuf[0], arySize, @TempNum); 
    if not NT_SUCCESS(st) then Exit;  
  end;  
  NumOfHandle:=PULONG(@bytBuf[0])^;  
  SetLength(h_info, NumOfHandle);  
  CopyMemory(@h_info[0], Pointer(Cardinal(@bytBuf[0])+SizeOf(ULONG)), SizeOf(TSYSTEM_HANDLE_TABLE_ENTRY_INFO)*NumOfHandle);  
  //枚举句柄完成,下来开始测试句柄  
  for I := Low(h_info) to High(h_info) do  
  begin  
    if h_info[I].ObjectTypeIndex=5{OB_TYPE_PROCESS} then  
    begin  
      cid.UniqueProcess:=h_info[I].UniqueProcessId;  
      st:=ZwOpenProcess(@hProcessToDup, $40{PROCESS_DUP_HANDLE}, @oa, @cid);  
      if NT_SUCCESS(st) then  
      begin  
        st:=ZwDuplicateObject(hProcessToDup, h_info[I].HandleValue, $FFFFFFFF{ZwGetCurrentProcess}, @hProcessCur, PROCESS_ALL_ACCESS, 0, $4{DUPLICATE_SAME_ATTRIBUTES});  
        if NT_SUCCESS(st) then  
        begin  
          st:=ZwQueryInformationProcess(hProcessCur, 0{ProcessBasicInformation}, @pbi, SizeOf(TPROCESS_BASIC_INFORMATION), nil);  
          if NT_SUCCESS(st) then  
          begin  
            if pbi.UniqueProcessId = ProcessId then  
            begin  
              st:= ZwDuplicateObject(hProcessToDup, h_info[I].HandleValue, $FFFFFFFF{ZwGetCurrentProcess}, @hProcessToRet, dwDesiredAccess, 0, $4{DUPLICATE_SAME_ATTRIBUTES});  
              if NT_SUCCESS(st) then Result := hProcessToRet;  
            end;  
          end;  
        end;  
        ZwClose(hProcessCur);  
      end;  
      ZwClose(hProcessToDup);  
    end;  
  end;  
end; 
////////////////////////////////// 
function CustomSortProc(Item1, Item2: TListItem; SortColumn: Integer): Integer; stdcall; 
var 
  s1, s2: string; 
  i1, i2: Integer; 
  r1, r2: Boolean; 
  d1, d2: TDateTime; 
  { Helper functions } 
function IsValidNumber(AString : string; var AInteger : Integer): Boolean; 
var 
    Code: Integer; 
begin 
      Val(AString, AInteger, Code); 
      Result := (Code = 0); 
end; 
function IsValidDate(AString : string; var ADateTime : TDateTime): Boolean; 
begin 
     Result := True; 
     try 
           ADateTime := StrToDateTime(AString); 
     except 
           ADateTime := 0; 
           Result := False; 
     end; 
end; 
function CompareDates(dt1, dt2: TDateTime): Integer; 
begin 
     if (dt1 > dt2) then Result := 1 
     else 
     if (dt1 = dt2) then Result := 0 
     else 
     Result := -1; 
end; 
function CompareNumeric(AInt1, AInt2: Integer): Integer; 
begin 
     if AInt1 > AInt2 then Result := 1 
     else 
     if AInt1 = AInt2 then Result := 0 
     else 
     Result := -1; 
end; 
begin 
     Result := 0; 
     if (Item1 = nil) or (Item2 = nil) then Exit; 
     case SortColumn of 
      -1 : { Compare Captions } 
          begin 
               s1 := Item1.Caption; 
               s2 := Item2.Caption; 
          end; 
          else   { Compare Subitems } 
          begin 
               s1 := ''; 
               s2 := ''; 
               { Check Range } 
               if (SortColumn < Item1.SubItems.Count) then 
               s1 := Item1.SubItems[SortColumn]; 
               if (SortColumn < Item2.SubItems.Count) then 
               s2 := Item2.SubItems[SortColumn] 
          end; 
     end; 
     { Sort styles } 
     case LvSortStyle of 
     cssAlphaNum : Result := lstrcmp(PChar(s1), PChar(s2)); 
     cssNumeric  : begin 
                        r1 := IsValidNumber(s1, i1); 
                        r2 := IsValidNumber(s2, i2); 
                        Result := ord(r1 or r2); 
                        if Result <> 0 then 
                        Result := CompareNumeric(i2, i1); 
                   end; 
     cssDateTime : begin 
                        r1 := IsValidDate(s1, d1); 
                        r2 := IsValidDate(s2, d2); 
                        Result := ord(r1 or r2); 
                        if Result <> 0 then 
                        Result := CompareDates(d1, d2); 
                   end; 
     end; 
     { Sort direction } 
     if LvSortOrder[SortColumn + 1] then 
     Result := - Result; 
end; 
procedure TForm1.GetProcesses; 
var 
  hSnap     : THandle; 
  ProcessEntry : TProcessEntry32; 
  Proceed   : Boolean; 
begin 
     hSnap := CreateToolhelp32Snapshot( TH32CS_SNAPALL , 0 ); //创建系统快照 
     if HSnap <> -1 then 
     begin 
          ProcessEntry.dwSize := SizeOf(TProcessEntry32);  //先初始化 FProcessEntry32 的2018注册送白菜网 
          Proceed := Process32First(hSnap, ProcessEntry); 
          while Proceed do 
          begin 
               with ProcessEntry do 
               with listview_pro.Items.Add do 
               begin 
                    caption:=szEXEFile; 
                    subitems.Add(inttostr(Th32ProcessID)); 
                    subitems.Add(GetProcessPath(Th32ProcessID)); 
                    subitems.Add(inttostr(th32ParentProcessID)); 
                    subitems.Add(inttostr(cntThreads)); 
                    subitems.Add(inttostr(pcPriClassBase)); 
               end; 
               Proceed := Process32Next( hSnap, ProcessEntry); 
          end; 
          CloseHandle( hSnap ); 
     end 
     else 
     ShowMessage( 'whoops...' + SysErrorMessage(GetLastError)); 
end; 
procedure TForm1.GetModules( ProcessID: DWORD); 
var hSnap       : THandle; 
    ModuleEntry : TModuleEntry32; 
    Proceed     : Boolean; 
begin 
     hSnap := CreateToolhelp32Snapshot( TH32CS_SNAPMODULE , ProcessID ); 
     if HSnap <> -1 then 
     begin 
          ModuleEntry.dwSize := SizeOf(TModuleEntry32); 
          Proceed :=  Module32First(hSnap, ModuleEntry); 
          while Proceed do 
          begin 
               with ModuleEntry do 
               with listview_mod.Items.Add do 
               begin 
                    caption:=szModule; 
                    subitems.Add(ExtractFilePath(szEXEPath)+szModule); 
                    subitems.Add(floattostr(ModBaseSize/1024)); 
                    subitems.Add(inttostr(GlblCntUsage)); 
               end; 
               Proceed := Module32Next( hSnap, ModuleEntry); 
          end; 
          CloseHandle( hSnap ); 
     end 
     else 
     ShowMessage( 'whoops...' + SysErrorMessage(GetLastError)); 
end; 
procedure TForm1.FormActivate(Sender: TObject); 
begin 
     listview_pro.Items.Clear; 
     listview_mod.Items.Clear; 
     GetProcesses; 
     statusbar1.panels[0].Text:='系统进程总数:'+inttostr(listview_pro.Items.Count); 
end; 
procedure TForm1.ListView_proDblClick(Sender: TObject); 
begin 
     SpeedButton1Click(Sender); 
     SpeedButton5Click(Sender); 
end; 
procedure TForm1.SpeedButton2Click(Sender: TObject); 
begin 
Refresh(); 
end; 
procedure TForm1.SpeedButton1Click(Sender: TObject); 
begin 
     if listview_pro.Selected<>nil then 
     begin 
          listview_mod.Items.BeginUpdate; 
          listview_mod.Items.Clear; 
          listview_mod.Items.EndUpdate; 
          GetModules(strtoint(listview_pro.Selected.SubItems.Strings[0])); 
          statusbar1.panels[1].Text:='选定进程模块总数:'+inttostr(listview_mod.Items.Count); 
     end; 
end; 
procedure TForm1.SpeedButton3Click(Sender: TObject); 
var uexitcode:byte; 
    ProcessHndle : THandle; 
begin 
     if listview_pro.Selected<>nil then 
     begin 
               ProcessHndle:=LzOpenProcess(PROCESS_ALL_ACCESS,strtoint(listview_pro.Selected.SubItems.Strings[0]),true); 
               TerminateProcess(ProcessHndle,uexitcode); 
               refresh(); 
               statusbar1.panels[0].Text:='系统进程总数:'+inttostr(listview_pro.Items.Count); 
               CloseHandle(ProcessHndle); 
     end; 
end; 
procedure TForm1.SpeedButton4Click(Sender: TObject); 
begin 
     close; 
end; 
procedure TForm1.ListView_proClick(Sender: TObject); 
begin 
     statusbar1.panels[1].Text:=''; 
     statusbar1.panels[2].Text:=''; 
     statusbar1.panels[3].Text:=''; 
     listview_mod.Items.BeginUpdate; 
     listview_mod.Items.Clear; 
     listview_mod.Items.EndUpdate; 
     listview_thr.Items.BeginUpdate; 
     listview_thr.Items.Clear; 
     listview_thr.Items.EndUpdate; 
end; 
procedure TForm1.SpeedButton5Click(Sender: TObject); 
var ProcessHndle : THandle; 
    pmc: PPROCESS_MEMORY_COUNTERS; 
    cb: Integer; 
begin 
   if listview_pro.Selected<>nil then 
   begin 
      ProcessHndle:=LzOpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ,strtoint(listview_pro.Selected.SubItems.Strings[0]),true); 
      cb := SizeOf(_PROCESS_MEMORY_COUNTERS); 
      GetMem(pmc, cb); 
      pmc^.cb := cb; 
      if GetProcessMemoryInfo(ProcessHndle, pmc, cb) 
      then statusbar1.Panels[2].Text := '选定进程内存用量:'+floatToStr(pmc^.WorkingSetSize/1024) + ' KB' 
      else statusbar1.Panels[2].Text := '无法获取内存的使用结构'; 
      FreeMem(pmc); 
      CloseHandle(ProcessHndle); 
   end; 
end; 
procedure TForm1.ListView_proColumnClick(Sender: TObject; 
  Column: TListColumn); 
begin 
     case Column.Index of 
     1,3,4,5:LvSortStyle := cssNumeric; 
     0,2: LvSortStyle := cssAlphaNum; 
     end; 
     ListView_pro.CustomSort(@CustomSortProc, Column.Index -1); 
     LvSortOrder[Column.Index] := not LvSortOrder[Column.Index]; 
end; 
procedure TForm1.ListView_modColumnClick(Sender: TObject; 
  Column: TListColumn); 
begin 
     case Column.Index of 
     0,1:LvSortStyle := cssAlphaNum; 
     2,3: LvSortStyle := cssNumeric; 
     end; 
     ListView_mod.CustomSort(@CustomSortProc, Column.Index -1); 
     LvSortOrder[Column.Index] := not LvSortOrder[Column.Index]; 
end; 
procedure TForm1.ListView_thrColumnClick(Sender: TObject; 
  Column: TListColumn); 
begin 
case Column.Index of 
     0: LvSortStyle := cssNumeric; 
     end; 
     ListView_thr.CustomSort(@CustomSortProc, Column.Index -1); 
     LvSortOrder[Column.Index] := not LvSortOrder[Column.Index]; 
end; 
 
////////////////////////////////////////// 
procedure SetPrivilege; 
var 
OldTokenPrivileges, TokenPrivileges: TTokenPrivileges; 
ReturnLength: dword; 
hToken: THandle; 
Luid: int64; 
begin 
OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, hToken); 
LookupPrivilegeValue(nil, 'SeDebugPrivilege', Luid); 
TokenPrivileges.Privileges[0].luid := Luid; 
TokenPrivileges.PrivilegeCount := 1; 
TokenPrivileges.Privileges[0].Attributes := 0; 
AdjustTokenPrivileges(hToken, False, TokenPrivileges, SizeOf(TTokenPrivileges), OldTokenPrivileges, ReturnLength); 
OldTokenPrivileges.Privileges[0].luid := Luid; 
OldTokenPrivileges.PrivilegeCount := 1; 
OldTokenPrivileges.Privileges[0].Attributes := TokenPrivileges.Privileges[0].Attributes or SE_PRIVILEGE_ENABLED; 
AdjustTokenPrivileges(hToken, False, OldTokenPrivileges, ReturnLength, PTokenPrivileges(nil)^, ReturnLength); 
end;  
///////////////////////////////////////// 
procedure TForm1.FormCreate(Sender: TObject); 
begin 
SetPrivilege; 
if not FileExists('PspKiller.sys') then 
        begin 
             showmessage('驱动程序加载失败'); 
             application.Terminate ; 
        end; 
     GetFullPathName('PspKiller.sys', 256, lpDrvPath, lpFilePart); //lpDrvPath为驱动路径 
     PsDrvCtrl := TDriverControl.Create(lpDrvPath, 'PspKiller'); 
     if not PsDrvCtrl.IsVaild then 
        begin 
             PsDrvCtrl.Free; 
             showmessage('驱动程序加载失败'); 
             application.Terminate ; 
        end; 
     if not PsDrvCtrl.StartDriver then 
        begin 
             PsDrvCtrl.Free; 
             showmessage('驱动程序加载失败'); 
             application.Terminate ; 
        end; 
     if not PsDrvCtrl.OpenDevice then 
        begin 
             PsDrvCtrl.StopDriver; 
             PsDrvCtrl.Free; 
             showmessage('驱动程序加载失败'); 
             application.Terminate ; 
        end; 
end; 
///////////////////////// 
procedure tform1.Refresh(); 
begin 
     statusbar1.panels[1].Text:=''; 
     statusbar1.panels[2].Text:=''; 
     statusbar1.panels[3].Text:=''; 
     listview_pro.Items.BeginUpdate; 
     listview_pro.Items.Clear; 
     listview_pro.Items.EndUpdate; 
     listview_mod.Items.BeginUpdate; 
     listview_mod.Items.Clear; 
     listview_mod.Items.EndUpdate; 
     listview_thr.Items.BeginUpdate; 
     listview_thr.Items.Clear; 
     listview_thr.Items.EndUpdate; 
     GetProcesses; 
     statusbar1.panels[0].Text:='系统进程总数:'+inttostr(listview_pro.Items.Count); 
 end; 
////////////////////////// 
procedure TForm1.SpeedButton6Click(Sender: TObject); 
var 
  hProcess:THandle; 
begin 
 if listview_pro.Selected<>nil then 
begin 
 //打开进程ID获取句柄 
hProcess:=LzOpenProcess(PROCESS_ALL_ACCESS,strtoint(listview_pro.Selected.SubItems.Strings[0]),true); 
//挂起进程 
SuspendProcess(hProcess); 
CloseHandle(hProcess); 
end; 
end; 
procedure TForm1.SpeedButton7Click(Sender: TObject); 
var 
  hProcess:THandle; 
begin 
 if listview_pro.Selected<>nil then 
begin 
 //打开进程ID获取句柄 
hProcess:=lzOpenProcess(PROCESS_ALL_ACCESS,strtoint(listview_pro.Selected.SubItems.Strings[0]),true); 
//挂起进程 
ResumeProcess(hProcess); 
CloseHandle(hProcess); 
end; 
end; 
 //////////////////////////////// 
function TForm1.GetProcessPath(ProcessID: DWORD): string; 
var 
Hand: THandle; 
ModName: Array[0..Max_Path-1] of Char; 
hMod: HModule; 
n: DWORD; 
begin 
Result:=''; 
Hand:=lzOpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, 
ProcessID, 
true); 
if Hand>0 then 
try 
ENumProcessModules(Hand,@hMod,Sizeof(hMod),n); 
if GetModuleFileNameEx(Hand,hMod,ModName,Sizeof(ModName))>0 then 
// Result:=ExtractFilePath(ModName);//得到路径 
if leftstr(ModName,4)<>'\??\' then 
begin 
Result:=ModName; //得到路径和文件名 
end 
else 
begin 
Result:=midstr(ModName,5,length(ModName)-4); 
end; 
except end; 
end; 
 //////////////////////////////// 
procedure TForm1.Button1Click(Sender: TObject); 
var 
  ProcessID: DWord; 
  ThreadHandle: THandle; 
  ThreadStruct: TThreadEntry32; 
begin 
     if listview_pro.Selected<>nil then 
     begin 
          listview_thr.Items.BeginUpdate; 
          listview_thr.Items.Clear; 
          listview_thr.Items.EndUpdate; 
  ProcessID := strtoint(listview_pro.Selected.SubItems.Strings[0]); 
  ThreadHandle := CreateToolHelp32Snapshot(TH32CS_SnapThread, Processid); 
  try 
    ThreadStruct.dwSize := sizeOf(TThreadEntry32); 
    if Thread32First(ThreadHandle, ThreadStruct) then 
      repeat 
        if ThreadStruct.th32OwnerProcessID = ProcessID then 
        with listview_thr.Items.Add do 
               begin 
                    caption:=IntTostr(ThreadStruct.th32ThreadID); 
               end; 
      until not Thread32Next(ThreadHandle, ThreadStruct); 
  finally 
    CloseHandle(ThreadHandle) 
  end; 
  statusbar1.panels[3].Text:='选定进程线程总数:'+inttostr(listview_thr.Items.Count); 
end; 
end; 
 
procedure TForm1.SpeedButton8Click(Sender: TObject); 
var 
  t: THandle; 
begin 
 if listview_thr.Selected<>nil then 
 begin 
 t:= OpenThread(THREAD_ALL_ACCESS,False,StrToInt(listview_thr.Selected.caption)); 
 terminatethread(t,0); 
 CloseHandle(t); 
 ////////////////////// 刷新 
 Button1Click(Sender); 
 end; 
end; 
procedure TForm1.SpeedButton9Click(Sender: TObject); 
var 
  t: THandle; 
begin 
 if listview_thr.Selected<>nil then 
 begin 
 t:= OpenThread(THREAD_ALL_ACCESS,False,StrToInt(listview_thr.Selected.caption)); 
 SuspendThread(t); 
 CloseHandle(t); 
 end; 
end; 
procedure TForm1.SpeedButton10Click(Sender: TObject); 
var 
  t: THandle; 
begin 
 if listview_thr.Selected<>nil then 
 begin 
 t:= OpenThread(THREAD_ALL_ACCESS,False,StrToInt(listview_thr.Selected.caption)); 
 ResumeThread(t); 
 CloseHandle(t); 
 end; 
end; 
///////////////////////////// 
function IOCTL_PSDRV_KILLPROCESS: DWord; 
begin 
     Result := CTL_CODE(FILE_DEVICE_UNKNOWN, 
                        $832, 
                        METHOD_BUFFERED, 
                        FILE_ANY_ACCESS); 
end; 
procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction); 
begin 
     PsDrvCtrl.StopDriver; 
     PsDrvCtrl.Free; 
end; 
///////////////////////////// 
procedure TForm1.SpeedButton11Click(Sender: TObject); 
begin 
Button1Click(Sender); 
end; 
procedure TForm1.Button2Click(Sender: TObject); 
begin 
if listview_pro.Selected<>nil then 
begin 
dwProcessId:=strtoint(listview_pro.Selected.SubItems.Strings[0]); 
InData.dwProcessId := dwProcessId; 
     InData.ExitStatus := 0; 
     InData.SystemMajorVer := 5; 
     InData.SystemMinorVer := 1; 
     InData.ServicePackVer := 2; 
     PsDrvCtrl.IoControl(IOCTL_PSDRV_KILLPROCESS, 
                         @InData, 
                         SizeOf(TPsDrvInputData), 
                         @dwReturn, 
                         SizeOf(DWord)); 
     if  dwReturn <> 0 then 
     showmessage('结束进程失败!错误代码:'+ inttostr(dwReturn)) 
end; 
end; 
/////////////////////////////// 
 
end. 

2018无需申请注册送58体验金