查找一个特定的EXE是否在内存中运行

来源:岁月联盟 编辑:exp 时间:2009-06-08

unit Find_Unit;

interface

uses
  Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
  StdCtrls, TLHelp32, ComCtrls;

type
  TProcessInfo=Record
                 ExeFileName:String;
                 ProcessID:DWord;
               end;

type
  TFindForm = class(TForm)
    Button1: TButton;
    Edit1: TEdit;
    Edit2: TEdit;
    SB: TStatusBar;
    Label1: TLabel;
    Label2: TLabel;
    procedure Button1Click(Sender: TObject);
    function findthread(threadname:string):boolean;
  private
    { Private declarations }
  public
    { Public declarations }
  end;

var
  FindForm: TFindForm;

implementation

{$R *.DFM}

procedure TFindForm.Button1Click(Sender: TObject);
var hfile:thandle; r:boolean;  tf:string;
begin
  r:=false; //查找空间变量是否存在 eg: in win2000 "cdrom0" is a space value
  hfile:=createfile(pchar(edit1.Text),Generic_Read or
         Generic_Write,File_Share_Read or File_Share_Write,
         nil,Open_Existing,File_Attribute_Normal,0);
  if hfile<>Invalid_Handle_Value then
     begin
       CloseHandle(hfile);
       r:=true;
     end;
  if r then sb.Panels[0].Text:=Space Find! else sb.Panels[0].Text:=Space Not Found!;
  tf:=edit2.text;
  if pos(.,tf)=0 then tf:=tf+.exe;
  if findthread(tf) then sb.Panels[1].Text:=Thread Find! else sb.Panels[1].Text:=Thread Not Found!;
end;

function TFindForm.findthread(threadname: string): boolean;
var  //关键的过程
  p:TProcessInfo;
  OK:Bool;
  ProcessListHandle:THandle;
  ProcessStruct:TProcessEntry32;
begin
  result:=false;
  ProcessListHandle:=CreateToolHelp32SnapShot(TH32CS_SNAPPROCESS,0);
  ProcessStruct.dwSize:=SizeOf(ProcessStruct);
  OK:=Process32First(ProcessListHandle,ProcessStruct);
  while Integer(OK)<>0 do
    begin
      p.ExeFileName:=ProcessStruct.szExeFile;
//      p.ProcessID:=ProcessStruct.th32ProcessID;
      OK:=Process32Next(ProcessListHandle,ProcessStruct);
      if uppercase(p.ExeFileName)=uppercase(threadname) then begin result:=true; exit; end;
    end;
  closehandle(ProcessListHandle); 
end;

end.

图片内容