delphi 自制简易获取系统进程模块信息

uses

  TlHelp32;

var

  ModuArr: array of TModuleEntry32; //用来装载TModuleEntry32模块信息

  PidList: TStrings;

  count: DWORD;

function GetProcessPid: TStrings; //引声获取进程PID

var

  Pname: string;

  hProc: THandle;

  isFind: Boolean;

  Proc: TProcessEntry32;

  Pid: DWORD;

begin

  try

    Result := TStringList.Create;

    hProc := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);

    Proc.dwSize := SizeOf(Proc);

    isFind := Process32First(hProc, Proc);

    while isFind do

    begin

      Pname := string(Proc.szExeFile);

      Form1.cbb1.Items.Add(Pname);

      Pid := Proc.th32ProcessID;

      Result.Add(IntToStr(Pid));

      isFind := Process32Next(hProc, Proc);

    end;

    Form1.cbb1.ItemIndex := 0;

  finally

    CloseHandle(hProc);

  end

end;

procedure GetProcessModule(Pid: dword); //声明根据进程PID获取模块信息

var

  hPm: THandle;

  Pm: TModuleEntry32;

  canFind: Boolean;

  j: DWORD;

begin

  try

    hPm := CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, Pid);

    Pm.dwSize := SizeOf(Pm);

    canFind := Module32First(hPm, Pm);

    j := 0;

    while canFind do

    begin

      SetLength(ModuArr, j + 1);

      ModuArr[j] := Pm;

      Form1.lst1.Items.Add(pm.szExePath);

      canFind := Module32Next(hPm, Pm);

      inc(j);

    end;

  finally

    CloseHandle(hPm);

  end;

end;

procedure TForm1.FormCreate(Sender: TObject);

begin

  PidList := TStringList.Create;

  PidList.Clear;

  PidList := GetProcessPid;

end;

procedure TForm1.cbb1Click(Sender: TObject);

var

  Pid, i: DWORD;

begin

  lst1.Clear;

  Pid := StrToInt(PidList[cbb1.ItemIndex]);

  count := cbb1.ItemIndex;

  GetProcessModule(Pid);

end;

procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);

begin

  FreeAndNil(PidList);

end;

procedure TForm1.lst1Click(Sender: TObject);

var

  i: integer;

begin

  lst2.Clear;

  if lst1.Items[lst1.ItemIndex] <> '' then

    for i := 0 to Length(ModuArr) - 1 do

      if SameText(lst1.Items[lst1.ItemIndex], ModuArr[i].szExePath) then

      begin

        lst2.Items.Add('模块名称           ：' + moduarr[i].szModule);

        lst2.Items.Add('模块               ID：' + inttostr(moduarr[i].th32ModuleID));

        lst2.Items.Add('所属进程       ID：' + inttostr(moduarr[i].th32ProcessID));

        lst2.Items.Add('进程使用数       ：' + inttostr(moduarr[i].ProccntUsage));

        lst2.Items.Add('全局使用数       ：' + inttostr(moduarr[i].GlblcntUsage));

        lst2.Items.Add('进程大小           ：' + inttostr(moduarr[i].dwSize));

        lst2.Items.Add(format('模块大小    ：%.8x', [moduarr[i].modBaseSize]));

        lst2.Items.Add(Format('模块句柄    ：%.8x', [moduarr[i].hModule]));

        lst2.Items.Add(format('模块基地址：%.8x', [integer(moduarr[i].modBaseAddr)]));

      end;

end;

————————————————

原文链接：https://blog.csdn.net/haiou327/article/details/6685000