能力值:
( LV12,RANK:470 )
2 楼
NtQuerySystemInformation(SystemModuleInformation,
然后返回一结构.C里面有 delphi的偶不知道..你自己转化一下 明白了就简单了嘛...不过如果你不懂delphi偶也没有办法了
因为偶也不懂delphi...其实很简单的
能力值:
( LV5,RANK:60 )
3 楼
这种代码很多的
我在电脑里给你找了个
procedure TForm1.Button8Click(Sender: TObject);
var
Buffer: Pointer;
Info: PSystemModuleInformation;
Length: Longword;
I, C: Integer;
begin
Length := 0;
NtQuerySystemInformation(SystemModuleInformation, nil, 0, @Length);
Buffer := AllocMem(Length);
try
NtCheck(NtQuerySystemInformation(SystemModuleInformation, Buffer, Length, @Length));
Memo1.Lines.Clear;
C := PInteger(Buffer)^;
Info := Pointer(Cardinal(Buffer) + 4);
for I := 0 to C - 1 do
begin
Memo1.Lines.Add(Info.ImageName);
Memo1.Lines.Add(' Base: ' + IntToHex(Cardinal(Info.Base), 8));
Memo1.Lines.Add(' Size: ' + IntToStr(Info.Size));
Memo1.Lines.Add(' LoadCount: ' + IntToStr(Info.LoadCount));
Info := Pointer(Cardinal(Info) + SizeOf(TSystemModuleInformation));
end;
finally
FreeMem(Buffer);
end;
end;
参考下吧
能力值:
( LV2,RANK:10 )
4 楼
编译倒是没问题 可是 运行会出现错误 帮忙看看
unit Unit1;
interface
uses
Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
Dialogs, StdCtrls, FileCtrl, ExtCtrls,mypas;
type
TForm1 = class(TForm)
ListBox1: TListBox;
Button4: TButton;
procedure Button4Click(Sender: TObject);
private
{ Private declarations }
public
{ Public declarations }
end;
var
Form1: TForm1;
implementation
{$R *.dfm}
function NtQuerySystemInformation(
SystemInformationClass:DWord;
SystemInformation:Pointer;
SystemInformationLength:DWord;
ReturnLength:DWord):DWord;stdcall;
external 'NTdll.dll' name 'NtQuerySystemInformation';
procedure w_token();
var
hToken :THandle ;
tkp :TOKEN_PRIVILEGES ;
otkp :TOKEN_PRIVILEGES ;
dwLen :Dword ;
begin
if OpenProcessToken(GetCurrentProcess ,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY ,hToken) then
begin
LookupPrivilegevalue(Nil ,'SeShutdownPrivilege' ,tkp.Privileges[0].Luid) ;
tkp.PrivilegeCount := 1 ;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken ,False ,tkp ,sizeof(tkp) ,otkp,dwLen) ;
if (GetLastError() = ERROR_SUCCESS) then
begin
end ;
end ;
end;
//////////////////////////////////////////////////////////////
procedure EnumKernelModule(hListBox:DWORD);
var
Buffer: Pointer;
Info: PSystemModuleInformation;
Length: Longword;
I, C: Integer;
buffer2:string;
begin
length:=0;
NtQuerySystemInformation(SystemModuleInformation,NiL,0,length);
Buffer := AllocMem(Length);
try
NtQuerySystemInformation(SystemModuleInformation, Buffer, Length, Length);
C := PInteger(Buffer)^;
Info := Pointer(Cardinal(Buffer) + 4);
for I := 0 to C - 1 do
begin
buffer2:=format('内核模块基地址:%08X -- 模块大小:%08X -- 模块名称:%s ',
[Cardinal(Info.Base),info.dwSize,info.imagename]);
SendMessage(hListBox,LB_ADDSTRING,0,integer(buffer2[1]));
Info := Pointer(Cardinal(Info) + SizeOf(TSystemModuleInformation));
end;
except
end;
end;
///////////////////////////////////////////////////////////////
procedure TForm1.Button4Click(Sender: TObject);
begin
EnumKernelModule(listbox1.Handle);
end;
end.
、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、、
以下是 MYPAS.PAS 中一些声明
不知道是否有错误的
unit mypas;
interface
uses
Windows;
const
SystemProcessesAndThreadsInformation=5;
SystemModuleInformation=11;
type
UNICODE_STRING=record
_Length:word;
MaximumLength:word;
Buffer:pointer;
end;
_CLIENT_ID =record
UniqueProcess:dword;
UniqueThread:dword;
end;
_SYSTEM_THREADS=record
KernelTime: FILETIME; //CPU内核模式使用时间
UserTime: FILETIME; //CPU用户模式使用时间
CreateTime: FILETIME; //线程创建时间
WaitTime: DWORD; //等待时间
StartAddress: dWORD; //线程开始的虚拟地址
ClientId: _CLIENT_ID; //线程标识符
Priority: DWORD; //线程优先级
BasePriority: DWORD; //基本优先级
ContextSwitchCount: DWORD; //环境切换数目
State: DWORD; //当前状态
WaitReason: DWORD; //等待原因
end;
_VM_COUNTERS=record
//虚拟存储器的结构
PeakVirtualSize: DWORD; //虚拟存储峰值大小
VirtualSize: DWORD; //虚拟存储大小
PageFaultCount: DWORD; //页故障数目
PeakWorkingSetSize: DWORD; //工作集峰值大小
WorkingSetSize: DWORD; //工作集大小
QuotaPagedPoolUsage: DWORD; //分页池使用配额
QuotaPeakNonPagedPoolUsage: DWORD; //非分页池使用配额峰值
QuotaNonPagedPoolUsage: DWORD; //非分页池使用配额
PagefileUsage: DWORD; //页文件使用情况
PeakPagefileUsage: DWORD; //页文件使用峰值
end;
_IO_COUNTERS=record
ReadOperationCount :LARGE_INTEGER ; //I/O读操作数目;
WriteOperationCount :LARGE_INTEGER ; //I/O写操作数目;
OtherOperationCount :LARGE_INTEGER ; //I/O其他操作数目;
ReadTransferCount :LARGE_INTEGER ; //I/O读数据数目;
WriteTransferCount :LARGE_INTEGER ; //I/O写数据数目;
OtherTransferCount :LARGE_INTEGER ; //i/O其他操作数据数目;
end;
SYSTEM_PROCESSES =record
//系统进程结构
NextEntryDelta: DWORD; //构成结构序列的偏移量
dThreadCount: DWORD; //线程数目
dReserved1: array[0..5] of DWORD ; //保留参数1
ftCreateTime: FILETIME; //创建时间
ftUserTime: FILETIME; //用户模式(Ring 3)的CPU时间
ftKernelTime: FILETIME; //内核模式(Ring 0)的CPU时间
ProcessName: UNICODE_STRING; //进程名(Unicode)
BasePriority: DWORD; //进程优先权
dUniqueProcessID: DWORD; //进程标识(ID)
dParentProcessID: DWORD; //父进程的标识符
dHandleCount: DWORD; //句柄数目
dReserved2: array[0..1] of DWORD; //保留参数2
VmCounters: _VM_COUNTERS; //虚拟存储器的结构
dCommitCharge: _IO_COUNTERS; //IO计数结构
Threads: _SYSTEM_THREADS; //进程相关线程的
end; SYSTEM_MODULE_INFORMATION =record //Information Class 11
Reserved: array[0..1] of DWORD;
Base: Pointer;
dwSize: DWORD; // original name Size
Flags: DWORD;
Index: WORD;
Unknown: WORD;
LoadCount: WORD;
ModuleNameOffset: WORD;
ImageName: array[0..255] of CHAR;
end;
tSYSTEMMODULEINFORMATION= SYSTEM_MODULE_INFORMATION;
pSYSTEMMODULEINFORMATION=^SYSTEM_MODULE_INFORMATION;
implementation
end.
能力值:
(RANK:410 )
5 楼
type
_SYSTEM_INFORMATION_CLASS =
(
SystemBasicInformation,
SystemProcessorInformation,
SystemPerformanceInformation,
SystemTimeOfDayInformation,
SystemNotImplemented1,
SystemProcessesAndThreadsInformation,
SystemCallCounts,
SystemConfigurationInformation,
SystemProcessorTimes,
SystemGlobalFlag,
SystemNotImplemented2,
SystemModuleInformation,
SystemLockInformation,
SystemNotImplemented3,
SystemNotImplemented4,
SystemNotImplemented5,
SystemHandleInformation,
SystemObjectInformation,
SystemPagefileInformation,
SystemInstructionEmulationCounts,
SystemInvalidInfoClass1,
SystemCacheInformation,
SystemPoolTagInformation,
SystemProcessorStatistics,
SystemDpcInformation,
SystemNotImplemented6,
SystemLoadImage,
SystemUnloadImage,
SystemTimeAdjustment,
SystemNotImplemented7,
SystemNotImplemented8,
SystemNotImplemented9,
SystemCrashDumpInformation,
SystemExceptionInformation,
SystemCrashDumpStateInformation,
SystemKernelDebuggerInformation,
SystemContextSwitchInformation,
SystemRegistryQuotaInformation,
SystemLoadAndCallImage,
SystemPrioritySeparation,
SystemNotImplemented10,
SystemNotImplemented11,
SystemInvalidInfoClass2,
SystemInvalidInfoClass3,
SystemTimeZoneInformation,
SystemLookasideInformation,
SystemSetTimeSlipEvent,
SystemCreateSession,
SystemDeleteSession,
SystemInvalidInfoClass4,
SystemRangeStartInformation,
SystemVerifierInformation,
SystemAddVerifier,
SystemSessionProcessesInformation
);
TSystemInformationClass = _SYSTEM_INFORMATION_CLASS;
_SYSTEM_MODULE = packed record
Reserved :Array [0..1] of LongWord;
ImageBase :Pointer;
ImageSize :LongWord;
Flags :LongWord;
Index :Word ;
Unknown :Word ;
LoadCount :Word ;
ModuleNameOffset:Word ;
ImageName :Array [0..255] of Char ;
end ;
TSystemModule = _SYSTEM_MODULE;
PSystemModule = ^TSystemModule;
_SYSTEM_MODULE_INFORMATION = packed record
ModulesCount:LongWord;
Modules :TSystemModule;
end ;
TSystemModuleInformation = _SYSTEM_MODULE_INFORMATION;
PSystemModuleInformation = ^TSystemModuleInformation;
function NtQuerySystemInformation(SystemInformationClass:TSystemInformationClass;
SystemInformation:Pointer;
SystemInformationLength:LongWord;
ReturnLength:pLongWord):LongWord;stdcall;
function NtQuerySystemInformation; external 'NTdll.dll' name 'NtQuerySystemInformation' ;
procedure _wsprintf(var pOubBuff;
pFormat:pChar ;
n1,n2,n3,n4:LongWord;
s1,s2:pChar ); cdecl;
procedure _wsprintf; external 'user32.dll' name 'wsprintfA' ;
procedure EnumKernelModule(hListBox:Handle ; dwReserved1,dwReserved2:LongWord);
var pSM:PSystemModule;
pSMI:PSystemModuleInformation;
dwNumModules,dwKernelModuleSize:LongWord;
i:Integer ;
pOutStr:Array [0..255] of Char ;
begin
NtQuerySystemInformation(SystemModuleInformation,nil ,0,@dwKernelModuleSize);
GetMem(pSMI,dwKernelModuleSize);
try
NtQuerySystemInformation(SystemModuleInformation,pSMI,dwKernelModuleSize,nil );
dwNumModules := pSMI^.ModulesCount;
pSM := @pSMI^.Modules;
for i := 1 to dwNumModules do
begin
ZeroMemory (@pOutStr,sizeof (pOutStr));
_wsprintf(pOutStr,
'内核模块基地址:%08X --- 模块大小:%08X --- 模块标志:%08X --- 模块索引:%08X --- 模块名称:%s --- 模块路径:%s' ,
LongWord(pSM^.ImageBase),
pSM^.ImageSize,
pSM^.Flags,
pSM^.Index,
pChar (LongWord(@pSM^.ImageName) + pSM^.ModuleNameOffset),
@pSM^.ImageName);
SendMessage (hListBox,LB_ADDSTRING,0,LongWord(@pOutStr));
pSM := PSystemModule(LongWord(pSM) + sizeof (TSystemModule));
end ;
finally
FreeMem(pSMI,dwKernelModuleSize);
end ;
end ;