获得系统中运行的程序及使用的DLL文件

发表于:2007-07-14来源:作者:点击数: 标签:
在Microsoft Visual Studio中提供了一个可以查看当前运行的程序的工具Process Viewer 可以查看系统中当前运行的程序,下面我来介绍在你的程序中如何实现这种功能。 Windows 提供了一系列的API函数可以建立当前的程序、模块、线程的“快照”(SnapShot) 利用这
     在Microsoft Visual Studio中提供了一个可以查看当前运行的程序的工具Process Viewer
可以查看系统中当前运行的程序,下面我来介绍在你的程序中如何实现这种功能。
    Windows提供了一系列的API函数可以建立当前的程序、模块、线程的“快照”(SnapShot)
利用这些“快照”函数就可以获得当前的程序、模块等的信息。
    下面实现的步骤:

    1、在Form1中加入一个CommandButton控件、两个ListBox控件
    2、在Form1中加入如下代码:

Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" _
        (ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" _
        (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" _
        (ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Private Declare Function Module32First Lib "kernel32" _
        (ByVal hSnapshot As Long, lppe As MODULEENTRY32) As Long
Private Declare Function Module32Next Lib "kernel32" _
        (ByVal hSnapshot As Long, lppe As MODULEENTRY32) As Long

Private Declare Function CloseHandle Lib "kernel32" (ByVal _
        hObject As Long) As Long
Private Declare Function SendMessage Lib "user32" Alias _
        "SendMessageA" (ByVal hwnd As Long, ByVal wMsg As _
        Long, ByVal wParam As Long, lParam As Any) As Long

Private Type PROCESSENTRY32
    dwSize As Long
    cntUsage As Long
    th32ProcessID As Long
    th32DefaultHeapID As Long
    th32ModuleID As Long
    cntThreads As Long
    th32ParentProcessID As Long
    pcPriClassBase As Long
    dwFlags As Long
    szExeFile As String * 1024
End Type

Private Type MODULEENTRY32
    dwSize As Long
    th32ModuleID As Long
    th32ProcessID As Long
    GlblcntUsage As Long
    Proclearcase/" target="_blank" >ccntUsage As Long
    modBaseAddr As Byte
    modBaseSize As Long
    hModule As Long
    szModule As String * 256
    szExePath As String * 1024
End Type

Const LB_SETHORIZONTALEXTENT = &H194
Const TH32CS_SNAPHEAPLIST = &H1
Const TH32CS_SNAPPROCESS = &H2
Const TH32CS_SNAPTHREAD = &H4
Const TH32CS_SNAPMODULE = &H8
Const TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST Or TH32CS_SNAPPROCESS _
                        Or TH32CS_SNAPTHREAD Or TH32CS_SNAPMODULE)
Const TH32CS_INHERIT = &H80000000

Dim MyEntry(100) As PROCESSENTRY32

Private Sub Command1_Click()
    Dim my As PROCESSENTRY32
    Dim l As Long
   
    List1.Clear
    l = SendMessage(List1.hwnd, &H194, 640, 0)
    '建立当前程序快照
    l = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
    If l Then
        my.dwSize = 1060
        If (Process32First(l, my)) Then '遍历第一个程序
            '遍历所有程序直到返回值为False
            Do
                List1.AddItem (Trim$(my.szExeFile))
                MyEntry(List1.ListCount - 1) = my
            Loop Until (Process32Next(l, my) < 1)
End If
'关闭快照句柄
CloseHandle l
End If
End Sub

Private Sub Form_Load()
Command1_Click
End Sub

Private Sub List1_Click()
Dim l As Long
Dim mm As MODULEENTRY32
Dim lm As Long
Dim astr As String

If MyEntry(List1.ListIndex).th32ProcessID <> 0 Then
        l = SendMessage(List2.hwnd, &H194, 640, 0)
        List2.Clear
         
        '根据程序快照句柄建立程序的模块句柄
        lm = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, _
            MyEntry(List1.ListIndex).th32ProcessID)
        If lm > 0 Then
            mm.dwSize = Len(mm)
            '获得第一个模块
            If Module32First(lm, mm) Then
                '遍历所有模块知道返回值为False
                Do
                    If MyEntry(List1.ListIndex).th32ProcessID = _
                        mm.th32ProcessID Then
                         
                        astr = Left$(mm.szModule, (InStr(1, _
                            mm.szModule, Chr(0)) - 1))
                         
                        List2.AddItem astr
                    End If
                Loop Until (Module32Next(lm, mm) < 1)
End If
CloseHandle (lm)
End If
End If
End Sub

运行程序,List1中就列出当前运行的所有的程序的名称及路径,点击其中任一个列表,
在List2中就会列出这个程序所使用的DLL的文件名。按下Command1重新获得系统中运行的程序。
上面只是通过简单的程序介绍了“快照”的建立和使用,只要稍加改造,就可以获得诸如
程序的线程数、模块尺寸、模块在内存的基地址等信息。
以上程序在Windows95、VB5.0下运行通过。 

原文转自:http://www.ltesting.net