記錄一下,以免忘記。
uses windows, psapi, sysutils;
const
se_security_name = 'sesecurityprivilege';
proc_thread_attribute_parent_process = $00020000;
extended_startupinfo_present = $00080000;
type
pproc_thread_attribute_list = pointer;
startupinfoex = packed record
startupinfo: tstartupinfo;
lpattributelist: pproc_thread_attribute_list;
end;
function initializeprocthreadattributelist(lpattributelist: pproc_thread_attribute_list; dwattributecount, dwflags: dword; var lpsize: cardinal): boolean; stdcall;
external 'kernel32.dll';
procedure updateprocthreadattribute(lpattributelist: pproc_thread_attribute_list; dwflags, attribute: dword; var pvalue: dword; cbsize: cardinal; ppreviousvalue: pointer;
preturnsize: pcardinal); stdcall; external 'kernel32.dll';
procedure deleteprocthreadattributelist(lpattributelist: pproc_thread_attribute_list); stdcall; external 'kernel32.dll';
function enabledebugprivilege(privname: string; candebug: boolean): boolean;
var tp : windows.token_privileges;
dummy : cardinal;
htoken: thandle;
begin
openprocesstoken(getcurrentprocess, token_adjust_privileges, htoken);
tp.privilegecount := 1;
lookupprivilegevalue(nil, pchar(privname), tp.privileges[0].luid);
if candebug then
tp.privileges[0].attributes := se_privilege_enabled
else
tp.privileges[0].attributes := 0;
result := adjusttokenprivileges(htoken, false, tp, sizeof(tp), nil, dummy);
htoken := 0;
end;
function getprocessidfromprocessname(const processname: widestring): dword;
var hprocesss : array [0 .. 100] of dword;
i, j, count : cardinal;
plist : array of dword;
hprocess : cardinal;
pathfilename: array [0 .. 255] of char;
begin
result := 0;
enumprocesses(@hprocesss, sizeof(hprocesss), count);
setlength(plist, count div sizeof(dword));
move(hprocesss, plist[0], count);
for i := low(plist) to high(plist) do
begin
if (plist[i] = 0) or (plist[i] = 4) then
begin
result := 0;
continue;
end;
hprocess := openprocess(process_query_information or process_vm_read, false, plist[i]);
getmodulefilenameex(hprocess, 0, pathfilename, 255);
closehandle(hprocess);
j := pos(lowercase(processname), lowercase(pathfilename));
if j <= 0 then
continue;
result := plist[i];
exit;
end;
end;
procedure createprocessonparentprocess(exename: string);
var pi : tprocessinformation;
si : startupinfoex;
cbalistsize: cardinal;
palist : pproc_thread_attribute_list;
hparent : cardinal;
begin
enabledebugprivilege(se_security_name, true);
fillchar(si, sizeof(si), 0);
si.startupinfo.cb := sizeof(si);
si.startupinfo.dwflags := startf_useshowwindow;
si.startupinfo.wshowwindow := sw_showdefault;
fillchar(pi, sizeof(pi), 0);
cbalistsize := 0;
initializeprocthreadattributelist(nil, 1, 0, cbalistsize);
palist := heapalloc(getprocessheap(), 0, cbalistsize);
initializeprocthreadattributelist(palist, 1, 0, cbalistsize);
hparent := openprocess(process_all_access, false, getprocessidfromprocessname('explorer.exe'));
updateprocthreadattribute(palist, 0, proc_thread_attribute_parent_process, hparent, 4, nil, nil);
si.lpattributelist := palist;
if createprocess(pwidechar(exename), nil, nil, nil, false, extended_startupinfo_present, nil, nil, si.startupinfo, pi) then
begin
closehandle(pi.hprocess);
closehandle(pi.hthread);
end;
deleteprocthreadattributelist(palist);
heapfree(getprocessheap(), 0, palist);
end;
我這裡直接指定了父程序是explorer.exe,當然你可以修改了。
程序建立,程序等待,程序終止
1 程序建立,2 程序等待,3 程序終止 程序建立被定義為通過父程序建立子程序的過程。fork函式 函式原型 pid t fork void 特點 1.fork函式呼叫一次,返回兩次兩次返回值得區別分別是子程序當中的返回值為0,父程序當中的返回值為新建子程序的id 將id返回給父程序的原因是沒有函式...
刪除指定程序
include cstring str,prcnum processentry32 processinfo 宣告程序資訊變數 processinfo.dwsize sizeof processinfo 設定processinfo的大小 返回系統中第乙個程序的資訊 bool status proces...
監控指定程序
對於守護中介軟體是非常有用的。中介軟體不可能絕對的穩定而不出問題,中介軟體有可能因比較嚴重的錯誤導致當機或者程序被人為地錯誤地關閉了中介軟體。有了這個自動守護程序的存在,這一切的問題都可以迎刃而解。program monitor uses winapi.windows,system.sysutils...