unitprocess.pas

参照上兴、鸽子等源码编写编写出来的。 编译环境：Delphi7+SP+DP+indy9等控件

{Unit perteneciente al troyano Coolvibes que contiene todas las funciones
relaccionadas con los procesos del sistema}
unit UnitProcess;

interface

uses
  Windows,classes,
  SysUtils,
  TLhelp32,
  PsAPI;

  function GetProc():String;
  function TerminarProceso(PID: String): Boolean;
  function RutaProcesos(PID: DWORD): string;

implementation

function GetProc():String;
var
  ThreadID: array[0..100] of Dword;
  isOK: Boolean;
  ProcessHandle: THandle;
  ProcessStruct: TProcessEntry32;
  i: Integer;
//  ClassName: array[0..255] of Char;
//  WindowText: array[0..255] of Char;
//  strPass: string;
begin

  ProcessHandle := createtoolhelp32snapshot(Th32cs_snapprocess, 0);
  ProcessStruct.dwSize := SizeOf(ProcessStruct);
  isOK := process32first(ProcessHandle, ProcessStruct);
  for i := 0 to 100 do
    ThreadID[i] := 0;
  ThreadID[0] := ProcessStruct.th32ProcessID;
  i := 0;
  while isOK do
  begin
    Result:=Result + String(ProcessStruct.szExeFile) + '|'+
    IntToStr(ProcessStruct.th32ProcessID)+'|'+
    IntToStr(ProcessStruct.cntThreads)+'|'+
    IntToStr(ProcessStruct.pcPriClassBase)+'|'+
    string(RutaProcesos(ProcessStruct.th32ProcessID))+'|';
    isOK := process32next(ProcessHandle, ProcessStruct);
    inc(i);
    ThreadID[i] := ProcessStruct.th32ProcessID;
  end;
  CloseHandle(ProcessHandle);
end;

//Cierra el proceso con PID. Si sale bien, devuelve true
function TerminarProceso(PID: String): Boolean;
var
  ProcessHandle : THandle;
begin
  try ProcessHandle := OpenProcess(PROCESS_ALL_ACCESS, TRUE, StrToInt64(PID));
    if TerminateProcess(ProcessHandle ,0) then
      Result := True
  except
    Result := False;
  end;
end;

//Obtenemos la ruta del ejecutable del proceso
function RutaProcesos(PID: DWORD): string;
var
Handle: THandle;
begin
  Result := ' ';
  Handle := OpenProcess(PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, False, PID);
    if Handle <> 0 then   //Si el proceso existe
       try
         SetLength(Result, MAX_PATH);
            begin
               if GetModuleFileNameEx(Handle, 0, PChar(Result), MAX_PATH) > 0 then  //Obtenemos path del proceso
                    SetLength(Result, StrLen(PChar(Result)))
               else
                    Result := ' ';
               end
       finally
         CloseHandle(Handle);
    end;
end;


end.