-
Notifications
You must be signed in to change notification settings - Fork 11
/
tlhelp32.pas
481 lines (421 loc) · 15.4 KB
/
tlhelp32.pas
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
{*******************************************************}
{ }
{ Borland Delphi Runtime Library }
{ Tool Help Functions, Types, and Definitions }
{ }
{ Copyright (C) 1996,99 Inprise Corporation }
//UPS :-(
{ }
{*******************************************************}
unit TLHelp32;
{$MODE Delphi}
{$WEAKPACKAGEUNIT}
interface
uses Windows;
{$HPPEMIT '#include <tlhelp32.h>'}
const
{$EXTERNALSYM MAX_MODULE_NAME32}
MAX_MODULE_NAME32 = 255;
(****** Shapshot function **********************************************)
{$EXTERNALSYM CreateToolhelp32Snapshot}
function CreateToolhelp32Snapshot(dwFlags, th32ProcessID: DWORD): THandle;
type
TCreateToolhelp32Snapshot = function (dwFlags, th32ProcessID: DWORD): THandle stdcall;
//
// The th32ProcessID argument is only used if TH32CS_SNAPHEAPLIST or
// TH32CS_SNAPMODULE is specified. th32ProcessID == 0 means the current
// process.
//
// NOTE that all of the snapshots are global except for the heap and module
// lists which are process specific. To enumerate the heap or module
// state for all WIN32 processes call with TH32CS_SNAPALL and the
// current process. Then for each process in the TH32CS_SNAPPROCESS
// list that isn't the current process, do a call with just
// TH32CS_SNAPHEAPLIST and/or TH32CS_SNAPMODULE.
//
// dwFlags
//
const
{$EXTERNALSYM TH32CS_SNAPHEAPLIST}
TH32CS_SNAPHEAPLIST = $00000001;
{$EXTERNALSYM TH32CS_SNAPPROCESS}
TH32CS_SNAPPROCESS = $00000002;
{$EXTERNALSYM TH32CS_SNAPTHREAD}
TH32CS_SNAPTHREAD = $00000004;
{$EXTERNALSYM TH32CS_SNAPMODULE}
TH32CS_SNAPMODULE = $00000008;
{$EXTERNALSYM TH32CS_SNAPALL}
TH32CS_SNAPALL = TH32CS_SNAPHEAPLIST or TH32CS_SNAPPROCESS or
TH32CS_SNAPTHREAD or TH32CS_SNAPMODULE;
{$EXTERNALSYM TH32CS_INHERIT}
TH32CS_INHERIT = $80000000;
//
// Use CloseHandle to destroy the snapshot
//
(****** heap walking ***************************************************)
type
{$EXTERNALSYM tagHEAPLIST32}
tagHEAPLIST32 = record
dwSize: DWORD;
th32ProcessID: DWORD; // owning process
th32HeapID: DWORD; // heap (in owning process's context!)
dwFlags: DWORD;
end;
{$EXTERNALSYM HEAPLIST32}
HEAPLIST32 = tagHEAPLIST32;
{$EXTERNALSYM PHEAPLIST32}
PHEAPLIST32 = ^tagHEAPLIST32;
{$EXTERNALSYM LPHEAPLIST32}
LPHEAPLIST32 = ^tagHEAPLIST32;
THeapList32 = tagHEAPLIST32;
//
// dwFlags
//
const
{$EXTERNALSYM HF32_DEFAULT}
HF32_DEFAULT = 1; // process's default heap
{$EXTERNALSYM HF32_SHARED}
HF32_SHARED = 2; // is shared heap
{$EXTERNALSYM Heap32ListFirst}
function Heap32ListFirst(hSnapshot: THandle; var lphl: THeapList32): BOOL;
{$EXTERNALSYM Heap32ListNext}
function Heap32ListNext(hSnapshot: THandle; var lphl: THeapList32): BOOL;
type
THeap32ListFirst = function (hSnapshot: THandle; var lphl: THeapList32): BOOL stdcall;
THeap32ListNext = function (hSnapshot: THandle; var lphl: THeapList32): BOOL stdcall;
type
{$EXTERNALSYM tagHEAPENTRY32}
tagHEAPENTRY32 = record
dwSize: DWORD;
hHandle: THandle; // Handle of this heap block
dwAddress: DWORD; // Linear address of start of block
dwBlockSize: DWORD; // Size of block in bytes
dwFlags: DWORD;
dwLockCount: DWORD;
dwResvd: DWORD;
th32ProcessID: DWORD; // owning process
th32HeapID: DWORD; // heap block is in
end;
{$EXTERNALSYM HEAPENTRY32}
HEAPENTRY32 = tagHEAPENTRY32;
{$EXTERNALSYM PHEAPENTRY32}
PHEAPENTRY32 = ^tagHEAPENTRY32;
{$EXTERNALSYM LPHEAPENTRY32}
LPHEAPENTRY32 = ^tagHEAPENTRY32;
THeapEntry32 = tagHEAPENTRY32;
//
// dwFlags
//
const
{$EXTERNALSYM LF32_FIXED}
LF32_FIXED = $00000001;
{$EXTERNALSYM LF32_FREE}
LF32_FREE = $00000002;
{$EXTERNALSYM LF32_MOVEABLE}
LF32_MOVEABLE = $00000004;
{$EXTERNALSYM Heap32First}
function Heap32First(var lphe: THeapEntry32; th32ProcessID, th32HeapID: DWORD): BOOL;
{$EXTERNALSYM Heap32Next}
function Heap32Next(var lphe: THeapEntry32): BOOL;
{$EXTERNALSYM Toolhelp32ReadProcessMemory}
function Toolhelp32ReadProcessMemory(th32ProcessID: DWORD; lpBaseAddress: Pointer;
var lpBuffer; cbRead: DWORD; var lpNumberOfBytesRead: DWORD): BOOL;
type
THeap32First = function (var lphe: THeapEntry32; th32ProcessID,
th32HeapID: DWORD): BOOL stdcall;
THeap32Next = function (var lphe: THeapEntry32): BOOL stdcall;
TToolhelp32ReadProcessMemory = function (th32ProcessID: DWORD;
lpBaseAddress: Pointer; var lpBuffer; cbRead: DWORD;
var lpNumberOfBytesRead: DWORD): BOOL stdcall;
(***** Process walking *************************************************)
type
{$EXTERNALSYM tagPROCESSENTRY32W}
tagPROCESSENTRY32W = packed record
dwSize: DWORD;
cntUsage: DWORD;
th32ProcessID: DWORD; // this process
th32DefaultHeapID: DWORD;
th32ModuleID: DWORD; // associated exe
cntThreads: DWORD;
th32ParentProcessID: DWORD; // this process's parent process
pcPriClassBase: Longint; // Base priority of process's threads
dwFlags: DWORD;
szExeFile: array[0..MAX_PATH - 1] of WChar;// Path
end;
{$EXTERNALSYM PROCESSENTRY32W}
PROCESSENTRY32W = tagPROCESSENTRY32W;
{$EXTERNALSYM PPROCESSENTRY32W}
PPROCESSENTRY32W = ^tagPROCESSENTRY32W;
{$EXTERNALSYM LPPROCESSENTRY32W}
LPPROCESSENTRY32W = ^tagPROCESSENTRY32W;
TProcessEntry32W = tagPROCESSENTRY32W;
{$EXTERNALSYM Process32FirstW}
function Process32FirstW(hSnapshot: THandle; var lppe: TProcessEntry32W): BOOL;
{$EXTERNALSYM Process32NextW}
function Process32NextW(hSnapshot: THandle; var lppe: TProcessEntry32W): BOOL;
type
TProcess32FirstW = function (hSnapshot: THandle; var lppe: TProcessEntry32W): BOOL stdcall;
TProcess32NextW = function (hSnapshot: THandle; var lppe: TProcessEntry32W): BOOL stdcall;
{$EXTERNALSYM tagPROCESSENTRY32}
tagPROCESSENTRY32 = packed record
dwSize: DWORD;
cntUsage: DWORD;
th32ProcessID: DWORD; // this process
th32DefaultHeapID: DWORD;
th32ModuleID: DWORD; // associated exe
cntThreads: DWORD;
th32ParentProcessID: DWORD; // this process's parent process
pcPriClassBase: Longint; // Base priority of process's threads
dwFlags: DWORD;
szExeFile: array[0..MAX_PATH - 1] of Char;// Path
end;
{$EXTERNALSYM PROCESSENTRY32}
PROCESSENTRY32 = tagPROCESSENTRY32;
{$EXTERNALSYM PPROCESSENTRY32}
PPROCESSENTRY32 = ^tagPROCESSENTRY32;
{$EXTERNALSYM LPPROCESSENTRY32}
LPPROCESSENTRY32 = ^tagPROCESSENTRY32;
TProcessEntry32 = tagPROCESSENTRY32;
{$EXTERNALSYM Process32First}
function Process32First(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL;
{$EXTERNALSYM Process32Next}
function Process32Next(hSnapshot: THandle; var lppe: TProcessEntry32): BOOL;
type
TProcess32First = function (hSnapshot: THandle; var lppe: TProcessEntry32): BOOL stdcall;
TProcess32Next = function (hSnapshot: THandle; var lppe: TProcessEntry32): BOOL stdcall;
(***** Thread walking **************************************************)
type
{$EXTERNALSYM tagTHREADENTRY32}
tagTHREADENTRY32 = record
dwSize: DWORD;
cntUsage: DWORD;
th32ThreadID: DWORD; // this thread
th32OwnerProcessID: DWORD; // Process this thread is associated with
tpBasePri: Longint;
tpDeltaPri: Longint;
dwFlags: DWORD;
end;
{$EXTERNALSYM THREADENTRY32}
THREADENTRY32 = tagTHREADENTRY32;
{$EXTERNALSYM PTHREADENTRY32}
PTHREADENTRY32 = ^tagTHREADENTRY32;
{$EXTERNALSYM LPTHREADENTRY32}
LPTHREADENTRY32 = ^tagTHREADENTRY32;
TThreadEntry32 = tagTHREADENTRY32;
{$EXTERNALSYM Thread32First}
function Thread32First(hSnapshot: THandle; var lpte: TThreadEntry32): BOOL; stdcall;
{$EXTERNALSYM Thread32Next}
function Thread32Next(hSnapshot: THandle; var lpte: TThreadENtry32): BOOL; stdcall;
type
TThread32First = function (hSnapshot: THandle; var lpte: TThreadEntry32): BOOL stdcall;
TThread32Next = function (hSnapshot: THandle; var lpte: TThreadENtry32): BOOL stdcall;
(***** Module walking *************************************************)
type
{$EXTERNALSYM tagMODULEENTRY32}
tagMODULEENTRY32 = record
dwSize: DWORD;
th32ModuleID: DWORD; // This module
th32ProcessID: DWORD; // owning process
GlblcntUsage: DWORD; // Global usage count on the module
ProccntUsage: DWORD; // Module usage count in th32ProcessID's context
modBaseAddr: PBYTE; // Base address of module in th32ProcessID's context
modBaseSize: DWORD; // Size in bytes of module starting at modBaseAddr
hModule: HMODULE; // The hModule of this module in th32ProcessID's context
szModule: array[0..MAX_MODULE_NAME32] of Char;
szExePath: array[0..MAX_PATH - 1] of Char;
end;
{$EXTERNALSYM MODULEENTRY32}
MODULEENTRY32 = tagMODULEENTRY32;
{$EXTERNALSYM PMODULEENTRY32}
PMODULEENTRY32 = ^tagMODULEENTRY32;
{$EXTERNALSYM LPMODULEENTRY32}
LPMODULEENTRY32 = ^tagMODULEENTRY32;
TModuleEntry32 = tagMODULEENTRY32;
//
// NOTE CAREFULLY that the modBaseAddr and hModule fields are valid ONLY
// in th32ProcessID's process context.
//
{$EXTERNALSYM Module32First}
function Module32First(hSnapshot: THandle; var lpme: TModuleEntry32): BOOL;
{$EXTERNALSYM Module32Next}
function Module32Next(hSnapshot: THandle; var lpme: TModuleEntry32): BOOL;
type
TModule32First = function (hSnapshot: THandle; var lpme: TModuleEntry32): BOOL stdcall;
TModule32Next = function (hSnapshot: THandle; var lpme: TModuleEntry32): BOOL stdcall;
{$EXTERNALSYM tagMODULEENTRY32W}
tagMODULEENTRY32W = record
dwSize: DWORD;
th32ModuleID: DWORD; // This module
th32ProcessID: DWORD; // owning process
GlblcntUsage: DWORD; // Global usage count on the module
ProccntUsage: DWORD; // Module usage count in th32ProcessID's context
modBaseAddr: PBYTE; // Base address of module in th32ProcessID's context
modBaseSize: DWORD; // Size in bytes of module starting at modBaseAddr
hModule: HMODULE; // The hModule of this module in th32ProcessID's context
szModule: array[0..MAX_MODULE_NAME32] of WChar;
szExePath: array[0..MAX_PATH - 1] of WChar;
end;
{$EXTERNALSYM MODULEENTRY32}
MODULEENTRY32W = tagMODULEENTRY32W;
{$EXTERNALSYM PMODULEENTRY32}
PMODULEENTRY32W = ^tagMODULEENTRY32W;
{$EXTERNALSYM LPMODULEENTRY32}
LPMODULEENTRY32W = ^tagMODULEENTRY32W;
TModuleEntry32W = tagMODULEENTRY32W;
//
// NOTE CAREFULLY that the modBaseAddr and hModule fields are valid ONLY
// in th32ProcessID's process context.
//
{$EXTERNALSYM Module32FirstW}
function Module32FirstW(hSnapshot: THandle; var lpme: TModuleEntry32W): BOOL;
{$EXTERNALSYM Module32NextW}
function Module32NextW(hSnapshot: THandle; var lpme: TModuleEntry32W): BOOL;
type
TModule32FirstW = function (hSnapshot: THandle; var lpme: TModuleEntry32W): BOOL stdcall;
TModule32NextW = function (hSnapshot: THandle; var lpme: TModuleEntry32W): BOOL stdcall;
implementation
const
kernel32 = 'kernel32.dll';
var
KernelHandle: THandle;
_CreateToolhelp32Snapshot: TCreateToolhelp32Snapshot;
_Heap32ListFirst: THeap32ListFirst;
_Heap32ListNext: THeap32ListNext;
_Heap32First: THeap32First;
_Heap32Next: THeap32Next;
_Toolhelp32ReadProcessMemory: TToolhelp32ReadProcessMemory;
_Process32First: TProcess32First;
_Process32Next: TProcess32Next;
_Process32FirstW: TProcess32FirstW;
_Process32NextW: TProcess32NextW;
_Thread32First: TThread32First;
_Thread32Next: TThread32Next;
_Module32First: TModule32First;
_Module32Next: TModule32Next;
_Module32FirstW: TModule32FirstW;
_Module32NextW: TModule32NextW;
function InitToolHelp: Boolean;
begin
if KernelHandle = 0 then
begin
KernelHandle := GetModuleHandle(kernel32);
if KernelHandle <> 0 then
begin
@_CreateToolhelp32Snapshot := GetProcAddress(KernelHandle, 'CreateToolhelp32Snapshot');
@_Heap32ListFirst := GetProcAddress(KernelHandle, 'Heap32ListFirst');
@_Heap32ListNext := GetProcAddress(KernelHandle, 'Heap32ListNext');
@_Heap32First := GetProcAddress(KernelHandle, 'Heap32First');
@_Heap32Next := GetProcAddress(KernelHandle, 'Heap32Next');
@_Toolhelp32ReadProcessMemory := GetProcAddress(KernelHandle, 'Toolhelp32ReadProcessMemory');
@_Process32First := GetProcAddress(KernelHandle, 'Process32First');
@_Process32Next := GetProcAddress(KernelHandle, 'Process32Next');
@_Process32FirstW := GetProcAddress(KernelHandle, 'Process32FirstW');
@_Process32NextW := GetProcAddress(KernelHandle, 'Process32NextW');
@_Thread32First := GetProcAddress(KernelHandle, 'Thread32First');
@_Thread32Next := GetProcAddress(KernelHandle, 'Thread32Next');
@_Module32First := GetProcAddress(KernelHandle, 'Module32First');
@_Module32Next := GetProcAddress(KernelHandle, 'Module32Next');
@_Module32FirstW := GetProcAddress(KernelHandle, 'Module32FirstW');
@_Module32NextW := GetProcAddress(KernelHandle, 'Module32NextW');
end;
end;
Result := (KernelHandle <> 0) and Assigned(_CreateToolhelp32Snapshot);
end;
function CreateToolhelp32Snapshot;
begin
if InitToolHelp then
Result := _CreateToolhelp32Snapshot(dwFlags, th32ProcessID)
else Result := 0;
end;
function Heap32ListFirst;
begin
if InitToolHelp then
Result := _Heap32ListFirst(hSnapshot, lphl)
else Result := False;
end;
function Heap32ListNext;
begin
if InitToolHelp then
Result := _Heap32ListNext(hSnapshot, lphl)
else Result := False;
end;
function Heap32First;
begin
if InitToolHelp then
Result := _Heap32First(lphe, th32ProcessID, th32HeapID)
else Result := False;
end;
function Heap32Next;
begin
if InitToolHelp then
Result := _Heap32Next(lphe)
else Result := False;
end;
function Toolhelp32ReadProcessMemory;
begin
if InitToolHelp then
Result := _Toolhelp32ReadProcessMemory(th32ProcessID, lpBaseAddress,
lpBuffer, cbRead, lpNumberOfBytesRead)
else Result := False;
end;
function Process32First;
begin
if InitToolHelp then
Result := _Process32First(hSnapshot, lppe)
else Result := False;
end;
function Process32Next;
begin
if InitToolHelp then
Result := _Process32Next(hSnapshot, lppe)
else Result := False;
end;
function Process32FirstW;
begin
if InitToolHelp then
Result := _Process32FirstW(hSnapshot, lppe)
else Result := False;
end;
function Process32NextW;
begin
if InitToolHelp then
Result := _Process32NextW(hSnapshot, lppe)
else Result := False;
end;
function Thread32First;
begin
if InitToolHelp then
Result := _Thread32First(hSnapshot, lpte)
else Result := False;
end;
function Thread32Next;
begin
if InitToolHelp then
Result := _Thread32Next(hSnapshot, lpte)
else Result := False;
end;
function Module32First;
begin
if InitToolHelp then
Result := _Module32First(hSnapshot, lpme)
else Result := False;
end;
function Module32Next;
begin
if InitToolHelp then
Result := _Module32Next(hSnapshot, lpme)
else Result := False;
end;
function Module32FirstW;
begin
if InitToolHelp then
Result := _Module32FirstW(hSnapshot, lpme)
else Result := False;
end;
function Module32NextW;
begin
if InitToolHelp then
Result := _Module32NextW(hSnapshot, lpme)
else Result := False;
end;
end.