NT 下如何枚举进程？(200分)

在NT下如何得到在任务栏里能看见的那些进程？（任务栏里看不见的不要）

用PSAPI，给你源码，有点乱，慢慢看吧。
//---------------------------------------------
unit Unit1;

interface

uses
Windows, Messages, SysUtils, Classes, Graphics, Controls, Forms, Dialogs,
StdCtrls, ComCtrls;
const
KILL_NOERR = 0;
KILL_NOTSUPPORTED = -1;
KILL_ERR_OPENPROCESS = -2;
KILL_ERR_TERMINATEPROCESS = -3;

ENUM_NOERR = 0;
ENUM_NOTSUPPORTED = -1;
ENUM_ERR_OPENPROCESSTOKEN = -2;
ENUM_ERR_LookupPrivilegeValue = -3;
ENUM_ERR_AdjustTokenPrivileges = -4;

SE_DEBUG_NAME = 'SeDebugPrivilege';
type
TForm1 = class(TForm)
Button1: TButton;
TreeView1: TTreeView;
Memo1: TMemo;
Button2: TButton;
procedure Button1Click(Sender: TObject);
procedure FormClose(Sender: TObject; var Action: TCloseAction);
procedure TreeView1MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
procedure TreeView1DblClick(Sender: TObject);
procedure FormCreate(Sender: TObject);
procedure Button2Click(Sender: TObject);
private
{ Private declarations }

public
{ Public declarations }
end;

var
Form1: TForm1;
ProcessNameList,ProcessIDList,FullNameList:TStrings;
implementation

{$R *.DFM}
function EnumProcesses(lpidProcess,cb,cbNeeded:dword):
integer;stdcall;external 'PSAPI.DLL';
function EnumProcessModules(hProcess:THandle;lphModule:HMODULE;cb,lpcbNeededword):
integer;stdcall;external 'PSAPI.DLL';
function GetModuleBaseNameA(hProcess:THandle;hModule:HMODULE;lpBaseNamechar;nSizeWord):
integer;stdcall;external 'PSAPI.DLL';
function GetModuleFileNameExA(hProcess:THandle;hModule:HMODULE;lpFilenamechar;nSizeWord):
integer;stdcall;external 'PSAPI.DLL';

procedure ErrorMessage;
var
MsgBuf:string;
begin
FormatMessage(
FORMAT_MESSAGE_ALLOCATE_BUFFER or
FORMAT_MESSAGE_FROM_SYSTEM or
FORMAT_MESSAGE_IGNORE_INSERTS,
nil,
GetLastError(),
LANG_NEUTRAL,//MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
@MsgBuf,
sizeof(MsgBuf),
nil
);
MessageBox(0,pchar(MsgBuf),'错误',MB_OK);
raise EAbort.Create ('')
end;

procedure GetTokenInfo(ProcessID:THandle);
var
InfoBuffer:TTokenPrivileges;
i:Integer;
ucPrivilegeNamechar;
dwPrivilegeNameSize,dwInfoBufferSizeWord;
PrivilegesList:TStrings;
hToken,hProcess : THANDLE;
s:string;
pchar;
begin
//get process handle from process id
hProcess := OpenProcess( PROCESS_ALL_ACCESS,
true, processID );
if hProcess=0 then
ErrorMessage;
//get token handle from process handle
if (OpenProcessToken(hProcess,
TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY or TOKEN_READ, hToken) = false) then
begin
ErrorMessage;
end;

dwInfoBufferSize:=0;
if GetTokenInformation(hToken,TokenPrivileges,@InfoBuffer,
sizeof(TTokenPrivileges),dwInfoBufferSize)=false then
begin
ErrorMessage;
end;
{
if PrivilegesList=nil then
PrivilegesList:=TStringList.Create
else
PrivilegesList.Clear;
}


ucPrivilegeName:=strAlloc(128);

exit;
s:='bbbb';
strPcopy(ucPrivilegeName,s);
//ucPrivilegeName:='aaa';
s:=strpas(ucPrivilegeName);
showmessage(s);

dwPrivilegeNameSize:=1000;
for i:=0 to InfoBuffer.PrivilegeCount-1 do
begin
if LookupPrivilegeName(nil,InfoBuffer.Privileges.Luid,
ucPrivilegeName,dwPrivilegeNameSize)=false then
begin
ErrorMessage;
end;
//PrivilegesList.Add (strpas(ucPrivilegeName));
//Form1.Memo1.Lines.Add(strpas(ucPrivilegeName));
//s:=strpas(ucPrivilegeName);
showmessage(s);
end;
strDispose(ucPrivilegeName);
//Form1.Memo1.Lines:=PrivilegesList;

CloseHandle( hProcess );
{
if PrivilegesList<>nil then
PrivilegesList.Free
}
end;

function EnableDebugPrivilegeNT : integer;
var
hToken : THANDLE;
DebugValue : TLargeInteger;
tkp : TTokenPrivileges
ReturnLength : DWORD;
PreviousState: TTokenPrivileges;
begin
if (OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY or TOKEN_READ, hToken) = false) then
result := ENUM_ERR_OPENPROCESSTOKEN
else
begin
if (LookupPrivilegeValue(nil, SE_DEBUG_NAME, DebugValue) = false) then
result := ENUM_ERR_LookupPrivilegeValue
else
begin
ReturnLength := 0;
tkp.PrivilegeCount := 1;
tkp.Privileges[0].Luid := DebugValue;
tkp.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, false, tkp, SizeOf(TTokenPrivileges),PreviousState , ReturnLength);
if (GetLastError <> ERROR_SUCCESS) then
result := ENUM_ERR_AdjustTokenPrivileges
else
result := ENUM_NOERR;
end;
end;
end;

function Kill_By_Pid(pid : longint) : integer;
var
hProcess : THANDLE;
TermSucc : BOOL;
begin
hProcess := OpenProcess(PROCESS_ALL_ACCESS, true, pid);
if (hProcess = 0) then // v 1.2 : was =-1
begin
result := KILL_ERR_OPENPROCESS;
end
else
begin
TermSucc := TerminateProcess(hProcess, 0);
if (TermSucc = false) then
result := KILL_ERR_TERMINATEPROCESS
else
result := KILL_NOERR;
end;
end;


procedure UpdateTreeView(Tree:TTreeView);
var
i:integer;
MyNode:TTreeNode;
begin
with Tree.Items do
begin
Clear;
if MyNode<>nil then
MyNode:=nil

for i:=0 to ProcessNameList.Count-1 do
begin
if (MyNode=nil)or(UpperCase(copy(processNameList,length(processNameList)-2,3))='EXE') then
MyNode:=add(nil,processNameList)
else
AddChild(MyNode,processNameList);
end;
end;
end;

procedure PrintProcessNameAndID(processID: DWORD);
var
// szProcessName:ARRAY[0..1024] OF CHAR;
szFullName:ARRAY[0..1024] OF CHAR;
szModName :ARRAY[0..1024] OF CHAR;
hProcess : THandle;
hMods :array [0..1024] of dword;
cbNeeded,cMod : DWORD
i : Integer;
begin
// Get a handle to the process.
hProcess := OpenProcess( PROCESS_QUERY_INFORMATION or
PROCESS_VM_READ,
FALSE, processID );
// Get the process name.
szModName := 'unknown';
szFullName := 'unknown';
if ( hProcess<>0 ) then
begin
if EnumProcessModules( hProcess, dword(@hMods), sizeof(hMods),dword(@cbNeeded))<>0 then
begin
// GetModuleBaseNameA( hProcess, hMod, szProcessName,sizeof(szProcessName) );
// GetModuleFileNameExA(hProcess, hMod, szFullName,sizeof(szFullName));
cMod:=cbNeeded div sizeof(HMODULE);
for i := 0 to (cMod-1) do
begin
// Get the full path to the module's file.
GetModuleBaseNameA( hProcess, hMods, szModName,sizeof(szModName));
GetModuleFileNameExA( hProcess, hMods, szFullName,sizeof(szModName));
ProcessNameList.Add (StrPas(szModName));
FullNameList.Add (StrPas(szFullName));
end;
end;
end;

// Print the process name and identifier.

//Form1.Memo1.Lines.Add (StrPas(szProcessName));
// ProcessNameList.Add (StrPas(szProcessName));
// FullNameList.Add (StrPas(szFullName));

CloseHandle( hProcess );

end;

procedure TForm1.Button1Click(Sender: TObject);
var
cbNeeded, cProcesses:dword;
aProcesses: array [0..1024] of dword;
i:Cardinal;
begin
if EnumProcesses( Dword(@aProcesses), sizeof(aProcesses), Dword(@cbNeeded))<>0 then
begin
cProcesses := cbNeeded div sizeof(DWORD);
end
else
showmessage(inttostr(GetLastError));

if ProcessIDList<>nil then
processidlist.Clear
else
ProcessIDList:=TStringList.Create;

if ProcessNameList<>Nil then
ProcessNameList.Clear
else
ProcessNameList:=Tstringlist.Create;

if FullNameList<>Nil then
FullNameList.Clear
else
FullNameList:=TStringList.Create


for i:=0 to cprocesses-1 do
processidlist.Add(intToStr(aProcesses));

for i:=0 to cProcesses-1 do
begin
PrintProcessNameAndID( strtoint(ProcessIDList));
end;
// Memo1.lines:=ProcessNameList;
UpdateTreeView(Form1.TreeView1);
end;

procedure TForm1.FormClose(Sender: TObject; var Action: TCloseAction);
begin
if ProcessIDList<>Nil then
ProcessIDList.Free;
if ProcessNameList<>nil then
ProcessNameList.Free
if FullNameList<>Nil then
FullNameList.Free
end;

procedure TForm1.TreeView1MouseDown(Sender: TObject; Button: TMouseButton;
Shift: TShiftState; X, Y: Integer);
var
MyNode:TTreeNode;
begin

MyNode:=TreeView1.GetNodeAt(x,y);
if MyNode<>nil then
begin
MyNode.Selected :=true;
if MyNode.HasChildren then
begin
Caption:='['+ ProcessIDList[MyNode.index]+ ']'+FullNameList[MyNode.AbsoluteIndex];
GetTokenInfo(strToint(ProcessIDList[MyNode.Index]));
end
else
Caption:=FullNameList[MyNode.AbsoluteIndex];
end;

end;

procedure TForm1.TreeView1DblClick(Sender: TObject);
var
MyNode:TTreeNode;
begin
MyNode:= TreeView1.Selected;
if (MyNode<>Nil)and(MyNode.HasChildren) then
begin
showmessage(intTostr(Kill_By_Pid(strToInt(ProcessIDList[MyNode.Index]))));
end;

end;

procedure TForm1.FormCreate(Sender: TObject);
begin
EnableDebugPrivilegeNT;
end;

procedure TForm1.Button2Click(Sender: TObject);
var
s:string
pchar;
begin
p:=strAlloc(128);
strcopy(p,'aa');
//p:='aaa';
s:=strpas(p);
showmessage(s);

strDispose(p);
end;

end.

所有进程全出来了

我的网站也有更详细的代码包括线程等级等等
lovejingtao.126.com

上面的代码我都看了，可是怎么能只列出任务栏看得见的那些进程呢？我还不知道怎么改，
哪位大哥能帮帮我吗？

接受答案了.

<form method="POST" action="PostReply.asp?LID=508932">
<input type=hidden name=FID value="14">

<p class="text"><strong>sys,
对此问题，您可以：</strong></p>

<p class="text"><input type="radio" value="V1" name="R1">删除这个问题<br>

<p class="text"><input type="radio" value="V9" checked name="R1">仅仅添加注释，注释内容：<Font Color=#FF0000>(请您注意换行，
如果只想获得email通知，注释可以不填。

)</font><br> <textarea rows="16" name="S1" cols="80" style="font-size:14px;font-family:宋体" wrap="off"
style="line-height:22px" ></textarea></p>
<p class="text"><input type="checkbox" name="C1" value="1" checked>如果有人参与讨论这个问题，请用EMail通知我。<br>
</p>
<table border="0" width="100%" align="center" cellspacing="2" cellpadding="1">
<tr>
<td class="text" width="140px">
<input type="submit" value=" 发出 " name="B1" style:="font-size:14px">
<input type="reset" value=" 重写 " name="B2" style:="font-size:14px">
</td>
<td class="text" width="80px" bgcolor="#CCE6FF"> 
附加功能
</td>
<td class="text" bgcolor="#DFDFFF">

 <a class="text" href="DispQ.asp?lid=508932&act=topletter">将问题提前</a>

  <a class="text" href="DispQ.asp?lid=508932&act=collect">添加到收藏夹</a>

</td>
</tr>
</table>

<input type="hidden" name="atten" value="假">
</form>


<p class="text" onClick="JavaScript:history.back();"><a href="NewQ.asp">返回</a></p>

<script>
window.onload=null;
</script>

<form method="POST" action="PostReply.asp?LID=446414">
<input type=hidden name=FID value="14">

<p class="text"><strong>sys,
对此问题，您可以：</strong></p>

<p class="text"><input type="radio" value="V1" name="R1">删除这个问题<br>
<table border="0" width="100%" align="center" cellspacing="2" cellpadding="1">
<tr>
<td class="text" width="140px">
<input type="submit" value=" 发出 " name="B1" style:="font-size:14px">
</td>
</tr>
</table>

<input type="hidden" name="atten" value="假">
</form>