| |
| |
|
| - Page 1 - |
|
 | hello everyone together...
within windows are some bewitchments possible, The usually none functions should. an of it is the DLL Einschleusung in stranger processes. i think, that I a further Possibility the DLL-Injektion too with Profan hinbekomme. ought to to the here post??? |
|
| |
| |
| |
|
| |
| |
| - Page 3 - |
|
|
Frank
Abbing | The uses too only GDI...  |
|
| |
| |
| |
|
|
| over again to that Subclassing => already GetWindowLong for Fensterprozedur running then by me in that vain. having for following Statement:
would be it possible, Window stranger Applications without further To subclassen, could one by Message directly a arbitrary API-function or address start and, like with the Shatter Attacke, the Sicherheitssystem switch off circa erweiterte Privilegien to obtain. alone from this reason might one Subclassing stranger Window really not functions... |
|
| |
| |
| |
|
|
Frank
Abbing | | sound utterly logical. and becomes well so his. |
|
| |
| |
| |
|
|
Sebastian
König | [quote:4e9eea8f3c]over again to that Subclassing => already GetWindowLong for Fensterprozedur running then by me in that vain. having for following Statement:[/quote:4e9eea8f3c]
Hello Andreas,
what very had Thou attempts? simply with SetWindowLong() The Window-procedure one strangers Fensters on a XProfan-CallBack-function [via ProcAddr()] To settle? or had You already a Function-address inside the strangers Prozesses through DLL-Injection available?
MfG
Sebastian |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...]  Alte Profan²-Seite: [...] | 09/02/06 ▲ |
|
| |
|
|
| Hello Sebastian...
Vorneweg => It's all right here circa NT-based systems, means circa 2000 and XP particularly, tested have I with windows2000 Servicepack 2:
CompileMarkSeparationDef @GetWindowLong(2) !"USER32","GetWindowLongA"
Def @GetWindowThreadProcessId(2) !"USER32","GetWindowThreadProcessId"
DEF @GetDlgCtrlID(1) !"USER32","GetDlgCtrlID"
DEF @ButtonClicked(1) @GetDlgCtrlID(@&(1))=-%MENUITEM
DEF @AHFormatMessage(7) !"KERNEL32","FormatMessageA"
Def @GetCurrentProcessID(0) !"KERNEL32","GetCurrentProcessId"
Def @GetCurrentThreadId(0) !"KERNEL32","GetCurrentThreadId"
Def @GetLastError(0) !"KERNEL32","GetLastError"
Def @SetLastError(1) !"KERNEL32","SetLastError"
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare Button&,Fenstertitel$,Fensterhandle&,Prozess_ID&,Thread_ID&,Prozeduradresse&
Windowstyle 31
Window 0,0-640,440
Windowtitle "Fensterprozedur ermitteln"
Let Button&=@Create("Button",%HWND,"Fenster auslesen",100,10,300,30)
While 0=0
Waitinput
IF @ButtonClicked(Button&)
Clearlist
ADDWINDOWS ""
LET Fenstertitel$=@LIstBox$("Fenstertitel (biite ein Fenster auswählen):",3)
IF Fenstertitel$<>""
LET Fensterhandle&=@FindWindow(Fenstertitel$)
LET Thread_ID&=@GetWindowThreadProcessId(Fensterhandle&,@ADDR(Prozess_ID&))
@SetLastError(0)
LET Prozeduradresse&=@GetWindowLong(Fensterhandle&,$FFFFFFFC)
Let AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
CLS
Locate 5,0
Print "Name des Fensters: "+Fenstertitel$
Print "Handle des Fensters: "+@STR$(Fensterhandle&)
Print "Ausgelesene Adresse der Fensterprozedur: "+@STR$(Prozeduradresse&)
Print "Letzter API Fehler: "+@STR$(AHRückgabe&)
Print "API Meldung: "+AHGETERROR_Buffer$
Print "ID des erzeugenden Prozesses: "+@STR$(Prozess_ID&)
Print "ID meines Prozesses: "+@STR$(@int(@GetCurrentProcessID()))
Print "ID des erzeugenden Threads: "+@STR$(Thread_ID&)
Print "ID meines Threads: "+@STR$(@int(@GetCurrentThreadID()))
endif
endif
Wend
Proc Fehlercode_bestimmen
DIM AHGETERROR_Buffer#,32000
@AHFormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode in Landesspezifische Message um.
Let AHGETERROR_Buffer$=@STRING$(AHGETERROR_Buffer#,0)
Dispose AHGETERROR_Buffer#
/../function-references/XProfan/endproc/'>Endproc
As I said, if Subclassing of Windows stranger processes without DLL Injektion on neueren NT-based Systemen really functions would, would me the very frighten, because it would for me with safety no trouble within less minutes one Program To write, what any actually Windowsversionen sicherheitstechnisch aushebelt (How with Shatter). |
|
| |
| |
| |
|
|
Sebastian
König | Hello Andreas,
[quote:e603eb83d3]As I said, if Subclassing of Windows stranger processes without DLL Injektion on neueren NT-based Systemen really functions would, would me the very frighten, because it would for me with safety no trouble within less minutes one Program To write, what any actually Windowsversionen sicherheitstechnisch aushebelt (How with Shatter).[/quote:e603eb83d3]
foreseen of it, that the GetWindowLong()-appeal [and so sure too SetWindowLong()] for the stranger Window erfreulicherweise fails, there Yes to that Happiness too yet the prinzipielle obstacle the separated Adressräume for different processes (not only under WinNT/2000/XP separate fundamentally since Win95).
but because You so betonst, that it you circa NT-based systems goes: functions the Reading with GetWindowLong() under Win9x/ME objectively?
MfG
Sebastian |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...] Alte Profan²-Seite: [...] | 09/02/06 ▲ |
|
| |
|
|
| [quote:8a5d6faacd=Sebastian king]Hello Andreas,
foreseen of it, that the GetWindowLong()-appeal [and so sure too SetWindowLong()] for the stranger Window erfreulicherweise fails,
[/quote:8a5d6faacd]
Yes, this is really gratifying. SetWindowLong proposes naturally (to that Happiness) too fehl.
[quote:8a5d6faacd=Sebastian king]
there Yes to that Happiness too yet the prinzipielle obstacle the separated Adressräume for different processes (not only under WinNT/2000/XP separate fundamentally since Win95).
[/quote:8a5d6faacd]
If it therefore goes, windows To creak, can itself the without Problems bypass - accurate said, one can the disregard. the having the author the Shatter Attacke then neither seen - MS shining the but to that Happiness yet recognized to have. 
[quote:8a5d6faacd=Sebastian king]
but because You so betonst, that it you circa NT-based systems goes: functions the Reading with GetWindowLong() under Win9x/ME objectively?
MfG
Sebastian[/quote:8a5d6faacd]
Definitiv Yes! there here anyhow no unterschiedlichen rights present are, watts the well except eight let. |
|
| |
| |
| |
|
|
| alas Yes - apopo disregard:
as my great brother his ABI nachgemacht has, has it itself virtual, it can german disregard - and is then partly none to the tests showed up  . today has it a Doktortitel in a Informatikbereich.
Fazit: If one with everything, what does consider, what quiet under whom table sweep can, comes one in the life integral moreover  ...
best Gruße
Andreas (the now its Katzen feed goes) |
|
| |
| |
| |
|
|
| is now still in [...] drin => Exportfunktionen in can now in strangers Prozessen addressed go, d.h. I can quasi from the outside to determine, what in a Process happens.
some Einschränkung:
The function must only a Parameter having.
enough rights must on the jeweiligen Process present his.
How are the?
we started first Wordpad and thereafter [...] . as nächstes look becomes us in the first Thread of Wordpad The Window on, un remember us the Hauptfensterhandle.
thereafter clicking we again aud whom Wordpad Process and clicking with the rechten Mouse button in that Treeview.
[...]
After the Click aud DLL einschleusen see we that here...
[...]
...and dial time again Franks ProSpeed.DLL from , The thereafter under the Process of Wordpad wiederzufinden is.
[...]
now dial we in the list view the Registrierkarte Objekt-Info The function Version from and clicking thereafter with the rechten Mouse button in that List view.
[...]
now function in fremdem Process perform You can.
in the then erscheinenden dialog in that Edit the lever the Wordpad Fensters prompt.
[...]
thereafter function perform You can. the Gibts as Result:
[...] |
 |
| |
| |
| |
|
|
 | | not uninteressant about: [...] |
|
| |
| |
| |
|
|
| Hello IF...
well found, still It's all right plainer and safer (in the function) - one operates Yes not any more with windows98 ...
to Speicheraufteilung corresponds to the the, what with [...] understand can. Insgesammt The best Statement to the Topic, The I bislang seen have. |
|
| |
| |
| |
|
|
| I habs in the moment only quick überflogen, but with IFs Link is me one distribution still something mad aufgestoßen:
[quote:196bfa3cd0]
the same thing take action, means code in several virtual Adressräume at the same time einzublenden, contact windows with DLLs on, The Yes on several processes at the same time tied his can.
because this is Yes straight of/ one the amenities of/ one DLL: one can whom of several Applications required code in DLLs truss and then even this code only once into physischen Memory Load, though it of several independent Prozessen is used. therefore can immens memory gespart go. these well of/ one the Reasons Why one Großteil the Windowsbetriebssystems on the DLL-engineering basiert.
[/quote:196bfa3cd0]
 the means for me: windows loading z.B. The NTDLL.DLL, and if another Process these ditto loading,, shows the virtual Prozessspeicher on The same reale RAM-address. but is the wirlich so? too the can with TNT very simply to check on:
1.) WORDPAD started.
2.) with TNT one byte in the virtual Prozessspeicher of WORDPAD Change, the inside the loaded Moduls NTDLL.DLL lying. is these Änderung too in andern Prozessen To see? If the so would, would the The catastrophe NT - and the becomes well (hopefully) not so his. |
|
| |
| |
| |
|
(1.116)
Deutsch
English
Français
Español
Italia
