XProfan

- Page 4 -

Sebastian
König

Next attempt

: with of/ one Size of 24 byte (= sizeof(PROCESS_BASIC_INFORMATION)) works it with ProcessBasicInformation - is the rather?

Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage: [...]

Alte Profan²-Seite: [...]

100 spots!

Sebastian
König

OK - I had almost befürchtet... so How I the see remaining there to further Search only PebBaseAddress spare. In Reserved1 and Reserved2 stand apparently for all processes The equal values and the ID knows one Yes anyhow

. Reserved3 is apparently The ID the parents-Prozesses, too integrally nice... (The Description the structure have I glücklicherweise in the Platform SDK found.)

PebBaseAddress shows on a PEB-structure. an Description for have I in winternl.h found - integrally beautiful many items and so well How any as Reserved marked :--/

Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage: [...]

Alte Profan²-Seite: [...]

over again 100 spots for PEB!

Sebastian
König

I write simply again whom actually stood of my endeavours: I Search in the momentum in the aray Reserved3[59] to Values, The me moreover bring.

almost any Entries are 0, solely Reserved3[14] and Reserved3[26] see interestingly from. From Reserved3[14] can I not reading - evident is the one direct worth, Perhaps a handle. (the Open with ZwQueryDirectoryObject() works though not, have I first thing attempts.)

what under Reserved3[26] standing, sees against it already interessanter from - to that example (the first 5 LongInts):

1024 | 2147348820 | 64 | 2147248548 | 0 | ...

whom first and third stops I on reason the special values for any ? Happen?, the second and fourth are probably Zeiger on further data.

One little is the whole already like a Herumtasten into darkness without very to know, what seek...

Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage: [...]

Alte Profan²-Seite: [...]

Frank
Abbing

The stood of my work of today tommorrow. to display becomes The List view.dll needed.
The code is Enh-code the XPIA, so it any testing can.

I knows, the wasn't The Task. but for Try&Error on fremdem Terrain missing me Real The pleasure...

Compile Mark Separation

DECLARE XPIA_#,XPIA$,EXPIA&,TEXT$,NUMBER&,SNAPSHOT&,LVDLL&,LISTVIEW&,X&,Y&,CLV1#,CLV2#,CLVALL#,LVITEM#
DIM XPIA_#,6656
CLEAR XPIA_#
LONG XPIA_#,0=9460301,3,4,65535,184,0,64,0,0,0,0,0,0,0,0,184,247078670,-855002112,1275181089,1750344141,1881174889,1919381362,1663069537,1869508193,1700929652,1853190688,544106784,542330692,1701080941,168627502,36,0,1542594224
LONG XPIA_#,132=144474100,144474100,144474100,143548168,144474102,143614074,144474090,1751345490,144474100,0,0,0,0,17744,131404,1160510844,0,0,554565856,201654539,5632,512,0,4236,4096,12288,268435456,4096,512,4,0,4,0,16384,512
LONG XPIA_#,272=0,2,1048576,4096,1048576,4096,0,16,9568,105,9172,100,0,0,0,0,0,0,12288,140,0,0,0,0,0,0,0,0,0,0,0,0,4096,60,0,0,0,0,0,0,1297301837,12851,5577,4096,5632,512,0,0,0,-536870880,1818587694,25455,166,12288,512,6144,0
LONG XPIA_#,500=0,0,1107296320,9510,9496,9484,0,9332,9374,9422,9406,9346,9388,0,9532,0,9448,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1192457387,1,836297,1407717226,-16777214,93259893,268439612,-1895008769,1064965,276168464
LONG XPIA_#,692=272893327,1979650048,1208323860,-15728624,93263989,268439628,-1893960193,1069061,544603920,273941903,1979650048,1476759332,-15728624,93268085,268439644,-1892911617,1073157,813039376,274990479,1979650048,1745194804
LONG XPIA_#,776=-15728624,93272181,268439660,-1891863041,1077253,1081474832,276039055,1438846976,-997987189,-62535684,0,-40984,-1010200321,-2081649835,1170734276,508,-11868160,7012351,2112360298,-1560281087,268439676,325846471
LONG XPIA_#,864=19402752,1818755072,1343225875,94184,20965632,905904128,268440436,275251306,-402653180,338,1083555,67135504,-731381760,1779433495,-974630912,184549377,-972458560,1561605,904593424,1561704,20375568,2023948288,1745879056
LONG XPIA_#,956=268440464,75752,2013604096,-15728624,1079309,-736785136,51380247,1079317,-2000670192,-2009727230,-401604592,226,-2140667798,-15728624,1063989,23128080,-731381760,-15728613,1274933,15394832,905904128,268439612
LONG XPIA_#,1044=80360,-2069673984,-1928331248,1823765,-2076836080,1779433488,905925120,268439612,73704,466905088,905908224,268440448,45032,-736785152,-15728613,1082421,1375824400,272381439,-169340928,1744830464,268442580,327169535
LONG XPIA_#,1132=-2048389120,-16777216,1082421,1744988688,268440464,272381439,-840429568,-1929379840,1561621,-2076836080,1779433488,905925123,268439612,46056,325871616,905908224,268439676,12776,264275200,-83579,2083913727,-401604592
LONG XPIA_#,1220=6,-1026965453,637468676,268439568,270542335,637472768,268439572,270804479,637472768,268439580,270018047,637472768,268439604,1408011093,1166759766,209554184,125157387,805816166,2034035456,755484166,-1186473737
LONG XPIA_#,1304=429496730,334231435,-503850869,344834699,735183762,818118874,-2092490872,-394854152,-352319546,109727498,126363530,994453128,1609724663,-1026991266,637468680,268439560,268707327,637472768,268439552,271328767
LONG XPIA_#,1384=-859041792,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,1784=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,2200=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,2616=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,3032=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,3448=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,3864=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,4280=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,4696=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,5112=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,5528=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9288,0,0,9434,4112,9324,0,0,9462,4148,9272,0,0,9518,4096,9316,0,0,9556,4140,0,0,0,0,0,9510,9496,9484,0,9332,9374,9422,9406,9346,9388,0,9532,0,9448,0,1816330266,1214608239,1818521185
LONG XPIA_#,5760=4784229,1634038339,1867801972,1701342319,842231916,1885433427,1953458291,30474240,1852141647,1668248144,7566181,1917845982,1936024431,1177695091,1953722985,31457280,1668248144,863204197,2019905074,46071924,1920234348
LONG XPIA_#,5844=1097753964,1701511168,1818586738,1680749107,27756,1699152177,1937331060,1869377347,1937047666,842232421,1819042862,1684471808,775041897,7105636,1699151918,1852394612,29541,1699938394,1702119796,2019906669,4522100
LONG XPIA_#,5928=1702119763,1766588525,1769370739,1680766821,27756,1699151884,1685015924,1181052021,1315269737,1164275041,16760,1885434736,1818504809,108,0,1160510844,0,9628,1,2,2,9608,9616,9624,4412,4391,9653,9664,65536,1952794463
LONG XPIA_#,6048=1668248144,1232302949,1936680558,1752065375,1819042862,1952794368,1668248144,7566181,1147496532,1935766625,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4096,140,816656548,817836214,819015880,820195546,821375212,822554878,823734544
LONG XPIA_#,6180=827863330,828846430,831074680,832909715,834089389,835137980,835924429,836973017,838152687,839201279,840643088,841429537,842674736,843788864,844771921,845820516,847000181,848114306,849097363,850145958,852505279
LONG XPIA_#,6264=853291734,854078178,854864622,861549396,862335840,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,6600=0,0,0,0,0,0,0,0,0,0,0,0,0,0
XPIA$=$TEMPDIR+"/_GetProcessInfos_enh.dll"
FILEMODE 1
ASSIGN #1,XPIA$
OPENRW #1
BLOCKWRITE #1,XPIA_#,0,6656
CLOSERW #1
DISPOSE XPIA_#
DIM CLV1#,256
DIM CLV2#,64
DIM CLVALL#,1400
DIM LVITEM#,292
DEF CREATELISTVIEW(6) !"LISTVIEW","CreateListview"
DEF SHOWLISTVIEW(5) !"LISTVIEW","ShowListview"
DEF ICOLUMN(4) !"LISTVIEW","IColumn"
DEF SITEM(3) !"LISTVIEW","SItem"
DEF INITMESSAGES(1) !"LISTVIEW","InitMessages"
DEF ASORTLISTVIEW(3) !"LISTVIEW","ASortListview"
DEF READFILEQUICK(4) !"LISTVIEW","ReadFileQuick"
DEF CSVTOLISTVIEW(4) !"LISTVIEW","CsvToListview"
DEF SWAPLINES(3) !"LISTVIEW","SwapLines"
DEF GETSELECTED(2) !"LISTVIEW","GetSelected"
DEF GETSELECTEDDBCLK(2) !"LISTVIEW","GetSelectedDbClk"
DEF GETTABOFFSETS(2) !"LISTVIEW","GetTabOffsets"
DEF GETLINES(1) !"LISTVIEW","GetLines"
DEF GETCOLUMNS(1) !"LISTVIEW","GetColumns"
DEF GETNEEDEDMEMORY(2) !"LISTVIEW","GetNeededMemory"
DEF GETALLSELECTED(2) !"LISTVIEW","GetAllSelected"
DEF GETNULLOFFSET(1) !"LISTVIEW","GetNullOffset"
DEF LISTVIEWTOCSV(4) !"LISTVIEW","ListviewToCsv"
DEF WRITEFILEQUICK(4) !"LISTVIEW","WriteFileQuick"
DEF CREATEIMAGELIST(2) !"LISTVIEW","CreateImageList"
DEF SETIMAGELIST(2) !"LISTVIEW","SetImageList"
DEF SETICON(3) !"LISTVIEW","SetIcon"
DEF SETICONSFROMMEM(4) !"LISTVIEW","SetIconsFromMem"
DEF SETICONSWITH(4) !"LISTVIEW","SetIconsWith"
DEF GETSELECTEDLINE(1) !"LISTVIEW","GetSelectedLine"
DEF SETINDEX(1) !"LISTVIEW","SetIndex"
DEF REGISTER(1) !"LISTVIEW","Register"
DEF GETLINETEXT(3) !"LISTVIEW","GetLineText"
DEF GETCOLUMNWIDTH(2) !"LISTVIEW","GetColumnWidth"
DEF CLOSEMESSAGES(1) !"LISTVIEW","CloseMessages"
DEF SETCOLUMNSFROMMEM(3) !"LISTVIEW","SetColumnsFromMem"
DEF CRYPTMEM(4) !"LISTVIEW","CryptMem"
DEF DBFTOCSV(5) !"LISTVIEW","DbfToCsv"
DEF SELECTLINE(3) !"LISTVIEW","SelectLine"
DEF SEARCHTEXT(7) !"LISTVIEW","SearchText"
DEF LISTVIEWTODBF(4) !"LISTVIEW","ListviewToDbf"
DEF COPYCOLUMNTO(4) !"LISTVIEW","CopyColumnTo"
DEF GETINDEX(0) !"LISTVIEW","GetIndex"
DEF EXCHANGESEPARATOR(5) !"LISTVIEW","ExchangeSeparator"
DEF COPYLINETO(4) !"LISTVIEW","CopyLineTo"
DEF GETCHECKED(3) !"LISTVIEW","GetChecked"
DEF SETCHECKBOXSTATE(3) !"LISTVIEW","SetCheckboxState"
DEF GETCHECKBOXSTATE(2) !"LISTVIEW","GetCheckboxState"
DEF ENABLEEDITS(2) !"LISTVIEW","EnableEdits"
DEF SORTMANUAL(3) !"LISTVIEW","SortManual"
DEF FILELISTTOCSV(6) !"LISTVIEW","FilelistToCsv"
DEF SETITEMTEXT(4) !"LISTVIEW","SetItemText"
DEF GETITEMTEXT(4) !"LISTVIEW","GetItemText"
DEF EXAMINECOLUMN(2) !"LISTVIEW","ExamineColumn"
DEF SETCOLUMNSORT(3) !"LISTVIEW","SetColumnSort"
DEF GETCOLUMNUPDATE(2) !"LISTVIEW","GetColumnUpdate"
DEF SETCOLUMNUPDATE(2) !"LISTVIEW","SetColumnUpdate"
DEF RAISECOLUMNS(4) !"LISTVIEW","RaiseColumns"
DEF MIXRGBS(2) !"LISTVIEW","MixRGBs"
DEF SETBACKIMAGE(3) !"LISTVIEW","SetBackImage"
DEF PRINTLISTVIEW(13) !"LISTVIEW","PrintListview"
DEF AREICONSPRESENT(1) !"LISTVIEW","AreIconsPresent"
DEF ARECHECKBOXESPRESENT(1) !"LISTVIEW","AreCheckboxesPresent"
DEF ERASELISTVIEW(1) !"LISTVIEW","EraseListview"
DEF GETCONTROLPARAS(1) !"LISTVIEW","GetControlParas"
DEF GETOWNCONTROLPARAS(4) !"LISTVIEW","GetOwnControlParas"
DEF SETSTYLE(1) !"LISTVIEW","SetStyle"
DEF GETREALCOLUMNINDEX(2) !"LISTVIEW","GetRealColumnIndex"
DEF CHECKIFMARKED(1) !"LISTVIEW","CheckIfMarked"
DEF SELECTCOLUMNEDITS(2) !"LISTVIEW","SelectColumnEdits"
DEF GETVAR(1) !"LISTVIEW","GetVar"
DEF SETICONMODE(1) !"LISTVIEW","SetIconMode"
DEF MARKIFCHECKED(1) !"LISTVIEW","MarkIfChecked"
DEF SETFILELISTFILTER(1) !"LISTVIEW","SetFilelistFilter"
DEF SETFILELISTNOFILTER(1) !"LISTVIEW","SetFilelistNoFilter"
DEF ADDITEMVALUES(4) !"LISTVIEW","AddItemValues"
DEF RAISELINE(4) !"LISTVIEW","RaiseLine"
DEF GETCOLUMNNAME(3) !"LISTVIEW","GetColumnName"
DEF SETCOLUMNNAME(3) !"LISTVIEW","SetColumnName"
DEF SETICONCOLUMN(1) !"LISTVIEW","SetIconColumn"
DEF GETICON(3) !"LISTVIEW","GetIcon"
DEF SETVAR(2) !"LISTVIEW","SetVar"
DEF PRINTCOLUMNS(1) !"LISTVIEW","PrintColumns"
DEF GETITEMTEXTSASINTEGER(3) !"LISTVIEW","GetItemTextsAsInteger"
DEF GETITEMTEXTSASFLOAT(3) !"LISTVIEW","GetItemTextsAsFloat"
DEF GETEDGEINTEGERS(4) !"LISTVIEW","GetEdgeIntegers"
DEF GETEDGEFLOATS(4) !"LISTVIEW","GetEdgeFloats"
DEF GETFLOAT(3) !"LISTVIEW","GetFloat"
DEF DELETEDOUBLEITEMS(2) !"LISTVIEW","DeleteDoubleItems"
DEF SETCOLUMNALIGNMENT(3) !"LISTVIEW","SetColumnAlignment"
DEF GETALLCHECKBOXSTATES(2) !"LISTVIEW","GetAllCheckboxStates"
DEF SETALLCHECKBOXSTATES(2) !"LISTVIEW","SetAllCheckboxStates"
DEF GETDLLVERSION(0) !"LISTVIEW","GetDllVersion"
DEF SETLINENUMBERS(3) !"LISTVIEW","SetLineNumbers"
DEF ENABLEDRAGDROP(2) !"LISTVIEW","EnableDragDrop"
DEF DELETESPACELINES(2) !"LISTVIEW","DeleteSpaceLines"
DEF GETDRAGDROPPARAS(1) !"LISTVIEW","GetDragDropParas"
DEF CONVERTDATAS(3) !"LISTVIEW","ConvertDatas"
DEF FORBIDSCROLLMESSAGE(1) !"LISTVIEW","ForbidScrollMessage"
DEF EXCHANGEBYTES(4) !"LISTVIEW","ExchangeBytes"
DEF SETPRINTATTRIBUTES(5) !"LISTVIEW","SetPrintAttributes"
DEF SETLINEHEIGHT(2) !"LISTVIEW","SetLineHeight"
DEF ASORTLISTVIEWEX(4) !"LISTVIEW","ASortListviewEx"
DEF GETLASTKEY(2) !"LISTVIEW","GetLastKey"
DEF SETCOLUMNSWIDTHLIMITS(2) !"LISTVIEW","SetColumnsWidthLimits"

PROC INSERTCOLUMN

    PARAMETERS CLV1&,CLV1$,CLV2&,CLV3&
    STRING CLV1#,0=CLV1$
    ICOLUMN(CLV1&,CLV1#,CLV2&,CLV3&)

ENDPROC

PROC AUTOSORTLISTVIEW

    CLEAR CLV2#
    LONG CLV2#,0=@&(2)
    LONG CLV2#,4=@&(3)
    LONG CLV2#,8=@&(4)
    LONG CLV2#,12=@&(5)
    LONG CLV2#,16=@&(6)
    LONG CLV2#,20=@&(7)
    LONG CLV2#,24=@&(8)
    LONG CLV2#,28=@&(9)
    LONG CLV2#,32=@&(10)
    LONG CLV2#,36=@&(11)
    LONG CLV2#,40=@&(12)
    LONG CLV2#,44=@&(13)
    LONG CLV2#,48=@&(14)
    LONG CLV2#,52=@&(15)
    ASORTLISTVIEW(@&(1),CLV2#,INT(SUB(%PCOUNT,1)))

ENDPROC

PROC SETITEM

    CLEAR CLV2#
    CLEAR CLVALL#
    STRING CLVALL#,0=@$(2)
    LONG CLV2#,0=CLVALL#
    STRING CLVALL#,100=@$(3)
    LONG CLV2#,4=CLVALL#+100
    STRING CLVALL#,200=@$(4)
    LONG CLV2#,8=CLVALL#+200
    STRING CLVALL#,300=@$(5)
    LONG CLV2#,12=CLVALL#+300
    STRING CLVALL#,400=@$(6)
    LONG CLV2#,16=CLVALL#+400
    STRING CLVALL#,500=@$(7)
    LONG CLV2#,20=CLVALL#+500
    STRING CLVALL#,600=@$(8)
    LONG CLV2#,24=CLVALL#+600
    STRING CLVALL#,700=@$(9)
    LONG CLV2#,28=CLVALL#+700
    STRING CLVALL#,800=@$(10)
    LONG CLV2#,32=CLVALL#+800
    STRING CLVALL#,900=@$(11)
    LONG CLV2#,36=CLVALL#+900
    STRING CLVALL#,1000=@$(12)
    LONG CLV2#,40=CLVALL#+1000
    STRING CLVALL#,1100=@$(13)
    LONG CLV2#,44=CLVALL#+1100
    STRING CLVALL#,1200=@$(14)
    LONG CLV2#,48=CLVALL#+1200
    STRING CLVALL#,1300=@$(15)
    LONG CLV2#,52=CLVALL#+1300
    SITEM(@&(1),CLV2#,SUB(%PCOUNT,2))

ENDPROC

DEF @CREATENEWIMAGELIST(5) !"comctl32.dll","ImageList_Create"
DEF @GETSYSTEMMETRICS(1) !"user32.dll","GetSystemMetrics"
DEF @DESTROYIMAGELIST(1) !"comctl32.dll","ImageList_Destroy"
DEF @LOADICON(2) !"user32.dll","LoadIconA"
DEF @ADDICONTOIMAGELIST(2) !"comctl32.dll","ImageList_AddIcon"
DEF DESTROYICON(1) ! "USER32.DLL","DestroyIcon"
DEF @GETSELECTEDCOUNT(1) @SENDMESSAGE (@&(1),4146,0,0)
DEF @DELETECOLUMN(2) @SENDMESSAGE (@&(1),$101C,@%(2),0)
DEF @DELETEITEM(2) @SENDMESSAGE (@&(1),$1008,@%(2),0)
DEF @DELETEALLITEMS(1) @SENDMESSAGE (@&(1),4105,0,0)
DEF @GETITEMSTATE(3) @SENDMESSAGE (@&(1),4140,@%(2),@%(3))
DEF @SETCOLUMNWIDTH(3) @SENDMESSAGE (@&(1),4126,@%(2),@%(3))
DEF @GETLVTXTCOLOR(1) @SENDMESSAGE (@&(1),$1023,0,0)
DEF @GETLVTXTBKCOLOR(1) @SENDMESSAGE (@&(1),$1025,0,0)
DEF @GETLVBKCOLOR(1) @SENDMESSAGE (@&(1),$1000,0,0)
DEF @UPDATE(1) @SENDMESSAGE (@&(1),4138,-1,0)

PROC ADDPROGRAMICON

    PARAMETERS NAME$,LHANDLE&,IL&
    DECLARE HICON&
    CLEAR LVITEM#
    STRING LVITEM#,0=NAME$
    HICON&=LOADICON(LHANDLE&,LVITEM#)
    ADDICONTOIMAGELIST(IL&,HICON&)
    DESTROYICON(HICON&)
    RETURN

ENDPROC

DEF GETSYSCOLOR(1) !"USER32","GetSysColor"
LVDLL&=USEDLL("Listview.dll")
WINDOWSTYLE 26+512
WINDOW 0,0-800,600
CLS GETSYSCOLOR(15)
USEFONT "MS Sans Serif",13,0,0,0,0
SETDIALOGFONT 1
X&=MIXRGBS(GETSYSCOLOR(15),$00FFFFFF)
X&=MIXRGBS(X&,$00FFFFFF)
LISTVIEW&=CREATELISTVIEW(%HWND,%HINSTANCE,0,X&,-1,$20)
INSERTCOLUMN LISTVIEW&,"Prozess-ID",80,0
INSERTCOLUMN LISTVIEW&,"Anzahl Threads",100,0
INSERTCOLUMN LISTVIEW&,"Prozess Datei", 140,0
INSERTCOLUMN LISTVIEW&,"Start-Verzeichniss", 280,0
SHOWLISTVIEW(LISTVIEW&,0,0,790,570)
INITMESSAGES(%HWND)
AUTOSORTLISTVIEW LISTVIEW&,2,2,1,1
EXTERNAL(XPIA$,"TheDatas")
EXTERNAL(XPIA$,"GetProcess",LISTVIEW&)

WHILE 1

    WAITINPUT

    IF %KEY=2

        BREAK

    ENDIF

ENDWHILE

DISPOSE CLV1#
DISPOSE CLV2#
DISPOSE CLVALL#
DISPOSE LVITEM#
END

here the originale code:
Compile Mark Separation

 {$cleq}
Declare Text$,number&,snapshot&,lvdll&,listview&,x&,y&
 $I Listview_Funktionen.inc
Def GetSysColor(1) !"USER32","GetSysColor"
lvdll&=usedll("Listview.dll")
Window Style 26+512
Window 0,0-800,600
Cls GetSysColor(15)
UseFont "MS Sans Serif",13,0,0,0,0
SetDialogFont 1
x&=MixRGBs(GetSysColor(15),$00FFFFFF)
x&=MixRGBs(x&,$00FFFFFF)
listview&=CreateListView(%hwnd,%hinstance,0,x&,-1,$20)
InsertColumn listview&,"Prozess-ID",80,0    Split form
InsertColumn listview&,"Anzahl Threads",100,0
InsertColumn listview&,"Prozess Datei", 140,0
InsertColumn listview&,"Start-Verzeichniss", 280,0
ShowListView(listview&,0,0,790,570)
InitMessages(%hwnd)
AutoSortListview listview&,2,2,1,1

AsmStart TheDatas()

    .data
    ;---------------------------------------------------------------------------]
    x               DD      0
    snap            DD      0
    empty            DD      0
    lines           DD      0
    aprocess        DD      0
    .data?
    WinProcess      PROCESSENTRY32  <>
    Datafind        WIN32_FIND_DATA <>
    hSnapshot       DD              ?
    Buffer          DB              255 DUP(?)
    Process         DB              255 DUP(?)
    DName           DB              1024 DUP(?)
    nurso           DB              1024 DUP(?)
    nurso2          DB              1024 DUP(?)
    .code
    nop

AsmEnd

AsmStart GetProcess(listview&)

    invoke  CreateToolhelp32Snapshot, TH32CS_SNAPALL , 0
    mov     snap, eax
    mov     [WinProcess.dwSize], sizeof PROCESSENTRY32
    invoke  Process32First, eax, offset WinProcess
    jmp     _GetRunningApps
    _Loop:
    invoke OpenProcess,PROCESS_QUERY_INFORMATION+PROCESS_VM_READ,0,[WinProcess.th32ProcessID]
    mov    aprocess,eax
    invoke GetModuleFileNameEx, eax, 0, addr DName, 1024

    .if eax==0

        mov DName,0

    .else

        invoke lstrlen,addr DName
        mov x,eax
        invoke lstrlen,offset WinProcess.szExeFile
        sub x,eax
        dec x
        lea edx,DName
        add edx,x
        xor al,al
        mov [edx],al

    .endif

    invoke CloseHandle, aprocess
    Scall SItem,para1,offset empty,0
    invoke dwtoa,WinProcess.th32ProcessID,addr nurso
    Scall GetLines,para1
    dec eax
    mov lines,eax
    lea edx,nurso
    Scall SetItemText,para1,edx,0,lines
    invoke dwtoa,WinProcess.cntThreads,addr nurso
    lea edx,nurso
    Scall SetItemText,para1,edx,1,lines
    invoke dwtoa,WinProcess.cntThreads,addr nurso
    Scall SetItemText,para1,offset WinProcess.szExeFile,2,lines
    lea edx,DName
    Scall SetItemText,para1,edx,3,lines
    invoke  Process32Next, snap, offset WinProcess
    _GetRunningApps:
    Test    eax, eax
    jnz     _Loop
    invoke  CloseHandle, snap
    xor     eax, eax

AsmEnd

While 1

    WaitInput
    Case %key=2:BREAK

EndWhile

 $I Listview_Dispose.inc
End

Listview.dll

83 kB

Hochgeladen:

10/10/06

Downloadcounter:

Download

ss.jpg

82 kB

Hochgeladen:

10/10/06

Downloadcounter:

Download

[quote:294ed74e8a=Sebastian king]I write simply again whom actually stood of my endeavours: I Search in the momentum in the aray Reserved3[59] to Values, The me moreover bring.[/quote:294ed74e8a]
you are on the incorrect place. what in the PEB standing, verrät Microsoft self not. Search to others founts, then Better get going plainer...

@Frank: One unbekanntes Terrain is only as long as uncharted, To one The right Documentation moreover found has - and the have I. If near enough on the Solution gekratzt becomes, I will all, which here involved having (and on it interest having), these Info zukommen let.

another Info:
The Solution lying inside the first 15 Members the PEB.

Sebastian
König

[quote:f7ea51f57e]1. over again 100 spots for PEB!

2. you are on the incorrect place. what in the PEB standing, verrät Microsoft self not. Search to others founts, then Better get going plainer...[/quote:f7ea51f57e]
both testify together to confuse me now a little bit...

so sees PEB running Platform-SDK from:

typedef struct _PEB {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[229];
PVOID Reserved3[59];
ULONG SessionId;
} PEB, *PPEB;

The only not-reserved items are means BeingDebugged and SessionId. Ersteres helps not further (think I) and SessionId was with all Prozessen, with them I it probiert have, always 0. foreseen of it bräuchte one to that detect the SessionId too Nich absolutely ZwQueryInformationProcess, there it Yes ProcessIdToSessionId gives...

Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage: [...]

Alte Profan²-Seite: [...]

As I said, MS verrät there not everything. The PEB has over 50 Members.

Sebastian
König

[quote:29b2851165]As I said, MS verrät there not everything. The PEB has over 50 Members. [/quote:29b2851165]Dou you mean so now The whole items in the the Reserved3-aray or yet further to SessionId?

I thought really, one could the whole now solve, without Date To bemühen...

Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage: [...]

Alte Profan²-Seite: [...]

have right, in of my Version are The Arrays aufgeschlüsselt. the what You seek, might means inside the Arrays Reserved2 lying. without a better Documentation come You there not further - and the comes not of Microsoft.

Search time Internet to PEB ReadImageFileExecOptions.