| |
| |
|
 | so, then wolln we time...
as initial position take we time subesquent small View source:
CompileMarkSeparationWindowstyle 31
Windowtitle "Listboxtest"
Window 0,0-640,440
Declare Listbox&,Zähler%
LET LISTBOX&=@Createlistbox(%HWND,"",20,40,300,300)
Clear Zähler%
PRINT Listbox&
While Zähler%<1000
@ADDSTRING(LISTBOX&,"Hallo, hier spricht AH!")
inc Zähler%
wend
Beep
While 0=0
Waitinput
wend
there Profan something lavish with Heaps bypassing, recommend I, the program with Profan2Cpp To compilieren.
After the Perform sees one the following on-screen:
[...] 
thereafter started we [...] and let us first once The Heaps the Testprozesses with the Listbox lists:
[...]
under Program/Options is the exhaust String Bytefolge transfiguring. After the Anklicken give we the word Hello one and pressing OK.
[...]
After one Rechtsklick in that Treeview of [...] can dial we memory search from.
[...]
in the downstairs Edit standing now the word Hello already as hexadezimale Bytefolge.
[...]
any Texts of Controls stand in memory as Unicodestrings, we must there means yet to each byte one Nullbyte insert, d.h. to each second characters two nobodies. the whole sees then so from:
[...]
what found becomes, sees vaguely so from:
[...]
we dial now a couple arbitrary Adressen from, once from the oberen drittel, once from the middle and once from the downstairs drittel and look to, in welchem Heapblock these Adressen lying. The Blöcke, in them The Adressen lying, let we as Strings Show. The Heapblock, whom we search, is vaguely 48136 Bytes big and lying probably end the first Heaps. the word Hello standing complete at the beginning the Blockes, so as here To see:
[...]
now copy we through Rechtsklick The Startadresse the Blocks - then one Rechtsklick in that Treeview and Speicherbereich Change select. as address the Speicherbereichs fügen we here The before copied Startadresse one, whom hexadezimalen new Content settle we on 41 and clicking thereafter on Speicherbereich Change.
[...]
we're us now The Listbox standing, is with your the following happens:
[...]
the what we there found having is means the Speicherbereich, on the any Entries the Listbox stored are!
this is already time integrally interestingly - but where is the remainder the Listbox?
thereafter search we now! If the Lines of/ one Listbox in a Speicherbereich stand, should another Speicherbereich against on these address verweise - is still logical, or?
we weg means folgendermaßen to:
first copy we again The address the Heapblocks with the Listviewzeilen. thereafter clicking we under Program/Options on the exhaust number in Bytefolge transfiguring and fügen here The address one.
[...]
thereafter clicking we on OK. now search we again whom Prozessspeicher the Testprozesses with the Listbox - and of course to the address as Doubleword in hexadezimaler Bytefolge (see Image):
[...]
the watts by me found:
[...]
under whom found Adressen search we after a address within one Heapblocks the first Heaps (by me 38184396). The sought area might 720 Bytes big his. we put now whom Content this Bereichs as dezimale Doublewords there (by me 38183824):
[...]
thereafter copy we whom whole area through Rechtsklick into Clipboard:
[...]
the comes by me thereby out:
[box:0080bc86d7]
X1=0
X2=0
X3=0
X4=1572865
X5=0
X6=768
X7=0
X8=0
X9=0
X10=0
X11=0
X12=0
X13=0
X14=0
X15=0
X16=0
X17=0
X18=0
X19=0
X20=0
X21=0
X22=0
X23=0
X24=0
X25=0
X26=0
X27=0
X28=0
X29=0
X30=0
X31=0
X32=0
X33=0
X34=0
X35=0
X36=0
X37=0
X38=0
X39=0
X40=0
X41=0
X42=0
X43=0
X44=0
X45=0
X46=0
X47=38183832
X48=0
X49=0
X50=0
X51=0
X52=0
X53=0
X54=0
X55=0
X56=0
X57=0
X58=0
X59=0
X60=0
X61=0
X62=0
X63=0
X64=0
X65=0
X66=0
X67=0
X68=0
X69=0
X70=0
X71=0
X72=0
X73=0
X74=0
X75=0
X76=0
X77=0
X78=0
X79=0
X80=0
X81=0
X82=0
X83=0
X84=0
X85=0
X86=0
X87=0
X88=0
X89=0
X90=0
X91=38184008
X92=0
X93=0
X94=0
X95=0
X96=0
X97=0
X98=0
X99=0
X100=0
X101=0
X102=0
X103=0
X104=0
X105=0
X106=0
X107=0
X108=0
X109=0
X110=0
X111=0
X112=0
X113=0
X114=0
X115=0
X116=0
X117=0
X118=0
X119=0
X120=0
X121=0
X122=0
X123=0
X124=0
X125=0
X126=0
X127=0
X128=0
X129=0
X130=0
X131=0
X132=0
X133=0
X134=0
X135=41681216
X136=41681440
X137=0
X138=-1
X139=0
X140=18
X141=1000
X142=1024
X143=38256320
X144=38187408
X145=48128
X146=48000
X147=8
X148=16
X149=0
X150=0
X151=0
X152=0
X153=0
X154=1288421508
X155=2
X156=0
X157=-1
X158=-1
X159=-1
X160=0
X161=0
X162=0
X163=0
X164=0
X165=0
X166=1031
X167=0
X168=0
X169=0
X170=278
X171=0
X172=23
X173=0
X174=999
X175=18
X176=0
X177=23
X178=0
X179=5898242
X180=1048832
[/box:0080bc86d7]
what we here see, dürften The data the Listbox his - on place X144 standing thereby The already known address, The The Lines the Listbox contains. we look us now place X141 time something accurate on, The number 1000. comes tappt im dunkeln jemandem famous to?. The address of X141 to charge we folgendermaßen:
Startadresse the Heapblock+(141*4)-4
by me would the 38183824+(141*4)-4 = 38184384
to control Please once 4 Bytes ex this address as dezimale Doublewords read let, it should The number 1000 get out!
now Change we the Doubleword on this place How in the Image To see on the dezimalen worth 10:
[...]
now sschauen we time in between The Listbox on:
[...]
Oops - The Zeilenzahl has (How beabsichtigt) on 10 verringert!
interest on More? if so - Fortsetzung follows...
PS: X143 has incidentally what with the Sort Listbox To do...  |
 |
| |
| |
| |
|
|
Sebastian
König | Hello Andreas,
wow - respect to the performance!!! reads itself Yes almost like a Know-How Article on [...] 
MfG
Sebastian |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...] Alte Profan²-Seite: [...] | 05/21/06 ▲ |
|
| |
|
|
Frank
Abbing | Hi.
so far is me already clear, what You bezweckst, Andreas. naturally can The data one Controls read, if one times the method recognized has, How MS yourself intern it too power.
but erzähl still time, whom benefit You you therefore erhoffst, Controls manually To beinflussen? which idea treibt you thereby on. the Have I do not integrally understood. Warscheinlich just Neugierde?
In previous Betriebssystemen was is ambulation and give, Systemkomponenten manually To change, integrally simply, because it the Messagessystem not given or it not yet so perfect elaborate was. i think there only on the AmigaOS.
whether MS whom better lane goes, if it whom User as far as possible abschottet? who knows... |
|
| |
| |
| |
|
|
| It's all right not only circa Controls, separate circa Handles and dazugehörige Adressen. my example was one Info hereon, the it in the principle possible is Structures in memory directly (without Mithilfe the API) To change.
what would possible:
1. About the lever one Speicherbereichs one strangers Prozesses The variables read, The on this place stored are.
2. The Zugriffsrechte (Security-Descriptor) bim Open of Handles pass over and Operationen manage, The really integral More rights require.
3. large Listboxes in a Slip a place on The others copy.
4. DLLs in others processes Injizieren and a others Process moreover join, own Source to execute
Reicht the? there Gibts yet More ...
PS: the Messagesystem is the most Sicherheitslücke Windows... |
|
| |
| |
| |
|
|
| | @SEbastian: I faith you have understood, what it me goes => Link... |
|
| |
| |
| |
|
|
Frank
Abbing | | as long as it to you therefore goes, Sicherheitslücken view, reserves me right his. for me reads itself the though More How the item one Hackers or Virenprogrammierer: I against the gigantische MS-Imperium. |
|
| |
| |
| |
|
|
| no Virenprogrammierer, at best sake not ...
me goes it to all Things therefore, things and Hintergründe To understand and these possible too umzusetzen. i'm in a profession engage, the solid and seelisch everything a Humans herausholt. One example: with my concise 70kg be I without further moreover in the site, 130kg auszuheben and by the countryside To carry. there need my brain in between time things, with them it itself similar intense in another direction engage.
means - circa it very To say - It's all right I do not circa I against irgendwen, separate circa I against me self....
so in the manner
- How plenty kg can I yet More carry?
- what can I otherwise yet do?
I have there defined targets, The I me staid have - this is was. It's all right me thereby but not around the achieve this targets (whether I 200kg carry can) sonder around the learn on the lane there To this target - I hope You understand...
i'm at program no expert - the have I often enough said. though I only 70kg cradle, can I almost the double of my Körpergewichtes carry. what can I in the Programmierbereich do, though I no expert be??? |
|
| |
| |
| |
|
|
Frank
Abbing | Well, You make already the, what You as response expect. you have you one kniffeliges Subject searched for and attempt you - with success! - on it. is still utterly aale. 
me kommts only sometimes so to, as would you your own skills unterschätzen and the the others überschätzen. means be not in wonder, if the spark not immediate In any skipping. is even not jedermanns Topic  . |
|
| |
| |
| |
|
|
| | be so did i not any more. i want only once more klarstellen, that I no Böser Bube be and not on illegal things think. your opinion have I with interest red - and if I the create, I would like (I glaubs really not), I will your Posting here in guter recollection keep.. |
|
| |
| |
| |
|
(1.128)
Deutsch
English
Français
Español
Italia
