| |
| |
|
 | Ausgelesen with ModHunter under windows98:
Windowsversion: windows98 ( A )
Prozessdaten:
Prozessname=C:WINDOWSSYSTEMMSGSRV32.EXE
Process-ID=-56225
Prozesserzeuger=
Modulname=C:WINDOWSSYSTEMMPR.DLL
Ladeadresse=2143223808
Ladestatus=geladen
Hersteller=Microsoft Corporation
Modulname=C:WINDOWSSYSTEMUSER32.DLL
Ladeadresse=-1074462720
Ladestatus=geladen
Hersteller=Microsoft Corporation
Modulname=C:WINDOWSSYSTEMGDI32.DLL
Ladeadresse=-1074659328
Ladestatus=geladen
Hersteller=Microsoft Corporation
Modulname=C:WINDOWSSYSTEMADVAPI32.DLL
Ladeadresse=-1075314688
Ladestatus=geladen
Hersteller=Microsoft Corporation
Modulname=C:WINDOWSSYSTEMKERNEL32.DLL
Ladeadresse=-1074331648
Ladestatus=geladen
Hersteller=Microsoft Corporation
Modulname=unbekannt
Ladeadresse=-1341456384
Ladestatus=Memory-Module
Hersteller=
Modulname=unbekannt
Ladeadresse=-1163264000
Ladestatus=Memory-Module
Hersteller=
Modulname=unbekannt
Ladeadresse=-1078525952
Ladestatus=Memory-Module
Hersteller=
Modulname=unbekannt
Ladeadresse=-1075904512
Ladestatus=Memory-Module
Hersteller=
Modulname=unbekannt
Ladeadresse=-1075707904
Ladestatus=Memory-Module
Hersteller=
Modulname=unbekannt
Ladeadresse=-1075445760
Ladestatus=Memory-Module
Hersteller=
Modulname=unbekannt
Ladeadresse=-1075380224
Ladestatus=Memory-Module
Hersteller=
Modulname=unbekannt
Ladeadresse=-1074921472
Ladestatus=Memory-Module
Hersteller=
could The here as Memory-Module items well driver his  . |
|
| |
| |
| |
|
|
| | the Module with the address -1341456384 sees from as nvdd32.dll - and the might To of my Grafikkarte belong . |
|
| |
| |
| |
|
|
| and address -1074921472 shining to a 20kB large NTDLL.DLL To fit, which in my windows Systemordner befindet. shine everything windows-system-DLls To his.
where come these DLLs and How get The loaded? Why are The invisible, if one The DLLs over The ToolHelp functions listet??? |
|
| |
| |
| |
|
|
| | has someone other of you time irgenwas written, what Module one Prozesses with the ToolHelp functions (CreateToolhelp32Snapshot /Module32First/Module32Next) listet, so I so test times can, whether this code any Module indicating???? |
|
| |
| |
| |
|
|
| Perhaps has Yes time someone pleasure, the supra angesprochene under windows2000/XP To building? I have in the moment whom local, Microsoft cache there purposely something, circa defined Sachverhalte to the User and the Programmer To veil.  |
|
| |
| |
| |
|
|
| Nö Andreas,  there becomes nothing cache or veil - but I have now a supposition, where these Module come and How tappt im dunkeln loaded go. write yet code, around the To prove or To widerlegen. |
|
| |
| |
| |
|
|
| Bingo!
here's code:
CompileMarkSeparationDEF @GetModuleHandle(1) !KERNEL32,GetModuleHandleA
DEF @GetProcAddress(2) !KERNEL32,GetProcAddress
Declare Module2$,Module$,HModule&,Funktion&,Funktion$,Zero&,FileInfoSize&
LET Module$=VERSION
LET Module2$=$SYSPATH+KERNEL32.DLL
LET FUNKTION$=GetFileVersionInfoSizeA
Windowstyle 31
Windowtitle Call ohne Handle!
Window 0,0-640,440
Print Handle der Version.dll vor dem Laden: +@str$(@GetModuleHandle(@addr(Module$)))
Print
LET HModule&=@UseDll(VERSION)
Print Handle der geladenen Version.dll: +@str$(@GetModuleHandle(@addr(Module$)))
Print
LET FUNKTION&=@GetProcAddress(HModule&,@addr(Funktion$))
Print Funktionsadresse von +FUNKTION$+: +@str$(FUNKTION&)
LET FileInfoSize&=@Call(FUNKTION&,@ADDR(Module2$),@ADDR(Zero&))
Print FileInfoSize von Kernel32.dll vor dem Entladen: +@str$(FileInfoSize&)
Freedll HModule&
Print Handle der Version.dll nach dem Entladen: +@str$(@GetModuleHandle(@addr(Module$)))
Clear FileInfoSize&
$B Vor Call
LET FileInfoSize&=@Call(FUNKTION&,@ADDR(Module2$),@ADDR(Zero&))
$B Nach Call
Print
Print FileInfoSize von Kernel32.dll nach dem Entladen: +@str$(FileInfoSize&)
Print Handle der Version.dll nach dem Call: +@str$(@GetModuleHandle(@addr(Module$)))
Print
While 1
Waitinput
wend
this code might on all NT based Systemen (NT/2000/XP) crash, on all not-NT based Systemen (95/98/ME) but functions.
If the somewhere under 95/98/ME not functions ought to, bräuchte I time the zurückgegeben lever the loaded Version.dll .
where hauts there, where not??? |
|
| |
| |
| |
|
|
| statement füt windows95/98/ME:
as long as some Process runs, the The Version.dll over LoadLibrary (...) loaded has, runs the above-mentioned code - has no Process The Version.dll loaded, crashes the code ex. |
|
| |
| |
| |
|
|
Frank
Abbing | | is correct, smears from XP... |
|
| |
| |
| |
|
|
 | the can far glances... nonNTs are quasi dangerous  |
|
| |
| |
| |
|
|
| iF
the can far glances... nonNTs are quasi dangerous
this is anyhow the case, there utterly nothing Safe is. here goes it me but sooner around the Speicherverwaltung and circa a Sachverhalt, the NT-Systemen invisible is, there there the there only driver concerns (or concern can).
It's all right here too only circa integrally defined Module and not circa any! |
|
| |
| |
| |
|
|
| be I time tensely what You as our windows-detective here herausbekommst.  |
|
| |
| |
| |
|
(1.109)
Deutsch
English
Français
Español
Italia