English
Forum

Need help API ZwOpenProcess...

 
Hello people...

declared ZwQueryVirtualMemory have I Yes yet well hinbekommen, but with ZwOpenProcess stand I in moment on the Hose.
Folgender Source:
CompileMarkSeparation
Def @ZwOpenProcess(4) !"NTDLL.DLL","ZwOpenProcess"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
Def @GetCurrentProcessID(0) !"KERNEL32","GetCurrentProcessId"
Def @CloseHandle(1) !"KERNEL32","CloseHandle"
Def @GetLastError(0) !"KERNEL32","GetLastError"
Def @SetLastError(1) !"KERNEL32","SetLastError"
DEF @AHFormatMessage(7) !"KERNEL32","FormatMessageA"
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare NT_Fehler&,WIN_FEHLER&,P_Handle&,P_ID&
Windowstyle 31
WindowTitle "ZwOpenProcess"
Window 0,0-780,440
LET P_ID&=@GetCurrentProcessID()
@SetLastError(0)
LET NT_FEHLER&=@ZwOpenProcess(@ADDR(P_Handle&),$400,0,P_ID&)
LET AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach ZwOpenProcess: "+AHGETERROR_Buffer$
LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von ZwOpenProcess: "+AHGETERROR_Buffer$+" ("+@STR$(NT_FEHLER&)+")"
Print "ID des Prozesses: "+@STR$(P_ID&)
PRINT "Handle des Prozesses: "+@STR$(P_Handle&)
Print ""

IF P_Handle&<>0

    @SetLastError(0)
    LET Win_Fehler&=@CloseHandle(P_Handle&)
    LET AHRückgabe&=@GetLastError()
    Fehlercode_bestimmen
    PRINT "Letzter API-Fehler nach CloseHandle: "+AHGETERROR_Buffer$
    LET AHRückgabe&=WIN_FEHLER&
    Fehlercode_bestimmen
    PRINT "Rückmeldung von CloseHandle: "+AHGETERROR_Buffer$

Endif

While 0=0

    Waitinput

wend

Proc Fehlercode_bestimmen

    DIM AHGETERROR_Buffer#,32000
    @AHFormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode in Landesspezifische Message um.
    Let AHGETERROR_Buffer$=@TRIM$(@STRING$(AHGETERROR_Buffer#,0))
    Dispose AHGETERROR_Buffer#

Endproc


What do I do there for Error???
 
09/12/06  
 




Sebastian
König
Hello Andreas,

have You time a good Link To Information over ZwOpenProcess()?

MfG

Sebastian
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
09/12/06  
 



Hello Sebastian...
I have in the moment only [...] . Def latest Parameter might by me means not voices..
 
09/12/06  
 



...and the second ditto.
 
09/12/06  
 



The second Parameter Better get going well his, whom first could I Perhaps on 0 settle.
here Link: [...] 
 
09/12/06  
 




Sebastian
König
I suppose, You refer you the here:
[quote:7063508387]NTSYSAPI
NTSTATUS
NTAPI
ZwOpenProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId OPTIONAL
);

The ClientId parameter is a structure (defined in ntifs.h) that allows
you to specify a process ID to open. Once the function succeeds, call
ObReferenceObjectByHandle on the returned ProcessHandle to get at the
PEPROCESS.[/quote:7063508387]
The Definitionen for CLIENT_ID and OBJECT_ATTRIBUTES have I Schonmal found:
[quote:7063508387]
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;

typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
[/quote:7063508387]
unfortunately must to the whole well too yet properly fill - at least The ObjectAttributes, ClientId is Yes well optional.

with
CompileMarkSeparation
declare attr#
dim attr#,24
clear attr#
Let Nt_fehler&=@Zwopenprocess(@Addr(P_handle&),$400,attr#,0)pre>

comes still Schonmal only yet falser Parameter. somehow must one indeed indicate, whom Process one at all open would like - either well in ClientId or Perhaps in ObjectName...
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
09/12/06  
 



[quote:0009d0d868=Sebastian king]comes still Schonmal only yet falser Parameter. somehow must one indeed indicate, whom Process one at all open would like - either well in ClientId or Perhaps in ObjectName...[/quote:0009d0d868]
indicate must to the apparently in ObjectName, CLIENT_ID can Yes 0 his.
The Objektname could the name the Prozesses from the Taskmanasger his. RootDirectory power me something Kopfzerbrechen - no idea what there hinkommt. SecurityDescriptor could too evtl 0 his (to hardship bastele I me self a), be me there but not integrally sure. with SecurityQualityOfService be I me too not yet integrally sure...

CLIENT_ID fehlte me yet, best Thanks.
 
09/12/06  
 



be of course not yet on the target, but already something moreover:
CompileMarkSeparation
DEF @MultiByteToWideChar(6) !"kernel32","MultiByteToWideChar"
Def @ZwOpenProcess(4) !"NTDLL.DLL","ZwOpenProcess"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
Def @GetCurrentProcessID(0) !"KERNEL32","GetCurrentProcessId"
Def @CloseHandle(1) !"KERNEL32","CloseHandle"
Def @GetLastError(0) !"KERNEL32","GetLastError"
Def @SetLastError(1) !"KERNEL32","SetLastError"
DEF @AHFormatMessage(7) !"KERNEL32","FormatMessageA"
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare NT_Fehler&,WIN_FEHLER&,P_Handle&,P_ID&,Objekt_name$
Declare Attr#,Unicode_STR#
Windowstyle 31
WindowTitle "ZwOpenProcess"
Window 0,0-780,440
LET P_ID&=@GetCurrentProcessID()
@SetLastError(0)
Dim Attr#,24
Clear Attr#
Long Attr#,0=24
LET Objekt_name$="F:ProgrammeXProfan9PROFAN.EXE"
Dim Unicode_STR#,513
@MultiByteToWideChar(0,0,@ADDR(Objekt_name$),-1,Unicode_STR#,256)
Long Attr#,8=Unicode_STR#
Let Nt_fehler&=@Zwopenprocess(@Addr(P_handle&),$400,Attr#,0)
Dispose Attr#
LET AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach ZwOpenProcess: "+AHGETERROR_Buffer$
LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von ZwOpenProcess: "+AHGETERROR_Buffer$+" ("+@STR$(NT_FEHLER&)+")"
Print "ID des Prozesses: "+@STR$(P_ID&)
PRINT "Handle des Prozesses: "+@STR$(P_Handle&)
Print ""

IF P_Handle&<>0

    @SetLastError(0)
    LET Win_Fehler&=@CloseHandle(P_Handle&)
    LET AHRückgabe&=@GetLastError()
    Fehlercode_bestimmen
    PRINT "Letzter API-Fehler nach CloseHandle: "+AHGETERROR_Buffer$
    LET AHRückgabe&=WIN_FEHLER&
    Fehlercode_bestimmen
    PRINT "Rückmeldung von CloseHandle: "+AHGETERROR_Buffer$

Endif

While 0=0

    Waitinput

wend

Proc Fehlercode_bestimmen

    DIM AHGETERROR_Buffer#,32000
    @AHFormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode in Landesspezifische Message um.
    Let AHGETERROR_Buffer$=@TRIM$(@STRING$(AHGETERROR_Buffer#,0))
    Dispose AHGETERROR_Buffer#

/../../Function-References/XProfan/endproc/'>Endproc

 
09/12/06  
 




Sebastian
König
Hello Andreas,

I have [...]  straight another example found. so functions it by me:
CompileMarkSeparation
declare attr#,id#
dim attr#,24
dim id#,8
clear attr#
clear id#
long attr#,0 = 24
long id#,0 = P_id&
Let Nt_fehler&=@Zwopenprocess(@Addr(P_handle&),$400,attr#,id#)
>

Einzufügen in your first code supra .

MfG

Sebastian
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
09/12/06  
 



Thank you!

time look...
 
09/12/06  
 



Hello Sebastian...

here now the complete code:
CompileMarkSeparation
Def @ZwOpenProcess(4) !"NTDLL.DLL","ZwOpenProcess"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
Def @GetCurrentProcessID(0) !"KERNEL32","GetCurrentProcessId"
Def @GetLastError(0) !"KERNEL32","GetLastError"
Def @SetLastError(1) !"KERNEL32","SetLastError"
DEF @AHFormatMessage(7) !"KERNEL32","FormatMessageA"
DEF @ZwClose(1) !"NTDLL","ZwClose"
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare NT_Fehler&,WIN_FEHLER&,P_Handle&,P_ID&,Objekt_name$
Declare Attr#,Unicode_STR#,Id#
Windowstyle 31
WindowTitle "ZwOpenProcess"
Window 0,0-780,440
LET P_ID&=@GetCurrentProcessID()
Dim Attr#,24
DIM ID#,8
Long ID#,0=P_ID&
Clear Attr#
Long Attr#,0=24 Größe der Struktur
@SetLastError(0)
Let Nt_fehler&=@Zwopenprocess(@Addr(P_handle&),$400,Attr#,ID#)
LET AHRückgabe&=@GetLastError()
Dispose Unicode_STR#
Dispose ID#
Dispose Attr#
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach ZwOpenProcess: "+AHGETERROR_Buffer$
LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von ZwOpenProcess: "+AHGETERROR_Buffer$+" ("+@STR$(NT_FEHLER&)+")"
Print "ID des Prozesses: "+@STR$(P_ID&)
PRINT "Handle des Prozesses: "+@STR$(P_Handle&)
Print ""

IF P_Handle&<>0

    @SetLastError(0)
    LET NT_Fehler&=@ZwClose(P_Handle&)
    LET AHRückgabe&=@GetLastError()
    Fehlercode_bestimmen
    PRINT "Letzter API-Fehler nach ZwClose: "+AHGETERROR_Buffer$
    LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
    LET AHRückgabe&=WIN_FEHLER&
    Fehlercode_bestimmen
    PRINT "Rückmeldung von ZwClose: "+AHGETERROR_Buffer$

Endif

While 0=0

    Waitinput

wend

Proc Fehlercode_bestimmen

    DIM AHGETERROR_Buffer#,32000
    @AHFormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode in Landesspezifische Message um.
    Let AHGETERROR_Buffer$=@TRIM$(@STRING$(AHGETERROR_Buffer#,0))
    Dispose AHGETERROR_Buffer#

/../../Function-References/XProfan/endproc/'>Endproc


and I you yet say wished:
TOLL!
SUPER!!!
Vielen, many Thanks
now can I look, I so begin can! <= Thats windows
 
09/12/06  
 




Sebastian
König
[quote:3d218d8a75]now can I look, I so begin can! <= Thats windows[/quote:3d218d8a75]
OK, i'm tensely, for what the whole well is!
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
09/12/06  
 




Answer


Topictitle, max. 100 characters.
 

Systemprofile:

no Systemprofil laid out. [anlegen]

XProfan:

 Posting  Font  Smilies  ▼ 

Please register circa a Posting To verfassen.
 

Topic-Options

4.537 Views

Untitledvor 0 min.
Georg Teles04/15/13
Andreas Koch05/09/12

Themeninformationen

this Topic has 2 subscriber:

unbekannt (9x)
Sebastian König (4x)


Admins  |  AGB  |  Applications  |  Authors  |  Chat  |  Privacy Policy  |  Download  |  Entrance  |  Help  |  Merchantportal  |  Imprint  |  Mart  |  Interfaces  |  SDK  |  Services  |  Games  |  Search  |  Support

One proposition all XProfan, The there's!


My XProfan
Private Messages
Own Storage Forum
Topics-Remember-List
Own Posts
Own Topics
Clipboard
Log off
 Deutsch English Français Español Italia
Translations

Privacy Policy


we use Cookies only as Session-Cookies because of the technical necessity and with us there no Cookies of Drittanbietern.

If you here on our Website click or navigate, stimmst You ours registration of Information in our Cookies on XProfan.Net To.

further Information To our Cookies and moreover, How You The control above keep, find You in ours nachfolgenden Datenschutzerklärung.


all rightDatenschutzerklärung
i want none Cookie