| |
| |
|
| - Page 1 - |
|
 | Hello people...
declared ZwQueryVirtualMemory have I Yes yet well hinbekommen, but with ZwOpenProcess stand I in moment on the Hose.
Folgender Source:
CompileMarkSeparationDef @ZwOpenProcess(4) !"NTDLL.DLL","ZwOpenProcess"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
Def @GetCurrentProcessID(0) !"KERNEL32","GetCurrentProcessId"
Def @CloseHandle(1) !"KERNEL32","CloseHandle"
Def @GetLastError(0) !"KERNEL32","GetLastError"
Def @SetLastError(1) !"KERNEL32","SetLastError"
DEF @AHFormatMessage(7) !"KERNEL32","FormatMessageA"
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare NT_Fehler&,WIN_FEHLER&,P_Handle&,P_ID&
Windowstyle 31
WindowTitle "ZwOpenProcess"
Window 0,0-780,440
LET P_ID&=@GetCurrentProcessID()
@SetLastError(0)
LET NT_FEHLER&=@ZwOpenProcess(@ADDR(P_Handle&),$400,0,P_ID&)
LET AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach ZwOpenProcess: "+AHGETERROR_Buffer$
LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von ZwOpenProcess: "+AHGETERROR_Buffer$+" ("+@STR$(NT_FEHLER&)+")"
Print "ID des Prozesses: "+@STR$(P_ID&)
PRINT "Handle des Prozesses: "+@STR$(P_Handle&)
Print ""
IF P_Handle&<>0
@SetLastError(0)
LET Win_Fehler&=@CloseHandle(P_Handle&)
LET AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach CloseHandle: "+AHGETERROR_Buffer$
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von CloseHandle: "+AHGETERROR_Buffer$
Endif
While 0=0
Waitinput
wend
Proc Fehlercode_bestimmen
DIM AHGETERROR_Buffer#,32000
@AHFormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode in Landesspezifische Message um.
Let AHGETERROR_Buffer$=@TRIM$(@STRING$(AHGETERROR_Buffer#,0))
Dispose AHGETERROR_Buffer#
Endproc
What do I do there for Error??? |
|
| |
| |
| |
|
|
| |
| |
| - Page 1 - |
|
Sebastian
König | Hello Andreas,
have You time a good Link To Information over ZwOpenProcess()?
MfG
Sebastian |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...]  Alte Profan²-Seite: [...] | 09/12/06 ▲ |
|
| |
|
|
| Hello Sebastian...
I have in the moment only [...] . Def latest Parameter might by me means not voices.. |
|
| |
| |
| |
|
|
| |
| |
| |
| |
|
|
| The second Parameter Better get going well his, whom first could I Perhaps on 0 settle.
here Link: [...] |
|
| |
| |
| |
|
|
Sebastian
König | I suppose, You refer you the here:
[quote:7063508387]NTSYSAPI
NTSTATUS
NTAPI
ZwOpenProcess(
OUT PHANDLE ProcessHandle,
IN ACCESS_MASK DesiredAccess,
IN POBJECT_ATTRIBUTES ObjectAttributes,
IN PCLIENT_ID ClientId OPTIONAL
);
The ClientId parameter is a structure (defined in ntifs.h) that allows
you to specify a process ID to open. Once the function succeeds, call
ObReferenceObjectByHandle on the returned ProcessHandle to get at the
PEPROCESS.[/quote:7063508387]
The Definitionen for CLIENT_ID and OBJECT_ATTRIBUTES have I Schonmal found:
[quote:7063508387]
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor;
PVOID SecurityQualityOfService;
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
typedef struct _CLIENT_ID {
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
[/quote:7063508387]
unfortunately must to the whole well too yet properly fill - at least The ObjectAttributes, ClientId is Yes well optional.
with
CompileMarkSeparation
comes still Schonmal only yet falser Parameter. somehow must one indeed indicate, whom Process one at all open would like - either well in ClientId or Perhaps in ObjectName... |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...] Alte Profan²-Seite: [...] | 09/12/06 ▲ |
|
| |
|
|
| [quote:0009d0d868=Sebastian king]comes still Schonmal only yet falser Parameter. somehow must one indeed indicate, whom Process one at all open would like - either well in ClientId or Perhaps in ObjectName...[/quote:0009d0d868]
indicate must to the apparently in ObjectName, CLIENT_ID can Yes 0 his.
The Objektname could the name the Prozesses from the Taskmanasger his. RootDirectory power me something Kopfzerbrechen - no idea what there hinkommt. SecurityDescriptor could too evtl 0 his (to hardship bastele I me self a), be me there but not integrally sure. with SecurityQualityOfService be I me too not yet integrally sure...
CLIENT_ID fehlte me yet, best Thanks. |
|
| |
| |
| |
|
|
| be of course not yet on the target, but already something moreover:
CompileMarkSeparationDEF @MultiByteToWideChar(6) !"kernel32","MultiByteToWideChar"
Def @ZwOpenProcess(4) !"NTDLL.DLL","ZwOpenProcess"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
Def @GetCurrentProcessID(0) !"KERNEL32","GetCurrentProcessId"
Def @CloseHandle(1) !"KERNEL32","CloseHandle"
Def @GetLastError(0) !"KERNEL32","GetLastError"
Def @SetLastError(1) !"KERNEL32","SetLastError"
DEF @AHFormatMessage(7) !"KERNEL32","FormatMessageA"
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare NT_Fehler&,WIN_FEHLER&,P_Handle&,P_ID&,Objekt_name$
Declare Attr#,Unicode_STR#
Windowstyle 31
WindowTitle "ZwOpenProcess"
Window 0,0-780,440
LET P_ID&=@GetCurrentProcessID()
@SetLastError(0)
Dim Attr#,24
Clear Attr#
Long Attr#,0=24
LET Objekt_name$="F:ProgrammeXProfan9PROFAN.EXE"
Dim Unicode_STR#,513
@MultiByteToWideChar(0,0,@ADDR(Objekt_name$),-1,Unicode_STR#,256)
Long Attr#,8=Unicode_STR#
Let Nt_fehler&=@Zwopenprocess(@Addr(P_handle&),$400,Attr#,0)
Dispose Attr#
LET AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach ZwOpenProcess: "+AHGETERROR_Buffer$
LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von ZwOpenProcess: "+AHGETERROR_Buffer$+" ("+@STR$(NT_FEHLER&)+")"
Print "ID des Prozesses: "+@STR$(P_ID&)
PRINT "Handle des Prozesses: "+@STR$(P_Handle&)
Print ""
IF P_Handle&<>0
@SetLastError(0)
LET Win_Fehler&=@CloseHandle(P_Handle&)
LET AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach CloseHandle: "+AHGETERROR_Buffer$
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von CloseHandle: "+AHGETERROR_Buffer$
Endif
While 0=0
Waitinput
wend
Proc Fehlercode_bestimmen
DIM AHGETERROR_Buffer#,32000
@AHFormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode in Landesspezifische Message um.
Let AHGETERROR_Buffer$=@TRIM$(@STRING$(AHGETERROR_Buffer#,0))
Dispose AHGETERROR_Buffer#
/../../Function-References/XProfan/endproc/'>Endproc
|
|
| |
| |
| |
|
|
Sebastian
König | Hello Andreas,
I have [...] straight another example found. so functions it by me:
CompileMarkSeparation
Einzufügen in your first code supra  .
MfG
Sebastian |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...] Alte Profan²-Seite: [...] | 09/12/06 ▲ |
|
| |
|
|
| |
| |
| |
| |
|
|
| Hello Sebastian...
here now the complete code:
CompileMarkSeparationDef @ZwOpenProcess(4) !"NTDLL.DLL","ZwOpenProcess"
DEF @LsaNtStatusToWinError(1) !"advapi32","LsaNtStatusToWinError"
Def @GetCurrentProcessID(0) !"KERNEL32","GetCurrentProcessId"
Def @GetLastError(0) !"KERNEL32","GetLastError"
Def @SetLastError(1) !"KERNEL32","SetLastError"
DEF @AHFormatMessage(7) !"KERNEL32","FormatMessageA"
DEF @ZwClose(1) !"NTDLL","ZwClose"
Declare AHRückgabe&,AHGETERROR_Buffer#,AHGETERROR_Buffer$
Declare NT_Fehler&,WIN_FEHLER&,P_Handle&,P_ID&,Objekt_name$
Declare Attr#,Unicode_STR#,Id#
Windowstyle 31
WindowTitle "ZwOpenProcess"
Window 0,0-780,440
LET P_ID&=@GetCurrentProcessID()
Dim Attr#,24
DIM ID#,8
Long ID#,0=P_ID&
Clear Attr#
Long Attr#,0=24 Größe der Struktur
@SetLastError(0)
Let Nt_fehler&=@Zwopenprocess(@Addr(P_handle&),$400,Attr#,ID#)
LET AHRückgabe&=@GetLastError()
Dispose Unicode_STR#
Dispose ID#
Dispose Attr#
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach ZwOpenProcess: "+AHGETERROR_Buffer$
LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von ZwOpenProcess: "+AHGETERROR_Buffer$+" ("+@STR$(NT_FEHLER&)+")"
Print "ID des Prozesses: "+@STR$(P_ID&)
PRINT "Handle des Prozesses: "+@STR$(P_Handle&)
Print ""
IF P_Handle&<>0
@SetLastError(0)
LET NT_Fehler&=@ZwClose(P_Handle&)
LET AHRückgabe&=@GetLastError()
Fehlercode_bestimmen
PRINT "Letzter API-Fehler nach ZwClose: "+AHGETERROR_Buffer$
LET WIN_FEHLER&=@LsaNtStatusToWinError(NT_FEHLER&)
LET AHRückgabe&=WIN_FEHLER&
Fehlercode_bestimmen
PRINT "Rückmeldung von ZwClose: "+AHGETERROR_Buffer$
Endif
While 0=0
Waitinput
wend
Proc Fehlercode_bestimmen
DIM AHGETERROR_Buffer#,32000
@AHFormatMessage($1000,0,AHRückgabe&,0,AHGETERROR_Buffer#,32000,0) Wandelt Fehlercode in Landesspezifische Message um.
Let AHGETERROR_Buffer$=@TRIM$(@STRING$(AHGETERROR_Buffer#,0))
Dispose AHGETERROR_Buffer#
/../../Function-References/XProfan/endproc/'>Endproc
and I you yet say wished: 
TOLL! 
SUPER!!! 
Vielen, many Thanks 
now can I look, I so begin can!  <= Thats windows
 |
|
| |
| |
| |
|
|
Sebastian
König | [quote:3d218d8a75]now can I look, I so begin can! <= Thats windows[/quote:3d218d8a75]
OK, i'm tensely, for what the whole well is! |
|
| |
| Windows XP, XProfan/Profan² 4.5 bis 11 Profan2Cpp-Homepage: [...] Alte Profan²-Seite: [...] | 09/12/06 ▲ |
|
| |
|
| |
| |
| - Page 2 - |
|
|
| can something last, again night shift - time achauen, whether I so weiterkomme.
in the moment shining itself the To confirm, I over windows think... |
|
| |
| |
| |
|
(767)
Deutsch
English
Français
Español
Italia