| |
| |
|
| - Page 1 - |
|
Frank
Abbing | A small Tool of me on API-Hooking Base. In of/ one Listbox go any Dlls aufgelistest, The straight of Programs loaded get.
simply Exe Starting and then any programs started. its Dlls should now gelistet and be it pieps short.
Please testing time, whether it yet somewhere hakt. |
|
| |
| |
| |
|
|
| |
| |
| - Page 4 - |
|
RGH | Frank Abbing
Oooch Roland. have but unregarded, the one in the program GetProcAdress() per function only EINMAL using must. to that Save the address sufficient then a simple Variable.
Oooch Frank, have You do not mind, that my erstes Program GetProcAdress() too only once aufruft and the second only moreover serves, whom Zeitaufwand between GetProcAdress() and LoadLibrary() To vergleichen, to determine, who at dynamic appeal The Time verbrät? 
If I in XProfan the dynamic left bevorzuge, then must I The address then to determine, if The function the first time akin becomes. as they then on another place in the program again akin becomes, must I tappt im dunkeln again to determine or I should in a scheduler look over, whether The already famous (and yet validly) is and then use. the would zusätzlicher Verwaltungsaufwand.
The others alternative is the conversion in a static appeal, as it the XPSE (and my obiges example) power. there the with zeitkritischen Things sense can make, have I Yes already suggested, the into next XProfan-Version as alternative incorporate. As I said: both mutants having your to- and detriments.
Greeting
Roland |
|
| |
| Intel Duo E8400 3,0 GHz / 4 GB RAM / 1000 GB HDD - ATI Radeon HD 4770 512 MB - Windows 7 Home Premium 32Bit - XProfan X4 | 03/27/07 ▲ |
|
| |
|
|
Frank
Abbing |
and the second only moreover serves, whom Zeitaufwand between GetProcAdress() and LoadLibrary() To vergleichen, to determine, who at dynamic appeal The Time verbrät?
How already said - on the Topic past.
it's located me remote you something vorschreiben To want what about me likes such Diskussionen too none. you have here a Possibility The efficiency of XProfan yet To enhance. what You letztendlich from it make, and whether and How You The review your User umsetzt, is your thing. |
|
| |
| |
| |
|
|
| Hello Roland...
time To your code:
can it his, that You there something mogelst? Usedll is still one static appeal and GetProcAdress - becomes the there not dynamic called???  |
|
| |
| |
| |
|
|
| Hello Frank...
have you got you whom Source time respected? I Have reingesehen... the has so but mere quite nothing To do.
be everything else as one expert for ASM. what mach the Code GetProcAdress because very? search the not whom Table to the angegebenen function?
learn gladly what moreover.  |
|
| |
| |
| |
|
|
| where lying the fallacy in folgendem code:
CompileMarkSeparation $H Windows.ph WindowsHeaderdatei nutzen
Declare hDLL&, Time&, DLL$,LoadLibraryA&,GetProcAddress&,Funktion$,StringAddr&
LET DLL$=Kernel32.DLL
hDLL& = ~LoadLibraryA(@addr(DLL$))
LET Funktion$=GetProcAddress
LET GetProcAddress&=~GetProcAddress(hDLL&, @addr(Funktion$))
LET Funktion$=LoadLibraryA
LET LoadLibraryA&=~GetProcAddress(hDLL&, @addr(Funktion$))
LET DLL$=USER32.DLL
hDLL& = ~LoadLibraryA(@addr(DLL$))
Print Ohne irgendwas: ;
Time& = &GetTickCount
whileLoop 1, 100000
endwhile
print Int(&GetTickCount - Time&)
LET DLL$=$SYSPATH+USER32.DLL
Print LoadLibraryA +DLL$+ :;
StringAddr& = addr(DLL$)
Time& = &GetTickCount
whileLoop 1, 100000
call(LoadLibraryA&,StringAddr&)
endwhile
print Int(&GetTickCount - Time&)
LET DLL$=USER32
Print LoadLibraryA +DLL$+ :;
StringAddr& = addr(DLL$)
Time& = &GetTickCount
whileLoop 1, 100000
call(LoadLibraryA&,StringAddr&)
endwhile
print Int(&GetTickCount - Time&)
Print GetProcAdress ActivateKeyboardLayout: ;
Let Funktion$=ActivateKeyboardLayout
StringAddr& = addr(Funktion$)
Time& = &GetTickCount
whileLoop 1, 100000
call(GetProcAddress&,hDLL&, StringAddr&)
endwhile
print Int(&GetTickCount - Time&)
Print GetProcAdress wvsprintfW: ;
Let Funktion$=wvsprintfW
StringAddr& = addr(Funktion$)
Time& = &GetTickCount
whileLoop 1, 100000
call(GetProcAddress&,hDLL&, StringAddr&)
endwhile
print Int(&GetTickCount - Time&)
waitinput
ss=s4 href='./../../Function-References/XProfan/end/'>end
|
|
| |
| |
| |
|
|
RGH | Andreas Hötker
what mach the Code GetProcAdress because very? search the not whom Table to the angegebenen function?
its hold a API-function, The The absolute address of/ one function one loaded Moduls zurückgibt. How tappt im dunkeln the power, entzieht itself of my Kenntnis. there Microsoft its Source code (weitestgehend C C++ with ASM-sharing) not published, is it neither integrally simply the to get. (Also would the eh not help on.)
I suspect but simply the following: an DLL contains in her Header a list the in your exportierten functions with the Einsprungadressen. I take therefore on, that GetProcAdress over the lever the DLL on these list zugreift.
Greeting
Roland |
|
| |
| Intel Duo E8400 3,0 GHz / 4 GB RAM / 1000 GB HDD - ATI Radeon HD 4770 512 MB - Windows 7 Home Premium 32Bit - XProfan X4 | 03/28/07 ▲ |
|
| |
|
| |
| |
| - Page 5 - |
|
|
RGH | Andreas Hötker
Hello Roland... time To your code: can it his, that You there something mogelst? Usedll is still one static appeal and GetProcAdress - becomes the there not dynamic called???
No, i'm I do not aware To mogeln. but Perhaps should we times the terms dynamic and static in this Context clarify:
dynamic
If I a DLL dynamic left, means the, that I only then on The DLL access, if it the straight executed code objectively needed. have I z.B. in a Grafikprogramm a load-routine for a exotisches Grafikformat, the a teure externe DLL needed, so can I with dynamischem Access to The DLL too without DLL of these Program works, such a long time I no File this Formates loading would like. The Programmteil, the these DLL dynamic uses, becomes even never called. this dynamic appeal happens, something vereinfacht without Fehlerbehandlung and Parameterverwaltung, with folgendem code:
CompileMarkSeparation
where, How supra dargelegt, LoadLibrary only then The DLL physical of disk into memory läft, as they not yet loaded is and FreeLibrary only then WinXP? the DLL freigibt, if the mentioned counter on 0 goes. what to the static Variante jedesmal anfällt and the Zeitunterschied ausmacht, is the GetProcAdress().
static
If I a DLL static left, then means the, that the in the program used Funktionsadressen only once, and zwr at the beginning the Program with LoadLibrary and GetProcAdress determined and be in the further course only yet Calls on The known Adressen necessary are. The benefit is the höhere speed*, the disadvantage even, that the Program fundamentally not launch, if The DLL missing. (These were itself though through skilful Programming more or less offset.)
means will need you here, though only once at the beginning the Program, LoadLibrary and GetProcAdress. in the Program results then only yet the appeal with Call (here verkürzt around the Parameterverwaltung):
CompileMarkSeparation
aFunk is here The globale Variable, the The address the function startup allocated watts. there here GetProcAdress akin watts, is these Variante naturally faster, what itself with Programmem with many API-Call naturally bermerkbar power. Diesen lane goes iF with XPSE and access therefore whom Tempozuwachs.
most Programmiersprachen permit both mutants the DLL-Bindung, so too Delphi, in the XProfan written is. so are by me The ODBC-Aufrufe dynamic gelinkt, that is: XProfan launch on Rechnern without installed ODBC-driver (windows 95 coming yet without these driver on the market). The OpenGL-Aufrufe (over The OGL-function) are static gelinkt, there it here a) circa tempo goes and b) any XProfan-able Windowsversionen OpenGL of dwell from on board having. without OpenGL would XProfan not started.
Greeting
Roland
* how much the very ausmacht, depends naturally from the jeweiligen API-function ex. with aufwändigen API-functions becomes the Tempovorteil hardly in that weight entrapments, during it with simplest API-functions, The self only as long as How the GetProcAdress need, then naturally a crowd ausmacht! |
|
| |
| Intel Duo E8400 3,0 GHz / 4 GB RAM / 1000 GB HDD - ATI Radeon HD 4770 512 MB - Windows 7 Home Premium 32Bit - XProfan X4 | 03/28/07 ▲ |
|
| |
|
|
| Hello Roland - once more to that mogeln...
we'd the already time:
is it with whom Profanfunktionen (here usedll) not so, the there The address already at Call the Program is determined?
~GetProcAdress might but GetProcAdress first when calling the function Call - is the right? Verschaffst You so Usedll (here LoadLibraryA - therefore goes it Yes ) not a ungerechten benefit?
Müssten not both functions over Call called go, circa at all first once same Voraussetzungen To create?
The question what mach GetProcAdress very? was Screen memory directed, the itself Yes The function respected has -
nevertheless thanks!
@Frank:
the, where loaded Module stored go, stink for me after a LDR_DATA_TABLE_ENTRY structure, means of/ one twice verlinkten list, How I tappt im dunkeln of MIster Root and Fu since know. within of/ one such structure becomes too the Loadcount gespeicheit - there's not plenty Memory scannen.
declared GetProcAdress becomes well whom Exporttable of/ one DLL scannen, and there can loosly 1000 different functions drin stand - but above become You me well yet very clarify (I will anyway hoping). |
|
| |
| |
| |
|
|
Frank
Abbing |
declared GetProcAdress becomes well whom Exporttable of/ one DLL scannen, and there can loosly 1000 different functions drin stand - but above become You me well yet very clarify (I will anyway hoping).
I versuchs. Have naturally too only whom disassemblierten Source exist, there is not so simply To discern, which tables How where exist.
Zuersteinmal becomes examined, whether in the Parameter The twain_32.dll meant is. if so, becomes Schonmal one other take action applied.
otherwise becomes first API the NT.Dll called. Stringvergleiche/umwandlungen (A/W) and something like.
Then Heap-memory angefordert and thereafter into different Systemdirectories nachgesehen, whether The Dll at all vorliegt, and which Version. and again back to NT.Dll, where well the eigentliche Test weitergeht. there Have so did i nachgesehen. It's all right there deeply in that system into, with appeal of diverse (undokumentierten) Lowlevel-APIs with many Zugriffen on memory and Directories. shining a real Schatzkiste To his, these Dll.
everything in everything means nothing even time lever hochzählen...  |
|
| |
| |
| |
|
|
| what there otherwise yet happens, has but nothing with memory to Handles scannen To do, the goes very quick, there it itself there circa a LDR_DATA_TABLES_ENTRY structure deals, The twice verlinkt is.
u.a. becomes there in LoadLibraryA the way the DLL screen - USER32 / USER32.dll / $SYSPATH+/USER32.dll verweisen Yes on The same DLL, and the DLL should there not over again loaded go. have you got you time time my View source-Test respected? the see it already quite different from, with the Result, as Rolands Test.
make I there any gedanklichen Error???
I faith, Roland verschafft there in its code LoadLibraryA a ungerechten benefit.  |
|
| |
| |
| |
|
|
RGH | Andreas Hötker
Hello Roland - once more to that mogeln...
Ah, now understand I, what you mean! Yes, there have You presumably right. the I had overlooking. SORRY!
so should tested go:
CompileMarkSeparation
... and then need tappt im dunkeln both about same long. there i was well in the mistake.
How the too be: at that static left need one both only at Start and hereafter not any more, so that therefore the Tempogewinn score becomes.
Greeting
Roland
(has already ideas, the static left in XProfan 11 komfortabler To style) |
|
| |
| Intel Duo E8400 3,0 GHz / 4 GB RAM / 1000 GB HDD - ATI Radeon HD 4770 512 MB - Windows 7 Home Premium 32Bit - XProfan X4 | 03/28/07 ▲ |
|
| |
|
|
Frank
Abbing |
... and then need tappt im dunkeln both about same long. there i was well in the mistake.
How the too be: at that static left need one both only at Start and hereafter not any more, so that therefore the Tempogewinn score becomes.
Greeting
Roland
(has already ideas, the static left in XProfan 11 komfortabler To style)
well the hears one Yes gladly.
the the whole still a sense had. |
|
| |
| |
| |
|
(773)
Deutsch
English
Français
Español
Italia