| |
| |
|
| - Page 1 - |
|
Frank
Abbing | A small Tool of me on API-Hooking Base. In of/ one Listbox go any Dlls aufgelistest, The straight of Programs loaded get.
simply Exe Starting and then any programs started. its Dlls should now gelistet and be it pieps short.
Please testing time, whether it yet somewhere hakt. |
|
| |
| |
| |
|
| |
| |
| - Page 3 - |
|
|
| Dieter Zornow
@Andeas,
The Taskmanager shows tappt im dunkeln moreover integrally normal under Applications on.
but not under processes - and therefore goes it with the thing. best Thanks - what there well with my son not is correct...
Dieter Zornow
the behaviour with your Tool is too reproduzierbar. You überschreibst through your Hooks a Speicherbereich and if there straight one Program is or this using, crashes it ex therefore think I do not safe the whole.
too the ought to one rethinking... |
|
| |
| |
| |
|
|
Frank
Abbing |
the behaviour with your Tool is too reproduzierbar. You überschreibst through your Hooks a Speicherbereich and if there straight one Program is or this using, crashes it ex therefore think I do not safe the whole.
I use now a new engineering, The safer is. in the übrigen go only 5 Bytes überschrieben, but with sinnvollen Values, so your programs therefore not in that skid get. can Yes not his, the my Program everywhere correctly. functions, only you not, or? especially since You The same Konfiguration own How I.
Teste please times the new Version, here in the attachment: |
|
| |
| |
| |
|
|
| Frank Abbing
can Yes not his, the my Program everywhere correctly. functions, only you not, or? especially since You The same Konfiguration own How I.
caution Frank! very the could of my opinion to his. with whom most APIs schließe I the from, LoadLibrary becomes but already with the Initialisierung the Program using - to equal Time, as well as the Hook loaded becomes. I personally could me present, that it situations gives, where windows at Multithreading within of/ one application geade the first byte worn out has, if the Hook loaded becomes. becomes then again the Abarbeitung the first Threads continued, wants this Thread then the second byte go on .- there standing but now no sinnloser Opcode More, separate something other, what but as Opcode (wrong) gewertet becomes.
whether the happens could among other things of it take down, How many Treads on one computer walk - The probability, the there but at all something happens , is with the amount on modified Bytes but extreme small. |
|
| |
| |
| |
|
|
| Hello Frank...
with the last Download something moreover supra there under windows2000 by me now no Problems More. |
|
| |
| |
| |
|
|
Dieter
Zornow | Hello Frank,
your latest Version runs rather, there's no Abstürze More, only The functions are
still not correctly.. I get now in the Box but whom Programmpfad viewed, was before not. but still Verweis on The psapi.dll and only hereon.
Programmpfad --> psapi.dll.
i think that each system differently is through different driver etc. I have too most Updates to SP2 installs and from Sicherheitsgründen some functions blocked How whom Hintergrundübertragungsdienst. The should but nothing with your Tool concern. in the übrigen having Yes not yet so many tested, for a represantives Result to have.
Greeting
Dieter |
|
| |
| Er ist ein Mann wie ein Baum. Sie nennen ihn Bonsai., Win 7 32 bit und Win 7 64 bit, mit XProfan X2 | 03/26/07 ▲ |
|
| |
|
|
Frank
Abbing |
but still Verweis on The psapi.dll and only hereon.
Programmpfad --> psapi.dll.
whom way ermittle I naturally by API. is even the Ergebniss, which me windows as executing way back gives.
could you Perhaps time a Screenshot here post? |
|
| |
| |
| |
|
|
Dieter
Zornow |
|
| |
| Er ist ein Mann wie ein Baum. Sie nennen ihn Bonsai., Win 7 32 bit und Win 7 64 bit, mit XProfan X2 | 03/26/07 ▲ |
|
| |
|
|
Jörg
Sellmeyer | now wished I straight praise, there's Firefox at Click on Save abgeschmiert. I had before WhichDll walk.
The Piepserei the Profanprogramme is already very massive in the comparison To others Programs. The XProfEd piep z.B. continuing. |
|
| |
| Windows XP SP2 XProfan X4... und hier mal was ganz anderes als Profan ...  | 03/27/07 ▲ |
|
| |
|
|
Frank
Abbing |
whether the happens could among other things of it take down, How many Treads on one computer walk - The probability, the there but at all something happens , is with the amount on modified Bytes but extreme small.
now wished I straight praise, there's Firefox at Click on Save abgeschmiert. I had before WhichDll walk.
How Andreas already said, The Possibility exists, is lowly. time see, whether I a the Wait-APIs on LoadLibrary() utilize can.
though happens the by me with all API-Monitor-Programs always time again.
here the Screenshoot
Thank you!
it'll really always only these Dll loaded? strange, my Tool clutching directly whom Parameter ex, whom one Program with LoadLibrary angibt.
The Piepserei the Profanprogramme is already very massive in the comparison To others Programs. The XProfEd piep z.B. continuing.
the have so did i only Profan-Programs watch. even if Roland attempts, the something down To play: normal is not and the speed must under suffering. Have me ultimately respected, How LoadLibrary operates... |
|
| |
| |
| |
|
|
RGH | Jörg Sellmeyer
The Piepserei the Profanprogramme is already very massive in the comparison To others Programs. The XProfEd piep z.B. continuing.
the lying on it, that Franks Tool not protokolliert, when a DLL objectively loaded becomes, separate only The Aufrufe the API-function LoadLibrary. LoadLibrary loading a DLL but only, if itself these DLL not yet in the Speicherraum the aufrufenden Program befindet, otherwise becomes only one Windowsinterner counter hochgezählt. Quote from the Microsoft API-Help:
If in the appeal of LoadLibrary one DLL-Module indicated is, already in the Adressraum the aufrufenden Prozesses zugeordnet is, gives The function simply a handle for DLL back and increased whom Verweiszähler the Moduls.
this Hochzählen cost naturally no nennenswerte Time (at least not, if no Program runs, the The LoadLibrary-Aufrufe abfängt ;) ).
LoadLibrary cost only then Time, if a DLL not memory is. want one in the program means a API-function a DLL, The not eh already with windows loaded becomes, number of times Call, ought to one The DLL before with UseDLL() loading. further Aufrufe over External (or the with DEF definierten function), cost then hardly Time, where External a little bit faster his ought to.
See moreover too in the XProfan-Help: 28.7 - to usage of DLLs
yet a Tick faster went it with the static left of/ one DLL: Then The DLL at the beginning the Program loaded and the Einsprungadressen all required Procedures einmalig determined. in the further course are to only yet The entsprechenmden CALL-functions aufzurufen. These method dial z.B. David iF in the XPSE, around the Program To optimize. (The reason for light Tempovorteil: GetProcAdress becomes for each relative function only once called.)
Greeting
Roland |
|
| |
| Intel Duo E8400 3,0 GHz / 4 GB RAM / 1000 GB HDD - ATI Radeon HD 4770 512 MB - Windows 7 Home Premium 32Bit - XProfan X4 | 03/27/07 ▲ |
|
| |
|
|
Frank
Abbing |
this Hochzählen cost naturally no nennenswerte Time (at least not, if no Program runs, the The LoadLibrary-Aufrufe abfängt ).
the intercepting cost no Time. The couple Assemblerfunktionen neither. If you whom Piepton abstellst, becomes only Time for Sign in The Listbox uses. 
the Hochzählen is a Durchforsten the systemen Handlelisten. there becomes mitunter some on memory looked through. |
|
| |
| |
| |
|
|
|
the Hochzählen is a Durchforsten the systemen Handlelisten. there becomes mitunter some on memory looked through.
Stiimt so not integrally. Wirf time a look with MWatch on The Kernelhandles one Prozesses. I could me present, that there GetProcAdress under Umständen plenty More Time uses. |
|
| |
| |
| |
|
(763)
Deutsch
English
Français
Español
Italia