(1.116)  S'inscrire

Français
Stammtisch & le café

Rätsel: Big Brother is watching you...

 
- page 1 -


annonce: Microsoft hat ab Windows2000 qui Meldepflicht pour Prozesse eingeführt! chacun User-Prozess hat gefälligst sur Anfrage seinen genauen Aufenthaltsort unverzüglichst anzugeben! chez besoin peut sämtliche Rechte entzogen et qui Aufenthaltsort polizeilich festgesetzt volonté!

Im Anhang est sich trop diesem Thema un kleines Polizeiprogramm.

mon Frage: comment allez cela?

comme Belohnung pour deviner gibt es schönen leckeren Voir le texte source...

609 kB
Kurzbeschreibung: Big Brother - Meldepflicht pour Prozesse Version 3
Hochgeladen:10.10.2006
Downloadcounter88
Download
 
09.10.2006  
Vollständiges citation
Absatzweise CitationZeilenweise Citation
 



 
- page 4 -



Sebastian
König
prochaine Versuch : avec einer Taille de 24 Byte (= sizeof(PROCESS_BASIC_INFORMATION)) klappt es avec ProcessBasicInformation - ist cela besser?
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
10.10.2006  
 



100 Punkte!
 
10.10.2006  
 




Sebastian
König
Ok - J'ai eu presque befürchtet... So comment je cela vois bleibt là zur weiteren cherche seulement PebBaseAddress übrig. dans Reserved1 et Reserved2 stehen scheinbar pour alle Prozesse qui gleichen Werte et qui ID kennt on oui sowieso . Reserved3 ist scheinbar qui ID des parents-Prozesses, aussi entier gentil... (qui Beschreibung qui Struktur habe je glücklicherweise im Platform SDK trouvé.)

PebBaseAddress zeigt sur une PEB-Struktur. une Beschreibung pour habe je dans winternl.h trouvé - entier joli viele Elemente et si bien comment alle comme Reserved gekennzeichnet :--/
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
10.10.2006  
 



Nochmals 100 Punkte pour PEB!
 
10.10.2006  
 




Sebastian
König
j'écris simple nochmal den aktuellen Stand meiner Bemühungen: je cherche im Moment dans dem Array Reserved3[59] pour Werten, qui mich plus apporter.

presque alle Einträge sommes 0, lediglich Reserved3[14] et Reserved3[26] voyons intéressant aus. de Reserved3[14] peux je pas lesen - évident ist cela un direkter Wert, peut-être un Handle. (cela Öffnen avec ZwQueryDirectoryObject() klappt allerdings pas, habe je comme erstes versucht.)

quoi sous Reserved3[26] steht, sieht dagegen déjà interessanter aus - zum Beispiel (qui ersten 5 LongInts):

1024 | 2147348820 | 64 | 2147248548 | 0 | ...

Den ersten et dritten halte je sur Grund qui speziellen Werte pour irgendwelche Flags, qui zweite et vierte sommes wahrscheinlich aiguille sur weitere données.

un un peu ist cela ganze déjà comment un Herumtasten im Dunkeln sans oui c'est ca trop savons, quoi on cherchez...
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
10.10.2006  
 




Frank
Abbing
qui Stand meiner travail de aujourd'hui demain. Zur Anzeige wird qui Listview.dll nécessaire.
qui Code ist Enh-Code des XPIA, avec cela es alle testen peut.

je weiss, cela était pas qui Aufgabenstellung. mais pour Try&Error sur fremdem Terrain fehlt mir vraie qui Lust...
KompilierenMarqueSéparation
DECLARE XPIA_#,XPIA$,EXPIA&,TEXT$,NUMBER&,SNAPSHOT&,LVDLL&,LISTVIEW&,X&,Y&,CLV1#,CLV2#,CLVALL#,LVITEM#
DIM XPIA_#,6656
CLEAR XPIA_#
LONG XPIA_#,0=9460301,3,4,65535,184,0,64,0,0,0,0,0,0,0,0,184,247078670,-855002112,1275181089,1750344141,1881174889,1919381362,1663069537,1869508193,1700929652,1853190688,544106784,542330692,1701080941,168627502,36,0,1542594224
LONG XPIA_#,132=144474100,144474100,144474100,143548168,144474102,143614074,144474090,1751345490,144474100,0,0,0,0,17744,131404,1160510844,0,0,554565856,201654539,5632,512,0,4236,4096,12288,268435456,4096,512,4,0,4,0,16384,512
LONG XPIA_#,272=0,2,1048576,4096,1048576,4096,0,16,9568,105,9172,100,0,0,0,0,0,0,12288,140,0,0,0,0,0,0,0,0,0,0,0,0,4096,60,0,0,0,0,0,0,1297301837,12851,5577,4096,5632,512,0,0,0,-536870880,1818587694,25455,166,12288,512,6144,0
LONG XPIA_#,500=0,0,1107296320,9510,9496,9484,0,9332,9374,9422,9406,9346,9388,0,9532,0,9448,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,-1192457387,1,836297,1407717226,-16777214,93259893,268439612,-1895008769,1064965,276168464
LONG XPIA_#,692=272893327,1979650048,1208323860,-15728624,93263989,268439628,-1893960193,1069061,544603920,273941903,1979650048,1476759332,-15728624,93268085,268439644,-1892911617,1073157,813039376,274990479,1979650048,1745194804
LONG XPIA_#,776=-15728624,93272181,268439660,-1891863041,1077253,1081474832,276039055,1438846976,-997987189,-62535684,0,-40984,-1010200321,-2081649835,1170734276,508,-11868160,7012351,2112360298,-1560281087,268439676,325846471
LONG XPIA_#,864=19402752,1818755072,1343225875,94184,20965632,905904128,268440436,275251306,-402653180,338,1083555,67135504,-731381760,1779433495,-974630912,184549377,-972458560,1561605,904593424,1561704,20375568,2023948288,1745879056
LONG XPIA_#,956=268440464,75752,2013604096,-15728624,1079309,-736785136,51380247,1079317,-2000670192,-2009727230,-401604592,226,-2140667798,-15728624,1063989,23128080,-731381760,-15728613,1274933,15394832,905904128,268439612
LONG XPIA_#,1044=80360,-2069673984,-1928331248,1823765,-2076836080,1779433488,905925120,268439612,73704,466905088,905908224,268440448,45032,-736785152,-15728613,1082421,1375824400,272381439,-169340928,1744830464,268442580,327169535
LONG XPIA_#,1132=-2048389120,-16777216,1082421,1744988688,268440464,272381439,-840429568,-1929379840,1561621,-2076836080,1779433488,905925123,268439612,46056,325871616,905908224,268439676,12776,264275200,-83579,2083913727,-401604592
LONG XPIA_#,1220=6,-1026965453,637468676,268439568,270542335,637472768,268439572,270804479,637472768,268439580,270018047,637472768,268439604,1408011093,1166759766,209554184,125157387,805816166,2034035456,755484166,-1186473737
LONG XPIA_#,1304=429496730,334231435,-503850869,344834699,735183762,818118874,-2092490872,-394854152,-352319546,109727498,126363530,994453128,1609724663,-1026991266,637468680,268439560,268707327,637472768,268439552,271328767
LONG XPIA_#,1384=-859041792,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,1784=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,2200=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,2616=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,3032=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,3448=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,3864=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,4280=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,4696=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,5112=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,5528=0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,9288,0,0,9434,4112,9324,0,0,9462,4148,9272,0,0,9518,4096,9316,0,0,9556,4140,0,0,0,0,0,9510,9496,9484,0,9332,9374,9422,9406,9346,9388,0,9532,0,9448,0,1816330266,1214608239,1818521185
LONG XPIA_#,5760=4784229,1634038339,1867801972,1701342319,842231916,1885433427,1953458291,30474240,1852141647,1668248144,7566181,1917845982,1936024431,1177695091,1953722985,31457280,1668248144,863204197,2019905074,46071924,1920234348
LONG XPIA_#,5844=1097753964,1701511168,1818586738,1680749107,27756,1699152177,1937331060,1869377347,1937047666,842232421,1819042862,1684471808,775041897,7105636,1699151918,1852394612,29541,1699938394,1702119796,2019906669,4522100
LONG XPIA_#,5928=1702119763,1766588525,1769370739,1680766821,27756,1699151884,1685015924,1181052021,1315269737,1164275041,16760,1885434736,1818504809,108,0,1160510844,0,9628,1,2,2,9608,9616,9624,4412,4391,9653,9664,65536,1952794463
LONG XPIA_#,6048=1668248144,1232302949,1936680558,1752065375,1819042862,1952794368,1668248144,7566181,1147496532,1935766625,0,0,0,0,0,0,0,0,0,0,0,0,0,0,4096,140,816656548,817836214,819015880,820195546,821375212,822554878,823734544
LONG XPIA_#,6180=827863330,828846430,831074680,832909715,834089389,835137980,835924429,836973017,838152687,839201279,840643088,841429537,842674736,843788864,844771921,845820516,847000181,848114306,849097363,850145958,852505279
LONG XPIA_#,6264=853291734,854078178,854864622,861549396,862335840,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
LONG XPIA_#,6600=0,0,0,0,0,0,0,0,0,0,0,0,0,0
XPIA$=$TEMPDIR+"/_GetProcessInfos_enh.dll"
FILEMODE 1
ASSIGN #1,XPIA$
OPENRW #1
BLOCKWRITE #1,XPIA_#,0,6656
CLOSERW #1
DISPOSE XPIA_#
DIM CLV1#,256
DIM CLV2#,64
DIM CLVALL#,1400
DIM LVITEM#,292
DEF CREATELISTVIEW(6) !"LISTVIEW","CreateListview"
DEF SHOWLISTVIEW(5) !"LISTVIEW","ShowListview"
DEF ICOLUMN(4) !"LISTVIEW","IColumn"
DEF SITEM(3) !"LISTVIEW","SItem"
DEF INITMESSAGES(1) !"LISTVIEW","InitMessages"
DEF ASORTLISTVIEW(3) !"LISTVIEW","ASortListview"
DEF READFILEQUICK(4) !"LISTVIEW","ReadFileQuick"
DEF CSVTOLISTVIEW(4) !"LISTVIEW","CsvToListview"
DEF SWAPLINES(3) !"LISTVIEW","SwapLines"
DEF GETSELECTED(2) !"LISTVIEW","GetSelected"
DEF GETSELECTEDDBCLK(2) !"LISTVIEW","GetSelectedDbClk"
DEF GETTABOFFSETS(2) !"LISTVIEW","GetTabOffsets"
DEF GETLINES(1) !"LISTVIEW","GetLines"
DEF GETCOLUMNS(1) !"LISTVIEW","GetColumns"
DEF GETNEEDEDMEMORY(2) !"LISTVIEW","GetNeededMemory"
DEF GETALLSELECTED(2) !"LISTVIEW","GetAllSelected"
DEF GETNULLOFFSET(1) !"LISTVIEW","GetNullOffset"
DEF LISTVIEWTOCSV(4) !"LISTVIEW","ListviewToCsv"
DEF WRITEFILEQUICK(4) !"LISTVIEW","WriteFileQuick"
DEF CREATEIMAGELIST(2) !"LISTVIEW","CreateImageList"
DEF SETIMAGELIST(2) !"LISTVIEW","SetImageList"
DEF SETICON(3) !"LISTVIEW","SetIcon"
DEF SETICONSFROMMEM(4) !"LISTVIEW","SetIconsFromMem"
DEF SETICONSWITH(4) !"LISTVIEW","SetIconsWith"
DEF GETSELECTEDLINE(1) !"LISTVIEW","GetSelectedLine"
DEF SETINDEX(1) !"LISTVIEW","SetIndex"
DEF REGISTER(1) !"LISTVIEW","Register"
DEF GETLINETEXT(3) !"LISTVIEW","GetLineText"
DEF GETCOLUMNWIDTH(2) !"LISTVIEW","GetColumnWidth"
DEF CLOSEMESSAGES(1) !"LISTVIEW","CloseMessages"
DEF SETCOLUMNSFROMMEM(3) !"LISTVIEW","SetColumnsFromMem"
DEF CRYPTMEM(4) !"LISTVIEW","CryptMem"
DEF DBFTOCSV(5) !"LISTVIEW","DbfToCsv"
DEF SELECTLINE(3) !"LISTVIEW","SelectLine"
DEF SEARCHTEXT(7) !"LISTVIEW","SearchText"
DEF LISTVIEWTODBF(4) !"LISTVIEW","ListviewToDbf"
DEF COPYCOLUMNTO(4) !"LISTVIEW","CopyColumnTo"
DEF GETINDEX(0) !"LISTVIEW","GetIndex"
DEF EXCHANGESEPARATOR(5) !"LISTVIEW","ExchangeSeparator"
DEF COPYLINETO(4) !"LISTVIEW","CopyLineTo"
DEF GETCHECKED(3) !"LISTVIEW","GetChecked"
DEF SETCHECKBOXSTATE(3) !"LISTVIEW","SetCheckboxState"
DEF GETCHECKBOXSTATE(2) !"LISTVIEW","GetCheckboxState"
DEF ENABLEEDITS(2) !"LISTVIEW","EnableEdits"
DEF SORTMANUAL(3) !"LISTVIEW","SortManual"
DEF FILELISTTOCSV(6) !"LISTVIEW","FilelistToCsv"
DEF SETITEMTEXT(4) !"LISTVIEW","SetItemText"
DEF GETITEMTEXT(4) !"LISTVIEW","GetItemText"
DEF EXAMINECOLUMN(2) !"LISTVIEW","ExamineColumn"
DEF SETCOLUMNSORT(3) !"LISTVIEW","SetColumnSort"
DEF GETCOLUMNUPDATE(2) !"LISTVIEW","GetColumnUpdate"
DEF SETCOLUMNUPDATE(2) !"LISTVIEW","SetColumnUpdate"
DEF RAISECOLUMNS(4) !"LISTVIEW","RaiseColumns"
DEF MIXRGBS(2) !"LISTVIEW","MixRGBs"
DEF SETBACKIMAGE(3) !"LISTVIEW","SetBackImage"
DEF PRINTLISTVIEW(13) !"LISTVIEW","PrintListview"
DEF AREICONSPRESENT(1) !"LISTVIEW","AreIconsPresent"
DEF ARECHECKBOXESPRESENT(1) !"LISTVIEW","AreCheckboxesPresent"
DEF ERASELISTVIEW(1) !"LISTVIEW","EraseListview"
DEF GETCONTROLPARAS(1) !"LISTVIEW","GetControlParas"
DEF GETOWNCONTROLPARAS(4) !"LISTVIEW","GetOwnControlParas"
DEF SETSTYLE(1) !"LISTVIEW","SetStyle"
DEF GETREALCOLUMNINDEX(2) !"LISTVIEW","GetRealColumnIndex"
DEF CHECKIFMARKED(1) !"LISTVIEW","CheckIfMarked"
DEF SELECTCOLUMNEDITS(2) !"LISTVIEW","SelectColumnEdits"
DEF GETVAR(1) !"LISTVIEW","GetVar"
DEF SETICONMODE(1) !"LISTVIEW","SetIconMode"
DEF MARKIFCHECKED(1) !"LISTVIEW","MarkIfChecked"
DEF SETFILELISTFILTER(1) !"LISTVIEW","SetFilelistFilter"
DEF SETFILELISTNOFILTER(1) !"LISTVIEW","SetFilelistNoFilter"
DEF ADDITEMVALUES(4) !"LISTVIEW","AddItemValues"
DEF RAISELINE(4) !"LISTVIEW","RaiseLine"
DEF GETCOLUMNNAME(3) !"LISTVIEW","GetColumnName"
DEF SETCOLUMNNAME(3) !"LISTVIEW","SetColumnName"
DEF SETICONCOLUMN(1) !"LISTVIEW","SetIconColumn"
DEF GETICON(3) !"LISTVIEW","GetIcon"
DEF SETVAR(2) !"LISTVIEW","SetVar"
DEF PRINTCOLUMNS(1) !"LISTVIEW","PrintColumns"
DEF GETITEMTEXTSASINTEGER(3) !"LISTVIEW","GetItemTextsAsInteger"
DEF GETITEMTEXTSASFLOAT(3) !"LISTVIEW","GetItemTextsAsFloat"
DEF GETEDGEINTEGERS(4) !"LISTVIEW","GetEdgeIntegers"
DEF GETEDGEFLOATS(4) !"LISTVIEW","GetEdgeFloats"
DEF GETFLOAT(3) !"LISTVIEW","GetFloat"
DEF DELETEDOUBLEITEMS(2) !"LISTVIEW","DeleteDoubleItems"
DEF SETCOLUMNALIGNMENT(3) !"LISTVIEW","SetColumnAlignment"
DEF GETALLCHECKBOXSTATES(2) !"LISTVIEW","GetAllCheckboxStates"
DEF SETALLCHECKBOXSTATES(2) !"LISTVIEW","SetAllCheckboxStates"
DEF GETDLLVERSION(0) !"LISTVIEW","GetDllVersion"
DEF SETLINENUMBERS(3) !"LISTVIEW","SetLineNumbers"
DEF ENABLEDRAGDROP(2) !"LISTVIEW","EnableDragDrop"
DEF DELETESPACELINES(2) !"LISTVIEW","DeleteSpaceLines"
DEF GETDRAGDROPPARAS(1) !"LISTVIEW","GetDragDropParas"
DEF CONVERTDATAS(3) !"LISTVIEW","ConvertDatas"
DEF FORBIDSCROLLMESSAGE(1) !"LISTVIEW","ForbidScrollMessage"
DEF EXCHANGEBYTES(4) !"LISTVIEW","ExchangeBytes"
DEF SETPRINTATTRIBUTES(5) !"LISTVIEW","SetPrintAttributes"
DEF SETLINEHEIGHT(2) !"LISTVIEW","SetLineHeight"
DEF ASORTLISTVIEWEX(4) !"LISTVIEW","ASortListviewEx"
DEF GETLASTKEY(2) !"LISTVIEW","GetLastKey"
DEF SETCOLUMNSWIDTHLIMITS(2) !"LISTVIEW","SetColumnsWidthLimits"

PROC INSERTCOLUMN

    PARAMETERS CLV1&,CLV1$,CLV2&,CLV3&
    STRING CLV1#,0=CLV1$
    ICOLUMN(CLV1&,CLV1#,CLV2&,CLV3&)

ENDPROC

PROC AUTOSORTLISTVIEW

    CLEAR CLV2#
    LONG CLV2#,0=@&(2)
    LONG CLV2#,4=@&(3)
    LONG CLV2#,8=@&(4)
    LONG CLV2#,12=@&(5)
    LONG CLV2#,16=@&(6)
    LONG CLV2#,20=@&(7)
    LONG CLV2#,24=@&(8)
    LONG CLV2#,28=@&(9)
    LONG CLV2#,32=@&(10)
    LONG CLV2#,36=@&(11)
    LONG CLV2#,40=@&(12)
    LONG CLV2#,44=@&(13)
    LONG CLV2#,48=@&(14)
    LONG CLV2#,52=@&(15)
    ASORTLISTVIEW(@&(1),CLV2#,INT(SUB(%PCOUNT,1)))

ENDPROC

PROC SETITEM

    CLEAR CLV2#
    CLEAR CLVALL#
    STRING CLVALL#,0=@$(2)
    LONG CLV2#,0=CLVALL#
    STRING CLVALL#,100=@$(3)
    LONG CLV2#,4=CLVALL#+100
    STRING CLVALL#,200=@$(4)
    LONG CLV2#,8=CLVALL#+200
    STRING CLVALL#,300=@$(5)
    LONG CLV2#,12=CLVALL#+300
    STRING CLVALL#,400=@$(6)
    LONG CLV2#,16=CLVALL#+400
    STRING CLVALL#,500=@$(7)
    LONG CLV2#,20=CLVALL#+500
    STRING CLVALL#,600=@$(8)
    LONG CLV2#,24=CLVALL#+600
    STRING CLVALL#,700=@$(9)
    LONG CLV2#,28=CLVALL#+700
    STRING CLVALL#,800=@$(10)
    LONG CLV2#,32=CLVALL#+800
    STRING CLVALL#,900=@$(11)
    LONG CLV2#,36=CLVALL#+900
    STRING CLVALL#,1000=@$(12)
    LONG CLV2#,40=CLVALL#+1000
    STRING CLVALL#,1100=@$(13)
    LONG CLV2#,44=CLVALL#+1100
    STRING CLVALL#,1200=@$(14)
    LONG CLV2#,48=CLVALL#+1200
    STRING CLVALL#,1300=@$(15)
    LONG CLV2#,52=CLVALL#+1300
    SITEM(@&(1),CLV2#,SUB(%PCOUNT,2))

ENDPROC

DEF @CREATENEWIMAGELIST(5) !"comctl32.dll","ImageList_Create"
DEF @GETSYSTEMMETRICS(1) !"user32.dll","GetSystemMetrics"
DEF @DESTROYIMAGELIST(1) !"comctl32.dll","ImageList_Destroy"
DEF @LOADICON(2) !"user32.dll","LoadIconA"
DEF @ADDICONTOIMAGELIST(2) !"comctl32.dll","ImageList_AddIcon"
DEF DESTROYICON(1) ! "USER32.DLL","DestroyIcon"
DEF @GETSELECTEDCOUNT(1) @SENDMESSAGE (@&(1),4146,0,0)
DEF @DELETECOLUMN(2) @SENDMESSAGE (@&(1),$101C,@%(2),0)
DEF @DELETEITEM(2) @SENDMESSAGE (@&(1),$1008,@%(2),0)
DEF @DELETEALLITEMS(1) @SENDMESSAGE (@&(1),4105,0,0)
DEF @GETITEMSTATE(3) @SENDMESSAGE (@&(1),4140,@%(2),@%(3))
DEF @SETCOLUMNWIDTH(3) @SENDMESSAGE (@&(1),4126,@%(2),@%(3))
DEF @GETLVTXTCOLOR(1) @SENDMESSAGE (@&(1),$1023,0,0)
DEF @GETLVTXTBKCOLOR(1) @SENDMESSAGE (@&(1),$1025,0,0)
DEF @GETLVBKCOLOR(1) @SENDMESSAGE (@&(1),$1000,0,0)
DEF @UPDATE(1) @SENDMESSAGE (@&(1),4138,-1,0)

PROC ADDPROGRAMICON

    PARAMETERS NAME$,LHANDLE&,IL&
    DECLARE HICON&
    CLEAR LVITEM#
    STRING LVITEM#,0=NAME$
    HICON&=LOADICON(LHANDLE&,LVITEM#)
    ADDICONTOIMAGELIST(IL&,HICON&)
    DESTROYICON(HICON&)
    RETURN

ENDPROC

DEF GETSYSCOLOR(1) !"USER32","GetSysColor"
LVDLL&=USEDLL("Listview.dll")
WINDOWSTYLE 26+512
WINDOW 0,0-800,600
CLS GETSYSCOLOR(15)
USEFONT "MS Sans Serif",13,0,0,0,0
SETDIALOGFONT 1
X&=MIXRGBS(GETSYSCOLOR(15),$00FFFFFF)
X&=MIXRGBS(X&,$00FFFFFF)
LISTVIEW&=CREATELISTVIEW(%HWND,%HINSTANCE,0,X&,-1,$20)
INSERTCOLUMN LISTVIEW&,"Prozess-ID",80,0
INSERTCOLUMN LISTVIEW&,"Anzahl Threads",100,0
INSERTCOLUMN LISTVIEW&,"Prozess Datei", 140,0
INSERTCOLUMN LISTVIEW&,"Start-Verzeichniss", 280,0
SHOWLISTVIEW(LISTVIEW&,0,0,790,570)
INITMESSAGES(%HWND)
AUTOSORTLISTVIEW LISTVIEW&,2,2,1,1
EXTERNAL(XPIA$,"TheDatas")
EXTERNAL(XPIA$,"GetProcess",LISTVIEW&)

WHILE 1

    WAITINPUT

    IF %KEY=2

        BREAK

    ENDIF

ENDWHILE

DISPOSE CLV1#
DISPOSE CLV2#
DISPOSE CLVALL#
DISPOSE LVITEM#
FIN

ici qui originale Code:
KompilierenMarqueSéparation
 {$cleq}
Déclarer text$,number&,snapshot&,lvdll&,listview&,x&,y&
 $I Listview_Funktionen.inc
Def GetSysColor(1) !"User32","GetSysColor"
lvdll&=usedll("Listview.dll")
Fenêtre Style 26+512
Fenêtre 0,0-800,600
Cls GetSysColor(15)
UseFont "MS Sans Serif",13,0,0,0,0
SetDialogFont 1
x&=MixRGBs(GetSysColor(15),$00FFFFFF)
x&=MixRGBs(x&,$00FFFFFF)
listview&=CreateListView(%hwnd,%HINSTANCE,0,x&,-1,$20)
InsertColumn listview&,"Prozess-ID",80,0    Spalten bilden
InsertColumn listview&,"Anzahl Threads",100,0
InsertColumn listview&,"Prozess Datei", 140,0
InsertColumn listview&,"Start-Verzeichniss", 280,0
ShowListView(listview&,0,0,790,570)
InitMessages(%hwnd)
AutoSortListview listview&,2,2,1,1

AsmStart TheDatas()

    .data
    ;---------------------------------------------------------------------------]
    x               DD      0
    snap            DD      0
    vide            DD      0
    lines           DD      0
    aprocess        DD      0
    .data?
    WinProcess      PROCESSENTRY32  <>
    Datafind        WIN32_FIND_DATA <>
    hSnapshot       DD              ?
    Buffer          DB              255 DUP(?)
    Process         DB              255 DUP(?)
    DName           DB              1024 DUP(?)
    nurso           DB              1024 DUP(?)
    nurso2          DB              1024 DUP(?)
    .code
    nop

AsmEnd

AsmStart GetProcess(listview&)

    invoke  CreateToolhelp32Snapshot, TH32CS_SNAPALL , 0
    mov     snap, eax
    mov     [WinProcess.dwSize], sizeof PROCESSENTRY32
    invoke  Process32First, eax, offset WinProcess
    jmp     _GetRunningApps
    _Loop:
    invoke OpenProcess,PROCESS_QUERY_INFORMATION+PROCESS_VM_READ,0,[WinProcess.th32ProcessID]
    mov    aprocess,eax
    invoke GetModuleFileNameEx, eax, 0, addr DName, 1024

    .si eax==0

        mov DName,0

    .d'autre

        invoke lstrlen,addr DName
        mov x,eax
        invoke lstrlen,offset WinProcess.szExeFile
        sub x,eax
        dec x
        lea edx,DName
        add edx,x
        xor al,al
        mov [edx],al

    .endif

    invoke CloseHandle, aprocess
    Scall SItem,para1,offset vide,0
    invoke dwtoa,WinProcess.th32ProcessID,addr nurso
    Scall GetLines,para1
    dec eax
    mov lines,eax
    lea edx,nurso
    Scall SetItemText,para1,edx,0,lines
    invoke dwtoa,WinProcess.cntThreads,addr nurso
    lea edx,nurso
    Scall SetItemText,para1,edx,1,lines
    invoke dwtoa,WinProcess.cntThreads,addr nurso
    Scall SetItemText,para1,offset WinProcess.szExeFile,2,lines
    lea edx,DName
    Scall SetItemText,para1,edx,3,lines
    invoke  Process32Next, snap, offset WinProcess
    _GetRunningApps:
    test    eax, eax
    jnz     _Loop
    invoke  CloseHandle, snap
    xor     eax, eax

AsmEnd

Tandis que 1

    WaitInput
    Cas %clé=2:BREAK

Endwhile

 $I Listview_Dispose.inc
Fin

83 kB
Hochgeladen:10.10.2006
Downloadcounter78
Download
ss.jpg  
82 kB
Hochgeladen:10.10.2006
Downloadcounter41
Download
 
10.10.2006  
 



[quote-part:294ed74e8a=Sebastian König]j'écris simple nochmal den aktuellen Stand meiner Bemühungen: je cherche im Moment dans dem Array Reserved3[59] pour Werten, qui mich plus apporter.[/quote-part:294ed74e8a]
tu es à qui falschen Stelle. quoi im PEB steht, verrät Microsoft selbst pas. cherche pour anderen Quellen, ensuite wirds einfacher...

@Frank: un unbekanntes Terrain ist seulement solange inconnu, jusqu'à on qui richtige Documentation en supplément trouvé hat - et qui habe je. si proche genug à qui Solution gekratzt wird, werde je allen, qui sich ici beteiligt avons (et daran intérêt avons), cet Infos zukommen laisser.
 
11.10.2006  
 



encore un Hinweis:
qui Solution liegt dedans qui ersten 15 Members des PEB.
 
11.10.2006  
 




Sebastian
König
[quote-part:f7ea51f57e]1. Nochmals 100 Punkte pour PEB!

2. tu es à qui falschen Stelle. quoi im PEB steht, verrät Microsoft selbst pas. cherche pour anderen Quellen, ensuite wirds einfacher...[/quote-part:f7ea51f57e]
Beide Aussagen zusammen verwirren mich maintenant un peu...

So sieht PEB le cours Platform-SDK aus:

typedef struct _PEB {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[229];
PVOID Reserved3[59];
ULONG SessionId;
} PEB, *PPEB;

qui einzigen pas-reserved Elemente sommes alors BeingDebugged et SessionId. Ersteres hilft pas plus (denke je) et SessionId était chez allen Prozessen, avec denen je es probiert habe, toujours 0. Abgesehen en bräuchte on zum Ermitteln qui SessionId aussi nich absolument ZwQueryInformationProcess, là es oui ProcessIdToSessionId gibt...
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
11.10.2006  
 



Comme je le disais, MS verrät là pas alles. qui PEB hat sur 50 Members.
 
11.10.2006  
 




Sebastian
König
[quote-part:29b2851165]Comme je le disais, MS verrät là pas alles. qui PEB hat sur 50 Members. [/quote-part:29b2851165]Avez- Du avec cela maintenant qui ganzen Elemente dans dem dem Reserved3-Array ou bien encore weitere pour SessionId?

J'ai pensé eigentlich, on pourrait cela ganze maintenant lösen, sans Google trop bemühen...
 
Windows XP, XProfan/Profan² 4.5 bis 11
Profan2Cpp-Homepage:  [...] 
Alte Profan²-Seite:  [...] 
11.10.2006  
 



la hâte droite, dans meiner Version sommes qui Arrays aufgeschlüsselt. cela quoi tu cherches, pourrait alors dedans des Arrays Reserved2 liegen. sans une bessere Documentation tu viens là pas plus - et qui venez pas de Microsoft.

cherche la fois im Internet pour PEB ReadImageFileExecOptions.
 
11.10.2006  
 




répondre


Topictitle, max. 100 marque.
 

Systemprofile:

ne...aucune Systemprofil angelegt. [anlegen]

XProfan:

 Posting  Font  Smilies  ▼ 

s'il te plaît s'inscrire um une Beitrag trop verfassen.
 

Options du sujet

Unreaded
abonner
La liste de voeux
Notes
guests
Effacer
Permanent
Done

4.604 Views

Untitledvor 0 min.
Ernst12.05.2014
iF07.07.2011

Themeninformationen

cet Thema hat 7 participant:

unbekannt (29x)
Sebastian König (17x)
Frank Abbing (7x)
Michael Wodrich (1x)
iF (1x)
Jörg Sellmeyer (1x)
Rolf Koch (1x)


Admins  |  AGB  |  Applications  |  Auteurs  |  Chat  |  protection des données  |  Télécharger  |  Entrance  |  Aider  |  Merchantportal  |  Empreinte  |  Mart  |  Interfaces  |  SDK  |  Services  |  Jeux  |  cherche  |  Support

un projet aller XProfaner, qui il y a!


Mon XProfan
Privé Nouvelles
Eigenes Ablageforum
Sujets-La liste de voeux
Eigene Posts
Eigene Sujets
Zwischenablage
Annuler
 Deutsch English Français Español Italia
Traductions

protection des données


Wir verwenden Cookies seulement comme Session-Cookies à cause de qui technischen Notwendigkeit et chez uns gibt es aucun Cookies de Drittanbietern.

si du ici sur unsere Webseite klickst ou bien navigierst, stimmst du unserer Erfassung de Informationen dans unseren Cookies sur XProfan.Net trop.

Weitere Informationen trop unseren Cookies et en supplément, comment du qui Kontrolle par-dessus behältst, findest du dans unserer nachfolgenden Datenschutzerklärung.

d'accordDatenschutzerklärung
je voudrais keinen Cookie