| Вопрос: Сума можно сойти! | Добавлено: 19.07.04 11:51 |
Автор вопроса:  MonRo | ICQ: 205437056 |
|
Хана блин, тока лазил по библиотеке кодов и надыбал прикольную штуку. Заныкать прогу в списке контр-альт-делете. Там всякие апи функции. Ну вобщем чепухня. Я так понимаю это делается для всяких вирУсов. Но зачем писать много кода. тогда ведь и весить будет прога много. И то работать будет тока на Win9* так как на XP чето нету регистерсервиспроцес. ГАРАЗДО проше написать это все одной маломальски строкой
App.TaskVisible = False. И вируситесь на здоровье |
| Ответы | Всего ответов: 57 |
|
Номер ответа: 1 Автор ответа: AgentFire ICQ: 192496851 Вопросов: 75 Ответов: 3178 |
Профиль | | #1 | Добавлено: 19.07.04 12:04 |
|
MonRo, команда "App.TaskVisible = False" даст тебе возможность не увидеть твою прогу во вкладке "Приложения", но в "Процессах" она останется.
Другой способ - попробовать сделать так, чтобы прога меняла свое место в Ctrl-Alt-Del, но не суметь удалить ее от туда сможет только законченный ламер. Чтобы она меняла мето в листбоксе достаточно постоянно(таймер) менять имя проги, проекта и объема выделяемой памяти, то есть все время объявлять и Erase'ить довольно большие массивы. 50% ламеров точно офигеют. :~) |
||
|
Номер ответа: 2 Автор ответа: MonRo ICQ: 205437056 Вопросов: 16 Ответов: 44 |
Профиль | | #2 | Добавлено: 19.07.04 12:22 |
| Правильно, команда "App.TaskVisible = False", никает прогу в "Приложениях", шо собственно и надо. А насчет имя проги, то просто имя поставить -svchost-, там в процессах стока этих -svchost'ov-. и я не думаю что можно прогу заникать еще и в процесах, во всяком случае на XP. | ||
|
Номер ответа: 3 Автор ответа: sneРазработчик Offline Client ICQ: 233286456 Вопросов: 34 Ответов: 5445 |
Web-сайт: Профиль | | #3 | Добавлено: 19.07.04 13:43 |
Эх... дайте мне время, и этих споров и вопросов возникать больше не будет 
Только бы с одной функцией разобраться... |
||
|
Номер ответа: 4 Автор ответа: MonRoICQ: 205437056 Вопросов: 16 Ответов: 44 |
Профиль | | #4 | Добавлено: 19.07.04 15:28 |
| хитрун | ||
|
Номер ответа: 5 Автор ответа: crestaВопросов: 117 Ответов: 1538 |
Профиль | | #5 | Добавлено: 19.07.04 18:09 |
|
MonRo
Прежде чем хлопать в ладоши и кричать Ура!!! подумай вот о чём: пользователи бывают двух типов: квалифицированные и не очень.От первых ты не спрячешься за вывеской Диспетчера задач, а от вторых и прятаться не надо, они и так особо твоей программой не заинтересуются. |
||
|
Номер ответа: 6 Автор ответа: MonRoICQ: 205437056 Вопросов: 16 Ответов: 44 |
Профиль | | #6 | Добавлено: 19.07.04 18:27 |
|
to cresta
Но-но-но. тут ни хто в ладоши не хлопает. 1. Я просто привожу голые факты. 2. Я вель не писал про якобы мою прогу. А ты её уже "рекламируеш". 3. Если очень захотеть то можно и от крУтых пользователеЙ спрятать |
||
|
Номер ответа: 7 Автор ответа: AASoft Вопросов: 86 Ответов: 920 |
Профиль | | #7 | Добавлено: 19.07.04 19:01 |
|
2sne,
a che za funkciya-to? che delaet? |
||
|
Номер ответа: 8 Автор ответа: sneРазработчик Offline Client ICQ: 233286456 Вопросов: 34 Ответов: 5445 |
Web-сайт: Профиль | | #8 | Добавлено: 19.07.04 19:39 |
| NtQuerySystemInformation, не могу найти нормального описания... дайте хоть линк на DDK от W2k, хоть его что-ль скачать.. | ||
|
Номер ответа: 9 Автор ответа: @CyRax PTRICQ: 204447456 Вопросов: 28 Ответов: 664 |
Web-сайт: Профиль | | #9 | Добавлено: 19.07.04 20:13 |
|
sne,
Не помню такой функции, которую нельзя было бы найти через поисковик. |
||
|
Номер ответа: 10 Автор ответа: @CyRax PTRICQ: 204447456 Вопросов: 28 Ответов: 664 |
Web-сайт: Профиль | | #10 | Добавлено: 19.07.04 20:27 |
|
Что то есть в офлайн форуме от Borje Hagsten'а
=== 'MESSAGE http://www.powerbasic.com/support/forums/Forum4/HTML/005923.html 'FORUM: PowerBASIC for Windows 'TOPIC: Enumerate a Processes Handles? 'NAME: Nathan Evans, Member 'DATE: June 07, 2002 10:30 AM I've seen a utility on sysinternals.com that can enumerate all the handles a process is using.. ie, file handles, gui object handles, socket handles, etc.. Does anyone have any working source for this that they would share? Or point me in the right direction..
Thanks! EDIT: Only needs to work in Win2k/XP by the way..
------------------ PB6'er from England! ... #BLOAT 100000000 [This message has been edited by Nathan Evans (edited June 07, 2002).] '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 07, 2002 02:17 PM Ok, now i've got some C++ source code that'll do exactly what i want! 
http://www.phobos.nildram.co.uk/pittbull.zip There are two files where all the magic happens.. HTABLE.cpp & HTABLE.h Here's the start of my C to PB port.. once it's finished i'll post into Source Code forum. If anyone wants to beat me to it, go ahead! :D
I have commented out all my debug code. --- #COMPILE EXE #REGISTER NONE #INCLUDE "win32api.inc" '%DEBUGMODE=%TRUE '#INCLUDE "debug.inc" DECLARE FUNCTION NtQuerySystemInformation LIB "ntdll.dll" ALIAS "NtQuerySystemInformation" (BYVAL param1 AS DWORD, BYVAL param2 AS DWORD, BYVAL param2 AS DWORD, BYVAL void AS DWORD) AS DWORD 'DECLARE FUNCTION VirtualAlloc LIB "KERNEL32.DLL" ALIAS "VirtualAlloc" (lpAddress AS ANY, BYVAL dwSize AS DWORD, BYVAL flAllocationType AS LONG, BYVAL flProtect AS LONG) AS LONG 'DECLARE FUNCTION VirtualAllocEx LIB "KERNEL32.DLL" ALIAS "VirtualAllocEx" (BYVAL hProcess AS DWORD, lpAddress AS ANY, BYVAL dwSize AS DWORD, BYVAL flAllocationType AS DWORD, BYVAL flProtect AS DWORD) AS DWORD 'DECLARE FUNCTION VirtualFree LIB "KERNEL32.DLL" ALIAS "VirtualFree" (lpAddress AS ANY, BYVAL dwSize AS DWORD, BYVAL dwFreeType AS DWORD) AS LONG TYPE HANDLEBLOCK ProcessID AS DWORD HandleType AS WORD HandleNumber AS WORD KernelAddress AS DWORD Flags AS DWORD END TYPE FUNCTION PBMAIN AS LONG ' DEBUG_PRINT FORMAT$() 'DEBUG_INITIALIZE LOCAL m_pid AS DWORD LOCAL m_numstructs AS DWORD LOCAL m_memptr AS DWORD PTR LOCAL m_counter AS INTEGER LOCAL m_handleblock AS HANDLEBLOCK PTR LOCAL ret_len AS DWORD LOCAL s AS DWORD m_memptr = VirtualAlloc(BYVAL %NULL, &H2000, %MEM_COMMIT, %PAGE_READWRITE) 'DEBUG_PRINT FORMAT$(m_memptr) IF (NtQuerySystemInformation (16, m_memptr, &H2000, BYREF ret_len)) THEN 'DEBUG_PRINT "NtQuerySystemInformation=1" CALL VirtualFree(BYVAL m_memptr, 0, %MEM_RELEASE) m_memptr = VirtualAlloc(BYVAL %NULL, ret_len+256, %MEM_COMMIT, %PAGE_READWRITE) CALL NtQuerySystemInformation(BYVAL 16, BYVAL m_memptr, ret_len, %NULL) END IF m_numstructs = @m_memptr[0] m_handleblock = @m_memptr[1] 'DEBUG_PRINT "m_numstructs=" & FORMAT$(m_numstructs) 'DEBUG_PRINT "m_handleblock=" & FORMAT$(m_handleblock) 'for s to m_numstructs step -1 'DEBUG_PRINT FORMAT$( IsBadReadPtr(@m_handleblock.ProcessID, 4) ) 'if (m_handleblock->ProcessID == pid) ' break; 'm_handleblock++; 'next CALL VirtualFree(BYVAL m_memptr, 0, %MEM_RELEASE) MSGBOX "Terminate.." 'DEBUG_TERMINATE END FUNCTION ------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Russ Srole, Member 'posted June 07, 2002 03:00 PM Nathan, Semen posted this when I had a similar question. If it does what you want, please thank him. #COMPILE EXE #DIM ALL #REGISTER NONE #INCLUDE "Win32Api.Inc" '============================================================================================= DECLARE FUNCTION GetModuleFileNameEx (BYVAL hProcess AS DWORD, BYVAL hModule AS DWORD, ModuleName AS ASCIIZ, BYVAL nSize AS DWORD) AS DWORD DECLARE FUNCTION EnumProcessModules (BYVAL hProcess AS DWORD, BYREF lphModule AS DWORD, BYVAL cb AS DWORD, cbNeeded AS DWORD) AS DWORD %TH32CS_SNAPMODULE = 8 %MAX_MODULE_NAME32 = 255 TYPE MODULEENTRY32 dwSize AS DWORD th32ModuleID AS DWORD th32ProcessID AS DWORD GlblcntUsage AS DWORD ProccntUsage AS DWORD modBaseAddr AS BYTE PTR modBaseSize AS DWORD hModule AS DWORD szModule AS ASCIIZ * %MAX_MODULE_NAME32 + 1 szExePath AS ASCIIZ * %MAX_PATH END TYPE DECLARE FUNCTION CreateToolhelp32Snapshot (BYVAL dwFlags AS DWORD, BYVAL th32ProcessID AS DWORD) AS LONG DECLARE FUNCTION Module32First (BYVAL hSnapShot AS DWORD, MODULEENTRY32) AS LONG DECLARE FUNCTION Module32Next (BYVAL hSnapShot AS DWORD, MODULEENTRY32) AS LONG '=============================================================================================== SUB GetPathNameFromWindowHandle (hWnd AS LONG, Path AS ASCIIZ * %MAX_PATH) LOCAL ProcessId AS LONG, lResult AS DWORD GetWindowThreadProcessId hwnd, ProcessId Path = "" STATIC OS_Release AS DWORD LOCAL os AS OSVERSIONINFO IF OS_Release = 0 THEN os.dwOSVersionInfoSize = SIZEOF(os) GetVersionEx os IF ISFALSE(os.dwPlatformId = %VER_PLATFORM_WIN32_NT) THEN ' Windows 9x OS_Release = 1 STATIC hKernel32 AS DWORD, hCreateToolhelp32Snapshot AS DWORD STATIC hModule32Next AS DWORD, hModule32First AS DWORD hKernel32 = GetModuleHandle("kernel32.dll"
hCreateToolhelp32Snapshot = GetProcAddress(hKernel32, "CreateToolhelp32Snapshot"
hModule32Next = GetProcAddress (hKernel32, "Module32Next"
hModule32First = GetProcAddress (hKernel32, "Module32First"
ELSE OS_Release = 2 STATIC hPsApiDll AS DWORD, hGetModuleFileNameEx AS DWORD, hEnumProcessModules AS DWORD hPsApiDll = GetModuleHandle("psApi.dll"
IF hPsApiDll = 0 THEN hPsApiDll = LoadLibrary("psApi.dll"
hGetModuleFileNameEx = GetProcAddress(hPsApiDll, "GetModuleFileNameExA"
hEnumProcessModules = GetProcAddress(hPsApiDll, "EnumProcessModules"
END IF END IF IF OS_Release = 1 THEN LOCAL hModuleSnap AS DWORD, me32 AS MODULEENTRY32 CALL DWORD hCreateToolhelp32Snapshot USING CreateToolhelp32Snapshot (%TH32CS_SNAPMODULE, ProcessId) TO hModuleSnap IF hModuleSnap <> &HFFFFFFFF& THEN me32.dwSize = LEN(MODULEENTRY32) CALL DWORD hModule32First USING Module32First (hModuleSnap, me32) TO lResult WHILE lResult IF UCASE$(RIGHT$(me32.szExePath, 4)) = ".EXE" THEN Path = me32.szExePath: EXIT DO CALL DWORD hModule32Next USING Module32Next (hModuleSnap, me32) TO lResult WEND CloseHandle hModuleSnap END IF ELSE LOCAL cb AS DWORD, cbNeeded AS DWORD, hProcess AS DWORD hProcess = OpenProcess(%PROCESS_QUERY_INFORMATION OR %PROCESS_VM_READ, %False, ProcessID) IF hProcess THEN cb = 100  O
REDIM Modules(1 TO cb \ 4) AS DWORD CALL DWORD hEnumProcessModules USING EnumProcessModules (hProcess, Modules(1), cb, cbNeeded) TO lResult IF lResult = 0 THEN cbNeeded = 0: EXIT DO IF cb > cbNeeded THEN EXIT DO ELSE cb = cb * 2 LOOP IF cbNeeded >= 4 THEN _ ' Exe is first CALL DWORD hGetModuleFileNameEx USING GetModuleFileNameEx _  hProcess, Modules(1), Path, SIZEOF(Path)) TO lResult
CloseHandle hProcess END IF END IF END SUB '======================================================================================== GLOBAL Txt AS STRING FUNCTION EnumWindowsProc (BYVAL hwnd AS LONG, BYVAL lParam AS DWORD) AS LONG LOCAL Path AS ASCIIZ * %MAX_PATH, TmpAsciiz AS ASCIIZ * 100 GetPathNameFromWindowHandle hWnd, Path IF Path <> "" THEN GetWindowText hWnd, TmpAsciiz , SIZEOF(TmpAsciiz) Txt = Txt + "hWnd =&H" + HEX$(hWnd) + " Caption =" + $DQ + TmpAsciiz + $DQ + _ $CRLF + " Path = " + Path + $CRLF END IF FUNCTION = 1 END FUNCTION ' ' FUNCTION PBMAIN LOCAL hDlg AS LONG IALOG NEW 0, "Processes and modules", , , 400, 200, %WS_OVERLAPPEDWINDOW OR %DS_MODALFRAME, TO hDlg
CONTROL ADD TEXTBOX, hDlg, 101, "", 10, 10, 380, 180, _ %ES_MULTILINE OR %ES_WANTRETURN OR %WS_VSCROLL, %WS_EX_CLIENTEDGE EnumWindows CODEPTR(EnumWindowsProc), 0 CONTROL SET TEXT hDlg, 101, Txt IALOG SHOW MODAL hDlg
END FUNCTION Russ Srole ------------------ '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 08, 2002 01:23 AM Russ, That's to enum. the modules the process is using, not its handles.
------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Wayne Diamond, Member 'posted June 08, 2002 01:31 AM Russ, that code enumerates all processes\modules\windows etc, but not all handles
Nathan - i'm looking forward to your port! hm.exe is a beauty
------------------ The PowerBASIC Crypto Archives '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 08, 2002 02:33 AM Still working on it Wayne.. So far i've got it enumerating all the handles in the system, with the corresponding processid, handle number, and handle type.
------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 08, 2002 07:45 AM Ok, well its basically "working".. except it's only returning the handles for 4 unique process Ids.. completely misses out the rest
------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Wayne Diamond, Member 'posted June 08, 2002 10:03 AM Post what you've done now if you like and i/we'll take a crack at it? Just replace your source in the original post
------------------ The PowerBASIC Crypto Archives '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 08, 2002 11:01 AM I have it working now, fully working! :D I won't post into Source Code forum until im satisfied there are no memory leaks. Also, i will add NtQueryObject to the code so it can find Handle names and descriptors. This should allow to determine what type of handle it is.. ie: mutex, semaphore, file , or if its a tcp or udp handle (there are many others). This code will enumerate the system's handle table (kernel objects) using the undocumented NtQuerySystemInformation API. This code will output all returned info to a hard coded file..: C:\NtQueryDbg.txt Highly unoptimised as it stands! Mostly untested. Only Win2000/XP been tested. Pb6 code, untested on PB7. 'By Nathan Evans - 7th-8th June 2k2' 'Ported from C++ to PB from PittBulls Handle Monitor' #COMPILE EXE #INCLUDE "win32api.inc" DECLARE FUNCTION NtQuerySystemInformation LIB "ntdll.dll" ALIAS "NtQuerySystemInformation" (BYVAL unFlag1 AS DWORD, BYVAL lpvBuffer AS DWORD, BYVAL dwBufferSize AS DWORD, BYVAL unFlag2 AS DWORD) AS DWORD TYPE HANDLEBLOCK ProcessID AS DWORD HandleType AS WORD HandleNumber AS WORD KernelAddress AS DWORD Flags AS DWORD END TYPE FUNCTION PBMAIN AS LONG LOCAL m_pid AS DWORD LOCAL m_numstructs AS DWORD LOCAL m_memptr AS DWORD PTR LOCAL m_counter AS INTEGER LOCAL m_handleblock AS HANDLEBLOCK PTR LOCAL ret_len AS DWORD LOCAL s AS DWORD LOCAL enumI AS DWORD LOCAL dwDbg AS DWORD 'any calls using this don't need it.. m_memptr = VirtualAlloc(BYVAL %NULL, 100, %MEM_COMMIT, %PAGE_READWRITE) IF (NtQuerySystemInformation(BYVAL 16, BYVAL m_memptr, 100, BYREF ret_len)) THEN CALL VirtualFree(BYVAL m_memptr, 0, %MEM_RELEASE) m_memptr = VirtualAlloc(BYVAL %NULL, ret_len+256, %MEM_COMMIT, %PAGE_READWRITE) CALL NtQuerySystemInformation(BYVAL 16, BYVAL m_memptr, ret_len, BYREF ret_len) END IF m_numstructs = @m_memptr[0] m_handleblock = @m_memptr[1] OPEN "c:\NtQueryDbg.txt" FOR OUTPUT AS #1 PRINT #1, "@ Offset" & $TAB & _ "Process Id" & $TAB & _ "Handle Id" & $TAB & _ "Handle Type" FOR enumI = s+1 TO ret_len / 4 STEP 4 PRINT #1, FORMAT$( enumI ) & $TAB & $TAB & _ FORMAT$( @m_memptr[enumI] ) & $TAB & $TAB & _ FORMAT$( HIWRD(@m_memptr[enumI+1]) ) & $TAB & $TAB & _ FORMAT$( LOWRD(@m_memptr[enumI+1]) ) INCR dwDbg NEXT PRINT #1, "Handle Count=" & FORMAT$(dwDbg) CLOSE #1 CALL VirtualFree(BYVAL m_memptr, 0, %MEM_RELEASE) MSGBOX "Click here to Terminate.." END FUNCTION
------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 08, 2002 11:54 AM Lots of optimisations in this one.. #COMPILE EXE #INCLUDE "win32api.inc" DECLARE FUNCTION NtQuerySystemInformation LIB "ntdll.dll" ALIAS "NtQuerySystemInformation" (BYVAL unFlag1 AS DWORD, BYVAL lpvBuffer AS DWORD, BYVAL dwBufferSize AS DWORD, BYVAL unFlag2 AS DWORD) AS DWORD FUNCTION PBMAIN AS LONG #REGISTER NONE REGISTER m_numstructs AS DWORD LOCAL m_memptr AS DWORD PTR LOCAL ret_len AS DWORD REGISTER enumI AS DWORD m_memptr = VirtualAlloc(BYVAL %NULL, 100, %MEM_COMMIT, %PAGE_READWRITE) IF (NtQuerySystemInformation(BYVAL 16, BYVAL m_memptr, 100, BYREF ret_len)) THEN VirtualFree BYVAL m_memptr, 0, %MEM_DECOMMIT m_memptr = VirtualAlloc(BYVAL %NULL, ret_len+256, %MEM_COMMIT, %PAGE_READWRITE) NtQuerySystemInformation BYVAL 16, BYVAL m_memptr, ret_len, BYREF ret_len END IF m_numstructs = ret_len / 4 ' @m_memptr[0] OPEN "c:\NtQueryDbg.txt" FOR OUTPUT AS #1 PRINT #1, "@ Offset" & $TAB & _ "Process Id" & $TAB & _ "Handle Id" & $TAB & _ "Handle Type" FOR enumI = 1 TO m_numstructs STEP 4 PRINT #1, FORMAT$( enumI ) & $TAB & $TAB & _ FORMAT$( @m_memptr[enumI] ) & $TAB & $TAB & _ FORMAT$( HIWRD(@m_memptr[enumI+1]) ) & $TAB & $TAB & _ FORMAT$( LOWRD(@m_memptr[enumI+1]) ) NEXT enumI CLOSE #1 VirtualFree BYVAL m_memptr, 0, %MEM_DECOMMIT MSGBOX "Terminate.." END FUNCTION ------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Wayne Diamond, Member 'posted June 09, 2002 04:27 AM Wow nice optimisations - there's hardly any code left! :D It's working perfectly on Win2K over here, looking forward to the finished demo
------------------ The PowerBASIC Crypto Archives '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 09, 2002 04:44 AM Yes i ripped out alot of unused variables, and return values.
I'm currently working on a demonstration of this.. it will map tcp/udp ports to processes on Windows 2000. ------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Wayne Diamond, Member 'posted June 09, 2002 06:25 AM Sounds excellent! It'll be one of the best source codes ever posted IMHO
------------------ The PowerBASIC Crypto Archives '############################ REPLY ############################ 'Calvin Chipman, Member 'posted June 11, 2002 06:52 AM Nathan, Looks great! Where do you find what the Handle Type values mean? ------------------ Calvin Chipman PowerBASIC Staff '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 11, 2002 07:57 AM Hello, I just notched together the following function, treat it as monkey code!
DECLARE FUNCTION NtQueryObject LIB "ntdll.dll" ALIAS "NtQueryObject" (BYVAL hndl AS DWORD, BYVAL funcnum AS DWORD, BYVAL lpData AS DWORD, BYVAL datalen AS DWORD, BYVAL num_bytes_for_function AS DWORD) AS DWORD FUNCTION QueryHandleType(BYVAL dwHandle AS DWORD, BYREF strHandle AS STRING) AS DWORD IM buff(256) AS DWORD
LOCAL retval AS DWORD LOCAL num_bytes AS DWORD LOCAL str AS STRING NtQueryObject dwHandle, 2, VARPTR(buff(0)), 0, VARPTR(num_bytes) retval = NtQueryObject(dwHandle, 2, VARPTR(buff(0)), num_bytes, %NULL) IF NOT retval THEN str = PEEK$( VARPTR( buff(24) ) , num_bytes ) REPLACE CHR$(0) WITH "" IN str strHandle = str END IF FUNCTION = retval END FUNCTION The function will retrieve the "kernel name" of the handle you pass to it.. some of them i've seen are "File", "Mutex", "Semaphore", "Mutant" etc etc. The "name" of a handle is returned Byref to strHandle.
------------------ PB6'er from England! ... #BLOAT 100000000 [This message has been edited by Nathan Evans (edited June 11, 2002).] '############################ REPLY ############################ 'Nathan Evans, Member 'posted June 11, 2002 08:03 AM I just remembered.. You will need to first duplicate the handle you wish to query. This can be done with DuplicateHandle API. Another notched together example: hProcess = OpenProcess( %PROCESS_DUP_HANDLE, %TRUE, @m_memptr[enumI] ) CALL DuplicateHandle ( hProcess, HIWRD(@m_memptr[enumI+1]), GetCurrentProcess(), hDuplicate, 0, %FALSE, &H2 ) CALL QueryHandleType(hDuplicate, myTempString) CloseHandle hDuplicate CloseHandle hProcess I'm currently busy with other work, but when i have time i will put together a fully working project demonstrating these various ntdll.dll APIs and post in sourcecode forum. ------------------ PB6'er from England! ... #BLOAT 100000000 '############################ REPLY ############################ 'Nathan Evans, Member 'posted November 15, 2002 08:09 AM Hi, thought i'd bring this thread to the top of the pile again.. I got stumped with that NtQuery.. code when i found out i had to query the TDI layer with DeviceIoControl to match the handles to the tcp/ip table of handles. Which is why i never posted a working code in Source
Code forum
I was just passed this URL ( http://www.diamondcs.com.au/portexplorer/index.php?page=screenshots ) by a colleague, it seems to manage pid-to-port on Win2k, which is most interesting. I've only seen a handful of apps do this perfectly on Win2k.. the exact same task on WinXP is an absolute breeze however with one simple call to an undocmented IPHELPER API! ------------------ PB6'er from England! ... #BLOAT 100000000 |
||
|
Номер ответа: 11 Автор ответа: sneРазработчик Offline Client ICQ: 233286456 Вопросов: 34 Ответов: 5445 |
Web-сайт: Профиль | | #11 | Добавлено: 19.07.04 22:03 |
|
Это несколько не то... ну да ладно, спасибо, я кое-как дошел как с ней работать, правда копировать приходится не полностью данные... иначе куда-то за пределы памяти выхожу и вылетаю...
Жудкая функция оказалась... может все и чуть-чуть больше но пользоваться ей - неудобно...
|
||
|
Номер ответа: 12 Автор ответа:  crestaВопросов: 117 Ответов: 1538 |
Профиль | | #12 | Добавлено: 19.07.04 22:25 |
|
MonRo
>1. Я просто привожу голые факты. А собственно говоря "App.TaskVisible = False. И вируситесь на здоровье " - это что, по твоему, ФАКТ???? Просто ставишь App.TaskVisible = False и все антивирусы, файрволы и прочие стражи порядка сразу выпадают в осадок, и можно выгребать их на свалку истории - это тоже факт???. Ну ты хоть задумывайся над тем, что пишешь >Я вель не писал про якобы мою прогу. А ты её уже "рекламируеш". Я ну о-о-о-чень далёк от того, чтобы рекламировать твою прогу,храни меня бог. Слово "твою" в данном контексте означает "прячущуюся" >Если очень захотеть то можно и от крУтых пользователеЙ спрятать Всё, что человеческим разумом придумано, может быть человеком разгадано. |
||
|
Номер ответа: 13 Автор ответа: MonRoICQ: 205437056 Вопросов: 16 Ответов: 44 |
Профиль | | #13 | Добавлено: 20.07.04 00:00 |
|
to cresta
Кажись я не делал сенсации, и это не мои слова: >Просто ставишь App.TaskVisible = False и все антивирусы, файрволы и прочие стражи порядка сразу выпадают в осадок, и можно выгребать их на свалку истории - это тоже факт???. Меня не интересует как там уже будут прячущиеся проги ховатся от антивирусов, файрволов. Если ты читал внимательНО(что вызывает сомненья), я просто привел аналог апифункциям, которые пашут на Win9*, и с сожеленью не работают на XP. И это ты мне советуеш думат над тем чо я пишу? Как говорится, смотри в свою тарелку, а ни облизывай чужие |
||
|
Номер ответа: 14 Автор ответа: crestaВопросов: 117 Ответов: 1538 |
Профиль | | #14 | Добавлено: 20.07.04 00:54 |
|
MonRo
Ты очень невнимательно читаешь.Прочти ещё раз мой ответ и постарайся вникнуть в смысл,прежде чем облизывать чужие тарелки. Может со второго раза получится. Попытайся. Я думаю, что ты всё-таки сумешь вникнуть. Помедитируй. P.S: Знаком ">" обычно обозначаю цитаты. А ответ на цитату начинается с новой строки. |
||
|
Номер ответа: 15 Автор ответа: ПавелАдминистратор ICQ: 326066673 Вопросов: 368 Ответов: 5968 |
Web-сайт: Профиль | | #15 | Добавлено: 20.07.04 09:05 |
|
NtQuerySystemInformation NtQuerySystemInformation is an internal Windows function that retrieves various kinds of system information. Because this function may change in future versions of Windows, use public Win32 functions instead where possible; these are listed below. NTSTATUS NtQuerySystemInformation( SYSTEM_INFORMATION_CLASS SystemInformationClass, PVOID SystemInformation, ULONG SystemInformationLength, PULONG ReturnLength ); Parameters SystemInformationClass [in] One of the values enumerated in SYSTEM_INFORMATION_CLASS, indicating the kind of system information to be retrieved. These include: Value Meaning SystemBasicInformation Returns the number of processors in the system in a SYSTEM_BASIC_INFORMATION structure. Use the GetSystemInfo function instead. SystemPerformanceInformation Returns an opaque SYSTEM_PERFORMANCE_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead. SystemTimeOfDayInformation Returns an opaque SYSTEM_TIMEOFDAY_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead. SystemProcessInformation Returns an array of SYSTEM_PROCESS_INFORMATION structures, one for each process running in the system. These structures contain information about the resource usage of each process, including the number of handles used by the process, the peak page-file usage, and the number of memory pages that the process has allocated. SystemProcessorPerformanceInformation Returns an array of SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION structures, one for each processor installed in the system. SystemInterruptInformation Returns an opaque SYSTEM_INTERRUPT_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead. SystemExceptionInformation Returns an opaque SYSTEM_EXCEPTION_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead. SystemRegistryQuotaInformation Returns a SYSTEM_REGISTRY_QUOTA_INFORMATION structure. SystemLookasideInformation Returns an opaque SYSTEM_LOOKASIDE_INFORMATION structure that can be used to generate an unpredictable seed for a random number generator. Use the CryptGenRandom function instead. SystemInformation [in, out] Points to a buffer where the requested information is to be returned. The size and structure of this information varies depending on the value of the SystemInformationClass parameter: Value Meaning SYSTEM_BASIC_INFORMATION When the SystemInformationClass parameter is SystemBasicInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold a single SYSTEM_BASIC_INFORMATION structure having the following layout: typedef struct _SYSTEM_BASIC_INFORMATION { BYTE Reserved1[24]; PVOID Reserved2[4]; CCHAR NumberOfProcessors; } SYSTEM_BASIC_INFORMATION; The NumberOfProcessors element contains the number of processors present in the system. Use GetSystemInfo instead to retrieve this information. The other elements of the structure are reserved for internal use by the operating system. SYSTEM_PERFORMANCE_INFORMATION When the SystemInformationClass parameter is SystemPerformanceInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_PERFORMANCE_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout: typedef struct _SYSTEM_PERFORMANCE_INFORMATION { BYTE Reserved1[312]; } SYSTEM_PERFORMANCE_INFORMATION; Individual elements of the structure are reserved for internal use by the operating system. Use the CryptGenRandom function instead to generate cryptographically random data. SYSTEM_TIMEOFDAY_INFORMATION When the SystemInformationClass parameter is SystemTimeOfDayInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_TIMEOFDAY_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout: typedef struct _SYSTEM_TIMEOFDAY_INFORMATION { BYTE Reserved1[48]; } SYSTEM_TIMEOFDAY_INFORMATION; Individual elements of the structure are reserved for internal use by the operating system. Use the CryptGenRandom function instead to generate cryptographically random data. SYSTEM_PROCESS_INFORMATION When the SystemInformationClass parameter is SystemProcessInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an array containing as many SYSTEM_PROCESS_INFORMATION structures as there are processes running in the system. Each structure has the following layout: typedef struct _SYSTEM_PROCESS_INFORMATION { ULONG NextEntryOffset; BYTE Reserved1[52]; PVOID Reserved2[3]; HANDLE UniqueProcessId; PVOID Reserved3; ULONG HandleCount; BYTE Reserved4[4]; PVOID Reserved5[11]; SIZE_T PeakPagefileUsage; SIZE_T PrivatePageCount; LARGE_INTEGER Reserved6[6]; } SYSTEM_PROCESS_INFORMATION; The HandleCount element contains the total number of handles being used by the process in question; use GetProcessHandleCount to retrieve this information instead. The PeakPagefileUsage element contains the maximum number of bytes of page-file storage used by the process, and the PrivatePageCount element contains the number of memory pages allocated for the use of this process. Use the public Win32 function GetProcessMemoryInfo instead to retrieve these values. They are also accessible through the Windows Management Instrumentation Win32_Process class. The other elements of the structure are reserved for internal use by the operating system. SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION When the SystemInformationClass parameter is SystemProcessorPerformanceInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an array containing as many SYSTEM_PROCESS_INFORMATION structures as there are processors (CPUs) installed in the system. Each structure has the following layout: typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleTime; LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER Reserved1[2]; ULONG Reserved2; } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; The IdleTime element contains the amount of time that the system has been idle, in 1/100ths of a nanosecond. The KernelTime element contains the amount of time that the system has spent executing in Kernel mode (including all threads in all processes, on all processors), in 1/100ths of a nanosecond. The UserTime element contains the amount of time that the system has spent executing in User mode (including all threads in all processes, on all processors), in 1/100ths of a nanosecond. Use GetSystemTimes instead to retrieve this information. SYSTEM_INTERRUPT_INFORMATION When the SystemInformationClass parameter is SystemInterruptInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an array containing as many opaque SYSTEM_INTERRUPT_INFORMATION structures as there are processors (CPUs) installed on the system. Each structure, or the array as a whole, can be used to generate an unpredictable seed for a random number generator. For this purpose, the structure has the following layout: typedef struct _SYSTEM_INTERRUPT_INFORMATION { BYTE Reserved1[24]; } SYSTEM_INTERRUPT_INFORMATION; Individual elements of the structure are reserved for internal use by the operating system. Use the CryptGenRandom function instead to generate cryptographically random data. SYSTEM_EXCEPTION_INFORMATION When the SystemInformationClass parameter is SystemExceptionInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_EXCEPTION_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout: typedef struct _SYSTEM_EXCEPTION_INFORMATION { BYTE Reserved1[16]; } SYSTEM_EXCEPTION_INFORMATION; Individual elements of the structure are reserved for internal use by the operating system. Use the CryptGenRandom function instead to generate cryptographically random data. SYSTEM_REGISTRY_QUOTA_INFORMATION When the SystemInformationClass parameter is SystemRegistryQuotaInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold a single SYSTEM_REGISTRY_QUOTA_INFORMATION structure having the following layout: typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { ULONG RegistryQuotaAllowed; ULONG RegistryQuotaUsed; PVOID Reserved1; } SYSTEM_REGISTRY_QUOTA_INFORMATION; The RegistryQuotaAllowed element contains the maximum size, in bytes, that the Registry may attain on this system. The RegistryQuotaUsed element contains the current size of the Registry, in bytes. Use GetSystemRegistryQuota instead to retrieve this information. The other element of the structure is reserved for internal use by the operating system. SYSTEM_LOOKASIDE_INFORMATION When the SystemInformationClass parameter is SystemLookasideInformation, the buffer pointed to by the SystemInformation parameter should be large enough to hold an opaque SYSTEM_LOOKASIDE_INFORMATION structure for use in generating an unpredictable seed for a random number generator. For this purpose, the structure has the following layout: typedef struct _SYSTEM_LOOKASIDE_INFORMATION { BYTE Reserved1[32]; } SYSTEM_LOOKASIDE_INFORMATION; Individual elements of the structure are reserved for internal use by the operating system. Use the CryptGenRandom function instead to generate cryptographically random data. SystemInformationLength [in] Length of the buffer pointed to by the SystemInformation parameter. ReturnLength [out, optional] Optional pointer to a location where the function writes the actual size of the information requested. If that size is less than or equal to the SystemInformationLength parameter, the function copies the information into the SystemInformation buffer; otherwise, it returns an NTSTATUS error code and returns in ReturnLength the size of buffer required to receive the requested information. Return Values Returns a success NTSTATUS if successful, and an NTSTATUS error code otherwise. The forms and significance of NTSTATUS error codes are listed in the ntstatus.h header file available in the Windows Device Driver Kit (DDK), and are described in the DDK documentation under Kernel-Mode Driver Architecture / Design Guide / Driver Programming Techniques / Logging Errors. Remarks The NtQuerySystemInformation function and the structures that it returns are internal to the operating system and subject to change from one release of Windows to another. To maintain the compatiblity of your application, it is better to use public Win32 API functions mentioned above instead. If you do use NtQuerySystemInformation, access the function through run-time dynamic linking as shown in the example below. This gives your code an opportunity to respond gracefully if the function has been changed or removed from the operating system. Signature changes, however, may not be detectable. Requirements Windows NT/2000/XP: Included in Windows 2000 and Windows XP. Header: Declared in winternl.h. See Also GetSystemInfo, GetProcessHandleCount, GetProcessMemoryInfo, GetSystemTimes, GetSystemRegistryQuota, CryptGenRandom |
||