Search found 28 matches

by Unlimited
Sat Apr 18, 2009 7:06 pm
Forum: madKernel
Topic: IProcess.CommandLine exception
Replies: 4
Views: 15951

I downgraded madCollection to 2.5.8.0 and problem SOLVED. Don't know why . Madshi? :sorry:
by Unlimited
Sat Apr 18, 2009 6:08 pm
Forum: madKernel
Topic: IProcess.CommandLine exception
Replies: 4
Views: 15951

I have similar problem. Error when i want to get CommandLine from C:\Windows\System32\services.exe.

MyProcess := MyProcesses.Items;
Exe := MyProcess.ExeFile;
CmdLine := MyProcess.CommandLine;

I have a priviladge. And I try it on WinXP SP2 using latest madCollection 2.5.9.0.
by Unlimited
Mon Feb 23, 2009 2:53 pm
Forum: madKernel
Topic: Module from Thread
Replies: 1
Views: 11175

Module from Thread

Hi madshi and All coder...

I need to find the threads created by "examplemodule.dll" inside "someprocess.exe". How do I know? Is it possible?

regards
unlimited
by Unlimited
Mon Jul 02, 2007 12:28 pm
Forum: madCodeHook
Topic: Problem: Get Full Path Name from PID
Replies: 8
Views: 9584

Hi, sorry for very late respond.
dcsoft wrote: Process Explorer shows a tooltip when I hover over the Process Name (first column) in the main screen. It doesn't show anything for you?
Yes, it doesn't show the path. This is the screen capture:
Image
by Unlimited
Fri Jun 29, 2007 2:13 am
Forum: madCodeHook
Topic: Problem: Get Full Path Name from PID
Replies: 8
Views: 9584

Thanks for the reply dcsoft.

Is that function to get filename from file handle? Sorry, i don't understand C++. Can you translate it to delphi?

Well, Process Explorer didn't show the file path too.

So, how to get the filepath. Oh...i'm very frustate with this. :confused:


Regards,
~U~
by Unlimited
Tue Jun 26, 2007 6:36 am
Forum: madCodeHook
Topic: Problem: Get Full Path Name from PID
Replies: 8
Views: 9584

I've used NtQueryObject() to convert a file handle to a full path. How? You can use the ToolHelp API to iterate running processes and compare each process id to the desired one, then access the full path in the PPROCESSENTRY32 struct. -- David Off course. i had try it. I get the file name but there...
by Unlimited
Tue Jun 26, 2007 3:00 am
Forum: madCodeHook
Topic: Problem: Get Full Path Name from PID
Replies: 8
Views: 9584

Problem: Get Full Path Name from PID

Dear all, I need help. How to obtain full path name from PID? This is my code: function NtCreateProcessExCallbackProc(var ProcessHandle : Cardinal; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: DWORD; InheritHandles: DWORD; SectionHandle: DWORD; DebugPor...
by Unlimited
Mon May 21, 2007 2:26 pm
Forum: madCodeHook
Topic: NTCreateProcessEx prototype and process name from PHANDLE
Replies: 15
Views: 12006

Nop. My computer is not goin bluescreen again. But i still didn't find out the filename :cry:
by Unlimited
Mon May 21, 2007 1:30 pm
Forum: madCodeHook
Topic: NTCreateProcessEx prototype and process name from PHANDLE
Replies: 15
Views: 12006

Hai madshi, are you busy right now? Please help me. I'm still waiting for your answer....i really really need help...please :sorry:
by Unlimited
Thu May 17, 2007 3:07 am
Forum: madCodeHook
Topic: NTCreateProcessEx prototype and process name from PHANDLE
Replies: 15
Views: 12006

Madshi, i still didn't find the file name. It's i'm wrong? :sorry: function NtCreateProcessExCallback(var ProcessHandle : PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: DWORD; InheritHandles: DWORD; SectionHandle: DWORD; DebugPort: DWORD; Excepti...
by Unlimited
Wed May 16, 2007 12:45 pm
Forum: madCodeHook
Topic: NTCreateProcessEx prototype and process name from PHANDLE
Replies: 15
Views: 12006

Sorry madshi, coz my experience is in Java. Thanks for the help. I will try it. And sorry too, if you felt not comfortable with my question.
by Unlimited
Tue May 15, 2007 12:55 pm
Forum: madCodeHook
Topic: NTCreateProcessEx prototype and process name from PHANDLE
Replies: 15
Views: 12006

This is my code: function NtCreateProcessExCallback(var ProcessHandle : PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: DWORD; InheritHandles: DWORD; SectionHandle: DWORD; DebugPort: DWORD; ExceptionPort: DWORD; dwSaferFlags: DWORD): NTSTATUS; std...
by Unlimited
Tue May 15, 2007 3:13 am
Forum: madCodeHook
Topic: NTCreateProcessEx prototype and process name from PHANDLE
Replies: 15
Views: 12006

i had try it, but "blue screen". Can you tell me how to do that? Does the blue screen also happen if you do nothing in your hook callback function except calling NtCreateProcessExNext? Nop, it's not happened. But when i try to get filename using that code, my computer going bluescreen. Is...
by Unlimited
Sat May 12, 2007 6:32 pm
Forum: madCodeHook
Topic: NTCreateProcessEx prototype and process name from PHANDLE
Replies: 15
Views: 12006

I think the last param doesn't matter, just declare it as a dummy dword. You can get the process name from the third parameter (that's a structure which you have to declare and then use). madshi, i had try it, but "blue screen". Can you tell me how to do that? my code: WideToAnsi(ObjectAt...
by Unlimited
Fri Apr 27, 2007 6:55 am
Forum: madCodeHook
Topic: Error FileNameFromFileHandle (by Iconic)
Replies: 2
Views: 3338

Iconic, when i changes that code with this: const ObjectNameInformation = 1; type UNICODE_STRING = packed record Length: Word; MaximumLength: Word; Buffer: PWideChar; end; type OBJECT_NAME_INFORMATION = record Name: UNICODE_STRING; end; function NtQueryObject(ObjectHandle, ObjectInformationClass: In...