Search found 28 matches
- Sat Apr 18, 2009 7:06 pm
- Forum: madKernel
- Topic: IProcess.CommandLine exception
- Replies: 4
- Views: 15951
- Sat Apr 18, 2009 6:08 pm
- Forum: madKernel
- Topic: IProcess.CommandLine exception
- Replies: 4
- Views: 15951
- Mon Feb 23, 2009 2:53 pm
- Forum: madKernel
- Topic: Module from Thread
- Replies: 1
- Views: 11175
Module from Thread
Hi madshi and All coder...
I need to find the threads created by "examplemodule.dll" inside "someprocess.exe". How do I know? Is it possible?
regards
unlimited
I need to find the threads created by "examplemodule.dll" inside "someprocess.exe". How do I know? Is it possible?
regards
unlimited
- Mon Jul 02, 2007 12:28 pm
- Forum: madCodeHook
- Topic: Problem: Get Full Path Name from PID
- Replies: 8
- Views: 9584
- Fri Jun 29, 2007 2:13 am
- Forum: madCodeHook
- Topic: Problem: Get Full Path Name from PID
- Replies: 8
- Views: 9584
- Tue Jun 26, 2007 6:36 am
- Forum: madCodeHook
- Topic: Problem: Get Full Path Name from PID
- Replies: 8
- Views: 9584
I've used NtQueryObject() to convert a file handle to a full path. How? You can use the ToolHelp API to iterate running processes and compare each process id to the desired one, then access the full path in the PPROCESSENTRY32 struct. -- David Off course. i had try it. I get the file name but there...
- Tue Jun 26, 2007 3:00 am
- Forum: madCodeHook
- Topic: Problem: Get Full Path Name from PID
- Replies: 8
- Views: 9584
Problem: Get Full Path Name from PID
Dear all, I need help. How to obtain full path name from PID? This is my code: function NtCreateProcessExCallbackProc(var ProcessHandle : Cardinal; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: DWORD; InheritHandles: DWORD; SectionHandle: DWORD; DebugPor...
- Mon May 21, 2007 2:26 pm
- Forum: madCodeHook
- Topic: NTCreateProcessEx prototype and process name from PHANDLE
- Replies: 15
- Views: 12006
- Mon May 21, 2007 1:30 pm
- Forum: madCodeHook
- Topic: NTCreateProcessEx prototype and process name from PHANDLE
- Replies: 15
- Views: 12006
- Thu May 17, 2007 3:07 am
- Forum: madCodeHook
- Topic: NTCreateProcessEx prototype and process name from PHANDLE
- Replies: 15
- Views: 12006
Madshi, i still didn't find the file name. It's i'm wrong? :sorry: function NtCreateProcessExCallback(var ProcessHandle : PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: DWORD; InheritHandles: DWORD; SectionHandle: DWORD; DebugPort: DWORD; Excepti...
- Wed May 16, 2007 12:45 pm
- Forum: madCodeHook
- Topic: NTCreateProcessEx prototype and process name from PHANDLE
- Replies: 15
- Views: 12006
- Tue May 15, 2007 12:55 pm
- Forum: madCodeHook
- Topic: NTCreateProcessEx prototype and process name from PHANDLE
- Replies: 15
- Views: 12006
This is my code: function NtCreateProcessExCallback(var ProcessHandle : PHANDLE; DesiredAccess: ACCESS_MASK; ObjectAttributes: POBJECT_ATTRIBUTES; InheritFromProcessHandle: DWORD; InheritHandles: DWORD; SectionHandle: DWORD; DebugPort: DWORD; ExceptionPort: DWORD; dwSaferFlags: DWORD): NTSTATUS; std...
- Tue May 15, 2007 3:13 am
- Forum: madCodeHook
- Topic: NTCreateProcessEx prototype and process name from PHANDLE
- Replies: 15
- Views: 12006
- Sat May 12, 2007 6:32 pm
- Forum: madCodeHook
- Topic: NTCreateProcessEx prototype and process name from PHANDLE
- Replies: 15
- Views: 12006
- Fri Apr 27, 2007 6:55 am
- Forum: madCodeHook
- Topic: Error FileNameFromFileHandle (by Iconic)
- Replies: 2
- Views: 3338
Iconic, when i changes that code with this: const ObjectNameInformation = 1; type UNICODE_STRING = packed record Length: Word; MaximumLength: Word; Buffer: PWideChar; end; type OBJECT_NAME_INFORMATION = record Name: UNICODE_STRING; end; function NtQueryObject(ObjectHandle, ObjectInformationClass: In...