1,184
社区成员
发帖
与我相关
我的任务
分享请发表友善的回复…
发表回复
bcb_fans 2002-12-06
- 打赏
- 举报
已经发送!!!
XDT 2002-12-06
- 打赏
- 举报
WEBMASTER@JIEHUIHOTEL.COM
bcb_fans 2002-12-03
- 打赏
- 举报
当不了???你在哪个地方上的网?
源代码有346K(包括Source和Bin,如果只是Source,只有160K),如果不嫌大,给出E-Mail,我发给你!(如果怕E-Mail泄漏的话,给我发短讯就可以了^_^)
源代码有346K(包括Source和Bin,如果只是Source,只有160K),如果不嫌大,给出E-Mail,我发给你!(如果怕E-Mail泄漏的话,给我发短讯就可以了^_^)
XDT 2002-12-03
- 打赏
- 举报
我当不了,能不能麻烦贴出来?
bcb_fans 2002-12-01
- 打赏
- 举报
还没有搞定啊? 你有没有看过《Windows95编程奥秘》的源代码?里边有你需要的一切!
XDT 2002-11-30
- 打赏
- 举报
UP
XDT 2002-11-30
- 打赏
- 举报
谢谢楼上的,不够现在问题还没解决。先帮你吧分留着吧
bcb_fans 2002-11-30
- 打赏
- 举报
//繁体中文版(友情提示:金山快译里边附带的内码转换工具不错,可以很容易地把繁体转换成简体)
http://jjhou.csdn.net/
//配书源代码
http://www.unow.net/xzxt2/list.asp?id=1083
XDT 2002-11-29
- 打赏
- 举报
请问那有这本书下载,或谁知道上海什么地方有买
bcb_fans 2002-11-27
- 打赏
- 举报
W9X的话,可以参考《Windows95编程奥秘》,里边有关于进程句柄表的描述,可以得到一个进程所打开的所有句柄。
bcb_fans 2002-11-27
- 打赏
- 举报
2000的方法:
6、应用(2)-- 查询当前进程所拥有的对象
首先得到当前系统所有的句柄信息,然后再查询指定进程的句柄的属性。
PVOID HandleInfoBuf;
SYSTEM_HANDLE_INFORMATION *HandleInfo;
DWORD dwInfoSize = sizeof(SYSTEM_HANDLE) * 10000;
HandleInfoBuf = (PVOID)new byte[dwInfoSize];
PNTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
PNTQUERYOBJECT NtQueryObject;
PNTDUPLICATEOBJECT NtDuplicateObject;
/////////////////////////////////
NtQuerySystemInformation = (PNTQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle( "ntdll.dll" ),"NtQuerySystemInformation");
NtQueryObject = (PNTQUERYOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtQueryObject");
NtDuplicateObject = (PNTDUPLICATEOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtDuplicateObject");
NtQuerySystemInformation(16,HandleInfoBuf,dwInfoSize,0);
HandleInfo = (SYSTEM_HANDLE_INFORMATION*)HandleInfoBuf;
for(int i=0; i < HandleInfo->dwCount; i++)
{
if(HandleInfo->HandleEntries[i].ProcessId == GetCurrentProcessId())
{
DWORD Ret;
DWORD dwRead;
DWORD dwNameBuffer;
OBJECT_BASIC_INFORMATION BasicInfo;
OBJECT_NAME_INFORMATION *NameInfo;
OBJECT_TYPE_INFORMATION *TypeInfo;
HANDLE hDupObject;
Ret = NtDuplicateObject(GetCurrentProcess(),(HANDLE)HandleInfo->HandleEntries[i].Handle,
GetCurrentProcess(),&hDupObject,
0,0,DUPLICATE_SAME_ATTRIBUTES);
if(Ret != 0)
{
Memo1->Lines->Add("Error Duplicate Object Handle.Err = " + SysErrorMessage(Ret));
continue;
}
//基本信息
Ret = NtQueryObject(hDupObject,ObjectBasicInformation,&BasicInfo,sizeof(OBJECT_BASIC_INFORMATION),&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Basic.Err = " + SysErrorMessage(Ret) + " Code = " + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
}
//类型信息
TypeInfo = (OBJECT_TYPE_INFORMATION *) new char[BasicInfo.TypeInformationLength + 2];
Ret = NtQueryObject(hDupObject,ObjectTypeInformation,TypeInfo,BasicInfo.TypeInformationLength + 2,&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Type.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
}
//名字信息
dwNameBuffer = (BasicInfo.NameInformationLength == 0) ?
(MAX_PATH * sizeof (WCHAR)) : BasicInfo.NameInformationLength;
NameInfo = (OBJECT_NAME_INFORMATION *)new char[dwNameBuffer];
Ret = NtQueryObject(hDupObject,ObjectNameInformation,NameInfo,dwNameBuffer,&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Name.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
}
//没有名字信息
if(NameInfo->Name.Length == 0)
continue;
//结果
Memo1->Lines->Add(IntToHex((int)HandleInfo->HandleEntries[i].Handle,4) +
" == " + AnsiString(TypeInfo->Name.Buffer) + " " +
" == " + AnsiString(NameInfo->Name.Buffer));
delete[] TypeInfo;
delete[] NameInfo;
CloseHandle(hDupObject);
}
}
delete[] HandleInfoBuf;
6、应用(2)-- 查询当前进程所拥有的对象
首先得到当前系统所有的句柄信息,然后再查询指定进程的句柄的属性。
PVOID HandleInfoBuf;
SYSTEM_HANDLE_INFORMATION *HandleInfo;
DWORD dwInfoSize = sizeof(SYSTEM_HANDLE) * 10000;
HandleInfoBuf = (PVOID)new byte[dwInfoSize];
PNTQUERYSYSTEMINFORMATION NtQuerySystemInformation;
PNTQUERYOBJECT NtQueryObject;
PNTDUPLICATEOBJECT NtDuplicateObject;
/////////////////////////////////
NtQuerySystemInformation = (PNTQUERYSYSTEMINFORMATION)GetProcAddress(GetModuleHandle( "ntdll.dll" ),"NtQuerySystemInformation");
NtQueryObject = (PNTQUERYOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtQueryObject");
NtDuplicateObject = (PNTDUPLICATEOBJECT)GetProcAddress(GetModuleHandle("NtDll.dll"),"NtDuplicateObject");
NtQuerySystemInformation(16,HandleInfoBuf,dwInfoSize,0);
HandleInfo = (SYSTEM_HANDLE_INFORMATION*)HandleInfoBuf;
for(int i=0; i < HandleInfo->dwCount; i++)
{
if(HandleInfo->HandleEntries[i].ProcessId == GetCurrentProcessId())
{
DWORD Ret;
DWORD dwRead;
DWORD dwNameBuffer;
OBJECT_BASIC_INFORMATION BasicInfo;
OBJECT_NAME_INFORMATION *NameInfo;
OBJECT_TYPE_INFORMATION *TypeInfo;
HANDLE hDupObject;
Ret = NtDuplicateObject(GetCurrentProcess(),(HANDLE)HandleInfo->HandleEntries[i].Handle,
GetCurrentProcess(),&hDupObject,
0,0,DUPLICATE_SAME_ATTRIBUTES);
if(Ret != 0)
{
Memo1->Lines->Add("Error Duplicate Object Handle.Err = " + SysErrorMessage(Ret));
continue;
}
//基本信息
Ret = NtQueryObject(hDupObject,ObjectBasicInformation,&BasicInfo,sizeof(OBJECT_BASIC_INFORMATION),&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Basic.Err = " + SysErrorMessage(Ret) + " Code = " + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
}
//类型信息
TypeInfo = (OBJECT_TYPE_INFORMATION *) new char[BasicInfo.TypeInformationLength + 2];
Ret = NtQueryObject(hDupObject,ObjectTypeInformation,TypeInfo,BasicInfo.TypeInformationLength + 2,&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Type.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
}
//名字信息
dwNameBuffer = (BasicInfo.NameInformationLength == 0) ?
(MAX_PATH * sizeof (WCHAR)) : BasicInfo.NameInformationLength;
NameInfo = (OBJECT_NAME_INFORMATION *)new char[dwNameBuffer];
Ret = NtQueryObject(hDupObject,ObjectNameInformation,NameInfo,dwNameBuffer,&dwRead);
if(Ret != 0)
{
Memo1->Lines->Add("Error Query Object Name.Err = " + SysErrorMessage(Ret) + IntToHex((int)Ret,8));
CloseHandle(hDupObject);
continue;
}
//没有名字信息
if(NameInfo->Name.Length == 0)
continue;
//结果
Memo1->Lines->Add(IntToHex((int)HandleInfo->HandleEntries[i].Handle,4) +
" == " + AnsiString(TypeInfo->Name.Buffer) + " " +
" == " + AnsiString(NameInfo->Name.Buffer));
delete[] TypeInfo;
delete[] NameInfo;
CloseHandle(hDupObject);
}
}
delete[] HandleInfoBuf;
XDT 2002-11-27
- 打赏
- 举报
不好意思,我忘记把题目说全了,要取得程序里面所有的伪句柄,带窗体的一个不要,昨天晚上我已经找到办法了,不过就是太慢。
我后面有14XX分准备给啊。
我后面有14XX分准备给啊。
CloneCenter 2002-11-27
- 打赏
- 举报
为什么只有 1 分???
flyingkiller 2002-11-27
- 打赏
- 举报
EnumChildWindows啊,最多递归查找啦。
cbdiy 2002-11-27
- 打赏
- 举报
对不起发错了。
cbdiy 2002-11-27
- 打赏
- 举报
(██ 严重抗议板举把我的贴册除 ██)
一不是有色宣传,再不是政治反动思想,这是why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??vvvvvvvvv
一不是有色宣传,再不是政治反动思想,这是why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??why??vvvvvvvvv
Wnyu 2002-11-27
- 打赏
- 举报
EnumWindows
EnumChildWindows
EnumChildWindows
