Archive for 23. märts 2009

Järjekordselt huvitav sait: www.chromeexperiments.com

märts 23, 2009

Sisuliselt kõik need sisud on Javascriptis tehtud,
meeletult on ikka pusitud.

Isiklikult soovitan:

http://www.chromeexperiments.com/detail/chiptunecom-gui/

Launch Experiment

Ja pidu algab 🙂

Advertisements

Huvitav link: op.süsteemide GUI areng läbi aastate

märts 16, 2009

http://www.webdesignerdepot.com/2009/03/operating-system-interface-design-between-1981-2009/

Tehke, mis tahate, aga nii mõnigi pilt tõi nostalgia tagasi…

Koodivaramu: protsessi poolt laetud DLLide loendamine ilma PSAPIta

märts 2, 2009

Vôtsin jälle oma koodivaramust lôigu, mida kunagi kasutasin, et teada saada, millised DLLid on protsess laadinud.

Algallikas

Vähemalt töötab W2K, WinXp all…Vistat pole veel proovinud

Milleks seda koodi vaja…ntx kirjutasin kunagi pcturva programmi, mul oli vaja kontrollida, et mingete troojakate dll’e ei laetaks minu protsessi. Pahalased oskavad PSAPit modifitseerida, undocumented asjadega jäävad jänni.

PSAPI ‘t teavad ju kôik.

CreateToolhelp32Snapshot + Module32First + Module32Next jne

Siin on selle alternatiivse koodi listing…


program procexpl;
{$APPTYPE CONSOLE}

// Ingmar Tammeväli
// http://ingmar.planet.ee

uses
SysUtils,windows;

type
PDebugModule = ^TDebugModule;
TDebugModule = packed record
Reserved : array [0..1] of Cardinal;
Base : Cardinal;
Size : Cardinal;
Flags : Cardinal;
Index : Word;
Unknown : Word;
LoadCount: Word;
ModuleNameOffset: Word;
ImageName : array [0..$FF] of Char;
End;

type
PDebugModuleInformation = ^TDebugModuleInformation;
TDebugModuleInformation = record
Count: Cardinal;
Modules: array [0..0] of TDebugModule;
End;

type

PDebugBuffer = ^TDebugBuffer;
TDebugBuffer = record
SectionHandle: THandle;
SectionBase : Pointer;
RemoteSectionBase : Pointer;
SectionBaseDelta : Cardinal;
EventPairHandle : THandle;
Unknown : array [0..1] of Cardinal;
RemoteThreadHandle: THandle;
InfoClassMask : Cardinal;
SizeOfInfo : Cardinal;
AllocatedSize : Cardinal;
SectionSize : Cardinal;
ModuleInformation : PDebugModuleInformation;
BackTraceInformation: Pointer;
HeapInformation : Pointer;
LockInformation : Pointer;
Reserved : array [0..7] of Pointer;
End;

type
TFNRtlCreateQueryDebugBuffer=Function(Size:Cardinal;EventPair: Boolean): PDebugBuffer; stdcall;

TFNRtlQueryProcessDebugInformation=Function(ProcessId,DebugInfoClassMask: Cardinal; var DebugBuffer: TDebugBuffer): Integer; stdcall;

TFNRtlDestroyQueryDebugBuffer=Function(DebugBuffer:PDebugBuffer): Integer; stdcall;

procedure kuvaLaetudDllid(const procID : dword);
const
PDI_MODULES = $01;
var

HNtDll: HMODULE;
RtlCreateQueryDebugBuffer : TFNRtlCreateQueryDebugBuffer;
RtlQueryProcessDebugInformation: TFNRtlQueryProcessDebugInformation;
RtlDestroyQueryDebugBuffer : TFNRtlDestroyQueryDebugBuffer;
// ***
DbgBuffer : PDebugBuffer;
Loop : Integer;

Begin
Try
Try

HNtDll:=LoadLibrary(

'ntdll.dll'

);
If HNtDll=0 Then
RaiseLastWin32Error;

RtlCreateQueryDebugBuffer := GetProcAddress(HNtDll,

'RtlCreateQueryDebugBuffer'

);
If Not Assigned(RtlCreateQueryDebugBuffer) Then
Exit;

RtlQueryProcessDebugInformation :=GetProcAddress(HNtDll,

'RtlQueryProcessDebugInformation'

);

If Not Assigned(RtlQueryProcessDebugInformation) Then
Exit;
RtlDestroyQueryDebugBuffer:=GetProcAddress(HNtDll,

'RtlDestroyQueryDebugBuffer'

);

If Not Assigned(RtlDestroyQueryDebugBuffer) Then
Exit;

// ***
DbgBuffer := RtlCreateQueryDebugBuffer(0, False);
If Assigned(DbgBuffer) Then
try

if RtlQueryProcessDebugInformation(procID,PDI_MODULES,DbgBuffer^) >= 0 then
if DbgBuffer.ModuleInformation.Count<255 Then
for loop := 0 to DbgBuffer.ModuleInformation.Count-1 do
with dbgBuffer.moduleInformation.Modules[Loop] do
writeln(

'Aadress:'

+inttohex(base,12)+

';'

+imageName);

finally
RtlDestroyQueryDebugBuffer(DbgBuffer);
end;

finally
If Boolean(HNtDll) Then
FreeLibrary(HNtDll);
end;

except
end;

end;

begin
writeln(

'Laetud DLLid ...'

);
writeln;
// mingi protsessi pid
kuvaLaetudDllid(windows.GetCurrentProcessId);
readln;
end.