| View previous topic :: View next topic |
| Author |
Message |
ducspam
Expert Cheater
![]() Reputation: 0
Joined: 07 Oct 2005
Posts: 171
|
 Posted: Wed Oct 19, 2005 6:07 pm Post subject: API for long process list? |
 |
|
Just wondering how you got CE to get even the "hidden" process using that method.
Thanks
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25287
Location: The netherlands
|
| Posted: Wed Oct 19, 2005 10:00 pm Post subject: |
|
|
openprocess
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ducspam
Expert Cheater
![]() Reputation: 0
Joined: 07 Oct 2005
Posts: 171
|
| Posted: Thu Oct 20, 2005 2:11 am Post subject: |
|
|
I checked the OpenProcess API on MSDN and they have an example c source which uses OpenProcess and Toolhelp32SnapShot (http://msdn.microsoft.com/library/default.asp?url=/library/en-us/perfmon/base/taking_a_snapshot_and_viewing_processes.asp).
Tried that out and it show every process except the hidden ones. Am I doing the OpenProcess API wrong?
| Code: | | hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pe32.th32ProcessID); |
------------------------------------------------------------------------------
Since this part of the NProtect thread was getting too technical, I wanted to ask you about it here.
| Code: | | And you don't use a api, you just write to the memory of your own process. There's no api needed for that. |
What method would I use to write the correct memory into my own process?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25287
Location: The netherlands
|
| Posted: Thu Oct 20, 2005 3:24 am Post subject: |
|
|
idiot code but should give an idea:
| Code: |
for (int i=0; i<4000;i++)
{
ph=OpenProcess(i);
if (ph)
{
AddProcessIDToList(i);
closehandle(ph);
}
}
|
and regarding the rewriting of memory, just write directly to your memory using pointers.
e.g:
VirtualProtect(AddressofOpenProcess,5,PAGE_EXECUTE_READWRITE,NULL); //make it writable and hope they havn't patched virtualprotect
CopyMemory(AddressofOpenProcess,OriginalOpenprocessBytesArray,5);
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ducspam
Expert Cheater
![]() Reputation: 0
Joined: 07 Oct 2005
Posts: 171
|
| Posted: Thu Oct 20, 2005 9:15 am Post subject: |
|
|
I tried that as well.
| Code: | for(int i=0; i<4000; i++)
{
hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, (uint)i);
if((hProcess == null) || (hProcess == INVALID_HANDLE_VALUE))
{
// no process here
}
else
{
// add id & handle to the list
counter++;
}
CloseHandle(hProcess);
}
// counter = 4000 after loop is finish |
All 4000 ids are valid. What else did you do to filter out those 4000 ids for valid processes?
|
|
| Back to top |
|
|
personmans
Expert Cheater
![]() Reputation: 0
Joined: 02 Apr 2006
Posts: 193
|
| Posted: Thu Apr 06, 2006 4:05 pm Post subject: |
|
|
I believe the difference in code is that yours is just counting, while his is adding them to a list... with darkbyte's code you can view the list and physically see the processes that are valid (which i trust way more than code)
PS if you declared hProcess as a Long its not likely that you get a null and you'd probably end up with a 0. I'm not sure what the const INVALID_HANDLE_VALUE is for, but try leaving it out and using 0.
Some quick C++ code will tell you:
| Code: |
int main()
{
int count=0;
HANDLE ph; //HANDLE is the same as 'void *'
for(int i=0;i<4000;i++){
ph = OpenProcess(PROCESS_ALL_ACCESS,false, i);
if(ph != 0){
cout << (ph) << " ";
count++;
}
}
cout << "\n" << count << " Processes Running \n";
return 0;
}
|
Its output:
| Quote: |
000007E8 000007F4 000007DC 000007D8 000007D4 000007D0 000007CC 000007C8 000007C4 000007C0 000007BC 000007B8 000007B4 000007B0 000007AC 000007A8 000007A4 000007A0 0000079C 00000798 00000794 00000790 0000078C 00000788 00000784 00000780 0000077C 00000778 00000774 00000770 0000076C 00000768 00000764 00000760 0000075C 00000758
36 Processes Running
|
PS TaskManager is only showing 29. =)
EDIT: made code more readable.
|
|
| Back to top |
|
|
ducspam
Expert Cheater
![]() Reputation: 0
Joined: 07 Oct 2005
Posts: 171
|
| Posted: Sat Apr 08, 2006 12:30 pm Post subject: |
|
|
I was testing to see if how many valid handles are there. Filtering out more and adding to a list was the next step.
I think I'll try the "long" that you suggest if I decide to use this (currently using another method) since my hProcess is an IntPtr or an int (forgot what, it's beem so long).
Thanks for the reply though.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
