Code: Alles auswählen
;PBOSSL Process libary 4.3 x Include
;Rework by Siegfried Rings
;Original by Siegfried Rings
;added Functions by Siegfried Rings
; -GetProcessPIDperName
;License:
;EnableExplicit
;We Define some Prototypes
Prototype Prototype_PBOSL_EnumProcesses(ProcessesArrayMem.i, NbProcessesMax.i, nProcesses.i)
Prototype Prototype_PBOSL_EnumProcessModulesEx(hProcess.i, BaseModule.i, Lenghth.i, cbNeeded.l,dwFilterFlag.l)
Prototype Prototype_PBOSL_EnumProcessModules(hProcess.i, BaseModule.i, Lenghth.i, cbNeeded.l)
Prototype Prototype_PBOSL_GetProcessMemoryInfo(hProcess.i,tPMC.l, SizeOf_tPMC.l)
Prototype Prototype_PBOSL_EmptyWorkingSet(hProcess.i)
Prototype Prototype_PBOSL_GetModuleBaseName(hProcess.i, BaseModule.i, Name.i, LenName.i)
Prototype Prototype_PBOSL_GetModuleFileName(hProcess.i, BaseModule.i, Name.i, LenName.i)
Prototype Prototype_PBOSL_GetModuleInformation(hProcess.i,BaseModule.i,lpModuleInfo,dwSize )
Prototype Prototype_PBOSL_GetExtendedTcpTable(MIB_TCPTABLE , dwSize, a,b,c,d)
Prototype Prototype_PBOSL_GetExtendedUdpTable(MIB_TCPTABLE , dwSize, a,b,c,d)
Global PBOSL_Process_Library.i
Global PBOSL_EnumProcesses.Prototype_PBOSL_EnumProcesses
Global PBOSL_EnumProcessModules.Prototype_PBOSL_EnumProcessModules
Global PBOSL_EnumProcessModulesEx.Prototype_PBOSL_EnumProcessModulesEx
Global PBOSL_GetModuleBaseName.Prototype_PBOSL_GetModuleBaseName
Global PBOSL_GetModuleFileName.Prototype_PBOSL_GetModuleFileName
Global PBOSL_GetProcessMemoryInfo.Prototype_PBOSL_GetProcessMemoryInfo
Global PBOSL_GetModuleInformation.Prototype_PBOSL_GetModuleInformation
Global PBOSL_EmptyWorkingSet.Prototype_PBOSL_EmptyWorkingSet
Global PBOSL_ProcessesArrayMem.i
Global PBOSL_ProcessesArrayModuleMem.i
Prototype Prototype_OpenThread(dwDesiredAccess.l,bInheritHandle.l,dwThreadId.l)
Global OpenThread_.Prototype_OpenThread
Global PBOSL_DriverMem.i
Global PBOSL_DLLMemModule.i
Global PBOSL_nProcessesZeiger.i
#PBOSL_NbProcessesMax=1024
Structure PROCESS_MEMORY_COUNTERS
cb.l
PageFaultCount.l
PeakWorkingSetSize.i
WorkingSetSize.i
QuotaPeakPagedPoolUsage.i
QuotaPagedPoolUsage.i
QuotaPeakNonPagedPoolUsage.i
QuotaNonPagedPoolUsage.i
PageFileUsage.i
PeakPagefileUsage.i
EndStructure
Structure PBOSL_ProcessesStruct
PID.i
Name.s
Filename.s
Memory.PROCESS_MEMORY_COUNTERS
EndStructure
Structure ModuleInformation ;Api definition
lpBaseOfDll.i
SizeOfImage.i;
EntryPoint.i
EndStructure
Structure PBOSL_ModuleStruct
FileName.s
ModuleInformation.ModuleInformation
EndStructure
Structure thread32
size.l
use.l
idth.l
parentid.l
base.l
delta.l
flags.l
EndStructure
#TH32CS_SNAPTHREAD=4
#THREAD_SUSPEND_RESUME=2
Procedure.s PBOSL_DebugApiError(el.l)
Protected Nop.s
Nop=Space(1024)
FormatMessage_(#FORMAT_MESSAGE_FROM_SYSTEM,0, el,0,@Nop.s,1024,0)
ProcedureReturn Hex(el)+":"+Nop.s
EndProcedure
Procedure PBOSL_Process_Init()
CompilerSelect #PB_Compiler_OS
CompilerCase #PB_OS_Windows
CompilerDefault
MessageRequester("Info","Not supported OS for PBOSL_Process_Library",0)
End
CompilerEndSelect
;#PB_Compiler_Processor = #PB_Processor_x86
kernel32dll=OpenLibrary(#PB_Any,"kernel32.dll")
OpenThread_=GetFunction(kernel32dll,"OpenThread") ;Should always work !!
PBOSL_Process_Library=OpenLibrary(#PB_Any,"psapi.dll")
If PBOSL_Process_Library
PBOSL_EnumProcesses= GetFunction(PBOSL_Process_Library, "EnumProcesses")
;Debug PBOSL_EnumProcesses
PBOSL_EnumProcessModules = GetFunction(PBOSL_Process_Library, "EnumProcessModules")
PBOSL_EnumProcessModulesEx = GetFunction(PBOSL_Process_Library, "EnumProcessModulesEx")
PBOSL_GetProcessMemoryInfo= GetFunction(PBOSL_Process_Library, "GetProcessMemoryInfo")
PBOSL_GetModuleInformation=GetFunction(PBOSL_Process_Library, "GetModuleInformation")
PBOSL_EmptyWorkingSet=GetFunction(PBOSL_Process_Library, "EmptyWorkingSet")
;EnumDeviceDrivers= GetProcAddress_(PSAPI, "EnumDeviceDrivers")
If #PB_Compiler_Unicode=0
PBOSL_GetModuleBaseName = GetFunction(PBOSL_Process_Library, "GetModuleBaseNameA")
PBOSL_GetModuleFileName = GetFunction(PBOSL_Process_Library, "GetModuleFileNameExA")
;Debug PBOSL_GetModuleFileName
;PBOSL_GetDeviceDriversBaseName= GetProcAddress_(PSAPI, "GetDeviceDriverBaseNameA")
; GetDeviceDriversFileName= GetProcAddress_(PSAPI, "GetDeviceDriverFileNameA")
Else
;UniCode Mode
PBOSL_GetModuleBaseName = GetFunction(PBOSL_Process_Library, "GetModuleBaseNameW")
PBOSL_GetModuleFileName = GetFunction(PBOSL_Process_Library, "GetModuleFileNameExW")
; GetDeviceDriversBaseName= GetProcAddress_(PSAPI, "GetDeviceDriverBaseNameW")
; GetDeviceDriversFileName= GetProcAddress_(PSAPI, "GetDeviceDriverFileNameW")
EndIf
;GetDeviceDriverBaseName Lib "psapi.dll" Alias "GetDeviceDriverBaseName" (ImageBase As Any, ByVal lpBaseName As String, ByVal nSize As Long )
;EnumDeviceDrivers Lib "PSAPI.DLL" (lpImageBase() As Long,ByVal cb As Long , lpcbNeeded As Long
;reserve some memory
; PBOSL_DriverMem=GlobalAlloc_(#GMEM_FIXED ,#PBOSL_NbProcessesMax*4)
; PBOSL_DLLMemModule=GlobalAlloc_(#GMEM_FIXED ,#PBOSL_NbProcessesMax*4)
;ProcedureReturn PSAPI
ProcedureReturn PBOSL_Process_Library
Else
;Cannot load Library ???
ProcedureReturn 0
PBOSL_ProcessesArrayMem=GlobalAlloc_(#GMEM_FIXED ,#PBOSL_NbProcessesMax*4)
PBOSL_DriverMem=GlobalAlloc_(#GMEM_FIXED ,#PBOSL_NbProcessesMax*4)
PBOSL_DLLMemModule=GlobalAlloc_(#GMEM_FIXED ,#PBOSL_NbProcessesMax*4)
EndIf
EndProcedure
Procedure PBOSL_Process_End()
If PBOSL_DriverMem
GlobalFree_(PBOSL_DriverMem)
EndIf
If PBOSL_DLLMemModule
GlobalFree_(PBOSL_DLLMemModule)
EndIf
If PBOSL_Process_Library
FreeLibrary_(PBOSL_Process_Library)
EndIf
EndProcedure
Structure myTOKEN_PRIVILEGES
PrivilegeCount.l
TheLuid.LUID
Attributes.l
EndStructure
Procedure SetRights(rightsname.s)
Define tLuid.LUID
Define tTokenPriv.myTOKEN_PRIVILEGES
Define tTokenPrivNew.myTOKEN_PRIVILEGES
Define lBufferNeeded.l
;#PROCESS_ALL_ACCESS = $1F0FFF
#PROCESS_TERMINAT = $1
#ANYSIZE_ARRAY = 1
#TOKEN_ADJUST_PRIVILEGES = $20
#TOKEN_QUERY = $8
SE_DEBUG_NAME.s = rightsname.s
#SE_PRIVILEGE_ENABLED = $2
lhThisProc = GetCurrentProcess_()
res=OpenProcessToken_(lhThisProc, #TOKEN_ADJUST_PRIVILEGES | #TOKEN_QUERY, @lhTokenHandle)
res=LookupPrivilegeValue_("", SE_DEBUG_NAME.s, tLuid)
;Set the number of privileges to be change
tTokenPriv\PrivilegeCount = 1
tTokenPriv\TheLuid\LowPart = tLuid\LowPart
tTokenPriv\TheLuid\HighPart = tLuid\HighPart
tTokenPriv\Attributes = #SE_PRIVILEGE_ENABLED
;Enable the kill privilege in the access token of this process
res=AdjustTokenPrivileges_(lhTokenHandle, 0, tTokenPriv, SizeOf(tTokenPrivNew), tTokenPrivNew, @lBufferNeeded)
EndProcedure
ProcedureDLL.i ExamineProcesses(List PBOSL_ProcessList.PBOSL_ProcessesStruct());take a snapshot and examine processes, fill linkedlist
Protected nProcesses.i
SetRights("SeDebugPrivilege")
PBOSL_ProcessesArrayMem=GlobalAlloc_(#GMEM_FIXED ,#PBOSL_NbProcessesMax*4)
PBOSL_ProcessesArrayModuleMem=GlobalAlloc_(#GMEM_FIXED ,#PBOSL_NbProcessesMax*4)
PBOSL_EnumProcesses(PBOSL_ProcessesArrayMem, #PBOSL_NbProcessesMax, @nProcesses.i)
ClearList(PBOSL_ProcessList())
;Debug "Anzahl Processe ="+Str(nProcesses)
If nProcesses/4> 0
nProcesses=nProcesses/4;SizeOf(Integer)
Protected iTemp.i
Protected *L1.LONG
For iTemp=1 To nProcesses
;now fill the LinkedList
AddElement(PBOSL_ProcessList())
Protected tPID.l
tPID=PeekL(PBOSL_ProcessesArrayMem+(iTemp-1)*4)
If tPID=0
PBOSL_ProcessList()\Name="IDLE"
PBOSL_ProcessList()\PID=0
Else
Protected hProcess.i
PBOSL_ProcessList()\PID=tPID
;SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_QUERY_INFORMATION | #PROCESS_VM_READ, 0, tPID)
If hProcess
Protected Result.i
Protected BaseModule.i
Protected cbNeeded.i
#LIST_MODULES_32BIT=$01 ;List the 32-bit modules.
#LIST_MODULES_64BIT=$02 ;List the 64-bit modules.
#LIST_MODULES_ALL=$03 ;List all modules.
#LIST_MODULES_DEFAULT=$0 ;Use the Default behavior.
;Result=PBOSL_EnumProcessModules(hProcess, @BaseModule, 4, @cbNeeded)
Dim BaseModule.i(#PBOSL_NbProcessesMax)
Result=PBOSL_EnumProcessModulesEx(hProcess, PBOSL_ProcessesArrayModuleMem, #PBOSL_NbProcessesMax*4, @cbNeeded, #LIST_MODULES_ALL)
;Debug "cbNeeded="+Str(cbNeeded)
If Result<>0
;Debug Str(PeekI(PBOSL_ProcessesArrayModuleMem))+"#"+Str(cbNeeded)
Protected Name$
Name$ = Space(255)
Result=PBOSL_GetModuleBaseName(hProcess, PeekI(PBOSL_ProcessesArrayModuleMem), @Name$, Len(Name$))
If Name$="?"
PBOSL_ProcessList()\Name="System"
Else
PBOSL_ProcessList()\Name=Name$
EndIf
Name$=Space(512)
Result=PBOSL_GetModuleFileName(hProcess, PeekI(PBOSL_ProcessesArrayModuleMem), @Name$, Len(Name$))
If result=0:Debug "Error GetModuleFileName: " + PBOSL_DebugApiError(GetLastError_()) :EndIf
PBOSL_ProcessList()\FileName=Name$
PBOSL_ProcessList()\Memory\cb=SizeOf(PROCESS_MEMORY_COUNTERS )
Result=PBOSL_GetProcessMemoryInfo(hProcess, PBOSL_ProcessList()\Memory, SizeOf(PROCESS_MEMORY_COUNTERS ))
If result=0:Debug "Error memoryInfo: " + PBOSL_DebugApiError(GetLastError_()) :EndIf
; If cbNeeded/4>0
; cbNeeded=cbNeeded/4
; ;Debug "Anzahl Module="+Str(cbNeeded)
; Define I.i
; For I=1 To cbneeded
; Name$ = Space(255)
; Result=PBOSL_GetModuleFileName(hProcess, PeekI(PBOSL_ProcessesArrayModuleMem + (I-1)*4), @Name$, Len(Name$))
; ; Debug "innedrin isses=" +name$
; Next I
; EndIf
Else
;Debug "ResultEnumProcessModules="+Hex(result)
EndIf
CloseHandle_(hProcess)
Else
PBOSL_ProcessList()\Name="cannot open Process"
PBOSL_ProcessList()\FileName=""
EndIf
EndIf
Next
EndIf
If PBOSL_ProcessesArrayMem ;release memory
GlobalFree_(PBOSL_ProcessesArrayMem)
EndIf
If PBOSL_ProcessesArrayModuleMem
GlobalFree_(PBOSL_ProcessesArrayModuleMem)
EndIf
ProcedureReturn nProcesses
EndProcedure
ProcedureDLL ExamineProcessDLLS(PID,List PBOSL_ModuleList.PBOSL_ModuleStruct());Examine all DLL's of a process
hProcess = OpenProcess_(#PROCESS_QUERY_INFORMATION | #PROCESS_VM_READ, 0, PID)
If hProcess
Protected Result.i
Protected BaseModule.i
Protected cbNeeded.i
#LIST_MODULES_32BIT=$01 ;List the 32-bit modules.
#LIST_MODULES_64BIT=$02 ;List the 64-bit modules.
#LIST_MODULES_ALL=$03 ;List all modules.
#LIST_MODULES_DEFAULT=$0 ;Use the Default behavior.
;ok, below Vista the Ex Function is not there
If OSVersion()< #PB_OS_Windows_Vista
Result=PBOSL_EnumProcessModules(hProcess, PBOSL_ProcessesArrayModuleMem, #PBOSL_NbProcessesMax*4, @cbNeeded)
Else
Result=PBOSL_EnumProcessModulesEx(hProcess, PBOSL_ProcessesArrayModuleMem, #PBOSL_NbProcessesMax*4, @cbNeeded, #LIST_MODULES_ALL)
EndIf
If Result<>0
If cbNeeded/4>0
ClearList( PBOSL_ModuleList())
MyStep=SizeOf(Integer)
cbNeeded=cbNeeded/MyStep
Define I.i
; CompilerIf #PB_Compiler_Processor =:#PB_Processor_x86
For I=1 To cbneeded
Name$ = Space(512)
Base.i=PeekI(PBOSL_ProcessesArrayModuleMem + (I-1)*MyStep)
Result=PBOSL_GetModuleFileName(hProcess, Base, @Name$, Len(Name$))
If result=0:Debug "Error ModuleFilename: " + PBOSL_DebugApiError(GetLastError_()) :EndIf
If Trim(Name$)<>""
AddElement(PBOSL_ModuleList())
PBOSL_ModuleList()\FileName=Name$
Result=PBOSL_GetModuleInformation(hProcess, Base,PBOSL_ModuleList()\ModuleInformation,SizeOf(ModuleInformation) )
If result=0:Debug "Error ModuleInformation: " + PBOSL_DebugApiError(GetLastError_()) :EndIf
EndIf
; Debug "innedrin isses=" +name$
Next I
EndIf
EndIf
CloseHandle_(hProcess)
ProcedureReturn cbNeeded
EndIf
EndProcedure
ProcedureDLL ReArrangeMem(PID)
SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS , 0, PID)
If hProcess
PBOSL_EmptyWorkingSet(hProcess)
SetProcessWorkingSetSize_(hProcess, -1, -1)
CloseHandle_(hProcess)
EndIf
EndProcedure
ProcedureDLL RemovePagefaults(PID);remove unneded memory from Process
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS , 0, PID)
If hProcess
Result=CallFunctionFast(EmptyWorkingSet, hProcess)
CloseHandle_(hProcess)
If Result=0:Debug "Error RemovePageFaults: " + PBOSL_DebugApiError(GetLastError_()):EndIf
ProcedureReturn Result
Else
ProcedureReturn -2
EndIf
EndProcedure
Procedure GetOwnPID()
ProcedureReturn GetCurrentProcess_()
EndProcedure
ProcedureDLL GetProcessPIDfromHWND(hwnd);Get a PID from the window handle (hwnd)
Result=GetWindowThreadProcessId_ (hwnd, @PID)
ProcedureReturn PID
EndProcedure
ProcedureDLL KillPID(PID,ExitCode);exit the process with Exitcode
SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_TERMINAT, 0, PID)
If hProcess
Result=TerminateProcess_(hProcess,ExitCode)
CloseHandle_(hProcess)
ProcedureReturn Result
EndIf
EndProcedure
ProcedureDLL KillAllProcess(LName.s,ExitCode);exit all processes with Name with Exitcode
SetRights("SeDebugPrivilege")
NewList priv_ProcessList.PBOSL_ProcessesStruct()
Protected c1.l
Protected c2.l
c1.l=ExamineProcesses(priv_ProcessList())
If c1
ForEach priv_ProcessList()
If LCase(priv_ProcessList()\Name )=LCase(LName)
If KillPID(priv_ProcessList()\PID,ExitCode)
c2+1
EndIf
EndIf
Next
EndIf
ProcedureReturn c2
EndProcedure
ProcedureDLL PauseProcess(PID)
thread.thread32
snap = CreateToolhelp32Snapshot_(#TH32CS_SNAPTHREAD,0)
If snap
thread\size=SizeOf(thread32)
Thread32First_(snap,@thread)
If thread\parentid=PID
h=OpenThread_(#THREAD_SUSPEND_RESUME,0,thread\idth)
SuspendThread_(h)
CloseHandle_(h)
EndIf
While Thread32Next_(snap,@thread)
If thread\parentid=PID
h=OpenThread_(#THREAD_SUSPEND_RESUME,0,thread\idth)
SuspendThread_(h)
CloseHandle_(h)
success=1
EndIf
Wend
EndIf
ProcedureReturn success
EndProcedure
ProcedureDLL ResumeProcess(PID)
thread.thread32
snap = CreateToolhelp32Snapshot_(#TH32CS_SNAPTHREAD,0)
If snap
thread\size=SizeOf(thread32)
Thread32First_(snap,@thread)
If thread\parentid=PID
h=OpenThread_(#THREAD_SUSPEND_RESUME,0,thread\idth)
ResumeThread_(h)
CloseHandle_(h)
EndIf
While Thread32Next_(snap,@thread)
If thread\parentid=PID
h=OpenThread_(#THREAD_SUSPEND_RESUME,0,thread\idth)
ResumeThread_(h)
CloseHandle_(h)
success=1
EndIf
Wend
EndIf
ProcedureReturn success
EndProcedure
ProcedureDLL GetProcessPrio(PID);get the priority of the process
hProcess.i = OpenProcess_(#PROCESS_QUERY_INFORMATION | #PROCESS_VM_READ, 0, PID)
If hProcess
prio=GetPriorityClass_(hProcess)
CloseHandle_(hProcess)
ProcedureReturn prio
EndIf
EndProcedure
ProcedureDLL SetProcessPrio(PID,Priority);sets the priority of the process
SetRights("SeIncreaseBasePriorityPrivilege")
hProcess.i = OpenProcess_(#PROCESS_SET_INFORMATION , 1, PID)
If hProcess
prio=SetPriorityClass_(hProcess,Priority)
CloseHandle_(hProcess)
ProcedureReturn prio
EndIf
EndProcedure
Structure ConnectionTable
PID.l
State.l
LocalIP.s
LocalPort.l
RemoteIP.s
RemotePort.l
EndStructure
#AF_INET = 2 ;IPV4
#AF_INET6 = 23 ;IPV6
#TCP_TABLE_BASIC_LISTENER = 0
#TCP_TABLE_BASIC_CONNECTIONS = 1
#TCP_TABLE_BASIC_ALL = 2
#TCP_TABLE_OWNER_PID_LISTENER = 3
#TCP_TABLE_OWNER_PID_CONNECTIONS = 4
#TCP_TABLE_OWNER_PID_ALL = 5
#TCP_TABLE_OWNER_MODULE_LISTENER = 6
#TCP_TABLE_OWNER_MODULE_CONNECTIONS = 7
#TCP_TABLE_OWNER_MODULE_ALL = 8
#UDP_TABLE_BASIC = 0
#UDP_TABLE_OWNER_PID = 1
#UDP_TABLE_OWNER_MODULE = 0
Structure MIB_TCPTABLE_OWNER_PID
dwStats.l
dwLocalAddr.l
dwLocalPort.l
dwRemoteAddr.l
dwRemotePort.l
dwOwningPid.l
EndStructure
Structure MIB_TCPTABLE
dwNumEntries.l
table.MIB_TCPTABLE_OWNER_PID[2048]
EndStructure
Structure MIB_UDPTABLE_OWNER_PID
dwLocalAddr.l
dwLocalPort.l
dwOwningPid.l
EndStructure
Structure MIB_UDPTABLE
dwNumEntries.l
table.MIB_UDPTABLE_OWNER_PID[2048]
EndStructure
Procedure GetConnectionFromPID(PID,List ConnectionTable.ConnectionTable())
Protected cc.l
PBOSL_GetExtendedTcpTable.Prototype_PBOSL_GetExtendedTcpTable
PBOSL_GetExtendedUdpTable.Prototype_PBOSL_GetExtendedUdpTable
iphlpapi.i=OpenLibrary(#PB_Any, "iphlpapi.dll")
If iphlpapi
PBOSL_GetExtendedTcpTable=GetFunction(iphlpapi,"GetExtendedTcpTable")
PBOSL_GetExtendedUdpTable=GetFunction(iphlpapi,"GetExtendedUdpTable")
ClearList(ConnectionTable())
dwSize = $0
If PBOSL_GetExtendedTcpTable(@tcpTable.MIB_TCPTABLE , @dwSize, #True,#AF_INET,#TCP_TABLE_OWNER_PID_ALL,0)
If PBOSL_GetExtendedTcpTable(@tcpTable.MIB_TCPTABLE , @dwSize, #True,#AF_INET,#TCP_TABLE_OWNER_PID_ALL,0) = #NO_ERROR
For cnt = 0 To tcpTable\dwNumEntries - 1
If tcpTable\table[cnt]\dwOwningPid=PID
cc+1
AddElement(ConnectionTable())
ConnectionTable()\State=tcpTable\table[cnt]\dwStats
ConnectionTable()\LocalIP=IPString(tcpTable\table[cnt]\dwLocalAddr)
ConnectionTable()\LocalPort=htons_(tcpTable\table[cnt]\dwLocalPort)
ConnectionTable()\RemoteIP=IPString(tcpTable\table[cnt]\dwRemoteAddr)
ConnectionTable()\RemotePort=htons_(tcpTable\table[cnt]\dwRemotePort)
EndIf
Next
EndIf
EndIf
dwSize = $0
If PBOSL_GetExtendedUdpTable(@udpTable.MIB_UDPTABLE , @dwSize, #True,#AF_INET,#UDP_TABLE_OWNER_PID,0)
If PBOSL_GetExtendedUdpTable(@udpTable.MIB_UDPTABLE , @dwSize, #True,#AF_INET,#UDP_TABLE_OWNER_PID,0) = #NO_ERROR
For cnt = 0 To udpTable\dwNumEntries - 1
If udpTable\table[cnt]\dwOwningPid=PID
cc+1
AddElement(ConnectionTable())
ConnectionTable()\State=t-1
ConnectionTable()\LocalIP= IPString(udpTable\table[cnt]\dwLocalAddr)
ConnectionTable()\LocalPort=htons_(udpTable\table[cnt]\dwLocalPort)
EndIf
Next
EndIf
EndIf
;
CloseLibrary(iphlpapi)
EndIf
ProcedureReturn cc
EndProcedure
Procedure GetConnections(List ConnectionTable.ConnectionTable())
Protected cc.l
PBOSL_GetExtendedTcpTable.Prototype_PBOSL_GetExtendedTcpTable
PBOSL_GetExtendedUdpTable.Prototype_PBOSL_GetExtendedUdpTable
iphlpapi.i=OpenLibrary(#PB_Any, "iphlpapi.dll")
If iphlpapi
PBOSL_GetExtendedTcpTable=GetFunction(iphlpapi,"GetExtendedTcpTable")
PBOSL_GetExtendedUdpTable=GetFunction(iphlpapi,"GetExtendedUdpTable")
ClearList(ConnectionTable())
dwSize = $0
If PBOSL_GetExtendedTcpTable(@tcpTable.MIB_TCPTABLE , @dwSize, #True,#AF_INET,#TCP_TABLE_OWNER_PID_ALL,0)
If PBOSL_GetExtendedTcpTable(@tcpTable.MIB_TCPTABLE , @dwSize, #True,#AF_INET,#TCP_TABLE_OWNER_PID_ALL,0) = #NO_ERROR
For cnt = 0 To tcpTable\dwNumEntries - 1
AddElement(ConnectionTable())
cc+1
ConnectionTable()\PID=tcpTable\table[cnt]\dwOwningPid
ConnectionTable()\State=tcpTable\table[cnt]\dwStats
ConnectionTable()\LocalIP=IPString(tcpTable\table[cnt]\dwLocalAddr)
ConnectionTable()\LocalPort=htons_(tcpTable\table[cnt]\dwLocalPort)
ConnectionTable()\RemoteIP=IPString(tcpTable\table[cnt]\dwRemoteAddr)
ConnectionTable()\RemotePort=htons_(tcpTable\table[cnt]\dwRemotePort)
Next
EndIf
EndIf
dwSize = $0
If PBOSL_GetExtendedUdpTable(@udpTable.MIB_UDPTABLE , @dwSize, #True,#AF_INET,#UDP_TABLE_OWNER_PID,0)
If PBOSL_GetExtendedUdpTable(@udpTable.MIB_UDPTABLE , @dwSize, #True,#AF_INET,#UDP_TABLE_OWNER_PID,0) = #NO_ERROR
For cnt = 0 To udpTable\dwNumEntries - 1
cc+1
AddElement(ConnectionTable())
ConnectionTable()\PID=udpTable\table[cnt]\ dwOwningPid
ConnectionTable()\State=t-1
ConnectionTable()\LocalIP= IPString(udpTable\table[cnt]\dwLocalAddr)
ConnectionTable()\LocalPort=htons_(udpTable\table[cnt]\dwLocalPort)
Next
EndIf
EndIf
;
CloseLibrary(iphlpapi)
EndIf
ProcedureReturn cc
EndProcedure
ProcedureDLL pPeekL(handle,addr);get a Long from the process with Offset
SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_VM_READ, 0, handle)
If hProcess
ReadProcessMemory_(hProcess,addr,@res,4,0)
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
ProcedureDLL.w pPeekW(handle,addr);get a word from the process with Offset
SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_VM_READ, 0, handle)
If hProcess
ReadProcessMemory_(hProcess,addr,@res.w,2,0)
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
ProcedureDLL.b pPeekB(handle,addr);get a Byte from the process with Offset
SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_VM_READ , 0, handle)
If hProcess
ReadProcessMemory_(hProcess,addr,@res.b,1,0)
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
ProcedureDLL.s pPeekS(handle,addr);get a String from the process with Offset
SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_VM_READ , 0, handle)
If hProcess
res.s=""
Repeat
ReadProcessMemory_(hProcess,addr,@res2.b,1,0)
res+Chr(res2.b & $FF)
addr+1
Until byte=0
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
ProcedureDLL pReadMemory(handle,addr, DestinationMemoryID, Length);copys Data from the process with Offset to own Process Destinationmemory
SetRights("SeDebugPrivilege")
hProcess = OpenProcess_(#PROCESS_VM_READ, 0, handle)
If hProcess
ReadProcessMemory_(hProcess,addr,DestinationMemoryID,Length,0)
CloseHandle_(hProcess)
EndIf
EndProcedure
ProcedureDLL pPokeL(handle,addr,value);Writes a Long to the process with Offset
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS , 0, handle)
If hProcess
OrigMode=1
Mode=#PAGE_EXECUTE_READWRITE
VirtualProtectEx_(hProcess,addr,4,Mode,@OrigMode)
res=WriteProcessMemory_(hProcess,addr,@value,4,0)
VirtualProtectEx_(hProcess,addr,4,OrigMode,@Mode)
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
ProcedureDLL pPokeW(handle,addr,value.w);Writes a word to the process with Offset
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS , 0, handle)
If hProcess
OrigMode=1
Mode=#PAGE_EXECUTE_READWRITE
VirtualProtectEx_(hProcess,addr,2,Mode,@OrigMode)
res=WriteProcessMemory_(hProcess,addr,@value,2,0)
VirtualProtectEx_(hProcess,addr,2,OrigMode,@Mode)
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
ProcedureDLL pPokeB(handle,addr,value.b);Writes a Byte to the process with Offset
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS , 0, handle)
If hProcess
OrigMode=1
Mode=#PAGE_EXECUTE_READWRITE
VirtualProtectEx_(hProcess,addr,1,Mode,@OrigMode)
WriteProcessMemory_(hProcess,addr,@value,1,0)
VirtualProtectEx_(hProcess,addr,1,OrigMode,@Mode)
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
ProcedureDLL pWriteMemory(handle,addr, SourceMemoryID, Laenge) ;copys Data from Sourcememory(own process) to the process with Offset
hProcess = OpenProcess_(#PROCESS_ALL_ACCESS , 0, handle)
If hProcess
OrigMode=1
Mode=#PAGE_EXECUTE_READWRITE
VirtualProtectEx_(hProcess,addr,Laenge,Mode,@OrigMode)
res=WriteProcessMemory_(hProcess,addr,SourceMemoryID,Laenge,0)
VirtualProtectEx_(hProcess,addr,Laenge,OrigMode,@Mode)
CloseHandle_(hProcess)
ProcedureReturn res
EndIf
EndProcedure
Procedure GetProcessPIDperName(Name.s,List PBOSL_ProcessList.PBOSL_ProcessesStruct())
Name2.s=LCase(Name)
ResetList(PBOSL_ProcessList())
ForEach PBOSL_ProcessList()
Name1.s=PBOSL_ProcessList()\Name
If LCase(Name1)=LCase(Name2)
ProcedureReturn PBOSL_ProcessList()\PID
EndIf
Next
EndProcedure
Enumeration
#Window_0
#Button_Refresh
#Tree_0
#Button_Kill
#Text_process
#Button_PauseResume
#Button_RArrangeMem
#Panel_0
#Listview_IPLIST
EndEnumeration
If OpenWindow(#Window_0, 10, 10, 600, 600, "PBOSL Process Include Example", #PB_Window_SystemMenu | #PB_Window_SizeGadget | #PB_Window_TitleBar )
ButtonGadget(#Button_Refresh, 10, 10, 70, 30, "Refresh")
ButtonGadget(#Button_Kill, 90, 10, 90, 30, "Kill Process")
TextGadget(#Text_process, 10, 510, 480, 20, "Process")
ButtonGadget(#Button_PauseResume, 190, 10, 90, 30, "Pause/Resume")
ButtonGadget(#Button_RArrangeMem, 290, 10, 110, 30, "ReArange Memory")
PanelGadget(#Panel_0, 0, 50, 600, 550)
AddGadgetItem(#Panel_0, -1, "Processes")
TreeGadget(#Tree_0, 1, 1, 580, 550)
AddGadgetItem(#Panel_0, -1, "IP-List")
ListViewGadget(#Listview_IPLIST, 1, 1, 580, 550)
CloseGadgetList()
EndIf
PBOSL_Process_INIT()
Define ProcessCount.i
NewList priv_ProcessList.PBOSL_ProcessesStruct()
NewList priv_ModuleList.PBOSL_ModuleStruct()
Filename.s="calc.exe"
;RunProgram(Filename)
;RunProgram(Filename)
;RunProgram(Filename)
Repeat ; Start of the event loop
Event = WaitWindowEvent() ; This line waits until an event is received from Windows
WindowID = EventWindow() ; The Window where the event is generated, can be used in the gadget procedures
GadgetID = EventGadget() ; Is it a gadget event?
EventType = EventType() ; The event type
;You can place code here, and use the result as parameters for the procedures
If Event = #PB_Event_Gadget
If GadgetID = #Button_Refresh
ClearGadgetItems(#Tree_0)
Processcount=ExamineProcesses(priv_ProcessList())
Debug "-----------------------"
Debug "Processcount="+Str(Processcount)
ForEach priv_ProcessList()
AddGadgetItem(#Tree_0, -1, Str(priv_ProcessList()\PID) +" " + priv_ProcessList()\Name ,0,0)
AddGadgetItem(#Tree_0, -1, "located at " + GetPathPart(priv_ProcessList()\FileName) ,0,1)
AddGadgetItem(#Tree_0, -1, "Memory Usage " ,0,1)
AddGadgetItem(#Tree_0, -1, "WorkingSetSize " + Hex(priv_ProcessList()\Memory\WorkingSetSize ) ,0,2)
AddGadgetItem(#Tree_0, -1, "PageFaultCount " + Hex(priv_ProcessList()\Memory\PageFaultCount ) ,0,2)
AddGadgetItem(#Tree_0, -1, "PeakWorkingSetSize " + Hex(priv_ProcessList()\Memory\PeakWorkingSetSize ) ,0,2)
AddGadgetItem(#Tree_0, -1, "QuotaPeakPagedPoolUsage " + Hex(priv_ProcessList()\Memory\QuotaPeakPagedPoolUsage) ,0,2)
AddGadgetItem(#Tree_0, -1, "QuotaPagedPoolUsage " + Hex(priv_ProcessList()\Memory\QuotaPagedPoolUsage ) ,0,2)
AddGadgetItem(#Tree_0, -1, "QuotaPeakNonPagedPoolUsage " + Hex(priv_ProcessList()\Memory\QuotaPeakNonPagedPoolUsage ) ,0,2)
AddGadgetItem(#Tree_0, -1, "QuotaNonPagedPoolUsage " + Hex(priv_ProcessList()\Memory\QuotaNonPagedPoolUsage) ,0,2)
AddGadgetItem(#Tree_0, -1, "PageFileUsage " + Hex(priv_ProcessList()\Memory\PageFileUsage ) ,0,2)
AddGadgetItem(#Tree_0, -1, "PeakPagefileUsage " + Hex(priv_ProcessList()\Memory\PeakPagefileUsage) ,0,2)
Modules=ExamineProcessDLLs(priv_ProcessList()\PID, priv_ModuleList())
If Modules
AddGadgetItem(#Tree_0, -1, Str(Modules) + " Module" ,0,1)
ForEach priv_ModuleList()
AddGadgetItem(#Tree_0, -1, GetFilePart(priv_ModuleList()\FileName) ,0,2)
AddGadgetItem(#Tree_0, -1, "located at " + GetPathPart(priv_ModuleList()\FileName) ,0,3)
AddGadgetItem(#Tree_0, -1, "Base of Image in Memory= "+Hex(priv_ModuleList()\ModuleInformation\lpBaseOfDll) ,0,3)
AddGadgetItem(#Tree_0, -1, "EntryPoint of Image in Memory= "+Hex(priv_ModuleList()\ModuleInformation\EntryPoint) ,0,3)
AddGadgetItem(#Tree_0, -1, "Size of Image in Memory= "+Hex(priv_ModuleList()\ModuleInformation\SizeofImage) ,0,3)
Next
EndIf
NewList ConnectionTable.ConnectionTable()
Define o.s
If GetConnectionFromPID(priv_ProcessList()\PID,ConnectionTable())
AddGadgetItem(#Tree_0, -1, Str(ListSize(ConnectionTable()) )+ " CONNECTIONS" ,0,1)
ForEach ConnectionTable()
If ConnectionTable()\State=-1
o.s="UDP-Connection on "+ConnectionTable()\LocalIP+" at "+Str(ConnectionTable()\Localport)
Else
o="TCP-Connection on "+ConnectionTable()\LocalIP+"/"+Str(ConnectionTable()\Localport)+" from "+ConnectionTable()\RemoteIP+"/"+Str(ConnectionTable()\Remoteport)
Select ConnectionTable()\State
Case 1
o +" Closed"
Case 2
o + " Listening"
Case 3
o + " SYN Sent"
Case 4
o + " SYN Received"
Case 5
o + " Established"
Case 6
o + " Waiting For FIN"
Case 7
o + " Waiting For FIN"
Case 8
o + " Waiting For Close"
Case 9
o + " Closing"
Case 10
o + " Last ACK"
Case 11
o + " Time Wait"
Case 12
o + " TCB deleted"
Default
o + " unknown"
EndSelect
EndIf
AddGadgetItem(#Tree_0, -1, o ,0,2)
Next
EndIf
Next
If GetConnections(ConnectionTable())
ClearGadgetItems(#Listview_IPLIST)
ForEach ConnectionTable()
If ConnectionTable()\State=-1
o.s="UDP-Connection on "+ConnectionTable()\LocalIP+" at "+Str(ConnectionTable()\Localport)
Else
o="TCP-Connection on "+ConnectionTable()\LocalIP+"/"+Str(ConnectionTable()\Localport)+" from "+ConnectionTable()\RemoteIP+"/"+Str(ConnectionTable()\Remoteport)
Select ConnectionTable()\State
Case 1
o +" Closed"
Case 2
o + " Listening"
Case 3
o + " SYN Sent"
Case 4
o + " SYN Received"
Case 5
o + " Established"
Case 6
o + " Waiting For FIN"
Case 7
o + " Waiting For FIN"
Case 8
o + " Waiting For Close"
Case 9
o + " Closing"
Case 10
o + " Last ACK"
Case 11
o + " Time Wait"
Case 12
o + " TCB deleted"
Default
o + " unknown"
EndSelect
EndIf
AddGadgetItem(#Listview_IPLIST, -1, Str(ConnectionTable()\PID) +" : " + o )
Next
EndIf
ElseIf GadgetID = #Tree_0
ElseIf GadgetID = #Button_Kill
ElseIf GadgetID = #Button_PauseResume
ElseIf GadgetID = #Button_RArrangeMem
EndIf
EndIf
Until Event = #PB_Event_CloseWindow ; End of the event loop
PBOSL_Process_END()
End
; Debug "GetOwnPID()="+Str(GetOwnPID())
;
; PID=GetProcessPIDperName(Filename,priv_ProcessList())
; Debug PID
; If PID
; Rearrangemem(PID)
; PauseProcess(PID)
; MessageRequester("info","stopping PID " +Str(pid) ,0)
; ResumeProcess(PID)
; MessageRequester("info","Killing all " + filename ,0)
; ;KillPID(PID,0)
; Debug KillAllProcess("calc.exe",0)
; EndIf
