简单判断系统是不是Vista 6/06
BYTE bVersion = (BYTE)GetVersion();
if (bVersion >= 6)
{
printf("主版本号:%X : 当前系统 >= Vista\n",bVersion);
}else{
printf("主版本号:%X : 当前系统 < Vista\n",bVersion);
}
每日一曲 - 真夏的果实 6/04
“南天群星”在日本无人不知,其从1979年组队到现在已经21年了(常青乐队啊), 现在仍然很受欢迎,是日本流行乐队中,他们始终保持不败,成员也是从未变动过, 这在日本流行音乐界还只此一队。他们还有个特点就是每到夏天就狂出歌,歌大多也与夏天有关。
S.A.S与TUBE共为夏天的歌手,就象森高千里只在冬天出歌一样。他们的歌曲被港台歌手翻唱无数,从张学友的“每天多爱你一点”(真夏的果实)到陈惠娴的“飘雪”(鲜花盛开的旅路)很多很多, 所以我们有时听S.A.S的歌时有很熟悉的感觉。S.A.S的歌于歌词见长,有抒情有欢快,曲风也不固定,每个人大多都能找出自己喜欢的歌。主音桑田佳佑那略带沙哑的歌喉听起来别有一番风味。
今晚更新了 WarKey++ 6/01
最近越来越懒得更新了,不过今天是六一儿童节,怎么说都不能放了儿童们的鸽子,哇哈哈哈。所以嘛,WarKey++ 4.0 送给又需要的朋友们。
好了,最近懒得写改键了。最近有新想法,新产品正在酝酿中,软件简称ADDS,具体功能待定。呼~话说7月1日就毕业了,咋办呢?咋办呢?(话说明天还要上班,早点睡吧。)
对了,这个月有高考,想到高考...往事不堪回首。希望高三的弟弟们能考个好成绩哈~
子类化 - zAddressOf 5/30
'Return the address of the specified ordinal method on the oCallback object, 1 = last private method, 2 = second last private method, etc
Private Function zAddressOf(ByVal oCallback As Object, ByVal nOrdinal As Long) As Long
' Note: used both in subclassing and hooking routines
Dim bSub As Byte 'Value we expect to find pointed at by a vTable method entry
Dim bVal As Byte
Dim nAddr As Long 'Address of the vTable
Dim i As Long 'Loop index
Dim J As Long 'Loop limit
RtlMoveMemory VarPtr(nAddr), ObjPtr(oCallback), 4 'Get the address of the callback object's instance
If Not zProbe(nAddr + &H1C, i, bSub) Then 'Probe for a Class method
If Not zProbe(nAddr + &H6F8, i, bSub) Then 'Probe for a Form method
' \\LaVolpe - Added propertypage offset
If Not zProbe(nAddr + &H710, i, bSub) Then 'Probe for a PropertyPage method
If Not zProbe(nAddr + &H7A4, i, bSub) Then 'Probe for a UserControl method
Exit Function 'Bail...
End If
End If
End If
End If
i = i + 4 'Bump to the next entry
J = i + 1024 'Set a reasonable limit, scan 256 vTable entries
Do While i < J
RtlMoveMemory VarPtr(nAddr), i, 4 'Get the address stored in this vTable entry
If IsBadCodePtr(nAddr) Then 'Is the entry an invalid code address?
RtlMoveMemory VarPtr(zAddressOf), i - (nOrdinal * 4), 4 'Return the specified vTable entry address
Exit Do 'Bad method signature, quit loop
End If
RtlMoveMemory VarPtr(bVal), nAddr, 1 'Get the byte pointed to by the vTable entry
If bVal <> bSub Then 'If the byte doesn't match the expected value...
RtlMoveMemory VarPtr(zAddressOf), i - (nOrdinal * 4), 4 'Return the specified vTable entry address
Exit Do 'Bad method signature, quit loop
End If
i = i + 4 'Next vTable entry
Loop
End Function
'Probe at the specified start address for a method signature
Private Function zProbe(ByVal nStart As Long, ByRef nMethod As Long, ByRef bSub As Byte) As Boolean
Dim bVal As Byte
Dim nAddr As Long
Dim nLimit As Long
Dim nEntry As Long
nAddr = nStart 'Start address
nLimit = nAddr + 32 'Probe eight entries
Do While nAddr < nLimit 'While we've not reached our probe depth
RtlMoveMemory VarPtr(nEntry), nAddr, 4 'Get the vTable entry
If nEntry <> 0 Then 'If not an implemented interface
RtlMoveMemory VarPtr(bVal), nEntry, 1 'Get the value pointed at by the vTable entry
If bVal = >&H33 Or bVal = &HE9 Then 'Check for a native or pcode method signature
nMethod = nAddr 'Store the vTable entry
bSub = bVal 'Store the found method signature
zProbe = True 'Indicate success
Exit Do 'Return
End If
End If
nAddr = nAddr + 4 'Next vTable entry
Loop
End Function
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Const SYNCHRONIZE = &H100000
Private Const STANDARD_RIGHTS_REQUIRED = &HF0000
Private Const PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF)
Private Declare Function NtSuspendProcess Lib "ntdll.dll" (ByVal hProc As Long) As Long
Private Declare Function NtResumeProcess Lib "ntdll.dll" (ByVal hProc As Long) As Long
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private hProcess As Long
Private Sub cmdSuspend_Click()
If IsNumeric(txtPid.Text) Then
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, CLng(txtPid.Text))
If hProcess <> 0 Then NtSuspendProcess hProcess
End If
CloseHandle hProcess
End Sub
Private Sub cmdResume_Click()
If IsNumeric(txtPid.Text) Then
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, CLng(txtPid.Text))
If hProcess <> 0 Then NtResumeProcess hProcess
End If
CloseHandle hProcess
End Sub
Private Sub cmdTerminate_Click()
If IsNumeric(txtPid.Text) Then
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, CLng(txtPid.Text))
If hProcess <> 0 Then TerminateProcess hProcess, 0
End If
End Sub
每日一曲 - Always 5/29
男人的柔情 bon jovi
其实自己今天是第一次听这首歌就被深深的吸引
当鼓点带起电子琴的声音时候
你已经投入了....
其实自己今天是第一次听这首歌就被深深的吸引
当鼓点带起电子琴的声音时候
你已经投入了....
最近工作比较忙,以后可能不能按时发贴了...包涵下下..吼吼~~Barry是这么想的,尽量找时间发音乐贴,找一些好歌给大家听~
VC进程控制相关代码 5/29
//获取进程路径
CString GetProcessPath( DWORD idProcess )
{
// 获取进程路径
CString sPath;
// 打开进程句柄
HANDLE hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, idProcess );
if( NULL != hProcess )
{
HMODULE hMod;
DWORD cbNeeded;
// 获取路径
if( EnumProcessModules( hProcess, &hMod, sizeof( hMod ), &cbNeeded ) )
{
DWORD dw = GetModuleFileNameEx( hProcess, hMod, sPath.
GetBuffer( MAX_PATH ), MAX_PATH );
sPath.ReleaseBuffer();
}
CloseHandle( hProcess );
}
return( sPath );
}
//获取进程优先级
CString GetProcessPriority(HANDLE hProcess)
{
char sz1[10] = "NORMAL";
char sz2[10] = "IDLE";
char sz3[10] = "REALTIME";
char sz4[10] = "HIGH";
char sz5[10] = "NULL";
char sz6[15] = "ABOVENORMAL";
char sz7[15] = "BELOWNORMAL";
//进程优先级返回
if(GetPriorityClass(hProcess) == NORMAL_PRIORITY_CLASS)
return sz1;
if(GetPriorityClass(hProcess) == IDLE_PRIORITY_CLASS)
return sz2;
if(GetPriorityClass(hProcess) == REALTIME_PRIORITY_CLASS)
return sz3;
if(GetPriorityClass(hProcess) == HIGH_PRIORITY_CLASS)
return sz4;
if(GetPriorityClass(hProcess) == ABOVE_NORMAL_PRIORITY_CLASS)
return sz6;
if(GetPriorityClass(hProcess) == BELOW_NORMAL_PRIORITY_CLASS)
return sz7;
else
return sz5;
}
//终止进程主函数
void TerminateProcessID(DWORD dwID)
{
HANDLE hProcess = NULL;
//打开进程句柄
hProcess = OpenProcess(PROCESS_TERMINATE,FALSE,dwID);
if(hProcess != NULL)
{
//终止进程
TerminateProcess(hProcess,0);
::CloseHandle(hProcess);
}
}
//获取进程快照
void GetProcessInfo()
{
SHFILEINFO shSmall;
int nIndex;
CString str;
//声明进程信息变量
PROCESSENTRY32 ProcessInfo;
//获取系统中的所有进程信息
HANDLE SnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(SnapShot != NULL)
{
m_ListCtrl.DeleteAllItems();
//设置ProcessInfo的大小
ProcessInfo.dwSize = sizeof(PROCESSENTRY32);
//返回系统中第一个进程的信息
BOOL Status = Process32First(SnapShot,&ProcessInfo);
//进程计数
int m_nProcess = 0;
while(Status)
{
m_nProcess++;
ZeroMemory(&shSmall,sizeof(shSmall));
//获取进程文件的信息
SHGetFileInfo(ProcessInfo.szExeFile,0,&shSmall,
sizeof(shSmall),SHGFI_ICON|SHGFI_SMALLICON);
//在列表控件中添加映像名称
nIndex = m_ListCtrl.InsertItem(m_nProcess,ProcessInfo.szExeFile);
//在列表控件中添加进程PID
str.Format("%08X",ProcessInfo.th32ProcessID);
m_ListCtrl.SetItemText(nIndex,1,str);
//在列表控件中添加进程的父进程PID
str.Format("%08X",ProcessInfo.th32ParentProcessID);
m_ListCtrl.SetItemText(nIndex,2,str);
//获取进程路径
str = GetProcessPath(ProcessInfo.th32ProcessID);
m_ListCtrl.SetItemText(nIndex,3,str);
//获取下一个进程信息
Status = Process32Next(SnapShot,&ProcessInfo);
}
}
else
MessageBox("获取进程信息失败!");
}
//获取模块快照
void GetProcessModule(DWORD dwID)
{
MODULEENTRY32 me32;
int nIndex;
or="#000000">CString str;
// 在使用这个结构之前,先设置它的大小
me32.dwSize = sizeof(me32);
// 给进程内所有模块拍一个快照
HANDLE hModuleSnap = ::CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwID);
if(hModuleSnap == INVALID_HANDLE_VALUE)
{
//建立快照失败
MessageBox("获取模块信息失败!", "提示", MB_OK|MB_ICONWARNING);
return;
}
// 遍历模块快照,轮流显示每个模块的信息
BOOL bMore = Module32First(hModuleSnap, &me32);
int m_nModule = 0;
while(bMore)
{
m_nModule++;
nIndex = m_listmod.InsertItem(m_nModule, me32.szExePath);//模块路径
str.Format("%u", me32.modBaseSize);//模块大小
m_listmod.SetItemText(nIndex,1,str);
bMore = Module32Next(hModuleSnap, &me32);
}
// 不要忘记清除掉snapshot对象
CloseHandle(hModuleSnap);
}
//
// FindProcess
// 这个函数唯一的参数是你指定的进程名,如:你的目标进程
// 是 "Notepad.exe",返回值是该进程的ID,失败返回0
//
DWORD FindProcess(char *strProcessName)
{
DWORD aProcesses[1024], cbNeeded, cbMNeeded;
HMODULE hMods[1024];
HANDLE hProcess;
char szProcessName[MAX_PATH];
if ( !EnumProcesses( aProcesses, sizeof(aProcesses), &cbNeeded ) ) return 0;
for(int i=0; i< (int) (cbNeeded / sizeof(DWORD)); i++)
{
//_tprintf(_T("%d "), aProcesses[i]);
hProcess = OpenProcess( PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
FALSE, aProcesses[i]);
EnumProcessModules(hProcess, hMods, sizeof(hMods), &cbMNeeded);
GetModuleFileNameEx( hProcess, hMods[0], szProcessName,sizeof(szProcessName));
if(strstr(szProcessName, st
rProcessName))
{
//_tprintf(_T("%s;"), szProcessName);
return(aProcesses[i]);
}
//_tprintf(_T(" "));
}
return 0;
}
//
// KillProcess
// 此函数中用上面的 FindProcess 函数获得你的目标进程的ID
// 用WIN API OpenPorcess 获得此进程的句柄,再以TerminateProcess
// 强制结束这个进程
//
VOID KillProcess()
{
// When the all operation fail this function terminate the "winlogon" Process for force exit the system.
HANDLE hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE,
FindProcess("YourTargetProcess.exe"));
if(hYourTargetProcess == NULL)
{
return;
}
TerminateProcess(hProcess, 0);
CloseHandle(hProcess);
return;
}
**************************************************************************************
*
* 版权归 雨律在线 - YuLv.Net - JiaJia 所有
*
* 转载请务必注明来源于 Http://Www.YuLv.Net
*
* 加加唯一指定官方 YuLv.Net 建议用户到官方安全下载
*
**************************************************************************************
WH新界面,DOTA主题.
> WarHelper 6.8.090614 完美加强版
0、加强了对Windows7的兼容性
1、修正了修改小键盘之后Shift+小键盘中断的问题
2、修正了录像文件定位和插件调用失败则出错的问题
3、新增了当保险箱保护HF时的提示
4、支持了最新HF的积分房的强制魔兽1.23识别
5、还原了Alt+F4强制结束魔兽(Alt+F10是游戏自带的小退出快捷键)
6、修正了鼠标映射页面字体显示不全的问题
7、喊话急速魔兽跟普通模式是不同的(根据自己情况切换模式)
8、新增了录像列表内的一组热键操作:
F2 详细方式分析录像(带聊天记录)
F3 默认重命名
F4 自定重命名
F5 热键刷新列表(新保存的录像)
F6 窗口模式观看录像
F7 全屏模式观看录像
(更新日志如上列表所示)
6月14日稍做改动,版本号更新为 6.8.090614 ,修改了部分小问题。暂时这样了...
主文件名称 : WarHelper.exe
主文件大小 : 250368 byte
文件MD5值 : bdc1ec7e315fb3d445b4365c3b28a130
多引擎扫描结果:VirusScan 结果 | VirusTotal 结果
官方下载地址:WarHelper 6.9 完美加强版 [源于 YuLv.Net - 加加原创]
进程模块枚举之获取基地址 5/28
typedef BOOL (_stdcall *ENUMPROCESSMODULES)
(HANDLE hProcess,HMODULE* lphModule,DWORD cb,LPDWORD lpcbNeeded);
typedef DWORD (_stdcall *GETMODULEFILENAMEEX)
(HANDLE hProcess,HMODULE hModule,LPTSTR lpFilename,DWORD nSize );
unsigned int FindModlueAddr(DWORD dwProcessId,char *TempSMPFileName)
{
HMODULE hModule = LoadLibrary("psapi.dll");
HMODULE hMods[1024];
DWORD cbNeeded=0;
char szModName[MAX_PATH];
//char TempSMPFileName[256];
unsigned int Ret = 0;
if(hModule == NULL)
return 0;
ENUMPROCESSMODULES pEnumProcessModules =
(ENUMPROCESSMODULES)GetProcAddress(hModule, "EnumProcessModules");
GETMODULEFILENAMEEX pGetModuleFileNameEx =
(GETMODULEFILENAMEEX)GetProcAddress(hModule, "GetModuleFileNameExA");
HANDLE hProcess =
OpenProcess(PROCESS_QUERY_INFORMATION |PROCESS_VM_READ,false,dwProcessId);
if(!hProcess)
{
Ret = 0;
goto FuncRet1;
}
//strcpy(TempSMPFileName,(const char *)GetSMPFileName());
int i;
if(pEnumProcessModules(hProcess,hMods,sizeof(hMods), &cbNeeded))
{
//枚举成功
for ( i = 0; i <= (int)(cbNeeded / sizeof(HMODULE)); i++ )
{
if(pGetModuleFileNameEx( hProcess, hMods[i], szModName,sizeof(szModName)))
{
if(strstr(szModName,TempSMPFileName/*".SMP"/*"NDDCLW.SMP"*/))
{
//MessageBox(0,szModName,"提示",MB_OK);
Ret = (unsigned int)hMods[i];
goto FuncRet;
}
}
}
}
FuncRet:
CloseHandle(hProcess);
FuncRet1:
FreeLibrary(hModule);
return Ret;
}
**************************************************************************************
*
* 版权归 雨律在线 - YuLv.Net - JiaJia 所有
*
* 转载请务必注明来源于 Http://Www.YuLv.Net
*
* 加加唯一指定官方 YuLv.Net 建议用户到官方安全下载
*
**************************************************************************************
更新日志:
1、新增了扩展改键
2、文件大小变为40KB
3、优化了资源占用
WarKey++ 即 WarKey 加强版。虽是加强,但更简单。不管在操作和使用方面都比 WarKey 简单,不喜欢复杂改键的朋友很适用。
注:新增的全屏窗口化功能在小图标的右键菜单中
官方下载地址: WarKey++ 4.0 单文件绿色加强版 下载 [雨律在线 - YuLv.Net]
不习惯4.0的可以换回3.X系列: WarKey++ 3.3 还原旧版本 下载
