|
Yes, I understood...
Thank you... 
- NS -
|
|
|
|
|
Almost but not quite true. If you select the "End Task" button from the "Applications" tab then task manager attempts to close the application gracefully by sending the window a WM_CLOSE message and only resorts to terminating it if it doesn't die within a timeout. If the "End Process" button is selected from the "Process" tab the process is terminated on the spot (as you describe). Actually things are actually slightly more complicated then described above but this gives the general idea.
Steve
|
|
|
|
|
Perhaps you can hook the TerminateProcess function in the kernel dll, then whenever it is called, check to see if the process to end is your process then return immediatly and don't call the hooked function.
Hooking can be a tricky thing to accomplish actually, I've had some experience with it using Microsoft's Detours library, it took sometime but proved to be useful at last, maybe you can try and see what turns out for yourself
--
Wessam Fathi
|
|
|
|
|
That may be a cruel thing...
Actually I was seeking for a simple method if any...
Anyway thank you very much for your support...
- NS -
|
|
|
|
|
Patching TerminateProcess in one process will not effect other processes.
Steve
|
|
|
|
|
Did you check out the detours library, Detours intercepts Win32 functions by re-writing target function images.
I used it when developing a simple firewall, to re-route all calls to winsock functions (connect, listen, send, recv). It is a system wide hook where all calls to the patched functions from all processes are redirected to my detour function.
--
Wessam Fathi
|
|
|
|
|
I've used Detours extensively. Yes it re-writes the target image but that doesn't mean its effects are global. The changes would only be global if the page that contains the patched code was in a shared section; Code is never in a shared section. A simple example can prove this. This program detours MessageBoxA but only for its first instance. Run two instances and note that in the second (which doesn't apply a detour of its own) the detours from the first has no effect. The fact that Detours works this way is a consequence of the way the paging system and virtual memory works. To make it work the way you describe you would have to apply the patch to every process (which perhaps you done in your firewall).
----
// NotGlobal.cpp : Defines the entry point for the application.
//
#include "stdafx.h"
#include <Detours.h>
#pragma data_seg(".SHARED")
LONG s_InstancesMinusOne = -1;
#pragma data_seg()
#pragma comment(linker, "/SECTION:.SHARED,rws")
DETOUR_TRAMPOLINE(int WINAPI Tram_MessageBoxA(
HWND hWnd,
LPCSTR lpText,
LPCSTR lpCaption,
UINT uType),
MessageBoxA)
int WINAPI My_MessageBoxA(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
return Tram_MessageBoxA(hWnd, "Patched", lpCaption, uType);
}
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow)
{
if ( InterlockedIncrement(&s_InstancesMinusOne)==0 )
{
// First instance.
DetourFunctionWithTrampoline((PBYTE)&Tram_MessageBoxA, (PBYTE)&My_MessageBoxA);
}
MessageBox(NULL, "Original", "Hello", MB_OK);
InterlockedDecrement(&s_InstancesMinusOne);
return 0;
}
Steve
|
|
|
|
|
Well I've used Detours extensively myself, when developing my graduation project back at college - it was an antivirus and a firewall package.
I used detours in the antivirus part, to intercept all calls to CreateProcess function, when the user tries to run any program it was blocked until user Allows / Denies.
It did work, I can send you videos for the application running if you want
Here is the code I used, that's only a bit demonstrating the technique not the whole code, so it definetely won't compile:
1. Detours management code encapsulated in a dll:
-------------------------------------------------
BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
hInst = (HINSTANCE)hModule;
//intercept the API functions of the host program
Intercept();
hook = NULL;
//request a unique message number form the sytem for inter processes messaging
WM_HOOKMESSAGE = RegisterWindowMessage("{398E8909-327E-4ce8-B523-012AA80808A0}");
return TRUE;
case DLL_PROCESS_DETACH:
//if we had a successful interception, de-intercept the detour function
if(CreateProcessW_T && CreateProcessA_T)
DeIntercept();
//if we had a successful windows hook, un install that hook
if(hWndServer != NULL)
ClearHook(hWndServer);
return TRUE;
}
return TRUE;
}
//hook install function
CREATEHOOK_API bool SetHook(HWND hWnd)
{
if(hWndServer != NULL)
return FALSE; // already hooked!
hook = SetWindowsHookEx(WH_GETMESSAGE, (HOOKPROC)MyProc, hInst, 0);
if(hook != NULL)
{ /* success */
hWndServer = hWnd;
return TRUE;
} /* success */
return FALSE; // failed to set hook
}
//hook un-install functions
CREATEHOOK_API bool ClearHook(HWND hWnd)
{
if(hWnd != hWndServer || hWnd == NULL)
return FALSE;
BOOL unhooked = UnhookWindowsHookEx(hook);
if(unhooked)
hWndServer = NULL;
return unhooked;
}
//this is a dummy hook proc, since the main use of the hook is to
//load our library to all processes in the system
static LRESULT CALLBACK MyProc(int nCode, WPARAM wParam, LPARAM lParam)
{
return CallNextHookEx(hook, nCode, wParam, lParam);
}
//API interception installation function
CREATEHOOK_API int Intercept()
{
//intercept the CreateProcessW function
CreateProcessW_T
=(BOOL(WINAPI *)(LPCWSTR, LPWSTR, LPSECURITY_ATTRIBUTES,
LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCWSTR, LPSTARTUPINFOW, LPPROCESS_INFORMATION))DetourFunction((PBYTE)CreateProcessW,
(PBYTE)CreateProcessW_D);
//intercept the CreateProcessA function
CreateProcessA_T
=(BOOL(WINAPI *)(LPCTSTR, LPTSTR, LPSECURITY_ATTRIBUTES,
LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPCTSTR, LPSTARTUPINFO, LPPROCESS_INFORMATION))DetourFunction((PBYTE)CreateProcessA,
(PBYTE)CreateProcessA_D);
return 0;
}
//API interception un-install function
CREATEHOOK_API int DeIntercept()
{
//Remove the interception of CreateProcessW function
DetourRemove((PBYTE)CreateProcessW_T, (PBYTE)CreateProcessW_D);
//Remove the interception of CreateProcessA function
DetourRemove((PBYTE)CreateProcessA_T, (PBYTE)CreateProcessA_D);
CreateProcessW_T = NULL;
CreateProcessA_T = NULL;
return 0;
}
2. Windows application that used the dll to intercept all calls to CreateProcess:
----------------------------------------------------------------------------
//locating and loading the hooking dll
char strPath[MAX_PATH];
GetModuleFileName(NULL, strPath, MAX_PATH);
PathRemoveFileSpec(strPath);
strcat(strPath, "\\CreateHook.dll");
hModDLL = LoadLibrary(strPath);
if(hModDLL != NULL)
{
//obtain a pointer to the hooking finstallation function
PTRSETHOOK startHook = (PTRSETHOOK)GetProcAddress(hModDLL, "SetHook");
//if obtained a valid pointer run the function
if(startHook)
{
startHook(hWnd);
bStatus = true; //set interception state to enabled
}
else
{
MessageBox(NULL, "Failed to start hooking", "Fatal Error", MB_ICONSTOP);
exit(9);
}
}
else
{
MessageBox(NULL, "Failed to load hooking DLL", "Fatal Error", MB_ICONSTOP);
exit(9);
}
--
Wessam Fathi
|
|
|
|
|
This will work to a point - But the fact that it works is consistent with my previous post. The reason is that you're detouring the function in every process by using the global hook mechanism via SetWindowsHookEx. SetWindowsHookEx, when used to set a global hook, loads the hook DLL into every UI process and the DLL's entry point code sets up the detour. There is an obvious limitation to this technique inherited from the global hook mechanism; It will only work for processes that have a message pump. It will probably not work for console application for example. Also noteworthy is the licensing agreement of the Detours library - You can't use it in commercial applications without explicit permission.
Steve
|
|
|
|
|
Thanks for your reply, actually I didn't know that it won't work except for applications with a message bump, and that it probably won't for console applications. That's a valuable piece of information I didn't actually know
Regarding the library licensing, I only used it for the college project - not a commercial application - so I didn't need to buy it.
--
Wessam Fathi
|
|
|
|
|
|
The text will be displayed in the center of rectangleArea. So, how is this rectangle initialized ?
|
|
|
|
|
The problem is when you calculate the rectangleArea by DrawText and DT_CALCRECT the right member of the rectangleArea will be reduced to the width of the text.
Then you show it using the same rectangleArea, how will it come to centre? Think...
- NS -
|
|
|
|
|
:-DI write code such as following in Visual C++ 6.0:
#include "stdafx.h"
int main(int argc, char* argv[])
{
char c0;
double d0;
char c1;
char c2;
printf("%p\n%p\n%p\n%p\n",&c0,&d0,&c1,&c2);
return 0;
}
In Debug build mode, output:
0012FF7C
0012FF6C
0012FF78
0012FF74
Why VC6 put variable d0 on the stack top?
Your sincerely
REMY
|
|
|
|
|
Probably because it is a double.
~RaGE();
|
|
|
|
|
This is probably because the VC++ compiler is trying to optimize memory allocations, by automatically choosing the ordering and layout of variables in memory in order to minimize memory usage.
--
Wessam Fathi
|
|
|
|
|
I migrated my project to VC2005 and found a pretty strange problem. The code tries to dynamic cast an object and the result is NULL even the objet type is valid. E.g.
I have a following code:
class A;<br />
<br />
A* ptr = new A;<br />
...<br />
A* pTest = dynamic_cast<A*>(ptr);
pTest is NULL but in the debugger I can see that "ptr" is A.
The project has RTTI enabled.
Any idea what could be the problem?
Thanks, Abyss
|
|
|
|
|
Try this: pTest = ptr; - it might work just fine for you. Good luck!
|
|
|
|
|
try this
A* pTest = dynamic_cast<a*>(ptr);
but in ur case it is not required as suggested by Mihai Moga
never say die
-- modified at 7:37 Wednesday 12th April, 2006
|
|
|
|
|
sunit5 wrote: A* pTest = dynamic_cast(ptr);
 what is your suggestion ?
exactly what he wrote...
|
|
|
|
|
This is my suggestion
A* pTest = dynamic_cast<A*>(ptr);
i didnot put <> (as in formatting )so <A*> was not visible
never say die
-- modified at 7:40 Wednesday 12th April, 2006
|
|
|
|
|
Finally, I found the problem. Well I simplified my problem so much. In my case the problem is somewhere else:
A* ptr = new A;
Then I incorrectly static casted the pointer to a C object:
C* pObj = static_cast<C*>(ptr);
because of this the dynamic cast failed in VC8, however in VC7 it works fine. pTest will be NULL in VC8 and in VC7 it will be ptr.
A* pTest = dynamic_cast<A*>(pObj);
I know the given approach is incorrect - why to cast to C object?!
Just want to point out that VC8 is less tolerant... and this is good. On the other side in case of big projects the code migration to VC8 can cause big pains 
Thanks, Abyss
|
|
|
|
|
Abyss wrote: A* pTest = dynamic_cast(ptr);
What language is this ? In C++, it would be :
A *pTest = dynamic_cast<A*>(ptr);
You are not giving the target pointer, thus getting a void*, e.g. NULL.
Anyway, in this example, as others said, this works without problem:
A *pTest=ptr;
~RaGE();
-- modified at 7:31 Wednesday 12th April, 2006
|
|
|
|
|
The "<" and ">” characters and what's in between is not showing up on your post.
Steve
|
|
|
|
|
hi all,
i can encrypt/dicrypt a plane message text by CryptEncrypt(...) and CryptDecrypt(...) Api. but how to create Digitial Signatures and send over the wire using Tripple DES. any suggestions.
thanks,
uday.
uday kiran
|
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
