|
|
I just read this article: http://www.codeproject.com/KB/system/Hack_Windows_Task_Manager.aspx[^], and I thought it would be quite interesting if an app is able to modify one entry in task manager's listbox, thus hiding itself. It sounded easy enough to replace LVM_DELETECOLUMN with LVM_DELETEITEM, but I'm getting strange errors with SendMessage.
So right now I have something like this:
LVFINDINFO findInfo;
ZeroMemory(&findInfo, sizeof(LVFINDINFO));
findInfo.flags=LVFI_STRING;
findInfo.psz=(LPCSTR)"myTest.exe";
Then I tried this (hWnd is for Windows Task Manager, not my app):
int index = ::SendMessage(hWnd,LVM_FINDITEM,(WPARAM)0,(LPARAM)(const LVFINDINFO FAR*)&findInfo);
if (index!=-1) ::SendMessage(hWnd,LVM_DELETEITEM,index,0);
It crashes taskmgr.
I was browsing through the comments on that article when I found a piece of code in Delphi that supposedly does what I'm trying to do. After my attempt to translate it into C++, it looks like this:
DWORD ProcessID;
GetWindowThreadProcessId(hWnd,&ProcessID);
HANDLE pHandle=OpenProcess(PROCESS_ALL_ACCESS,FALSE, ProcessID);
if (pHandle!=NULL){
LPVOID address=VirtualAllocEx(pHandle,NULL,sizeof(findInfo),MEM_RESERVE | MEM_COMMIT,PAGE_READWRITE);
if (WriteProcessMemory(pHandle,address,&findInfo,sizeof(findInfo),NULL)!=FALSE){
int index = ::SendMessage((HWND)pHandle,LVM_FINDITEM,(WPARAM)0,(LPARAM)(const LVFINDINFO FAR*)address);
if (index!=-1) ::SendMessage(hWnd,LVM_DELETEITEM,index,0);
}
CloseHandle(pHandle);
VirtualFreeEx(pHandle,NULL,sizeof(findInfo),MEM_DECOMMIT);
}
Unfortunately, that doesn't work either. The LVM_FINDITEM SendMessage returns 0, so all it's doing right now is deleting the first entry off taskmgr every 10 milliseconds.
If anyone could correct me on my usage of SendMessage with LVM_FINDITEM that would be appreciated. 
|
|
|
|
|
Did you also allocate the string (stored in findInfo.psz) in the other process's address apace?
|
|
|
|
|
I don't quite understand what you just said. 
The listbox that I'm searching does have the entry "myTest.exe", if that's what you're saying.
|
|
|
|
|
Thank U for valuble question.
The suggestion for allocating string other process worked well, but i need to set the postion for that i have to use LVM_SETITEMPOSITION, how can i create the POINT value in the other process.
Thanks in advance.----------------------------
KRISHNA KUMAR T M
|
|
|
|
|
Another way to hide entries would be to hook the ZwQuerySystemInformation API, which Task Manager calls to get a list of the running processes on the system. You can modify the linked list of processes returned by changing around the NextEntryDelta member of the SYSTEM_PROCESS_INFORMATION struct once the process is found (ProcessName member). I don't really see why you'd want to hide a process from Task Manager though -- outside of malicious purposes.
|
|
|
|
|
I get dizzy everytime I look at something related to drivers. You DO need to create a driver to hook the ZwQuerySystemInformation API right? I've been trying to learn how to hook the NT kernel functions for a long time now, and I'm not getting anywhere. There aren't any good tutorials 
And also, that isn't really my goal. As I said in my post, I just read an article on modifying Task Manager's listboxes and I was curious if that meant a process could be able to hide itself. I'm not doing this for any malicious purposes. Just doing it to satisfy my curiosity 
|
|
|
|
|
|
 It's possible to hook kernel functions without writing a driver?
I didn't know that.
|
|
|
|
|
Hi.....
I have One Dialog with Five tabs. Each Tab having so many controls like Edit boxes,buttons and all.
My problem is When u enter some Data in any control of that particular tab,the ASTERIK should be added to the Tab Name.(Same as when we write aome Data in wordpad the asterik will add to the Document Name).
So, How can i Do that...
My IDEA is ::: OnKillfocus() and "change" event of every Control we maintain one varible.but there are so many Controls..!!!!!
Is there any another API or simple way to do this 
|
|
|
|
|
The controls send notifications to the parent whenever changes are made.
These notifications are typically sent via WM_COMMAND or WM_NOTIFY
messages.
Assuming MFC here (you could do similar using straight Win32):
You could override OnCommand() and OnNotify() in the parent dialog
and in your overrides, look for the change notifications, and if one
is received, take the appropriate action. Make sure you call the base
class method so proper MFC command/notification processing gets done.
For a list of the possible notifications and how they are sent, see
the Windows Controls[^] documentation for the types of controls
you use.
Mark
Mark Salsbery
Microsoft MVP - Visual C++
![Java | [Coffee]](https://www.codeproject.com/script/Forums/Images/coffee.gif)
|
|
|
|
|
phanindra varma wrote:
Is there any another API or simple way to do this
In the sheet, call GetTabControl(). Then fill out a TC_ITEM structure and call GetItem(). Add the asterisk and call SetItem().
"Love people and use things, not love things and use people." - Unknown
"The brick walls are there for a reason...to stop the people who don't want it badly enough." - Randy Pausch
|
|
|
|
|
Hi All,
I need to access the java servlet in my C++ code using win32 console application.Is there any libraries for this.I dont know how to do this?
For example,
if i enter this servlet url
"http://192.197.66.99/sample/checkName", i should access this servlet in my console application.
Please help me..................
Thanks & Regards,
Anitha
|
|
|
|
|
AnithaSubramani wrote: I need to access the java servlet in my C++ code using win32 console application
You could use any HTTP client to access a servlet (for example http://www.codeproject.com/KB/IP/simplehttpclient.aspx[^])...or do something very simple like
system("IEXPLORE.EXE \"http://192.197.66.99/sample/checkName\"");
Hope it helps 
|
|
|
|
|
Hi,
Im trying the system("IEXPLORE.EXE \"http://192.168.99.99:8080/netupdate/UploadFiles\" ");
command but it showing the following error:
'IEXPLORE.EXE' is not recognized as an internal or external command,
operable program or batch file.
Thanks & Regards,
Anitha
|
|
|
|
|
AnithaSubramani wrote: 'IEXPLORE.EXE' is not recognized as an internal or external command,
operable program or batch file.
Use an absolute path, not a relative one.
"Love people and use things, not love things and use people." - Unknown
"The brick walls are there for a reason...to stop the people who don't want it badly enough." - Randy Pausch
|
|
|
|
|
is there any data type is which I can store the 1 billion digit number
Trioum
|
|
|
|
|
trioum wrote: is there any data type is which I can store the 1 billion digit number
1 billion digits?  
Surely, you meant the number 1 billion and not 1 billion digits?
Many are stubborn in pursuit of the path they have chosen, few in pursuit of the goal - Friedrich Nietzsche
.·´¯`·->Rajesh<-·´¯`·.
[Microsoft MVP - Visual C++]
|
|
|
|
|
no I mean 1 billion digits .
Trioum
|
|
|
|
|
GMP BigNum library[^] is your best bet perhaps.
As an example, Here is the sample calculation and result:
Cauculation: 1 + gcd(87324,78263148,7896) * (10^1989879887 mod 421!)
The Output: A very laaarge number[^]
Many are stubborn in pursuit of the path they have chosen, few in pursuit of the goal - Friedrich Nietzsche
.·´¯`·->Rajesh<-·´¯`·.
[Microsoft MVP - Visual C++]
|
|
|
|
|
Still very far from 1 billion digits
|
|
|
|
|
Yes, that's why I said it could be his *best bet*.
[Military tone] Sir, we need to keep a safe distance from him. [/Military tone]
It is a crappy thing, but it's life -^ Carlo Pallini
.·´¯`·->Rajesh<-·´¯`·.
[Microsoft MVP - Visual C++]
|
|
|
|
|
Rajesh R Subramanian wrote: The Output: A very laaarge number[^]
order 6 of magnitude apart
If the Lord God Almighty had consulted me before embarking upon the Creation, I would have recommended something simpler.
-- Alfonso the Wise, 13th Century King of Castile.
This is going on my arrogant assumptions. You may have a superb reason why I'm completely wrong.
-- Iain Clarke
[My articles]
|
|
|
|
|
Rajesh R Subramanian wrote: GMP BigNum library[^] is your best bet perhaps.
Rajesh, do you know of any good implementations of BigNum that are not Gnu based, i.e. use MS tools like MASM? I have Googled "multi precision math" and went through all of the hits, and the results (there were 97) were all about BigNum, or proprietary for sale products, or for Java, or were white papers. Nothing there about a PC based MS implementation. I even searched the CP articles and found no hits.
I downloaded the GMP version and started looking at the ASM source, but without the GCC compiler and its tools, the code is not complete. It needs to be expanded by the Gnu M4 macros and assembled by GAS (Gnu Assembler?), and even then I don't know whether or not it produces anything like a .LST file that would actually indicate exactly what instructions are executing at which locations to gain their reported speed by taking advantage of cashing, etc. I really don't want to go this route, I want to stick with MS tools and don't even want the C++ front end, strictly MASM.
I do have an integer implementation of a multi precision math library and was thinking of expanding it to a floating point version and was looking to see how it stacked up with "the best". As far as I could easily determine, the BigNum algorithms matched mine. Mine were home brew - what worked fastest, theirs were based on the experts like Knuth. I went to my library and cracked open Knuth, Vol 2, for the first time to see what the expert had to say. Enlightening. I have also done a thorough read of the AMD specs on my Athlon and have used many of their suggestions.
Dave Augustine.
|
|
|
|
|
Dave,
I am not able to suggest something readily that might suit you. Further to that, I have not worked too much on this front. I have forwarded this query to a few people that might possibly give a fruitful reply.
I'll write to you if I hear something from them.
It is a crappy thing, but it's life -^ Carlo Pallini
|
|
|
|
General 
News 
Suggestion 
Question 
Bug 
Answer 
Joke 
Praise 
Rant 
Admin 
Submit an article or tip
![Java | [Coffee]](https://codeproject.global.ssl.fastly.net/script/Forums/Images/coffee.gif)
