Текущий архив: 2011.12.11;
Скачать: CL | DM;
Вниз
WinPerf Найти похожие ветки
← →
Игорь © (2009-09-13 12:50) [0]Привет, ни кто не работал с WinPerf?
Меня интересует в частности .NET Performance, подкиньте пожалуйста примерчик
← →
Игорь Шевченко © (2009-09-13 14:18) [1]"WinPerf is a real threat to computer as it is both remote administration tool and a spyware. WinPerf logs keystrokes and steals passwords and other sensitive information. It also gives remote attacker access to the infected computer. The attacker gains full control of the compromised system."
нафиг кому-то с ним работать ?
← →
Игорь © (2009-09-13 14:50) [2]
> Игорь Шевченко © (13.09.09 14:18) [1]
Игорь если вы помните я задавал вопрос по поводу как определить испульзует ли процесс .NET Framework, ну так вот я решил(по крайней мере для себя) что это можно сделать с помощью .NET Performance Counters
← →
Игорь Шевченко © (2009-09-13 16:46) [3]
> Игорь если вы помните я задавал вопрос по поводу как определить
> испульзует ли процесс .NET Framework
Например, по анализу заголовка EXE-файла процесса, наличию в нем секции IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR, по получению из этой секции PIMAGE_COR20_HEADER.
Что касается Performance Counters в .Net, то поиск по rsdn.ru выдает массу результатов на эту тему.
Однако теме этой место в WinAPI, куда и перемещаю
← →
Игорь © (2009-09-15 11:50) [4]Помогите пожалуйста перевести на Delphi
BOOL IsManaged(LPTSTR lpszImageName)
{
BOOL bIsManaged = FALSE; //variable that indicates whether
//managed or not.
TCHAR szPath[MAX_PATH]; //for convenience
HANDLE hFile = CreateFile(lpszImageName, GENERIC_READ,
FILE_SHARE_READ,NULL,OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL,NULL);
//attempt the standard paths (Windows dir and system dir) if
//CreateFile failed in the first place.
if(INVALID_HANDLE_VALUE == hFile)
{
//try to locate in Windows directory
GetWindowsDirectory(szPath,MAX_PATH);
_tcscat(szPath,_T("\\"));
_tcscat(szPath,lpszImageName);
hFile = CreateFile(szPath, GENERIC_READ, FILE_SHARE_READ,
NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,
NULL);
}
if(INVALID_HANDLE_VALUE == hFile)
{
//try to locate in system directory
GetSystemDirectory(szPath,MAX_PATH);
_tcscat(szPath,_T("\\"));
_tcscat(szPath,lpszImageName);
hFile = CreateFile(szPath, GENERIC_READ, FILE_SHARE_READ,
NULL,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,
NULL);
}
if(INVALID_HANDLE_VALUE != hFile)
{
//succeeded
HANDLE hOpenFileMapping = CreateFileMapping(hFile,NULL,
PAGE_READONLY,0,
0,NULL);
if(hOpenFileMapping)
{
BYTE* lpBaseAddress = NULL;
//Map the file, so it can be simply be acted on as a
//contiguous array of bytes
lpBaseAddress = (BYTE*)MapViewOfFile(hOpenFileMapping,
FILE_MAP_READ,0,0,0);
if(lpBaseAddress)
{
//having mapped the executable, now start navigating
//through the sections
//DOS header is straightforward. It is the topmost
//structure in the PE file
//i.e. the one at the lowest offset into the file
IMAGE_DOS_HEADER* pDOSHeader =
(IMAGE_DOS_HEADER*)lpBaseAddress;
//the only important data in the DOS header is the
//e_lfanew
//the e_lfanew points to the offset of the beginning
//of NT Headers data
IMAGE_NT_HEADERS* pNTHeaders =
(IMAGE_NT_HEADERS*)((BYTE*)pDOSHeader +
pDOSHeader->e_lfanew);
//store the section header for future use. This will
//later be need to check to see if metadata lies within
//the area as indicated by the section headers
IMAGE_SECTION_HEADER* pSectionHeader =
(IMAGE_SECTION_HEADER*)((BYTE*)pNTHeaders +
sizeof(IMAGE_NT_HEADERS));
//Now, start parsing
//First of all check if it is a PE file. All assemblies
//are PE files.
if(pNTHeaders->Signature == IMAGE_NT_SIGNATURE)
{
//start parsing COM table (this is what points to
//the metadata and other information)
DWORD dwNETHeaderTableLocation =
pNTHeaders->OptionalHeader.DataDirectory
[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR].
VirtualAddress;
if(dwNETHeaderTableLocation)
{
//.NET header data does exist for this module;
//find its location in one of the sections
IMAGE_COR20_HEADER* pNETHeader =
(IMAGE_COR20_HEADER*)((BYTE*)pDOSHeader +
GetActualAddressFromRVA(pSectionHeader,
pNTHeaders,dwNETHeaderTableLocation));
if(pNETHeader)
{
//valid address obtained. Suffice it to say,
//this is good enough to identify this as a
//valid managed component
bIsManaged = TRUE;
}
}
}
else
{
cout << "Not PE file\r\n";
}
//cleanup
UnmapViewOfFile(lpBaseAddress);
}
//cleanup
CloseHandle(hOpenFileMapping);
}
//cleanup
CloseHandle(hFile);
}
return bIsManaged;
}
← →
clickmaker © (2009-09-15 12:02) [5]> Помогите пожалуйста перевести на Delphi
= -> :=
== -> =
-> -> .
TCHAR szPath[MAX_PATH] -> szPath: array[0..MAX_PATH-1] of char;
BOOL -> boolean
_tcscat -> StrCat
(BYTE*)A -> PByte(A)
← →
Игорь © (2009-09-15 12:40) [6]Короче получилось вот что, без обработки ошибок
Вроде работает, вот только для RAD Studio - bds.exe почему то возвращает False хотя Process Explorer говорит что процесс .NETfunction _IsNET(ImageName: String): Boolean;
var
hFile: THandle;
hOpenFileMapping: THandle;
lpBaseAddress: Pointer;
pDOSHeader: PImageDosHeader;
pNTHeaders: PImageNtHeaders;
begin
Result:= False;
hFile:= CreateFile(PAnsiChar(ImageName), GENERIC_READ, FILE_SHARE_READ, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0);
hOpenFileMapping:= CreateFileMapping(hFile, nil, PAGE_READONLY, 0, 0, nil);
lpBaseAddress:= MapViewOfFile(hOpenFileMapping, FILE_MAP_READ, 0, 0, 0);
pDOSHeader:= PImageDosHeader(lpBaseAddress);
pNTHeaders:= PImageNtHeaders(PChar(pDOSHeader) + pDOSHeader^._lfanew);
with pNTHeaders.OptionalHeader.DataDirectory[14] do
if (Size <> 0) then
Result:= True;
UnmapViewOfFile(lpBaseAddress);
CloseHandle(hOpenFileMapping);
CloseHandle(hFile);
end;
procedure TForm1.Button1Click(Sender: TObject);
begin
if _IsNET("C:\Program Files\CodeGear\RAD Studio\6.0\bin\bds.exe") then
ShowMessage("NET");
end;
Страницы: 1 вся ветка
Текущий архив: 2011.12.11;
Скачать: CL | DM;
Память: 0.5 MB
Время: 0.009 c
