Jump to content

_WinAPI_ThreadsnProcesses() Infos and Indented processlist.


Manko
 Share

Recommended Posts

The structs in there is the real contribution, but if you elaborate, you can:

* Get lots of info on processes and threads.

* Get Suspendstate without stupid suspend/resume every thread looking for results of operation...

* Optionally get a pretty list of processes which clearly shows which process spawned which...

Doesn't need Administrator rights or elevated privileges. Thanks for testing, Ascendant!

The indented processlist needs optimizations... My only try at bettering that part turned out slower, even though it did not do as much redundant processing... ?? Have a peek! If you have ideas about improving the indentationcode, it's VERY welcome.

Here you have it: Small example. Build on it and you get MUCH info on processes!

#include <array.au3>    ; Needed to display array in example.

;~ typedef enum
;~ {
;~   StateInitialized,
;~   StateReady,
;~   StateRunning,
;~   StateStandby,
;~   StateTerminated,
;~   StateWait,             5
;~   StateTransition,
;~   StateUnknown,
;~ } THREAD_STATE;

;~ typedef enum
;~ {
;~   Executive,
;~   FreePage,
;~   PageIn,
;~   PoolAllocation,
;~   DelayExecution,
;~   Suspended,             5
;~   UserRequest,
;~   WrExecutive,
;~   WrFreePage,
;~   WrPageIn,
;~   WrPoolAllocation,
;~   WrDelayExecution,
;~   WrSuspended,           12
;~   WrUserRequest,
;~   WrEventPair,
;~   WrQueue,
;~   WrLpcReceive,
;~   WrLpcReply,
;~   WrVirtualMemory,
;~   WrPageOut,
;~   WrRendezvous,
;~   Spare2,
;~   Spare3,
;~   Spare4,
;~   Spare5,
;~   Spare6,
;~   WrKernel,
;~   MaximumWaitReason
;~ } KWAIT_REASON;

;~ typedef enum _SYSTEM_INFORMATION_CLASS
;~ {
;~   SystemProcessesAndThreadsInformation = 5,
;~   /* There are a lot more of these... */
;~ } SYSTEM_INFORMATION_CLASS;

;~   NTSTATUS NTAPI ZwQuerySystemInformation (IN SYSTEM_INFORMATION_CLASS,
;~                     IN OUT PVOID, IN ULONG,
;~                     OUT PULONG);
;~ }

    $tag_SYSTEM_THREADS=    "double KernelTime;" & _
                            "double UserTime;" & _
                            "double CreateTime;" & _
                            "ulong  WaitTime;" & _
                            "ptr    StartAddress;" & _
                            "dword  UniqueProcess;" & _
                            "dword  UniqueThread;" & _
                            "long   Priority;" & _
                            "long   BasePriority;" & _
                            "ulong  ContextSwitchCount;" & _
                            "long   State;" & _
                            "long   WaitReason"
                            
    $tag_SYSTEM_PROCESSES=  "ulong  NextEntryDelta;" & _
                            "ulong  Threadcount;" & _
                            "ulong[6];" & _                         ; Reserved...
                            "double CreateTime;" & _
                            "double UserTime;" & _
                            "double KernelTime;" & _
                            "ushort Length;" & _                    ; unicode string length
                            "ushort MaximumLength;" & _             ; also for unicode string
                            "ptr    ProcessName;" & _               ; ptr to mentioned unicode string - name of process
                            "long   BasePriority;" & _
                            "ulong  ProcessId;" & _
                            "ulong  InheritedFromProcessId;" & _
                            "ulong  HandleCount;" & _
                            "ulong[2];" & _                         ;Reserved...
                            "uint   PeakVirtualSize;" & _
                            "uint   VirtualSize;" & _
                            "ulong  PageFaultCount;" & _
                            "uint   PeakWorkingSetSize;" & _
                            "uint   WorkingSetSize;" & _
                            "uint   QuotaPeakPagedPoolUsage;" & _
                            "uint   QuotaPagedPoolUsage;" & _
                            "uint   QuotaPeakNonPagedPoolUsage;" & _
                            "uint   QuotaNonPagedPoolUsage;" & _
                            "uint   PagefileUsage;" & _
                            "uint   PeakPagefileUsage;" & _
                            "uint64 ReadOperationCount;" & _
                            "uint64 WriteOperationCount;" & _
                            "uint64 OtherOperationCount;" & _
                            "uint64 ReadTransferCount;" & _
                            "uint64 WriteTransferCount;" & _
                            "uint64 OtherTransferCount"

; ############ Example code #######################
$t=TimerInit()
$temp=_WinAPI_ThreadnProcess()
$temp[0][0]=TimerDiff($t)
$temp[0][1]="PID" 
$temp[0][3]="WorkingSetSize" 
$temp[0][2]="ParentPID"
$temp[0][4]="IsSuspended"
_ArrayDisplay($temp, "Non-indented.")
$t=TimerInit()
$temp=_WinAPI_ThreadnProcess(1)
$temp[0][0]=TimerDiff($t)
$temp[0][1]="PID" 
$temp[0][3]="WorkingSetSize" 
$temp[0][2]="ParentPID"
$temp[0][4]="IsSuspended"
_ArrayDisplay($temp, "Indented proclist showing relations between processes.")
$temp=0
; ###############################################


; ############ Here be example func! ####################
Func _WinAPI_ThreadnProcess($indent=0)
    Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "int*", 0, "int", 0, "int*",0)
    Local $Mem=DllStructCreate("byte[" & $ret[4] & "]")
    Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "ptr", DllStructGetPtr($MEM), "int", DllStructGetSize($MEM), "int*",0)
    Local $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $ret[2])
    Local $SysProc_ptr=$ret[2]
    Local $SysProc_Size=DllStructGetSize($SysProc)
    Local $SysThread=DllStructCreate($tag_SYSTEM_THREADS)
    Local $SysThread_Size=DllStructGetSize($SysThread)
    Local $buffer, $i, $lastthread, $m=0, $NextEntryDelta, $k, $temp, $space, $l
    Local $avArray[10000][7]
    While 1
        ; Get procinfo here
        ; ...
        ; ###### Example...
        ; Get process name. Convert Unicode to string.
        $buffer=DllStructCreate("char[" & DllStructGetData($SysProc, "Length") & "]", DllStructGetData($SysProc, "ProcessName"))
        for $i=0 to DllStructGetData($SysProc, "Length")-1 step 2
            $avArray[$m][0]&=DllStructGetData($buffer, 1, $i+1)
        Next
        ; ... more data ...
        $avArray[$m][1]=DllStructGetData($SysProc, "ProcessId")
        $avArray[$m][3]=DllStructGetData($SysProc, "WorkingSetSize")/(1024) & " kB"
        $avArray[$m][2]=DllStructGetData($SysProc, "InheritedFromProcessId")
        $avArray[$m][4]=1 ; We assume suspended. When we check the threads we change it.
        $avArray[$m][5]=DllStructGetData($SysProc, "CreateTime") ;i just used it in indentation-code.
        ; ##### Example ends...
        
        ; ... over to threads...
        for $i=0 to DllStructGetData($SysProc, "Threadcount")-1
            $SysThread=DllStructCreate($tag_SYSTEM_THREADS, $SysProc_ptr+$SysProc_Size+$i*$SysThread_Size)
            ;Get Threadinfo here...
            ; ...
            ; ##### Example...
            ; Check "WaitReason" = 5 = "Suspended". If not. Process is not suspended...
            if DllStructGetData($SysThread, "WaitReason") <> 5 Then
                $avArray[$m][4]=0 ; If just one thread is active... Process is not suspended.
                ExitLoop
            Endif
            ; ##### Example ends...
            
            ; ... loop to next thread...
        next
        $NextEntryDelta=DllStructGetData($SysProc, "NextEntryDelta")
        if NOT $NextEntryDelta Then ExitLoop
            $SysProc_ptr+=$NextEntryDelta
            $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $SysProc_ptr)
        $m+=1
        ContinueLoop    
    WEnd
    Redim $avArray[$m+1][7]
    ;###################### START INDENTATION CODE ####################################
    If $indent =1 Then
        $temp = $avArray
        $space = ""
        For $i = 1 To UBound($temp, 1) - 1
            For $m = 0 To UBound($temp, 1) - 1
                For $k = 1 To UBound($temp, 1) - 1
                    If $temp[$k][0] Then
                        If ($i - $m) < 1 Then
                            $space = ""
                            $avArray[$i][0] = $temp[$k][0]
                            $avArray[$i][1] = $temp[$k][1]
                            $avArray[$i][2] = $temp[$k][2]
                            $avArray[$i][3] = $temp[$k][3]
                            $avArray[$i][4] = $temp[$k][4]
                            $avArray[$i][5] = $temp[$k][5]
                            $temp[$k][0] = 0
                            ContinueLoop 3
                        Else
                            If $temp[$k][2] = $avArray[($i - $m - 1)][1] Then
                                While 1
                                    If $avArray[($i - $m - 1)][1] < 5 Then ExitLoop
                                    ;If Not $avArray[($i - $m - 1)][12] Then ContinueLoop 2
                                    ;msgbox(0,"",DllStructGetData($tp1,1) & @LF & DllStructGetData($tp2,1))
                                    If $temp[$k][5] > $avArray[($i - $m - 1)][5] Then ExitLoop
                                    ContinueLoop 2
                                WEnd
                                $space = ""
                                For $l = 1 To $avArray[($i - $m - 1)][6] + 1
                                    $space &= "   "
                                Next
                                $avArray[$i][0] = $space & $temp[$k][0]
                                $avArray[$i][1] = $temp[$k][1]
                                $avArray[$i][2] = $temp[$k][2]
                                $avArray[$i][6] = $avArray[($i - $m - 1)][6] + 1
                                $avArray[$i][3] = $temp[$k][3]
                                $avArray[$i][4] = $temp[$k][4]
                                $avArray[$i][5] = $temp[$k][5]
                                $temp[$k][0] = 0
                                ContinueLoop 3
                            EndIf
                        EndIf
                    EndIf
                Next
            Next
        Next
        $temp=0
    EndIf
    ;###################### END INDENTATION CODE ####################################
    ReDim $avArray[ubound($avArray,1)][5] ; Cut off 2 entries used by indentation code... Just for example...
    Return $avArray
EndFunc 
;################################ END FUNC ##########################################

I wrote over "System Idle Process" with run-time and columninfo... Hope you don't mind!

/ Manko [EDIT: _WinAPI_ ...]

Edited by Manko
Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites

The structs in there is the real contribution, but if you elaborate, you can:

* Get lots of info on processes and threads.

* Get Suspendstate without stupid suspend/resume every thread looking for results of operation...

* Optionally get a pretty list of processes which clearly shows which process spawned which...

The indented processlist needs optimizations... My only try at bettering that part turned out slower, even though it did not do as much redundant processing... ??

Have a peek! If you have ideas about improving the indentioncode, it's VERY welcome.

Here you have it: (Example is not very exiting but you can take it further. Just look at the structs!)

...

I wrote over "System Idle Process" with run-time and columninfo... Hope you don't mind!

/ Manko [EDIT: Deleted some code that was already commented out...]

How about path and command line of a process? :)

Nice work btw.

UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

How about path and command line of a process? :lmao:

Nice work btw.

UEZ

Hi, UEZ!

You have already complimented me for my GetCommandLineFromPID(), look in sig, below, so I have to think you're pulling my leg... :)

About path... Lookup windows API - GetModuleFileNameEx - or search for the UDF done on this forum. (If you're lazy like me.)

/Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites

Hi, UEZ!

You have already complimented me for my GetCommandLineFromPID(), look in sig, below, so I have to think you're pulling my leg... :think:

:) Ups, yes. Too much in brain...

About path... Lookup windows API - GetModuleFileNameEx - or search for the UDF done on this forum. (If you're lazy like me.)

/Manko

I'm also a lazy bastard :shhh:

I will learn also the windows api, if I have enough time...it kicks ass :lmao:

Anyway, thanks.

UEZ

Edited by UEZ

Please don't send me any personal message and ask for support! I will not reply!

Selection of finest graphical examples at Codepen.io

The own fart smells best!
Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!
¯\_(ツ)_/¯  ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ

Link to comment
Share on other sites

  • 4 weeks later...

Hi!

Example to get CreateTime for ALL processes. I used ascendants filetimeconversionfunc to display it....

Revisited my func since Ascendant had problems with his...

Doesn't need Administrator rights or elevated privileges. Thanks for testing, Ascendant!

#include <array.au3>    ; Needed to display array in example.
   
    $tag_SYSTEM_THREADS=    "double KernelTime;" & _
                            "double UserTime;" & _
                            "double CreateTime;" & _
                            "ulong  WaitTime;" & _
                            "ptr    StartAddress;" & _
                            "dword  UniqueProcess;" & _
                            "dword  UniqueThread;" & _
                            "long   Priority;" & _
                            "long   BasePriority;" & _
                            "ulong  ContextSwitchCount;" & _
                            "long   State;" & _
                            "long   WaitReason"
                            
    $tag_SYSTEM_PROCESSES=  "ulong  NextEntryDelta;" & _
                            "ulong  Threadcount;" & _
                            "ulong[6];" & _                         ; Reserved...
                            "double CreateTime;" & _
                            "double UserTime;" & _
                            "double KernelTime;" & _
                            "ushort Length;" & _                    ; unicode string length
                            "ushort MaximumLength;" & _             ; also for unicode string
                            "ptr    ProcessName;" & _               ; ptr to mentioned unicode string - name of process
                            "long   BasePriority;" & _
                            "ulong  ProcessId;" & _
                            "ulong  InheritedFromProcessId;" & _
                            "ulong  HandleCount;" & _
                            "ulong[2];" & _                         ;Reserved...
                            "uint   PeakVirtualSize;" & _
                            "uint   VirtualSize;" & _
                            "ulong  PageFaultCount;" & _
                            "uint   PeakWorkingSetSize;" & _
                            "uint   WorkingSetSize;" & _
                            "uint   QuotaPeakPagedPoolUsage;" & _
                            "uint   QuotaPagedPoolUsage;" & _
                            "uint   QuotaPeakNonPagedPoolUsage;" & _
                            "uint   QuotaNonPagedPoolUsage;" & _
                            "uint   PagefileUsage;" & _
                            "uint   PeakPagefileUsage;" & _
                            "uint64 ReadOperationCount;" & _
                            "uint64 WriteOperationCount;" & _
                            "uint64 OtherOperationCount;" & _
                            "uint64 ReadTransferCount;" & _
                            "uint64 WriteTransferCount;" & _
                            "uint64 OtherTransferCount"
   
   ; ############ Example code #######################
   $t=TimerInit()
   $temp=_WinAPI_ThreadnProcess()
   $temp[0][0]=TimerDiff($t)
   $temp[0][1]="PID" 
   $temp[0][3]="WorkingSetSize" 
   $temp[0][2]="ParentPID"
   $temp[0][4]="IsSuspended"
   $temp[0][5]="CreateTime"
   _ArrayDisplay($temp, "Createtime example...")
   $temp=0
   ; ###############################################
   
   
   ; ############ Here be example func! ####################
   Func _WinAPI_ThreadnProcess()
    Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "int*", 0, "int", 0, "int*",0)
    Local $Mem=DllStructCreate("byte[" & $ret[4] & "]")
    Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "ptr", DllStructGetPtr($MEM), "int", DllStructGetSize($MEM), "int*",0)
    Local $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $ret[2])
    Local $SysProc_ptr=$ret[2]
    Local $SysProc_Size=DllStructGetSize($SysProc)
    Local $SysThread=DllStructCreate($tag_SYSTEM_THREADS)
    Local $SysThread_Size=DllStructGetSize($SysThread)
    Local $buffer, $i, $lastthread, $m=0, $NextEntryDelta, $k, $temp, $space, $l
    Local $avArray[10000][7]
    While 1
        ; Get procinfo here
        ; ...
        ; ###### Example...
        ; Get process name. Convert Unicode to string.
        $buffer=DllStructCreate("char[" & DllStructGetData($SysProc, "Length") & "]", DllStructGetData($SysProc, "ProcessName"))
        for $i=0 to DllStructGetData($SysProc, "Length")-1 step 2
            $avArray[$m][0]&=DllStructGetData($buffer, 1, $i+1)
        Next
        ; ... more data ...
        $avArray[$m][1]=DllStructGetData($SysProc, "ProcessId")
        $avArray[$m][3]=DllStructGetData($SysProc, "WorkingSetSize")/(1024) & " kB"
        $avArray[$m][2]=DllStructGetData($SysProc, "InheritedFromProcessId")
        $avArray[$m][4]=1 ; We assume suspended. When we check the threads we change it.
        ;$two=DllStructCreate("dword[2]",DllStructGetPtr($SysProc, "CreateTime"))
        ;msgbox(0,DllStructGetData($two, 1), DllStructGetData($two, 2))
        if DllStructGetData($SysProc, "CreateTime") Then
            $avArray[$m][5]= _WinAPI_FileTimeConvert(DllStructGetData($SysProc, "CreateTime"))
            $avArray[$m][5] = StringLeft($avArray[$m][5], 4) & "/" & StringMid($avArray[$m][5], 5, 2) & "/" & StringMid($avArray[$m][5], 7, 2) & _
            " " & StringMid($avArray[$m][5], 9, 2) & ":" & StringMid($avArray[$m][5], 11, 2) & ":" & StringMid($avArray[$m][5], 13, 2)
        EndIf
        ; ##### Example ends...
        
        ; ... over to threads...
        for $i=0 to DllStructGetData($SysProc, "Threadcount")-1
            $SysThread=DllStructCreate($tag_SYSTEM_THREADS, $SysProc_ptr+$SysProc_Size+$i*$SysThread_Size)
            ;Get Threadinfo here...
            ; ...
            ; ##### Example...
            ; Check "WaitReason" = 5 = "Suspended". If not. Process is not suspended...
            if DllStructGetData($SysThread, "WaitReason") <> 5 Then
                $avArray[$m][4]=0 ; If just one thread is active... Process is not suspended.
                ExitLoop
            Endif
            ; ##### Example ends...
            
            ; ... loop to next thread...
        next
        $NextEntryDelta=DllStructGetData($SysProc, "NextEntryDelta")
        if NOT $NextEntryDelta Then ExitLoop
            $SysProc_ptr+=$NextEntryDelta
            $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $SysProc_ptr)
        $m+=1
        ContinueLoop    
    WEnd
    Redim $avArray[$m+1][7]
    Return $avArray
   EndFunc  
   ; ################################ END FUNC ##########################################
   
   ; ######################## Ascendants nice filetime-conversion! ######################
   Func _WinAPI_FileTimeConvert($iFileDateTime, $DLL = -1)
       Local $sDateTimeStr, $stLocalFileTime, $stFileTime, $stSystemTime, $aRet
       ; FILETIME structures [DateTimeLo,DateTimeHi]
       $stLocalFileTime = DllStructCreate("dword[2]")
       $stFileTime = DllStructCreate("double")
       ; SYSTEMTIME structure [Year,Month,DayOfWeek,Day,Hour,Min,Sec,Milliseconds]
       $stSystemTime = DllStructCreate("ushort;ushort;ushort;ushort;ushort;ushort;ushort;ushort")
   
       If $DLL == -1 Then $DLL = "Kernel32.dll"
       ; Set the appropriate data members of the FileTime structure
       DllStructSetData($stFileTime, 1, $iFileDateTime, 1)
       ;DllStructSetData($stFileTime, 1, $iFileDateTimeHi, 2)
   
       ; First convert file time (UTC-based file time) to 'local file time'
       $aRet = DllCall($DLL, "int", "FileTimeToLocalFileTime", "ptr", DllStructGetPtr($stFileTime), "ptr", DllStructGetPtr($stLocalFileTime))
       If @error Or Not IsArray($aRet) Or Not $aRet[0] Then Return SetError(2, 0, "")
   
       ; Then convert file time to a system time structure
       $aRet = DllCall($DLL, "int", "FileTimeToSystemTime", "ptr", DllStructGetPtr($stLocalFileTime), "ptr", DllStructGetPtr($stSystemTime))
       If @error Or Not IsArray($aRet) Or Not $aRet[0] Then Return SetError(2, 0, "")
   
       ; Now format it and return it in a string. Format: YYYYMMDDHHSSMM
       $sDateTimeStr = DllStructGetData($stSystemTime, 1) & StringRight('0' & DllStructGetData($stSystemTime, 2), 2) & _
               StringRight('0' & DllStructGetData($stSystemTime, 4), 2) & _
               StringRight('0' & DllStructGetData($stSystemTime, 5), 2) & StringRight('0' & DllStructGetData($stSystemTime, 6), 2) & _
               StringRight('0' & DllStructGetData($stSystemTime, 7), 2)
   
       ; DLLStructDelete()'s
       $stSystemTime = 0
       $stFileTime = 0
       $stLocalFileTime = 0
   
       Return $sDateTimeStr
   EndFunc   ;==>_WinAPI_FileTimeConvert
   ; ##############################################################################################################

/Manko [EDIT: _WinAPI_ ... ]

Edited by Manko
Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites

Just tested it on Vista Ultimate on a Standard account. Worked flawlessly :P

My _WinAPI_ProcessGetCreateTime however needed elevated privileges to get all the correct time info. Interesting..

Link to comment
Share on other sites

  • 1 year later...

Just sent some changes your way (Win2000, x64, Unicode, struct fixes). Works now on all O/S's Win2000->Win7 32 and 64-bi

*edit: oops, spoke to soon. Seems x64 mode adds one extra structure element between VM_COUNTERS and IO_COUNTERS. What a bugger that was to track down. Fixed in my code, but I dunno what you'll do in yours :P

*2nd edit: I've now incorporated a function utilizing the same undocumented API call into my Process Functions UDF's. It's aptly named _ProcessUDListEverything!:mellow:

Edited by Ascend4nt
Link to comment
Share on other sites

Just sent some changes your way (Win2000, x64, Unicode, struct fixes). Works now on all O/S's Win2000->Win7 32 and 64-bi

*edit: oops, spoke to soon. Seems x64 mode adds one extra structure element between VM_COUNTERS and IO_COUNTERS. What a bugger that was to track down. Fixed in my code, but I dunno what you'll do in yours :mellow:

You're free to post anything you want in my thread, but I'm half-expecting this thread to die and be replaced by yours, when you post it. You're much better at ironing and fleshing out proper, documented code with good examples.

I'll probably post your editions eventually, but don't really have time now, what with the newborn and all...

/Manko

Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...
Link to comment
Share on other sites

  • 1 year later...

I made an application that freezes at this location...

While 1

If $avArray[($I - $M - 1)][1] < 5 Then ExitLoop

If $temp[$k][5] > $avArray[($I - $M - 1)][5] Then ExitLoop

MsgBox(0,$avArray[($I - $M - 1)][5],$avArray[($I - $M - 1)][1])

WEnd

By what /i can tell, it's supposed to exitloop when it reaches the last item in array, but it's not... It only happens when I run this in a VM.

Edited by THAT1ANONYMOUSEDUDE
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...