Manko Posted February 3, 2009 Share Posted February 3, 2009 (edited) The structs in there is the real contribution, but if you elaborate, you can:* Get lots of info on processes and threads.* Get Suspendstate without stupid suspend/resume every thread looking for results of operation...* Optionally get a pretty list of processes which clearly shows which process spawned which...Doesn't need Administrator rights or elevated privileges. Thanks for testing, Ascendant!The indented processlist needs optimizations... My only try at bettering that part turned out slower, even though it did not do as much redundant processing... ?? Have a peek! If you have ideas about improving the indentationcode, it's VERY welcome.Here you have it: Small example. Build on it and you get MUCH info on processes!expandcollapse popup#include <array.au3> ; Needed to display array in example. ;~ typedef enum ;~ { ;~ StateInitialized, ;~ StateReady, ;~ StateRunning, ;~ StateStandby, ;~ StateTerminated, ;~ StateWait, 5 ;~ StateTransition, ;~ StateUnknown, ;~ } THREAD_STATE; ;~ typedef enum ;~ { ;~ Executive, ;~ FreePage, ;~ PageIn, ;~ PoolAllocation, ;~ DelayExecution, ;~ Suspended, 5 ;~ UserRequest, ;~ WrExecutive, ;~ WrFreePage, ;~ WrPageIn, ;~ WrPoolAllocation, ;~ WrDelayExecution, ;~ WrSuspended, 12 ;~ WrUserRequest, ;~ WrEventPair, ;~ WrQueue, ;~ WrLpcReceive, ;~ WrLpcReply, ;~ WrVirtualMemory, ;~ WrPageOut, ;~ WrRendezvous, ;~ Spare2, ;~ Spare3, ;~ Spare4, ;~ Spare5, ;~ Spare6, ;~ WrKernel, ;~ MaximumWaitReason ;~ } KWAIT_REASON; ;~ typedef enum _SYSTEM_INFORMATION_CLASS ;~ { ;~ SystemProcessesAndThreadsInformation = 5, ;~ /* There are a lot more of these... */ ;~ } SYSTEM_INFORMATION_CLASS; ;~ NTSTATUS NTAPI ZwQuerySystemInformation (IN SYSTEM_INFORMATION_CLASS, ;~ IN OUT PVOID, IN ULONG, ;~ OUT PULONG); ;~ } $tag_SYSTEM_THREADS= "double KernelTime;" & _ "double UserTime;" & _ "double CreateTime;" & _ "ulong WaitTime;" & _ "ptr StartAddress;" & _ "dword UniqueProcess;" & _ "dword UniqueThread;" & _ "long Priority;" & _ "long BasePriority;" & _ "ulong ContextSwitchCount;" & _ "long State;" & _ "long WaitReason" $tag_SYSTEM_PROCESSES= "ulong NextEntryDelta;" & _ "ulong Threadcount;" & _ "ulong[6];" & _ ; Reserved... "double CreateTime;" & _ "double UserTime;" & _ "double KernelTime;" & _ "ushort Length;" & _ ; unicode string length "ushort MaximumLength;" & _ ; also for unicode string "ptr ProcessName;" & _ ; ptr to mentioned unicode string - name of process "long BasePriority;" & _ "ulong ProcessId;" & _ "ulong InheritedFromProcessId;" & _ "ulong HandleCount;" & _ "ulong[2];" & _ ;Reserved... "uint PeakVirtualSize;" & _ "uint VirtualSize;" & _ "ulong PageFaultCount;" & _ "uint PeakWorkingSetSize;" & _ "uint WorkingSetSize;" & _ "uint QuotaPeakPagedPoolUsage;" & _ "uint QuotaPagedPoolUsage;" & _ "uint QuotaPeakNonPagedPoolUsage;" & _ "uint QuotaNonPagedPoolUsage;" & _ "uint PagefileUsage;" & _ "uint PeakPagefileUsage;" & _ "uint64 ReadOperationCount;" & _ "uint64 WriteOperationCount;" & _ "uint64 OtherOperationCount;" & _ "uint64 ReadTransferCount;" & _ "uint64 WriteTransferCount;" & _ "uint64 OtherTransferCount" ; ############ Example code ####################### $t=TimerInit() $temp=_WinAPI_ThreadnProcess() $temp[0][0]=TimerDiff($t) $temp[0][1]="PID" $temp[0][3]="WorkingSetSize" $temp[0][2]="ParentPID" $temp[0][4]="IsSuspended" _ArrayDisplay($temp, "Non-indented.") $t=TimerInit() $temp=_WinAPI_ThreadnProcess(1) $temp[0][0]=TimerDiff($t) $temp[0][1]="PID" $temp[0][3]="WorkingSetSize" $temp[0][2]="ParentPID" $temp[0][4]="IsSuspended" _ArrayDisplay($temp, "Indented proclist showing relations between processes.") $temp=0 ; ############################################### ; ############ Here be example func! #################### Func _WinAPI_ThreadnProcess($indent=0) Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "int*", 0, "int", 0, "int*",0) Local $Mem=DllStructCreate("byte[" & $ret[4] & "]") Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "ptr", DllStructGetPtr($MEM), "int", DllStructGetSize($MEM), "int*",0) Local $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $ret[2]) Local $SysProc_ptr=$ret[2] Local $SysProc_Size=DllStructGetSize($SysProc) Local $SysThread=DllStructCreate($tag_SYSTEM_THREADS) Local $SysThread_Size=DllStructGetSize($SysThread) Local $buffer, $i, $lastthread, $m=0, $NextEntryDelta, $k, $temp, $space, $l Local $avArray[10000][7] While 1 ; Get procinfo here ; ... ; ###### Example... ; Get process name. Convert Unicode to string. $buffer=DllStructCreate("char[" & DllStructGetData($SysProc, "Length") & "]", DllStructGetData($SysProc, "ProcessName")) for $i=0 to DllStructGetData($SysProc, "Length")-1 step 2 $avArray[$m][0]&=DllStructGetData($buffer, 1, $i+1) Next ; ... more data ... $avArray[$m][1]=DllStructGetData($SysProc, "ProcessId") $avArray[$m][3]=DllStructGetData($SysProc, "WorkingSetSize")/(1024) & " kB" $avArray[$m][2]=DllStructGetData($SysProc, "InheritedFromProcessId") $avArray[$m][4]=1 ; We assume suspended. When we check the threads we change it. $avArray[$m][5]=DllStructGetData($SysProc, "CreateTime") ;i just used it in indentation-code. ; ##### Example ends... ; ... over to threads... for $i=0 to DllStructGetData($SysProc, "Threadcount")-1 $SysThread=DllStructCreate($tag_SYSTEM_THREADS, $SysProc_ptr+$SysProc_Size+$i*$SysThread_Size) ;Get Threadinfo here... ; ... ; ##### Example... ; Check "WaitReason" = 5 = "Suspended". If not. Process is not suspended... if DllStructGetData($SysThread, "WaitReason") <> 5 Then $avArray[$m][4]=0 ; If just one thread is active... Process is not suspended. ExitLoop Endif ; ##### Example ends... ; ... loop to next thread... next $NextEntryDelta=DllStructGetData($SysProc, "NextEntryDelta") if NOT $NextEntryDelta Then ExitLoop $SysProc_ptr+=$NextEntryDelta $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $SysProc_ptr) $m+=1 ContinueLoop WEnd Redim $avArray[$m+1][7] ;###################### START INDENTATION CODE #################################### If $indent =1 Then $temp = $avArray $space = "" For $i = 1 To UBound($temp, 1) - 1 For $m = 0 To UBound($temp, 1) - 1 For $k = 1 To UBound($temp, 1) - 1 If $temp[$k][0] Then If ($i - $m) < 1 Then $space = "" $avArray[$i][0] = $temp[$k][0] $avArray[$i][1] = $temp[$k][1] $avArray[$i][2] = $temp[$k][2] $avArray[$i][3] = $temp[$k][3] $avArray[$i][4] = $temp[$k][4] $avArray[$i][5] = $temp[$k][5] $temp[$k][0] = 0 ContinueLoop 3 Else If $temp[$k][2] = $avArray[($i - $m - 1)][1] Then While 1 If $avArray[($i - $m - 1)][1] < 5 Then ExitLoop ;If Not $avArray[($i - $m - 1)][12] Then ContinueLoop 2 ;msgbox(0,"",DllStructGetData($tp1,1) & @LF & DllStructGetData($tp2,1)) If $temp[$k][5] > $avArray[($i - $m - 1)][5] Then ExitLoop ContinueLoop 2 WEnd $space = "" For $l = 1 To $avArray[($i - $m - 1)][6] + 1 $space &= " " Next $avArray[$i][0] = $space & $temp[$k][0] $avArray[$i][1] = $temp[$k][1] $avArray[$i][2] = $temp[$k][2] $avArray[$i][6] = $avArray[($i - $m - 1)][6] + 1 $avArray[$i][3] = $temp[$k][3] $avArray[$i][4] = $temp[$k][4] $avArray[$i][5] = $temp[$k][5] $temp[$k][0] = 0 ContinueLoop 3 EndIf EndIf EndIf Next Next Next $temp=0 EndIf ;###################### END INDENTATION CODE #################################### ReDim $avArray[ubound($avArray,1)][5] ; Cut off 2 entries used by indentation code... Just for example... Return $avArray EndFunc ;################################ END FUNC ##########################################I wrote over "System Idle Process" with run-time and columninfo... Hope you don't mind!/ Manko [EDIT: _WinAPI_ ...] Edited March 3, 2009 by Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
UEZ Posted February 3, 2009 Share Posted February 3, 2009 The structs in there is the real contribution, but if you elaborate, you can: * Get lots of info on processes and threads. * Get Suspendstate without stupid suspend/resume every thread looking for results of operation... * Optionally get a pretty list of processes which clearly shows which process spawned which... The indented processlist needs optimizations... My only try at bettering that part turned out slower, even though it did not do as much redundant processing... ?? Have a peek! If you have ideas about improving the indentioncode, it's VERY welcome. Here you have it: (Example is not very exiting but you can take it further. Just look at the structs!) ... I wrote over "System Idle Process" with run-time and columninfo... Hope you don't mind! / Manko [EDIT: Deleted some code that was already commented out...] How about path and command line of a process? Nice work btw. UEZ Please don't send me any personal message and ask for support! I will not reply! Selection of finest graphical examples at Codepen.io The own fart smells best! ✌Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!¯\_(ツ)_/¯ ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ Link to comment Share on other sites More sharing options...
Manko Posted February 3, 2009 Author Share Posted February 3, 2009 How about path and command line of a process? Nice work btw.UEZHi, UEZ!You have already complimented me for my GetCommandLineFromPID(), look in sig, below, so I have to think you're pulling my leg... About path... Lookup windows API - GetModuleFileNameEx - or search for the UDF done on this forum. (If you're lazy like me.)/Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
UEZ Posted February 3, 2009 Share Posted February 3, 2009 (edited) Hi, UEZ!You have already complimented me for my GetCommandLineFromPID(), look in sig, below, so I have to think you're pulling my leg... Ups, yes. Too much in brain...About path... Lookup windows API - GetModuleFileNameEx - or search for the UDF done on this forum. (If you're lazy like me.)/MankoI'm also a lazy bastard I will learn also the windows api, if I have enough time...it kicks ass Anyway, thanks.UEZ Edited February 3, 2009 by UEZ Please don't send me any personal message and ask for support! I will not reply! Selection of finest graphical examples at Codepen.io The own fart smells best! ✌Her 'sikim hıyar' diyene bir avuç tuz alıp koşma!¯\_(ツ)_/¯ ٩(●̮̮̃•̃)۶ ٩(-̮̮̃-̃)۶ૐ Link to comment Share on other sites More sharing options...
Manko Posted March 2, 2009 Author Share Posted March 2, 2009 (edited) Hi!Example to get CreateTime for ALL processes. I used ascendants filetimeconversionfunc to display it....Revisited my func since Ascendant had problems with his...Doesn't need Administrator rights or elevated privileges. Thanks for testing, Ascendant!expandcollapse popup#include <array.au3> ; Needed to display array in example. $tag_SYSTEM_THREADS= "double KernelTime;" & _ "double UserTime;" & _ "double CreateTime;" & _ "ulong WaitTime;" & _ "ptr StartAddress;" & _ "dword UniqueProcess;" & _ "dword UniqueThread;" & _ "long Priority;" & _ "long BasePriority;" & _ "ulong ContextSwitchCount;" & _ "long State;" & _ "long WaitReason" $tag_SYSTEM_PROCESSES= "ulong NextEntryDelta;" & _ "ulong Threadcount;" & _ "ulong[6];" & _ ; Reserved... "double CreateTime;" & _ "double UserTime;" & _ "double KernelTime;" & _ "ushort Length;" & _ ; unicode string length "ushort MaximumLength;" & _ ; also for unicode string "ptr ProcessName;" & _ ; ptr to mentioned unicode string - name of process "long BasePriority;" & _ "ulong ProcessId;" & _ "ulong InheritedFromProcessId;" & _ "ulong HandleCount;" & _ "ulong[2];" & _ ;Reserved... "uint PeakVirtualSize;" & _ "uint VirtualSize;" & _ "ulong PageFaultCount;" & _ "uint PeakWorkingSetSize;" & _ "uint WorkingSetSize;" & _ "uint QuotaPeakPagedPoolUsage;" & _ "uint QuotaPagedPoolUsage;" & _ "uint QuotaPeakNonPagedPoolUsage;" & _ "uint QuotaNonPagedPoolUsage;" & _ "uint PagefileUsage;" & _ "uint PeakPagefileUsage;" & _ "uint64 ReadOperationCount;" & _ "uint64 WriteOperationCount;" & _ "uint64 OtherOperationCount;" & _ "uint64 ReadTransferCount;" & _ "uint64 WriteTransferCount;" & _ "uint64 OtherTransferCount" ; ############ Example code ####################### $t=TimerInit() $temp=_WinAPI_ThreadnProcess() $temp[0][0]=TimerDiff($t) $temp[0][1]="PID" $temp[0][3]="WorkingSetSize" $temp[0][2]="ParentPID" $temp[0][4]="IsSuspended" $temp[0][5]="CreateTime" _ArrayDisplay($temp, "Createtime example...") $temp=0 ; ############################################### ; ############ Here be example func! #################### Func _WinAPI_ThreadnProcess() Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "int*", 0, "int", 0, "int*",0) Local $Mem=DllStructCreate("byte[" & $ret[4] & "]") Local $ret=dllcall("ntdll.dll", "int", "ZwQuerySystemInformation","int", 5, "ptr", DllStructGetPtr($MEM), "int", DllStructGetSize($MEM), "int*",0) Local $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $ret[2]) Local $SysProc_ptr=$ret[2] Local $SysProc_Size=DllStructGetSize($SysProc) Local $SysThread=DllStructCreate($tag_SYSTEM_THREADS) Local $SysThread_Size=DllStructGetSize($SysThread) Local $buffer, $i, $lastthread, $m=0, $NextEntryDelta, $k, $temp, $space, $l Local $avArray[10000][7] While 1 ; Get procinfo here ; ... ; ###### Example... ; Get process name. Convert Unicode to string. $buffer=DllStructCreate("char[" & DllStructGetData($SysProc, "Length") & "]", DllStructGetData($SysProc, "ProcessName")) for $i=0 to DllStructGetData($SysProc, "Length")-1 step 2 $avArray[$m][0]&=DllStructGetData($buffer, 1, $i+1) Next ; ... more data ... $avArray[$m][1]=DllStructGetData($SysProc, "ProcessId") $avArray[$m][3]=DllStructGetData($SysProc, "WorkingSetSize")/(1024) & " kB" $avArray[$m][2]=DllStructGetData($SysProc, "InheritedFromProcessId") $avArray[$m][4]=1 ; We assume suspended. When we check the threads we change it. ;$two=DllStructCreate("dword[2]",DllStructGetPtr($SysProc, "CreateTime")) ;msgbox(0,DllStructGetData($two, 1), DllStructGetData($two, 2)) if DllStructGetData($SysProc, "CreateTime") Then $avArray[$m][5]= _WinAPI_FileTimeConvert(DllStructGetData($SysProc, "CreateTime")) $avArray[$m][5] = StringLeft($avArray[$m][5], 4) & "/" & StringMid($avArray[$m][5], 5, 2) & "/" & StringMid($avArray[$m][5], 7, 2) & _ " " & StringMid($avArray[$m][5], 9, 2) & ":" & StringMid($avArray[$m][5], 11, 2) & ":" & StringMid($avArray[$m][5], 13, 2) EndIf ; ##### Example ends... ; ... over to threads... for $i=0 to DllStructGetData($SysProc, "Threadcount")-1 $SysThread=DllStructCreate($tag_SYSTEM_THREADS, $SysProc_ptr+$SysProc_Size+$i*$SysThread_Size) ;Get Threadinfo here... ; ... ; ##### Example... ; Check "WaitReason" = 5 = "Suspended". If not. Process is not suspended... if DllStructGetData($SysThread, "WaitReason") <> 5 Then $avArray[$m][4]=0 ; If just one thread is active... Process is not suspended. ExitLoop Endif ; ##### Example ends... ; ... loop to next thread... next $NextEntryDelta=DllStructGetData($SysProc, "NextEntryDelta") if NOT $NextEntryDelta Then ExitLoop $SysProc_ptr+=$NextEntryDelta $SysProc=DllStructCreate($tag_SYSTEM_PROCESSES, $SysProc_ptr) $m+=1 ContinueLoop WEnd Redim $avArray[$m+1][7] Return $avArray EndFunc ; ################################ END FUNC ########################################## ; ######################## Ascendants nice filetime-conversion! ###################### Func _WinAPI_FileTimeConvert($iFileDateTime, $DLL = -1) Local $sDateTimeStr, $stLocalFileTime, $stFileTime, $stSystemTime, $aRet ; FILETIME structures [DateTimeLo,DateTimeHi] $stLocalFileTime = DllStructCreate("dword[2]") $stFileTime = DllStructCreate("double") ; SYSTEMTIME structure [Year,Month,DayOfWeek,Day,Hour,Min,Sec,Milliseconds] $stSystemTime = DllStructCreate("ushort;ushort;ushort;ushort;ushort;ushort;ushort;ushort") If $DLL == -1 Then $DLL = "Kernel32.dll" ; Set the appropriate data members of the FileTime structure DllStructSetData($stFileTime, 1, $iFileDateTime, 1) ;DllStructSetData($stFileTime, 1, $iFileDateTimeHi, 2) ; First convert file time (UTC-based file time) to 'local file time' $aRet = DllCall($DLL, "int", "FileTimeToLocalFileTime", "ptr", DllStructGetPtr($stFileTime), "ptr", DllStructGetPtr($stLocalFileTime)) If @error Or Not IsArray($aRet) Or Not $aRet[0] Then Return SetError(2, 0, "") ; Then convert file time to a system time structure $aRet = DllCall($DLL, "int", "FileTimeToSystemTime", "ptr", DllStructGetPtr($stLocalFileTime), "ptr", DllStructGetPtr($stSystemTime)) If @error Or Not IsArray($aRet) Or Not $aRet[0] Then Return SetError(2, 0, "") ; Now format it and return it in a string. Format: YYYYMMDDHHSSMM $sDateTimeStr = DllStructGetData($stSystemTime, 1) & StringRight('0' & DllStructGetData($stSystemTime, 2), 2) & _ StringRight('0' & DllStructGetData($stSystemTime, 4), 2) & _ StringRight('0' & DllStructGetData($stSystemTime, 5), 2) & StringRight('0' & DllStructGetData($stSystemTime, 6), 2) & _ StringRight('0' & DllStructGetData($stSystemTime, 7), 2) ; DLLStructDelete()'s $stSystemTime = 0 $stFileTime = 0 $stLocalFileTime = 0 Return $sDateTimeStr EndFunc ;==>_WinAPI_FileTimeConvert ; ##############################################################################################################/Manko [EDIT: _WinAPI_ ... ] Edited March 3, 2009 by Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Ascend4nt Posted March 2, 2009 Share Posted March 2, 2009 Just tested it on Vista Ultimate on a Standard account. Worked flawlessly My _WinAPI_ProcessGetCreateTime however needed elevated privileges to get all the correct time info. Interesting.. My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
Ascend4nt Posted June 11, 2010 Share Posted June 11, 2010 (edited) Just sent some changes your way (Win2000, x64, Unicode, struct fixes). Works now on all O/S's Win2000->Win7 32 and 64-bi*edit: oops, spoke to soon. Seems x64 mode adds one extra structure element between VM_COUNTERS and IO_COUNTERS. What a bugger that was to track down. Fixed in my code, but I dunno what you'll do in yours *2nd edit: I've now incorporated a function utilizing the same undocumented API call into my Process Functions UDF's. It's aptly named _ProcessUDListEverything! Edited June 13, 2010 by Ascend4nt My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
Manko Posted June 12, 2010 Author Share Posted June 12, 2010 Just sent some changes your way (Win2000, x64, Unicode, struct fixes). Works now on all O/S's Win2000->Win7 32 and 64-bi*edit: oops, spoke to soon. Seems x64 mode adds one extra structure element between VM_COUNTERS and IO_COUNTERS. What a bugger that was to track down. Fixed in my code, but I dunno what you'll do in yours You're free to post anything you want in my thread, but I'm half-expecting this thread to die and be replaced by yours, when you post it. You're much better at ironing and fleshing out proper, documented code with good examples.I'll probably post your editions eventually, but don't really have time now, what with the newborn and all.../Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Skitty Posted February 12, 2012 Share Posted February 12, 2012 (edited) I made an application that freezes at this location... While 1 If $avArray[($I - $M - 1)][1] < 5 Then ExitLoop If $temp[$k][5] > $avArray[($I - $M - 1)][5] Then ExitLoop MsgBox(0,$avArray[($I - $M - 1)][5],$avArray[($I - $M - 1)][1]) WEnd By what /i can tell, it's supposed to exitloop when it reaches the last item in array, but it's not... It only happens when I run this in a VM. Edited February 12, 2012 by THAT1ANONYMOUSEDUDE Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now