Das Proggie liest die Umgebungsvariablen fremder 32Bit Prozesse.
Quellcode und PCU sind im Download enthalten.
[Blockierte Grafik: http://abload.de/img/testrnki1.jpg]
Code: EnvReader.prf
'#####################################################################################
'######### Code von AHT #########
'######### Gepostet für http://www.paules-pc-forum.de #########
'#####################################################################################
$U ProcEnv.PCU = ProcEnv.
Def GetModuleFileNameEx(4) !"Psapi", "GetModuleFileNameExA"
Def CreateToolhelp32Snapshot(2) !"Kernel32", "CreateToolhelp32Snapshot"
Def Process32First(2) !"Kernel32", "Process32First"
Def Process32Next(2) !"Kernel32", "Process32Next"
Def CloseHandle(1) !"Kernel32", "CloseHandle"
Def GetCurrentProcessID(0) !"Kernel32", "GetCurrentProcessId"
Def OpenProcess(3) !"Kernel32", "OpenProcess"
DEF LookupPrivilegeValue(3) !"advapi32","LookupPrivilegeValueA"
DEF AdjustTokenPrivileges(6) !"advapi32","AdjustTokenPrivileges"
DEF OpenProcessToken(3) !"advapi32","OpenProcessToken"
DEF GetCurrentProcess(0) !"KERNEL32","GetCurrentProcess"
DEF CopyMemory(3) !"kernel32","RtlMoveMemory"
DEF GetModuleHandle(1) !"KERNEL32","GetModuleHandleA"
DEF GetProcAddress(2) !"KERNEL32","GetProcAddress"
Def QueryFullProcessImageName(4) !"Kernel32", "QueryFullProcessImageNameA"
DEF CheckTokenMembership(3) !"advapi32","CheckTokenMembership"
Def SetWindowPos(7) !"User32","SetWindowPos"
DEF CreateStatus(4) !"comctl32","CreateStatusWindow"
DEF GetDlgCtrlID(1) !"USER32","GetDlgCtrlID"
DEF ButtonClicked(1) GetDlgCtrlID(&(1)) = -%MENUITEM
DEF FormatMessage(7) !"KERNEL32","FormatMessageA"
Declare Entry#, Filename#, Ergebnis$, AHGETERROR_Buffer#
Declare TOKEN_PRIVILEGES#, LUID#, Fehler&, 64Bit&, MODULE$, Funktion$
Declare Mhandle%, Size&, Member&, SID#, Statustext$, Statusbar%
Declare ProcessesListview%, ReadProcesses%, EnvEdit%
Declare Hauptfensterbreite&, Hauptfensterhöhe&, CurSel&, Prozess_ID&
Clear 64Bit&
MODULE$ = "Kernel32.DLL"
Funktion$ = "IsWow64Process"
Mhandle% = GetModuleHandle(ADDR(Module$))
IF GetProcAddress(Mhandle%, ADDR(FUNKTION$)) <> 0
External("Kernel32.dll", "IsWow64Process", GetCurrentProcess(), Addr(64Bit&))
endif
Struct PROCESSENTRY32=dwSize&, \
cntUsage&, \
th32ProcessID&, \
th32DefaultHeapID&, \
th32ModuleID&, \
Threads&, \
th32ParentProcessID&, \
pcPriClassBase&, \
dwFlags&, \
szExeFile$(260)
Dim Entry#,PROCESSENTRY32
Entry#.dwSize& = SizeOf(Entry#)
Windowstyle 31 + 512
WindowTitle "Process Environment Reader"
Window 0, 0 - 640, 440
STATUSBAR% = CreateStatus($50000900 | $4000000, ADDR(Statustext$), %HWND, 2701)
ProcessesListview% = Create("GridBox", %HWND, "PID;0;60;Prozessname;0;215", 0, 10, 50, 300, 340)
EnvEdit% = Create("MultiEdit", %HWND, "", 320, 10, 290, 380)
SendMessage(EnvEdit%, 207, 1, 0)
ReadProcesses% = Create("Button", %HWND, "Prozesse neu auslesen", 10, 10, 300, 30)
FillProcessList(ProcessesListview%)
UserMessages $10
While %UMESSAGE <> $10
Sleep 10
Positioner
If ButtonClicked(ReadProcesses%)
UseCursor 2
sendmessage(ProcessesListview%, $1009, 0, 0)
SetText EnvEdit%, ""
FillProcessList(ProcessesListview%)
SetMenuitem 0
UseCursor 0
Statustext$ = ""
sendmessage(Statusbar%, $401, 0, addr(Statustext$))
sendmessage(Statusbar%, $410, 0, addr(Statustext$))
endif
If GetCurSel(ProcessesListview%)<> -1
If CurSel& <> GetCurSel(ProcessesListview%)
UseCursor 2
CurSel& = GetCurSel(ProcessesListview%)
Prozess_ID& = Val(SubStr$(GetString$(ProcessesListview%, GetCurSel(ProcessesListview%)), 1, "|"))
SetText EnvEdit%, ProcEnv.ReadProcessEnvironment(Prozess_ID&, "*")
Statustext$ = Fehlercode_bestimmen(ProcEnv.LastError%)
sendmessage(Statusbar%, $401, 0, addr(Statustext$))
sendmessage(Statusbar%, $410, 0, addr(Statustext$))
UseCursor 0
endif
endif
EndWhile
END
Proc Set_Privilege_Status
Parameters Privilege_name$, Aktive&
Declare NewState&, AH_Token_handle%, Fehler&, Privret&
DIM TOKEN_PRIVILEGES#,16
DIM LUID#,8
Clear LUID#
External("advapi32.dll","LookupPrivilegeValueA",0,ADDR(Privilege_name$),LUID#)
CLEAR AH_Token_handle%
LET FEHLER&=External("advapi32.dll","OpenProcessToken",External("KERNEL32.dll","GetCurrentProcess"),$20,ADDR(AH_Token_handle%))
LONG TOKEN_PRIVILEGES#,0=1
NewState&=TOKEN_PRIVILEGES#
External("KERNEL32.dll","RtlMoveMemory",NewState&+4,LUID#,8)
LET NewState&=Aktive&
Clear Aktive&
IF NewState& | $2 = NewState&
LET Aktive&=AKTIVE& | $2
Endif
IF NewState& | $80000000 = NewState&
LET Aktive&= AKTIVE& | $80000000
Endif
LONG TOKEN_PRIVILEGES#,12=Aktive&
Privret& = External("advapi32.dll","AdjustTokenPrivileges",AH_Token_handle%,0,TOKEN_PRIVILEGES#,0,0,0)
If AH_TOKEN_handle%<>0
External("KERNEL32.dll","CloseHandle",AH_Token_handle%)
endif
Dispose TOKEN_PRIVILEGES#
Dispose LUID#
Return Privret&
endproc
Proc FillProcessList
Parameters GidHandle%
Declare err%, handle%, cpid&, text$, text2$, Phandle%
DIM Filename#, 514
cpid& = GetCurrentProcessID()
handle% = CreateToolhelp32Snapshot(2, 0)
If handle%
err% = Process32First(handle%, Entry#)
If err%
text$ = Str$(Entry#.th32ProcessID&)
text2$ = Entry#.szExeFile$
Clear Filename#, Phandle%
IF Val($WINVER) < 6.0
Phandle% = OpenProcess($400 | $10, 0, Entry#.th32ProcessID&)
else
Phandle% = OpenProcess($1000, 0, Entry#.th32ProcessID&)
endif
IF Phandle% > 0
IF Val($WINVER) < 6.0
GetModuleFilenameEx(Phandle%, 0, Filename#, 513)
else
Size&=580
QueryFullProcessImageName(Phandle%, 0, Filename#, addr(Size&))
endif
Closehandle(Phandle%)
endif
If String$(Filename#,0) = ""
ADDSTRING(GidHandle%, text$ + "|" + text2$)
else
ADDSTRING(GidHandle%, text$ + "|" + String$(Filename#,0))
endif
Repeat
err% = Process32Next(handle%, Entry#)
If err%
text$ = Str$(Entry#.th32ProcessID&)
text2$ = Entry#.szExeFile$
Clear Filename#, Phandle%
IF Val($WINVER) < 6.0
Phandle% = OpenProcess($400 | $10, 0, Entry#.th32ProcessID&)
else
Phandle% = OpenProcess($1000, 0, Entry#.th32ProcessID&)
endif
IF Phandle% > 0
IF Val($WINVER) < 6.0
GetModuleFilenameEx(Phandle%, 0, Filename#, 513)
else
Size&=580
QueryFullProcessImageName(Phandle%, 0, Filename#, addr(Size&))
endif
Closehandle(Phandle%)
endif
If String$(Filename#,0) = ""
ADDSTRING(GidHandle%, text$ + "|" + text2$)
else
ADDSTRING(GidHandle%, text$ + "|" + String$(Filename#,0))
endif
EndIf
Until err% = 0
CloseHandle(handle%)
EndIf
EndIf
Dispose Filename#
EndProc
Proc Positioner
IF or(Hauptfensterbreite& <> WIDTH(%HWND), Hauptfensterhöhe& <> HEIGHT(%HWND))
SetWindowPos STATUSBAR% = 0, 0 - 0, 0; 0
Hauptfensterbreite& = WIDTH(%HWND)
Hauptfensterhöhe& = HEIGHT(%HWND)
SetWindowPos(ReadProcesses%, 0, 10, 10, ABS( WIDTH(%HWND)/2 - 10), 30, $4)
SetWindowPos(ProcessesListview%,0, 10, 50, ABS( WIDTH(%HWND) /2 - 10), ABS(HEIGHT(%HWND) - 80), $4)
SetWindowPos(EnvEdit%,0, ABS( WIDTH(%HWND) /2 + 10), 10, ABS( WIDTH(%HWND) /2 - 20), ABS(HEIGHT(%HWND) - 40), $4)
Sendmessage(ProcessesListview%, $101E ,1, WIDTH(ProcessesListview%) - (65))
endif
endproc
Proc Fehlercode_bestimmen
Parameters Error%
Declare AHGETERROR_Buffer$
DIM AHGETERROR_Buffer#, 32000
FormatMessage($1000, 0, Error%, 0, AHGETERROR_Buffer#, 32000, 0)
AHGETERROR_Buffer$ = trim$(STRING$(AHGETERROR_Buffer#, 0))
Dispose AHGETERROR_Buffer#
Return AHGETERROR_Buffer$
Endproc
Alles anzeigen
Download: Environment.zip
Anwendung der PCU:
ProcEnv.ReadProcessEnvironment(N, S)
- N = Prozess ID eines laufenden Prozesses
- S = Name einer Umgebungsvariablen ohne umschließende % Zeichen und * Zeichen, um den ganzen Block zu lesen.
Hinweis: Mit 64Bit Prozessen funktioniert die Sache natürlich nicht, da die PCU 32Bit ist. Das ganze ist also eher eine kleine Spielerei, um mal Sachen zu testen.
Gebrauchen könnte man das zum Beispiel um spezielle Informationen mit einer Batch oder einem Powershell Script auszutauschen.
In der Variablen ProcEnv.LastError% wird der zuletzt in der PCU aufgetretene Fehler gespeichert.