Printable View
hi people,
if you can, help-me! :D
what i want to do is:
Check if a program is running on memory, using EntryPoint and Offsets ..
pay atention:
my program entrypoint is: 00FFFF (example), and i have 32 offsets at this entrypoint ..
i have a code in C++ that looks at the memory if this program is running,
can I do it in visual basic?
In vb6, you just use:Code:msgbox App.PrevInstance
pay atention to what i want to do!
i dont want to check if my app is running, i want to check if an another application is running, just using the entrypoint ...
example:
i know this entrypoint: 00FFFF
i want to search in memory is have some program running with this entrypoint ..
Can this help?--> http://www.vbforums.com/showthread.php?p=2748682
no, i want to find by process entrypoint, and not by process name
How about this? --> http://edais.mvps.org/Tutorials/Memory/Memch1.html
You are trying to read something from RAM memory, right?
i have 3 programs (example):
program1.exe
program2.exe
program3.exe
the entrypoint of the program1.exe is 00FFFF, then, my VB Program search in the process list if some process has the entrypoint 00FFFF,
if yes = msgbox "program1.exe" have the entrypoint 00FFFF
Why do you want, or need, to do that?
This declaration may help.
Code:Public Declare Function Process32First Lib "kernel32" ( _
ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function Process32Next Lib "kernel32" ( _
ByVal hSnapshot As Long, lppe As PROCESSENTRY32) As Long
Public Declare Function CloseHandle Lib "Kernel32.dll" _
(ByVal Handle As Long) As Long
Public Declare Function OpenProcess Lib "Kernel32.dll" _
(ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, _
ByVal dwProcId As Long) As Long
Public Declare Function EnumProcesses Lib "psapi.dll" _
(ByRef lpidProcess As Long, ByVal cb As Long, _
ByRef cbNeeded As Long) As Long
Public Declare Function GetModuleFileNameExA Lib "psapi.dll" _
(ByVal hProcess As Long, ByVal hModule As Long, _
ByVal ModuleName As String, ByVal nSize As Long) As Long
Public Declare Function EnumProcessModules Lib "psapi.dll" _
(ByVal hProcess As Long, ByRef lphModule As Long, _
ByVal cb As Long, ByRef cbNeeded As Long) As Long
Public Declare Function CreateToolhelp32Snapshot Lib "kernel32" ( _
ByVal dwFlags As Long, ByVal th32ProcessID As Long) As Long
Public Declare Function GetVersionExA Lib "kernel32" _
(lpVersionInformation As OSVERSIONINFO) As Integer
Public Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long ' This process
th32DefaultHeapID As Long
th32ModuleID As Long ' Associated exe
cntThreads As Long
th32ParentProcessID As Long ' This process's parent process
pcPriClassBase As Long ' Base priority of process threads
dwFlags As Long
szExeFile As String * 260 ' MAX_PATH
End Type
Public Type OSVERSIONINFO
dwOSVersionInfoSize As Long
dwMajorVersion As Long
dwMinorVersion As Long
dwBuildNumber As Long
dwPlatformId As Long '1 = Windows 95, 2 = Windows NT
szCSDVersion As String * 128
End Type
Public Const PROCESS_QUERY_INFORMATION = 1024
Public Const PROCESS_VM_READ = 16
Public Const MAX_PATH = 260
Public Const STANDARD_RIGHTS_REQUIRED = &HF0000
Public Const SYNCHRONIZE = &H100000
'STANDARD_RIGHTS_REQUIRED Or SYNCHRONIZE Or &HFFF
Public Const PROCESS_ALL_ACCESS = &H1F0FFF
Public Const TH32CS_SNAPPROCESS = &H2&
Public Const hNull = 0