Mensajes

Asi no vas a llegar muy lejos, mejor lee un manual de como leer y escribir archivos.

Yo deje u code hace unos dias, miralo que ahi tenes la respuesta

http://foro.elhacker.net/programacion_vb/cryptosy_src-t227118.0.html

Sino busca que hay muuuuchos ejemplos de como hacerlo, por lo pronto te digo que parece que estas pisando los datos.

Algo asi

Código [Seleccionar] Expandir


Option Explicit

Private Const PROCESS_QUERY_INFORMATION     As Long = 1024
Private Const PROCESS_VM_READ               As Long = 16
Private Const MAX_PATH                      As Long = 260
Private Const TH32CS_SNAPPROCESS            As Long = &H2

Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal Handle As Long) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function EnumProcessModules Lib "psapi.dll" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal sName As String, ByVal lSize As Long) As Long
Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function lstrlen Lib "kernel32" Alias "lstrlenA" (ByVal lpString As String) As Long
Private Declare Function GetModuleBaseNameA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal lpBaseName As String, ByVal lSize As Long) As Long

Private Type PROCESSENTRY32
    dwSize              As Long
    cntUsage            As Long
    th32ProcessID       As Long
    th32DefaultHeapID   As Long
    th32ModuleID        As Long
    cntThreads          As Long
    th32ParentProcessID As Long
    pcPriClassBase      As Long
    dwFlags             As Long
    szExeFile           As String * MAX_PATH
End Type

Private Function GetPathFromProcName(ByVal sName As String, Optional ByVal bCaseSensitive As Boolean = False) As String

    Dim hSnapShot   As Long
    Dim uProcess    As PROCESSENTRY32
    Dim lRet        As Long
    Dim sExe        As String

    If Not bCaseSensitive Then
        sName = UCase(sName)
    End If

    hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
    uProcess.dwSize = Len(uProcess)
   
    lRet = Process32First(hSnapShot, uProcess)

    Do While lRet
        sExe = Left$(uProcess.szExeFile, lstrlen(uProcess.szExeFile))
        If Not bCaseSensitive Then sExe = UCase(sExe)
        If sExe = sName Then
            GetPathFromProcName = ProcessPathByPID(uProcess.th32ProcessID)
            Exit Do
        End If
        lRet = Process32Next(hSnapShot, uProcess)
    Loop

    CloseHandle hSnapShot

End Function

Public Function ProcessPathByPID(ByVal lPID As Long, Optional ByVal bBase As Boolean) As String
    Dim lNeed               As Long
    Dim lvMods(1 To 200)    As Long
    Dim lRet                As Long
    Dim sName               As String * MAX_PATH
    Dim lSize               As Long
    Dim lProc               As Long

    lProc = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lPID)
           
    If Not lProc = 0 Then
               
        If EnumProcessModules(lProc, lvMods(1), 200, lNeed) Then
            If bBase Then
                lRet = GetModuleBaseNameA(lProc, lvMods(1), sName, MAX_PATH)
            Else
                lRet = GetModuleFileNameExA(lProc, lvMods(1), sName, MAX_PATH)
            End If
            If lRet = 0 Then
                ProcessPathByPID = "SYSTEM"
            Else
                ProcessPathByPID = Left$(sName, lRet)
            End If
        End If
        Call CloseHandle(lProc)
       
    Else
        ProcessPathByPID = "UNKNOWN"
    End If
   
End Function


[Ops, lei mal, bueno dejo el code por si alguien lo necesita.Lo que podes hacer es usar CreateToolhelp32Snapshot]

Ops, lei mal, bueno dejo el code por si alguien lo necesita.

Lo que podes hacer es usar CreateToolhelp32Snapshot


Devuelve ruta o nombre

Código [Seleccionar] Expandir

'---------------------------------------------------------------------------------------
' Module      : mPathFromPid
' DateTime    : 12/09/2008 08:52
' Author      : Cobein
' Mail        : cobein27@hotmail.com
' WebPage     : http://www.advancevb.com.ar
' Purpose     : Return path to the executable from PID
' Usage       : At your own risk
' Requirements: None
' Distribution: You can freely use this code in your own
'               applications, but you may not reproduce
'               or publish this code on any web site,
'               online service, or distribute as source
'               on any media without express permission.
'
' Reference   : http://support.microsoft.com/default.aspx?scid=kb;en-us;187913
'
' History     : 12/09/2008 First Cut....................................................
'---------------------------------------------------------------------------------------
Option Explicit

Private Const PROCESS_QUERY_INFORMATION     As Long = 1024
Private Const PROCESS_VM_READ               As Long = 16
Private Const MAX_PATH                      As Long = 260

Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal Handle As Long) As Long
Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long
Private Declare Function EnumProcessModules Lib "psapi.dll" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long
Private Declare Function GetModuleFileNameExA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal sName As String, ByVal lSize As Long) As Long
Private Declare Function GetModuleBaseNameA Lib "psapi.dll" (ByVal lProc As Long, ByVal hModule As Long, ByVal lpBaseName As String, ByVal lSize As Long) As Long

Public Function ProcessPathByPID(ByVal lPID As Long, Optional ByVal bBase As Boolean) As String
    Dim lNeed               As Long
    Dim lvMods(1 To 200)    As Long
    Dim lRet                As Long
    Dim sName               As String * MAX_PATH
    Dim lSize               As Long
    Dim lProc               As Long

    lProc = OpenProcess(PROCESS_QUERY_INFORMATION Or PROCESS_VM_READ, 0, lPID)
           
    If Not lProc = 0 Then
               
        If EnumProcessModules(lProc, lvMods(1), 200, lNeed) Then
            If bBase Then
                lRet = GetModuleBaseNameA(lProc, lvMods(1), sName, MAX_PATH)
            Else
                lRet = GetModuleFileNameExA(lProc, lvMods(1), sName, MAX_PATH)
            End If
            If lRet = 0 Then
                ProcessPathByPID = "SYSTEM"
            Else
                ProcessPathByPID = Left$(sName, lRet)
            End If
        End If
        Call CloseHandle(lProc)
       
    Else
        ProcessPathByPID = "UNKNOWN"
    End If
   
End Function

Perdona, pero parece que estas buscando el source de lo que queres "programar"... Pensa un poquito y mira los ejemplos que hay en la web, estoy 100% seguro que hay ejemplos sin el control de WebBrowser

En PSC hay muchos ejemplos, usa google

Buen dato Leandro, es verdad se la pasa haciendo giladas sin necesidad aparte de crear una lista gigante de iconos!!! xD

Para mi es bastante util este u otro programa similar, por ejemplo para debuguear dll creadas para inyectar y cosas asi.

[Bueno no se porque pero esto me esta modificando la variable Expre ssion (lo separe para que no lo modifique) por epresionje]

Estaba al pe.. asi que hice esto una funcion que imita a la funcion Split, al parecer el split es detectado por la heuristica de los AVs asi que esto podria ser una buena opcion supongo.

Bueno no se porque pero esto me esta modificando la variable Expre ssion (lo separe para que no lo modifique) por epresionje

Código (vb) [Seleccionar] Expandir


'---------------------------------------------------------------------------------------
' Procedure : SplitAlter
' DateTime  : 16/09/2008 22:58
' Author    : Cobein
' Mail      : cobein27@yahoo.com
' Purpose   : Complete Split Replacement
'---------------------------------------------------------------------------------------
Private Function SplitAlter(ByVal epresionje As String, Optional ByVal Delimiter As String, Optional ByVal Limit As Long = -1) As String()
    Dim lLastPos    As Long
    Dim lIncrement  As Long
    Dim lExpLen     As Long
    Dim lDelimLen   As Long
    Dim lUbound     As Long
    Dim svTemp()    As String
   
    lExpLen = Len(epresionje)
   
    If Delimiter = vbNullString Then Delimiter = " "
    lDelimLen = Len(Delimiter)
    If Limit = 0 Then GoTo QuitHere
    If lExpLen = 0 Then GoTo QuitHere
    If InStr(1, epresionje, Delimiter, vbBinaryCompare) = 0 Then GoTo QuitHere
   
    ReDim svTemp(0)
    lLastPos = 1
    lIncrement = 1
   
    Do
        If lUbound + 1 = Limit Then
            svTemp(lUbound) = Mid$(epresionje, lLastPos)
            Exit Do
        End If
        lIncrement = InStr(lIncrement, epresionje, Delimiter, vbBinaryCompare)
        If lIncrement = 0 Then
            If Not lLastPos = lExpLen Then
                svTemp(lUbound) = Mid$(epresionje, lLastPos)
            End If
            Exit Do
        End If
        svTemp(lUbound) = Mid$(epresionje, lLastPos, lIncrement - lLastPos)
        lUbound = lUbound + 1
        ReDim Preserve svTemp(lUbound)
        lLastPos = lIncrement + lDelimLen
        lIncrement = lLastPos
    Loop
   
    ReDim Preserve svTemp(lUbound)
    SplitAlter = svTemp
   
    Exit Function
   
QuitHere:
    ReDim SplitAlter(-1 To -1)
End Function


Gracias por los comentarios, estaria bueno recibir algun tipo de sugerencia o comentario referido al funcionamiento etc.

Bueno, estaba trabajando en este proyecto y me gustaria ver que opinan del mismo, esta incompleto para mi gusto pero es totalmente funcional.

TheBug is an application that lets you monitor debug output on your local system. It is capable of displaying Win32 debug output generated by standard debug print APIs, so you don’t need a debugger to catch the debug output your applications generate, and you don't need to modify your applications to use non-Windows debug functions in order to view its debug output.

Descaraga: http://www.uploadsourcecode.com.ar/d/HGGHHpVJsjtBbWOcgrobJcGiksO3Ghtb