Наши проекты:
Журнал · Discuz!ML · Wiki · DRKB · Помощь проекту |
||
ПРАВИЛА | FAQ | Помощь | Поиск | Участники | Календарь | Избранное | RSS |
[18.227.107.109] |
|
Страницы: (2) [1] 2 все ( Перейти к последнему сообщению ) |
Сообщ.
#1
,
|
|
|
столкнулся с такой проблемой... мне нужно созжать дамп памяти...у мелкософта в этом случае есть такая фитча как искуственный BSOD
в рееестр добавляем в раздел [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters] параметр "CrashOnCtrlScroll"=dword:00000001 нажимаем после чего Ctrl+ScrLk+ScrLk (Ctrl правый должен быть)и готово!!! но не тут то было... у меня клава беспроводная все от того же мелкомяхкого..+ usb к тому же... ps/2 подключаю - все ок! но появилась задумка по поводу того как сэмулировать нажатия этих клавиш либо может кто знает как вызвать эту функцию напрямую.. |
Сообщ.
#2
,
|
|
|
Убей csrss.exe
|
Сообщ.
#3
,
|
|
|
хотелось бы без лишних труппов)))
|
Сообщ.
#4
,
|
|
|
А какая разница?
|
Сообщ.
#5
,
|
|
|
пишет
C:\Documents and Settings\User>taskkill /f /im csrss.exe Ошибка: Не удается завершить процесс "csrss.exe" с идентификатором 816. Причина: Это критический системный процесс. Программа не может завершить его. как его еще можно грохнуть? программно? |
Сообщ.
#6
,
|
|
|
TerminateProcess, или заюзай более демократичный менеджер процессов, как, например, ProcessExplorer
|
Сообщ.
#7
,
|
|
|
Заюзал такой код
Option Explicit Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal Handle As Long) As Long Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long Private Declare Function EnumProcesses Lib "PSAPI.DLL" (ByRef lpidProcess As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long Private Declare Function GetModuleFileNameExA Lib "PSAPI.DLL" (ByVal hProcess As Long, ByVal hModule As Long, ByVal ModuleName As String, ByVal nSize As Long) As Long Private Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Const MAX_PATH = 260 Private Const PROCESS_ALL_ACCESS = &H1F0FFF Public Sub GetProcesses(ByVal EXEName As String) 'Cieiaao ana i?ioannu ii eiaie EXEName Dim booResult As Boolean Dim lngLength As Long Dim strProcessName As String Dim lngCBSize As Long Dim lngCBSizeReturned As Long Dim lngNumElements As Long Dim lngCBSize2 As Long Dim lngModules(1 To 200) As Long Dim lngReturn As Long Dim strModuleName As String Dim lngSize As Long Dim lngHwndProcess As Long Dim lngLoop As Long Dim strProcName2 As String Dim strProcName As String On Error GoTo Error_handler booResult = False EXEName = UCase$(Trim$(EXEName)) lngLength = Len(EXEName) lngCBSize = 8 lngCBSizeReturned = 96 Do While lngCBSize <= lngCBSizeReturned DoEvents lngCBSize = lngCBSize * 2 ReDim lngProcessIDs(lngCBSize / 4) As Long lngReturn = EnumProcesses(lngProcessIDs(1), lngCBSize, lngCBSizeReturned) Loop lngNumElements = lngCBSizeReturned / 4 For lngLoop = 1 To lngNumElements DoEvents lngHwndProcess = OpenProcess(PROCESS_ALL_ACCESS, 1, lngProcessIDs(lngLoop)) If lngHwndProcess <> 0 Then lngReturn = EnumProcessModules(lngHwndProcess, lngModules(1), 200, lngCBSize2) If lngReturn <> 0 Then strModuleName = Space(MAX_PATH) lngSize = 500 lngReturn = GetModuleFileNameExA(lngHwndProcess, lngModules(1), strModuleName, lngSize) strProcessName = Left(strModuleName, lngReturn) strProcessName = UCase$(Trim$(strProcessName)) strProcName2 = GetElement(Trim(Replace(strProcessName, Chr$(0), "")), "\", 0, 0, GetNumElements(Trim(Replace(strProcessName, Chr$(0), "")), "\") - 1) If strProcName2 = EXEName Then TerminateProcess lngHwndProcess, 0 End If End If lngReturn = CloseHandle(lngHwndProcess) DoEvents Next IsProcessRunning_Exit: Exit Sub Error_handler: Err.Raise Err, Err.Source, "ProcessInfo", Error Resume Next End Sub Private Function StrZToStr(s As String) As String StrZToStr = Left$(s, Len(s) - 1) End Function Private Function GetElement(ByVal strList As String, ByVal strDelimiter As String, ByVal lngNumColumns As Long, ByVal lngRow As Long, ByVal lngColumn As Long) As String Dim lngCounter As Long strList = strList & strDelimiter lngColumn = IIf(lngRow = 0, lngColumn, (lngRow * lngNumColumns) + lngColumn) For lngCounter = 0 To lngColumn - 1 strList = Mid$(strList, InStr(strList, strDelimiter) + Len(strDelimiter), Len(strList)) If Len(strList) = 0 Then GetElement = "" Exit Function End If Next lngCounter GetElement = Left$(strList, InStr(strList, strDelimiter) - 1) End Function Private Function GetNumElements(ByVal strList As String, ByVal strDelimiter As String) As Integer Dim intElementCount As Integer If Len(strList) = 0 Then GetNumElements = 0 Exit Function End If strList = strList & strDelimiter While InStr(strList, strDelimiter) > 0 intElementCount = intElementCount + 1 strList = Mid$(strList, InStr(strList, strDelimiter) + 1, Len(strList)) Wend GetNumElements = intElementCount End Function Убивает все, но csrss.exe не хочет убиваться!!! может кто еще что предложит? ил подправить в коде нужно что нить? али кто софтайсом владеет и может определить какая функция вызывается при "CrashOnCtrlScroll"=dword:00000001 + "Ctrl+ScrLk+ScrLk" |
Сообщ.
#8
,
|
|
|
Цитата eip @ Ну положим это функция KeBugCheck, что дальше будешь с ней делать?)ли кто софтайсом владеет и может определить какая функция Цитата eip @ Так выясни что именно из не работает csrss.exe не хочет убиваться |
Сообщ.
#9
,
|
|
|
Цитата ANDLL @ KeBugCheck может KeBugCheckEx ?, ты бы проверил сначала а потом писал! может перед этим после нажатия контрола и скроллоков еще что нибудь вызывается... |
Сообщ.
#10
,
|
|
|
|
Сообщ.
#11
,
|
|
|
eip, не шуми. Код ты нашел занятный, попробуй поискать еще, желательно с установкой привилегии SE_DEBUG_NAME
|
Сообщ.
#12
,
|
|
|
дополнено и переработано
осталось решить проблему с предупреждением которое вылезает при убийстве csrss.exe Option Explicit Private Declare Function CloseHandle Lib "Kernel32.dll" (ByVal Handle As Long) As Long Private Declare Function OpenProcess Lib "Kernel32.dll" (ByVal dwDesiredAccessas As Long, ByVal bInheritHandle As Long, ByVal dwProcId As Long) As Long Private Declare Function EnumProcesses Lib "PSAPI.DLL" (ByRef lpidProcess As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long Private Declare Function GetModuleFileNameExA Lib "PSAPI.DLL" (ByVal hProcess As Long, ByVal hModule As Long, ByVal ModuleName As String, ByVal nSize As Long) As Long Private Declare Function EnumProcessModules Lib "PSAPI.DLL" (ByVal hProcess As Long, ByRef lphModule As Long, ByVal cb As Long, ByRef cbNeeded As Long) As Long Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long Private Declare Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LUID) As Long Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long Private Const MAX_PATH = 260 Private Const PROCESS_ALL_ACCESS = &H1F0FFF Private Type LUID LowPart As Long HighPart As Long End Type Private Type TOKEN_PRIVILEGES PrivilegeCount As Long TheLuid As LUID Attributes As Long End Type Public Sub GetProcesses(ByVal EXEName As String) 'Cíèìàåò âñå ïðîöåññû ïî èìåíè EXEName Dim booResult As Boolean Dim lngLength As Long Dim strProcessName As String Dim lngCBSize As Long Dim lngCBSizeReturned As Long Dim lngNumElements As Long Dim lngCBSize2 As Long Dim lngModules(1 To 200) As Long Dim lngReturn As Long Dim strModuleName As String Dim lngSize As Long Dim lngHwndProcess As Long Dim lngLoop As Long Dim strProcName2 As String Dim strProcName As String On Error GoTo Error_handler booResult = False EXEName = UCase$(Trim$(EXEName)) lngLength = Len(EXEName) lngCBSize = 8 lngCBSizeReturned = 96 Do While lngCBSize <= lngCBSizeReturned DoEvents lngCBSize = lngCBSize * 2 ReDim lngProcessIDs(lngCBSize / 4) As Long lngReturn = EnumProcesses(lngProcessIDs(1), lngCBSize, lngCBSizeReturned) Loop lngNumElements = lngCBSizeReturned / 4 For lngLoop = 1 To lngNumElements DoEvents lngHwndProcess = OpenProcess(PROCESS_ALL_ACCESS, 1, lngProcessIDs(lngLoop)) If lngHwndProcess <> 0 Then lngReturn = EnumProcessModules(lngHwndProcess, lngModules(1), 200, lngCBSize2) If lngReturn <> 0 Then strModuleName = Space(MAX_PATH) lngSize = 500 lngReturn = GetModuleFileNameExA(lngHwndProcess, lngModules(1), strModuleName, lngSize) strProcessName = Left(strModuleName, lngReturn) strProcessName = UCase$(Trim$(strProcessName)) strProcName2 = GetElement(Trim(Replace(strProcessName, Chr$(0), "")), "\", 0, 0, GetNumElements(Trim(Replace(strProcessName, Chr$(0), "")), "\") - 1) If strProcName2 = EXEName Then ProcessTerminate lngHwndProcess, 0 'TerminateProcess lngHwndProcess, 0 End If End If lngReturn = CloseHandle(lngHwndProcess) DoEvents Next IsProcessRunning_Exit: Exit Sub Error_handler: Err.Raise Err, Err.Source, "ProcessInfo", Error Resume Next End Sub Private Function StrZToStr(s As String) As String StrZToStr = Left$(s, Len(s) - 1) End Function Private Function GetElement(ByVal strList As String, ByVal strDelimiter As String, ByVal lngNumColumns As Long, ByVal lngRow As Long, ByVal lngColumn As Long) As String Dim lngCounter As Long strList = strList & strDelimiter lngColumn = IIf(lngRow = 0, lngColumn, (lngRow * lngNumColumns) + lngColumn) For lngCounter = 0 To lngColumn - 1 strList = Mid$(strList, InStr(strList, strDelimiter) + Len(strDelimiter), Len(strList)) If Len(strList) = 0 Then GetElement = "" Exit Function End If Next lngCounter GetElement = Left$(strList, InStr(strList, strDelimiter) - 1) End Function Private Function GetNumElements(ByVal strList As String, ByVal strDelimiter As String) As Integer Dim intElementCount As Integer If Len(strList) = 0 Then GetNumElements = 0 Exit Function End If strList = strList & strDelimiter While InStr(strList, strDelimiter) > 0 intElementCount = intElementCount + 1 strList = Mid$(strList, InStr(strList, strDelimiter) + 1, Len(strList)) Wend GetNumElements = intElementCount End Function Function ProcessTerminate(Optional lProcessID As Long, Optional lHwndWindow As Long) As Boolean Dim lhwndProcess As Long Dim lExitCode As Long Dim lRetVal As Long Dim lhThisProc As Long Dim lhTokenHandle As Long Dim tLuid As LUID Dim tTokenPriv As TOKEN_PRIVILEGES, tTokenPrivNew As TOKEN_PRIVILEGES Dim lBufferNeeded As Long Const PROCESS_ALL_ACCESS = &H1F0FFF, PROCESS_TERMINATE = &H1 Const ANYSIZE_ARRAY = 1, TOKEN_ADJUST_PRIVILEGES = &H20 Const TOKEN_QUERY = &H8, SE_DEBUG_NAME As String = "SeDebugPrivilege" Const SE_PRIVILEGE_ENABLED = &H2 On Error Resume Next If lHwndWindow Then 'Get the process ID from the window handle lRetVal = GetWindowThreadProcessId(lHwndWindow, lProcessID) End If If lProcessID Then 'Give Kill permissions to this process lhThisProc = GetCurrentProcess OpenProcessToken lhThisProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, lhTokenHandle LookupPrivilegeValue "", SE_DEBUG_NAME, tLuid 'Set the number of privileges to be change tTokenPriv.PrivilegeCount = 1 tTokenPriv.TheLuid = tLuid tTokenPriv.Attributes = SE_PRIVILEGE_ENABLED 'Enable the kill privilege in the access token of this process AdjustTokenPrivileges lhTokenHandle, False, tTokenPriv, Len(tTokenPrivNew), tTokenPrivNew, lBufferNeeded 'Open the process to kill lhwndProcess = OpenProcess(PROCESS_TERMINATE, 0, lProcessID) If lhwndProcess Then 'Obtained process handle, kill the process ProcessTerminate = CBool(TerminateProcess(lhwndProcess, lExitCode)) Call CloseHandle(lhwndProcess) End If End If On Error GoTo 0 End Function Добавлено shutdown -a (антяЙад) |
Сообщ.
#13
,
|
|
|
Хм. Значит, не csrss.exe вызывает BSOD. Попробуй прибить winlogon
|
Сообщ.
#14
,
|
|
|
кажется на домной стебаются
ща все процессы грохну)) |
Сообщ.
#15
,
|
|
|
Нет, просто ты тупишь или не пытаешься напрячь мозг и понять окружающих. Полагая видимо что твоя проблема когото еще интересует больше чем тебя
|