EnumProcesses:Int[]() 'liefert einen Integer-Array, welcher die PID's aller Prozesse enthält

   GetProcessName:String(pid:Int)

   GetProcessByName:Int[](name$) 'liefert einen Integer-Array, welcher die PID's aller Prozesse mit dem angegebenen namen enthält

   KillProcess:Int(pid:Int)

Framework brl.standardio
Import ind.process
Strict



Local prozesse:Int[]
Local i:Int
Local name:String



' PROZESSE AUFLISTEN

prozesse=enumprocesses() 'PIDs ermitteln






If prozesse=Null Then RuntimeError("Konnte Prozesse nicht auflisten!")
      
      Print "~r~nEs laufen zur Zeit "+prozesse.length+" Prozesse"
      Print "Liste:"
      Print "~r~n------------------------------~r~n"
      Print "Nummer PID Name"
      Print "~r~n------------------------------~r~n"



For i=0 To prozesse.length-1


   'zu jeder PID den namen ermitteln
   name=getprocessname(prozesse[i])
   
   
   
   If name=Null Then name="<konnte nicht auslesen>"

   Print   "("+i+") "+prozesse[i]+" "+name
   
   
   

Next



Print "~r~n------------------------------~r~n"


Local eingabe:String
Local treffer:Int[]

Print("Geben sie den Namen einer Anwendung ein, z.B. ~qcmd.exe~q")

eingabe=Input("Wahl:")


treffer=getprocessbyname(eingabe) 'int array mit treffern ermitteln

If treffer=Null Then

   Print "Prozess laeuft nicht!"

Else

   Print "Prozess laeuft "+treffer.length+" mal"
   
   Local pids:String
   
   For i=0 To treffer.length-1
   
      pids=pids+","+treffer[i] 'durchgehen und PIDs entnehmen
   
   Next
   
   Print "PID's:"+pids[1..]
   

   Print "~r~nMoechten Sie diese Processe killen?"
   
Repeat   
   eingabe=Input("[J]a / [N]ein: ").tolower()
   
   If eingabe="j" Then
   
      For i=0 To treffer.length-1
   
         Print "Kille Prozess "+treffer[i]   
         If KillProcess(treffer[i]) Then
            Print "ERFOLGREICH!"
            Else
            Print "Fehlgeschlagen"
         End If
   
      Next

      
   
   End If
   
   If eingabe="n" Or eingabe="j" Then Exit   
   
Forever


End If



End

Module IND.PROCESS

ModuleInfo "Version: 1.00"
ModuleInfo "Author: goinginsane@arcor.de / UIN: 465-967-879"


Import "-ladvapi32"
Import "-lpsapi"

Strict



Extern "win32"

   Function OpenProcess(p1:Int,p2:Int,id:Int)
   Function _EnumProcesses(pProcessIds:Byte Ptr,size:Int,byteret:Int Ptr)="EnumProcesses@12"
   Function _TerminateProcess(handle:Int,bla:Int)="TerminateProcess@8"
   Function CloseHandle(handle:Int)
   Function EnumProcessModules(hProcess:Int,lphModule:Byte Ptr,cb:Int,lpcbNeeded:Int Ptr)
   Function GetModuleBaseName(hProcess:Int,bla:Int,lpBaseName:Byte Ptr,nSize:Int)="GetModuleBaseNameA@16"
End Extern

Rem
bbdoc: retrieve all processes that equals the given name
returns: an integer array containing the pid's
End Rem
Function GetProcessByName:Int[](name:String,buffsize:Int=10)
   name=name.tolower()
   Local plist:Int[]
   Local i:Int,j:Int
   Local buffer:Int[buffsize]
   Local ret:Int[]
   

   plist=Enumprocesses()
   
   If plist=Null Then Return Null
   
   For i=0 To plist.length-1
   
   
      If GetProcessName(plist[i]).tolower()=name Then
         buffer[j]=plist[i]
         
         j:+1
         If(j=buffsize) Then Return GetProcessByName(name,buffsize+10)

      End If
   
   
   Next
   
   If j=0 Then Return Null
   
   ret=New Int[j]
   MemCopy(ret,buffer,j*4)
   
   Return ret

End Function

Rem
bbdoc: get the name of a process
returns: name:String
End Rem
Function GetProcessName:String(pid:Int)

   Const MAX_PATH=260
   Local handle:Int
   Local mem:Byte Ptr
   Local need:Int

   handle=OpenProcess(1024|16,0,pid)
   If handle=0 Then Return Null
   
Rem   hmm.. das wollte nüch :(
   Local size:Int=100

   Repeat
   
      size:+100
      
      mem=MemAlloc(size)
   
      If Not EnumProcessModules(handle,mem,size,Varptr need) Then
      
         MemFree(mem)
         CloseHandle(handle)
         Return Null
         
      End If
      
      
   
   Until need<=size
End Rem
   '
   
   Local szProcessName:Byte[]
   szProcessName=New Byte[MAX_PATH]
   
   GetModuleBaseName(handle,0,Varptr szProcessName[0],MAX_PATH)
   
'   MemFree(mem)
   CloseHandle(handle)
   
   Return String.fromCString(szProcessName)

End Function

Rem
bbdoc: terminates the process <pid>
returns: TRUE if successfull
End Rem
Function KillProcess:Int(pid:Int)
   Local handle:Int
   Local success:Int
   handle=OpenProcess(1, 0, pid)
   If handle=0 Then Return 0
   success=_TerminateProcess(handle,-1)
   CloseHandle(handle)
   Return success
End Function

Rem
bbdoc: lists all running processes
returns: an integer array holding the pid's
End Rem
Function EnumProcesses:Int[]()

   Local mem:Byte Ptr
   Local size:Int=100
   Local ret:Int
   Local array:Int[]
   
   Repeat
   
      size:+100
      
      mem=MemAlloc(size)
      
      If Not _EnumProcesses(mem,size,Varptr ret) Then
         MemFree(mem)
         Return Null
      End If

   Until size>ret
   
   array=New Int[ret/4]
   
   MemCopy(Varptr array[0],mem,ret)
   MemFree(mem)
   
   
   Return array
   
End Function

Framework brl.standardio
Import ind.processmem 'importiert ebenfalls ind.process

Strict




Global pid:Int,pids:Int[]

pids=getprocessbyname("memapp.exe")

If pids=Null Then RuntimeError("Prozess läuft nicht!")

pid=pids[0] 'läuft ja nur 1x



Global ADRESSE=ADRESSE_HIER_EINFUEGEN


Global stream:TProcessMemStream=New TProcessMemStream


stream.attach(pid,ADRESSE,1,1) 'parameter size ist optional.. 1 wäre hier sinnvoll.. aber achtung: falls size benutzt

wurde und zu einer anderen adresse gewechselt werden soll muss das per attach() passieren, da es bei seek() sonst zu

problemem kommt...

Print "Teste:"
lesetest()
schreibtest()
lesetest()

'stream.close() überflüssig!
End





Function lesetest()

Local a:Byte

stream.seek(ADRESSE)
a=stream.readbyte()

Print "Ausgelesen:"+a

End Function






Function schreibtest()

stream.seek(ADRESSE)
stream.writebyte(7)

End Function

Framework brl.standardio

Global a:Byte=42

Print "Adresse von a:"+String(Int(Varptr a))

Print "jetzt Addresse kopieren!"

Input("anderes programm starten. dann taste druecken")


Print "Variable a hat den wert:"+a
Input("taste druecken")
End

Module ind.processmem

ModuleInfo "Version: 1.00"
ModuleInfo "Author: goinginsane@arcor.de / UIN: 465-967-879"


Import ind.process
Import brl.stream




Strict

Const PROCESS_VM_READ=16
Const PROCESS_VM_WRITE=32
Const PROCESS_VM_OPERATION=8

Extern "win32"

   Function _ReadProcessMemory(hProcess:Int,lpBaseAddress:Int,lpBuffer:Byte

Ptr,nSize:Int,lpNumberOfBytesRead:Int)="ReadProcessMemory@20"
   Function _WriteProcessMemory(hProcess:Int,lpBaseAddress:Int,lpBuffer:Byte

Ptr,nSize:Int,lpNumberOfBytesWritten:Int)="WriteProcessMemory@20"
End Extern


Rem
bbdoc: process memory input/output stream
about: to access the memory of a process create a new TProcessMemoryStream and use .attach()<br>it isn't

necessary to specifie a size<br>The stream can be accessed like a normal tstream<br>when size is given you shouldn't

use seek(); use attach() instead!
End Rem
Type TProcessMemStream Extends TStream 'mal flott kopiert vom ramstream un bissle umgemurkst ;)

   Field _pos,_size,_read,_write
   Field _pid:Int
   

   Method Pos()
      Return _pos
   End Method

   Method Size()
      Return _size
   End Method
   
   Method Eof()
      Return _pos=_size And _size<>0
   End Method

   Method Seek( pos )
      If pos<0 pos=0 Else If pos>_size And _size<>0 pos=_size
      _pos=pos
      Return _pos
   End Method
   
   

   Method Read( buf:Byte Ptr,count )
      If count<=0 Or _read=False Then Throw New TStreamReadException

      If _pos+count>_size And _size<>0 count=_size-_pos
      
      Local buff:Byte[]
      buff=ReadProcessMemory(_pid,_pos,count)
      If Not buff Then Throw New TStreamReadException
      
      MemCopy buf,Varptr buff[0],count
      _pos:+count
      Return count
   End Method

   Method Write( buf:Byte Ptr,count )
      If count<=0 Or _write=False Then Throw New TStreamwriteException
      If _pos+count>_size And _size<>0 Then count=_size-_pos
      
      
      If Not WriteProcessMemory(_pid,_pos,Null,buf,count) Then Throw New

TStreamWriteException

      'MemCopy _buf+_pos,buf,count
      _pos:+count
      Return count
   End Method
Rem
   Function Create:TRamStream( addr:Int ,size,readable,writeable )
      Local stream:TRamStream=New TRamStream
      stream._pos=0
      stream._size=size
      stream._buf=buf
      stream._read=readable
      stream._write=writeable
      Return stream
   End Function
   
End Rem   
   

   Method attach(pid:Int,addr:Int,readable:Int,writeable:Int,size:Int=0)

   

      _pos=addr
      _pid=pid
      _read=readable
      _write=writeable
      If size<>0 Then _size=addr+size
      
   End Method
   
End Type


Rem
bbdoc: process memory read function
about: used by TProcessMemStream
End Rem
Function ReadProcessMemory:Byte[](pid:Int,addr:Int,bytes:Int)

   Local handle:Int
   Local buff:Byte[bytes]
   
   handle=OpenProcess(PROCESS_VM_READ,0,pid)
   
   If handle=Null Then Return Null
   
   If Not _ReadProcessMemory(handle,addr,Varptr buff[0],bytes,0) Then    

CloseHandle(handle);Return Null
   CloseHandle(handle)
   Return buff

End Function


Rem
bbdoc: process memory write function
about: used by TProcessMemStream
End Rem
Function WriteProcessMemory:Int(pid:Int,addr:Int,buff:Byte[],p:Byte Ptr=Null,count:Int=0)

   Local handle:Int


   handle=OpenProcess(PROCESS_VM_WRITE|PROCESS_VM_OPERATION,0,pid)
   
   If handle=Null Then Return 0
   If p Then
   If Not _WriteProcessMemory(handle,addr,p,count,0) Then    CloseHandle(handle);Return 0
   
   Else
   If Not _WriteProcessMemory(handle,addr,Varptr buff[0],buff.length,0) Then    

CloseHandle(handle);Return 0

   End If
   
   CloseHandle(handle)
   Return 1

End Function

Function lesetest()

Local a:Byte[]

a=ReadProcessMemory(pid,ADRESSE,1)

Print "Ausgelesen:"+a[0]

End Function






Function schreibtest()

Local a:Byte[1]

a[0]=7

WriteProcessMemory(pid,ADRESSE,a)

End Function