Recent

Author Topic: [SOLVED] Getting processes and owners  (Read 5502 times)

TyneBridges

  • Full Member
  • ***
  • Posts: 150
    • Personal blog
[SOLVED] Getting processes and owners
« on: August 21, 2020, 03:59:14 pm »
With a lot of help from users of this forum, I can now get a Windows service to detect user logons. However, for this feature to be any use I also need the user name. On investigation I have discovered that getting the user name from an environment variable doesn't work. Conventional methods will often give 'SYSTEM' or the host name followed by a $ because the service is not running as a user but under the system account. It seems a workaround is to get the owner of the process explorer.exe (the Windows Explorer), as this will always be running. This also isn't easy because it involves low-level programming.

I found the following code online (thanks to Rodrigo on https://theroadtodelphi.com/2011/11/06/wmi-tasks-using-delphi-%E2%80%93-processes/). This is unchanged apart from the count, which I added.
Code: Pascal  [Select][+][-]
  1. const
  2.   wbemFlagForwardOnly = $00000020;
  3. var
  4.    Count: Integer;
  5.    ErrorMsg: String;
  6.    FSWbemLocator : OLEVariant;
  7.    FWMIService   : OLEVariant;
  8.    FWbemObjectSet: OLEVariant;
  9.    FWbemObject   : OLEVariant;
  10.    oEnum         : IEnumvariant;
  11.    iValue        : LongWord;
  12.    NameOfUser    : OleVariant;
  13.    UserDomain    : OleVariant;
  14.  
  15. begin
  16.       // quick check parameters
  17.       ErrorMsg:=CheckOptions('h', 'help');
  18.       if ErrorMsg<>'' then begin
  19.             ShowException(Exception.Create(ErrorMsg));
  20.             Terminate;
  21.             Exit;
  22.       end;
  23.  
  24.       // parse parameters
  25.       if HasOption('h', 'help') then begin
  26.             WriteHelp;
  27.             Terminate;
  28.             Exit;
  29.       end;
  30.  
  31.       begin;
  32.         Count:= 0;
  33.         FSWbemLocator:= CreateOleObject('WbemScripting.SWbemLocator');
  34.         FWMIService:= FSWbemLocator.ConnectServer('localhost', 'root\CIMV2', '', '');
  35.         FWbemObjectSet:= FWMIService.ExecQuery('SELECT * FROM Win32_Process', 'WQL', wbemFlagForwardOnly);
  36.         oEnum:= IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  37.         while oEnum.Next(1, FWbemObject, iValue) = 0 do
  38.         begin
  39.           Inc(Count);
  40.           Write(IntToStr(Count) + ': ');
  41.           FWbemObject.GetOwner(NameOfUser, UserDomain);
  42.           Writeln(Format('Process  %s is owned by %s\%s',[String(FWbemObject.Name),String(NameOfUser), String(UserDomain)]));
  43.           FWbemObject:= Unassigned;
  44.         end;
  45.       end;
  46.       // stop program loop
  47.       Terminate;
  48. end;    
  49.  

It looks as if it should list all running processes and their owners. It's intended for Delphi but it compiled and ran in Lazarus as a console application for me but then failed immediately with the error
Code: Text  [Select][+][-]
  1. 1: Exception at 00000001000399F8: EVariantTypeCastError:
  2. Could not convert variant of type (Null) into type (String).

Of course, my understanding of objects is not good enough to fully get what this is doing (in particular, the types of the subvalues in the objects). I tried adding the condition "If Assigned(FWbemObject.Name)" then and then "If Assigned(FWbemObject)" then to the start of the Writeln but then the application wouldn't compile.

I have two questions:

1) Can anyone tell me what condition I need to add to avoid the error? and
2) Will the adapted code also work in a service, or is it again accessing processes not available there?

Thank you.
« Last Edit: August 26, 2020, 07:54:14 pm by TyneBridges »
John H, north east England
Lover of the old Delphi, still inexperienced with FPC/Lazarus and not an instinctive programmer

TyneBridges

  • Full Member
  • ***
  • Posts: 150
    • Personal blog
Re: [SOLVED] Getting processes and owners
« Reply #1 on: August 21, 2020, 04:43:47 pm »
A bit more hunting revealed the answer. Adding the following early in the program avoided triggering the error:

Code: Pascal  [Select][+][-]
  1. NullStrictConvert:= False;

I'd still be interested to know whether the general approach should work in a service, although I guess I just need to try it and see...
« Last Edit: August 21, 2020, 04:59:38 pm by TyneBridges »
John H, north east England
Lover of the old Delphi, still inexperienced with FPC/Lazarus and not an instinctive programmer

PascalDragon

  • Hero Member
  • *****
  • Posts: 5815
  • Compiler Developer
Re: Getting processes and owners
« Reply #2 on: August 21, 2020, 05:49:34 pm »
With a lot of help from users of this forum, I can now get a Windows service to detect user logons. However, for this feature to be any use I also need the user name. On investigation I have discovered that getting the user name from an environment variable doesn't work. Conventional methods will often give 'SYSTEM' or the host name followed by a $ because the service is not running as a user but under the system account. It seems a workaround is to get the owner of the process explorer.exe (the Windows Explorer), as this will always be running. This also isn't easy because it involves low-level programming.

From what I can see to retrieve the user name from the session ID you should be able to simply use WTSQuerySessionInformation with hServer set to WTS_CURRENT_SERVER_HANDLE. It's provided in FPC by unit JwaWtsApi32.

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11992
  • FPC developer.
Re: Getting processes and owners
« Reply #3 on: August 22, 2020, 12:32:35 am »
1) Can anyone tell me what condition I need to add to avoid the error? and

Probably you need to use varisnul()

Jurassic Pork

  • Hero Member
  • *****
  • Posts: 1255
Re: Getting processes and owners
« Reply #4 on: August 22, 2020, 01:38:34 am »
hello,
As Marcov suggested, use varisnull function, like that for example :
Code: Pascal  [Select][+][-]
  1. if varisnull(NameOfUser) or  varisnull(UserDomain) then
  2.     Writeln(Format('Process  %s : owner not found',[String(FWbemObject.Name)]))
  3. else
  4.     Writeln(Format('Process  %s is owned by %s\%s',[String(FWbemObject.Name),String(NameOfUser), String(UserDomain)]));
  5.  
Friendly, J.P
« Last Edit: August 22, 2020, 01:40:30 am by Jurassic Pork »
Jurassic computer : Sinclair ZX81 - Zilog Z80A à 3,25 MHz - RAM 1 Ko - ROM 8 Ko

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 11992
  • FPC developer.
Re: Getting processes and owners
« Reply #5 on: August 22, 2020, 01:56:33 pm »
Apropos, as result of an earlier WMI related question I made a small unit with an iterator for simple WMI queries.

it changes syntax like this:
Code: Pascal  [Select][+][-]
  1.  oEnum:= IUnknown(FWbemObjectSet._NewEnum) as IEnumVariant;
  2.         while oEnum.Next(1, FWbemObject, iValue) = 0 do
  3. ...
  4.  

to

Code: Pascal  [Select][+][-]
  1. var
  2.   obj           : OLEVariant;
  3.   listiter      : oEnumIterator;
  4.   for obj in listiter.Enumerate(FWbemObjectset) do
  5.  

which beside neither saves on some variable declarations because they are bundled in the iterator record.

TyneBridges

  • Full Member
  • ***
  • Posts: 150
    • Personal blog
Re: Getting processes and owners
« Reply #6 on: August 23, 2020, 08:06:28 pm »
With a lot of help from users of this forum, I can now get a Windows service to detect user logons. However, for this feature to be any use I also need the user name. On investigation I have discovered that getting the user name from an environment variable doesn't work. Conventional methods will often give 'SYSTEM' or the host name followed by a $ because the service is not running as a user but under the system account. It seems a workaround is to get the owner of the process explorer.exe (the Windows Explorer), as this will always be running. This also isn't easy because it involves low-level programming.

From what I can see to retrieve the user name from the session ID you should be able to simply use WTSQuerySessionInformation with hServer set to WTS_CURRENT_SERVER_HANDLE. It's provided in FPC by unit JwaWtsApi32.

I've tried the following:
Code: Pascal  [Select][+][-]
  1. procedure TDaemon1.DataModuleControlCodeEvent(Sender: TCustomDaemon;
  2. ACode, AEventType: DWord; AEventData: Pointer; var Handled: Boolean);
  3. var evtype, sessionid: String;
  4.     DebugLog: TextFile;
  5.     GotIt: Boolean;
  6.     InfoClass: WTS_INFO_CLASS;
  7.     ResBytes: DWord;
  8.     Buf: Pointer;
  9.     SID: LongWord;
  10.  
  11. begin  // DataModuleControlEvent
  12.      // Remove 5 lines below and file declaration once this bit is debugged. The line below should ALWAYS be written if a user has logged on
  13.      NMsg:= 'Control event received ' + CT;
  14.      OurPath:= Copy(Paramstr(0), 1, LastPos('\', ParamStr(0)));
  15.      AssignFile(DebugLog, OurPath + 'debug.txt');
  16.      Rewrite(DebugLog);
  17.      Writeln(DebugLog, NMsg);
  18.      Flush(DebugLog);
  19.  
  20.      if ACode = SERVICE_CONTROL_SESSIONCHANGE then begin
  21.        case aEventType of
  22.        WTS_CONSOLE_CONNECT:
  23.             evtype:= 'Console Connect';
  24.        WTS_CONSOLE_DISCONNECT:
  25.             evtype:= 'Console Disconnect';
  26.        WTS_REMOTE_CONNECT:
  27.             evtype:= 'Remote Connect';
  28.        WTS_REMOTE_DISCONNECT:
  29.             evtype:= 'Remote Disconnect';
  30.        WTS_SESSION_LOGON:
  31.             evtype:= 'Session Logon';
  32.        WTS_SESSION_LOGOFF:
  33.             evtype:= 'Session Logoff';
  34.        WTS_SESSION_LOCK:
  35.             evtype:= 'Session Lock';
  36.        WTS_SESSION_UNLOCK:
  37.            evtype:= 'Session Unlock';
  38.        WTS_SESSION_REMOTE_CONTROL:
  39.             evtype:= 'Session Remote Control';
  40.        else
  41.             evtype:= Format('Unknown event type %d', [aEventType])
  42.        end;
  43.        if Assigned(aEventData) then
  44.        begin
  45.             SID:= PWTSSESSION_NOTIFICATION(aEventData)^.dwSessionId;
  46.             sessionid:= Format('%d', [PWTSSESSION_NOTIFICATION(aEventData)^.dwSessionId])
  47.        end else
  48.        begin
  49.             SID:= 0;
  50.             sessionid:= 'None';
  51.         end;
  52.  
  53.        NMsg:= Format('Session Change of type ''%s'' with session %s', [evtype, sessionid]);
  54.        GotIt:= WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SID, InfoClass, Buf, ResBytes);
  55.        If GotIt then NMsg:= NMsg + chr(13) + InfoClass.WTSUserName;
  56.        Writeln(DebugLog, NMsg);
  57.        CloseFile(DebugLog);
  58.     end;
  59. end;
  60.  

This fails to compile and gives the error identifier idents no member "WTSUserName" on line 55, although this seems to be the correct name for the subfield of the WTS_INFO_CLASS structure. I've probably missed something in the extraction of the data from the structure but can't find anything on line to clarify what to do.
John H, north east England
Lover of the old Delphi, still inexperienced with FPC/Lazarus and not an instinctive programmer

PascalDragon

  • Hero Member
  • *****
  • Posts: 5815
  • Compiler Developer
Re: Getting processes and owners
« Reply #7 on: August 24, 2020, 02:07:45 pm »
WTS_INFO_CLASS is an enum, not a record. You need to pass the WTSUserName enum value to WTSQuerySessionInformation to tell it what to store into the pointer you provided. That pointer has to to be allocated by you.

Code: Pascal  [Select][+][-]
  1. var
  2.   // ...
  3.   username: array[0..100] of Char;
  4.   len: DWord;
  5.   // ...
  6. begin
  7.   // ...
  8.   len := Length(username);
  9.   GotIt := WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SID, WTSUserName, @username[0], len);
  10.   if GotIt then
  11.     NMsg := NMsg + LineEnding + StrPas(@username);
  12.   // ...
  13. end;

TyneBridges

  • Full Member
  • ***
  • Posts: 150
    • Personal blog
Re: Getting processes and owners
« Reply #8 on: August 24, 2020, 04:58:45 pm »
WTS_INFO_CLASS is an enum, not a record. You need to pass the WTSUserName enum value to WTSQuerySessionInformation to tell it what to store into the pointer you provided. That pointer has to to be allocated by you.

Code: Pascal  [Select][+][-]
  1. var
  2.   // ...
  3.   username: array[0..100] of Char;
  4.   len: DWord;
  5.   // ...
  6. begin
  7.   // ...
  8.   len := Length(username);
  9.   GotIt := WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SID, WTSUserName, @username[0], len);
  10.   if GotIt then
  11.     NMsg := NMsg + LineEnding + StrPas(@username);
  12.   // ...
  13. end;

Thanks for the clarification, but I added the missing variables and substituted your line for the call to WTSQuerySessionInformation and the compiler still didn't like the call. It gave me the error "Can't assign values to a variable" at position 100. That seems to be @username[0] (where it names the parameter as ppBuffer: pointer).
John H, north east England
Lover of the old Delphi, still inexperienced with FPC/Lazarus and not an instinctive programmer

PascalDragon

  • Hero Member
  • *****
  • Posts: 5815
  • Compiler Developer
Re: Getting processes and owners
« Reply #9 on: August 25, 2020, 09:14:39 am »
Thanks for the clarification, but I added the missing variables and substituted your line for the call to WTSQuerySessionInformation and the compiler still didn't like the call. It gave me the error "Can't assign values to a variable" at position 100. That seems to be @username[0] (where it names the parameter as ppBuffer: pointer).

Ah, right, forgot that this is a var parameter. Try to add the following:

Code: Pascal  [Select][+][-]
  1. var
  2.   // ...
  3.   pusername: Pointer;
  4.   // ...
  5. begin
  6.   // ...
  7.   pusername := @username[0];
  8.   GotIt := WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SID, WTSUserName, pusername, len);
  9.   if GotIt then
  10.     NMsg := NMsg + LineEnding + StrPas(@username); // yes, username, not pusername
  11.   // ...
  12. end;

TyneBridges

  • Full Member
  • ***
  • Posts: 150
    • Personal blog
Re: Getting processes and owners
« Reply #10 on: August 25, 2020, 03:31:08 pm »
Thanks for the clarification, but I added the missing variables and substituted your line for the call to WTSQuerySessionInformation and the compiler still didn't like the call. It gave me the error "Can't assign values to a variable" at position 100. That seems to be @username[0] (where it names the parameter as ppBuffer: pointer).

Ah, right, forgot that this is a var parameter. Try to add the following:

Code: Pascal  [Select][+][-]
  1. var
  2.   // ...
  3.   pusername: Pointer;
  4.   // ...
  5. begin
  6.   // ...
  7.   pusername := @username[0];
  8.   GotIt := WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SID, WTSUserName, pusername, len);
  9.   if GotIt then
  10.     NMsg := NMsg + LineEnding + StrPas(@username); // yes, username, not pusername
  11.   // ...
  12. end;

It gets stranger. I amended my code as follows to help with debugging.
       
Code: Pascal  [Select][+][-]
  1.        NMsg:= Format('Session Change of type ''%s'' with session %s', [evtype, sessionid]);
  2.        pusername:= @username[0];
  3.        GotIt:= WTSQuerySessionInformation(WTS_CURRENT_SERVER_HANDLE, SID, WTSUserName, pusername, len);
  4.        if GotIt then
  5.           NMsg:= NMsg + '. User is ' + StrPas(@username) // yes, username, not pusername
  6.        else
  7.            NMsg:= NMsg +  '. Session information query failed!';
  8.        Writeln(DebugLog, NMsg);
  9.        CloseFile(DebugLog);
  10.  

This time it compiled and installed OK. I expected either the desired result or the failed prompt but instead just got the following:
Code: Text  [Select][+][-]
  1. Control event received 25/8/20 14:20:26:461
  2. Session Change of type 'Session Logon' with session 23. User is
  3.  

This suggests that the function call succeeded but returned no value for the user name...  :(
« Last Edit: August 25, 2020, 03:37:06 pm by TyneBridges »
John H, north east England
Lover of the old Delphi, still inexperienced with FPC/Lazarus and not an instinctive programmer

ASerge

  • Hero Member
  • *****
  • Posts: 2354
Re: Getting processes and owners
« Reply #11 on: August 25, 2020, 06:05:53 pm »
This suggests that the function call succeeded but returned no value for the user name...  :(
The WTSQuerySessionInformation function allocates memory for the user name itself. You only need to pass a pointer, and use it as a pointer! And of course, release the allocated memory at the end of use.
Code: Pascal  [Select][+][-]
  1. uses JwaWtsApi32;
  2.  
  3. procedure TForm1.Button1Click(Sender: TObject);
  4. var
  5.   UserName: Pointer;
  6.   Bytes: DWORD;
  7.   U: UnicodeString;
  8. begin
  9.   if WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, WTS_CURRENT_SESSION, WTSUserName, UserName, Bytes) then
  10.   try
  11.     SetString(U, PUnicodeChar(UserName), (Bytes div SizeOf(UnicodeChar)) - 1); // Exclude last #0
  12.     Caption := UTF8Encode(U);
  13.   finally
  14.     WTSFreeMemory(UserName);
  15.   end;
  16. end;

PascalDragon

  • Hero Member
  • *****
  • Posts: 5815
  • Compiler Developer
Re: Getting processes and owners
« Reply #12 on: August 25, 2020, 09:17:07 pm »
This suggests that the function call succeeded but returned no value for the user name...  :(
The WTSQuerySessionInformation function allocates memory for the user name itself. You only need to pass a pointer, and use it as a pointer! And of course, release the allocated memory at the end of use.

Indeed. I've noticed that as well after I played around with the API myself now.

@TyneBridges: for your purposes you need to pass the session ID instead of WTS_CURRENT_SESSION.

TyneBridges

  • Full Member
  • ***
  • Posts: 150
    • Personal blog
Re: Getting processes and owners
« Reply #13 on: August 26, 2020, 04:51:30 pm »
This suggests that the function call succeeded but returned no value for the user name...  :(
The WTSQuerySessionInformation function allocates memory for the user name itself. You only need to pass a pointer, and use it as a pointer! And of course, release the allocated memory at the end of use.

Indeed. I've noticed that as well after I played around with the API myself now.

@TyneBridges: for your purposes you need to pass the session ID instead of WTS_CURRENT_SESSION.
Thank you PascalDragon and ASerge! With your help I've finally got the user name to display. For the information of anyone else struggling with this, here's one last code snippet with the code that worked for me. As it's running in a service, I changed the display code to write to my log file.
       
Code: Pascal  [Select][+][-]
  1.        NMsg:= Format('Session Change of type ''%s'' with session %s', [evtype, sessionid]);
  2.        GotIt:= WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, SID, WTSUserName, UserName, Bytes);
  3.        if GotIt then
  4.        begin
  5.          try
  6.             SetString(U, PUnicodeChar(UserName), (Bytes div SizeOf(UnicodeChar)) - 1); // Exclude last #0
  7.             NMsg:= NMsg + '. User is ' + UTF8Encode(U);
  8.          finally
  9.             WTSFreeMemory(UserName)
  10.          end; // Try
  11.        end else
  12.            NMsg:= NMsg +  '. Session information query failed!';
  13.        Writeln(DebugLog, NMsg);          
John H, north east England
Lover of the old Delphi, still inexperienced with FPC/Lazarus and not an instinctive programmer

d2010

  • Jr. Member
  • **
  • Posts: 75
Re: [SOLVED] Getting processes and owners
« Reply #14 on: December 06, 2024, 09:32:56 pm »


Using the 'WbemScripting" , you depend too much  your-programe.xe with Windows10.
Okai you finished programe.exe+WbemScripting very good, but in fuuture, you can use
 program.exe in Windoas7, or WindowsPortable.

I think no, you solution need to  much code.
Otherwise you can try use proclist.dll from "far manager1.71" or far 3.0 manager
Code: [Select]
Module:                devcinfo.exe
Full path:             L:\vlaxcompil\bin\devcinfo.exe
File version:          1.3.0.7
Description:           YOU VIEW HERE, MANY INFORMATION/S FROM ONE PROCES WITH PROCLIST.DLL
PID:                   1584
Parent PID:            1188
Priority:              8
Threads:               1
Owner:                 yuri-PC121hdd25\iunie2024 (S-1-5-21-558996380-2697283786-2555640610-1003)
Session:               1

Started at:            22:35:14
Uptime:                00:00:12

GDI Objects:           199
USER Objects:          135

Processor Time:          00:00:00.002       0%
Privileged Time:         00:00:00.000       0%
User Time:               00:00:00.001       0%
Handle Count:                    73
Page File Bytes:          121774080
Page File Bytes Peak:     121864192
Working Set:               24711168
Working Set Peak:          24711168
Pool Nonpaged Bytes:           7980
Pool Paged Bytes:            347604
Private Bytes:            121774080
Page Faults:                   8765      0/sec
Virtual Bytes:            213630976
Virtual Bytes Peak:       213647360
IO Data Bytes:              1057527      0/sec
IO Read Bytes:              1050133      0/sec
IO Write Bytes:                7394      0/sec
IO Other Bytes:               10046      0/sec
IO Data Operations:              68      0/sec
IO Read Operations:              64      0/sec
IO Write Operations:              4      0/sec
IO Other Operations:           1739      0/sec

Window title:          DevCinfo.execlisp
HWND:                  000A0100
Window style:          16CF0000  WS_VISIBLE WS_CLIPSIBLINGS WS_CLIPCHILDREN WS_BORDER WS_DLGFRAME WS_SYSMENU WS_THICKFRAME WS_MINIMIZEBOX WS_MAXIMIZEBOX
Extended style:        00010100  WS_EX_CONTROLPARENT WS_EX_STATICEDGE WS_EX_APPWINDOW WS_EX_LAYERED WS_EX_LAYOUTRTL

Command Line:
devcinfo.exe 
Current Directory:     L:\vlaxcompil\bin\

Modules:
  Base      Size    Path, version, description
  04000000  5259000 L:\vlaxcompil\bin\devcinfo.exe 1.3.0.7          Main program
  77440000  13C000 D:\Windows\SYSTEM32\ntdll.dll 6.1.7600.16385 (win7_rtm.090713-1255) NT Layer DLL
  76530000   D4000 D:\Windows\system32\kernel32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT BASE API Client DLL
  75610000   4A000 D:\Windows\system32\KERNELBASE.dll 6.1.7600.16385 (win7_rtm.090713-1255) Windows NT BASE API Client DLL
  75E50000   C9000 D:\Windows\system32\user32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Multi-User Windows USER API Client DLL
  77260000   4E000 D:\Windows\system32\GDI32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) GDI Client DLL
  76380000    A000 D:\Windows\system32\LPK.dll 6.1.7600.16385 (win7_rtm.090713-1255) Language Pack
  775D0000   9D000 D:\Windows\system32\USP10.dll 1.0626.7601.17514 (win7sp1_rtm.101119-1850) Uniscribe Unicode script processor
  75FA0000   AC000 D:\Windows\system32\msvcrt.dll 7.0.7600.16385 (win7_rtm.090713-1255) Windows NT CRT DLL
  75B10000   A0000 D:\Windows\system32\advapi32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Advanced Windows 32 Base API
  75A90000   19000 D:\Windows\SYSTEM32\sechost.dll 6.1.7600.16385 (win7_rtm.090713-1255) Host for SCM/SDDL/LSA Lookup APIs
  77310000   A1000 D:\Windows\system32\RPCRT4.dll 6.1.7600.16385 (win7_rtm.090713-1255) Remote Procedure Call Runtime
  76210000   8F000 D:\Windows\system32\oleaut32.dll 6.1.7601.17514
  75CF0000  15C000 D:\Windows\system32\ole32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft OLE for Windows
  74480000  19E000 D:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll 6.10 (win7_rtm.090713-1255) User Experience Controls Library
  75AB0000   57000 D:\Windows\system32\SHLWAPI.dll 6.1.7600.16385 (win7_rtm.090713-1255) Shell Light-weight Utility Library
  74B20000   51000 D:\Windows\system32\winspool.drv 6.1.7600.16385 (win7_rtm.090713-1255) Windows Spooler Driver
  76610000  C4A000 D:\Windows\system32\shell32.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) Windows Shell Common Dll
  773C0000   7B000 D:\Windows\system32\comdlg32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Common Dialogs DLL
  010E0000   4D000 L:\vlaxcompil\bin\codstree.dll
  73A30000   32000 D:\Windows\system32\winmm.dll 6.1.7600.16385 (win7_rtm.090713-1255) MCI API DLL
  01130000   6B000 L:\vlaxcompil\bin\copsfill.dll
  011A0000   22000 L:\vlaxcompil\bin\cnotepad.dll
  01310000   87000 L:\vlaxcompil\bin\cygnusol.dll
  011D0000   3C000 L:\vlaxcompil\bin\conint64.dll
  013A0000  4C8000 L:\vlaxcompil\bin\cvars2sc.dll
  76110000   F5000 D:\Windows\system32\wininet.dll 8.00.7600.16385 (win7_rtm.090713-1255) Internet Extensions for Win32
  75BB0000  136000 D:\Windows\system32\urlmon.dll 8.00.7600.16385 (win7_rtm.090713-1255) OLE32 Extensions for Win32
  756E0000  11D000 D:\Windows\system32\CRYPT32.dll 6.1.7600.16385 (win7_rtm.090713-1255) Crypto API32
  75600000    C000 D:\Windows\system32\MSASN1.dll 6.1.7601.17514 (win7sp1_rtm.101119-1850) ASN.1 Runtime APIs
  75890000  1FB000 D:\Windows\system32\iertutil.dll 8.00.7601.17514 (win7sp1_rtm.101119-1850) Run time utility for Internet Explorer
  01870000   42000 L:\vlaxcompil\bin\clistene.dll 1, 0, 0, 1       
  018C0000   23000 L:\vlaxcompil\bin\flistsvc.dll
  018F0000  1B3000 L:\vlaxcompil\bin\cip03dcl.dll
  01AB0000   28000 L:\vlaxcompil\bin\cisavbak.dll
  01AE0000   5B000 L:\vlaxcompil\bin\codsound.dll
  01B40000   52000 L:\vlaxcompil\bin\CPXMLNU2.DLL
  01BA0000   55000 L:\vlaxcompil\bin\cimapitb.dll
  01C00000   A8000 L:\vlaxcompil\bin\coreslsp.dll
  01CB0000  2DE000 L:\vlaxcompil\bin\cpkunzip.dll
  01F90000    B000 L:\vlaxcompil\bin\coarrint.dll
  01FA0000   1E000 L:\vlaxcompil\bin\coimgvue.dll
  01FC0000   71000 L:\vlaxcompil\bin\colinlsp.dll
  74B80000    9000 D:\Windows\system32\version.dll 6.1.7600.16385 (win7_rtm.090713-1255) Version Checking and File Installation Libraries
  75F20000   1F000 D:\Windows\system32\IMM32.DLL 6.1.7601.17514 (win7sp1_rtm.101119-1850) Multi-User Windows IMM32 API Client DLL
  762B0000   CC000 D:\Windows\system32\MSCTF.dll 6.1.7600.16385 (win7_rtm.090713-1255) MSCTF Server DLL
  741E0000   40000 D:\Windows\system32\uxtheme.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft UxTheme Library
  754E0000    C000 D:\Windows\system32\CRYPTBASE.dll 6.1.7600.16385 (win7_rtm.090713-1255) Base cryptographic API DLL
  73EF0000   13000 D:\Windows\system32\dwmapi.dll 6.1.7600.16385 (win7_rtm.090713-1255) Microsoft Desktop Window Manager API
  74220000    6000 D:\Windows\system32\RICHED32.DLL 6.1.7601.17514 (win7sp1_rtm.101119-1850) Wrapper Dll for Richedit 1.0
  703A0000   76000 D:\Windows\system32\RICHED20.dll 5.31.23.1230     Rich Text Edit Control, v3.1

Handles:
Handle  Access   Type         Name
    4  00000003 Directory     \KnownDlls
    8  00100020 File          \Device\HarddiskVolume3\SWTOOLS\vlaxcompil\bin
    C  001F0003 Event         
   10  00100020 File          \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2
   14  001F0001               
   18  001F0001               
   1C  00020019 Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions
   20  00000001 Key           HKLM\SYSTEM\ControlSet001\Control\Session Manager
   24  00000804               
   28  00000009 Key           HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
   2C  00000009 Key           HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DllNXOptions
   30  001F0003 Event         
   34  000F037F WindowStation \Sessions\1\Windows\WindowStations\WinSta0
   38  000F01FF Desktop       \Default
   3C  000F037F WindowStation \Sessions\1\Windows\WindowStations\WinSta0
   40  000F003F Key           HKLM
   44  001F0001 Mutant       
   48  001F0003 Event         
   4C  00000804               
   50  001F0003 Event         
   54  001F0003 Event         
   58  001F0003 Event         
   5C  001F0003 Event         
   60  001F0003 Event         
   64  001F0003 Event         
   68  0000000F Directory     \Sessions\1\BaseNamedObjects
   6C  00000804               
   70  00000804               
   74  00000804               Rugaciunea Tatal Meu din Ceruri a Parintelui Arsenie Boca
   B0  001F0003 Event         
   B4  000F003F Key           HKCU
   B8  00100001 File          \Device\HarddiskVolume3\SWTOOLS\vlaxcompil\bin.w32
   BC  001F0001 Mutant        \Sessions\1\BaseNamedObjects\DBWinMutex
   C0  00100001 File          \Device\HarddiskVolume3\SWTOOLS\vlaxcompil\bin.w32
   C4  00100001 File          \Device\HarddiskVolume3\SWTOOLS\vlaxcompil
   C8  001F0003 Event         
   CC  001F0003 Event         
   D0  001F0003 Event         
   D4  00000804               
   D8  00000804               
   DC  001F0001               
   E0  00000004 Section       
   E4  001F0003 Event         
   E8  001F0003 Event         
   EC  00100001 File          \Device\KsecDD
   F0  00100001 File          \Device\HarddiskVolume3\SWTOOLS\vlaxcompil\0user
   F4  00100001 File          \Device\HarddiskVolume3\SWTOOLS\vlaxcompil\0user\temp
   F8  00000804               
   FC  00000804               
  100  00020019 Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Locale
  104  00020019 Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Locale\Alternate Sorts
  108  00020019 Key           HKLM\SYSTEM\ControlSet001\Control\Nls\Language Groups
  10C  00120089 File          \Device\HarddiskVolume1\Windows\Fonts\StaticCache.dat
  110  000F0005 Section       
  114  00100001 File          \Device\HarddiskVolume3\SWTOOLS\vlaxcompil
  118  00000006 Section       \Sessions\1\BaseNamedObjects\windows_shell_global_counters
  11C  001F0001               
  120  00100000 Mutant        \Sessions\1\BaseNamedObjects\MSCTF.Asm.MutexDefault1
  128  00120089 File          \Device\HarddiskVolume1\Windows\System32\en-US\msctf.dll.mui
     



« Last Edit: December 06, 2024, 09:40:05 pm by d2010 »

 

TinyPortal © 2005-2018