flat assembler
Message board for the users of flat assembler.
Index
> Windows > XP scheduler is broken Goto page Previous 1, 2, 3 |
Author |
|
sinsi 19 Jul 2010, 11:22
Process Explorer uses a driver, doesn't it? Or a service? All those zw and ke functions available...
|
|||
19 Jul 2010, 11:22 |
|
sinsi 19 Jul 2010, 11:42
There are 4 resources in the file (BINRES), all have the MZ header...
If you run it as admin in win7 it shows a lot more info. It also spawns procexp64.exe on my (win7 x64) machine. Quote: d:\winddk\1381\lib\i386\free\procexp100.sys Maybe because it is signed it can run without admin privileges? |
|||
19 Jul 2010, 11:42 |
|
f0dder 19 Jul 2010, 12:29
I wouldn't be surprised if you can get thread state with some undocumented ZwQuerySystemInformation class. As for the Process Explorer driver, it might only be necessary for some advanced functionality - and it might be installed the first time you launch ProcExp, but with permissions set so a non-elevated ProcExp can communicate with it?
|
|||
19 Jul 2010, 12:29 |
|
Goto page Previous 1, 2, 3 < Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.