|
|
|
[讨论]OllyDbg1.10貌似存在严重Bug
看见海风就顶. 为了12.1 不过我怎么发现你的发贴数变成了12?? 那个EPE 12.1 的CrackMe也不见了?? |
|
[求助]读取事件很麻烦啊,下面这段是VC代码,我只关心其中取事件描述部分,谁能把那部分的原理给俺说说啊,实在是看不懂
ReadEventLog Function Reads a whole number of entries from the specified event log. The function can be used to read log entries in chronological or reverse chronological order. BOOL ReadEventLog( __in HANDLE hEventLog, __in DWORD dwReadFlags, __in DWORD dwRecordOffset, __out LPVOID lpBuffer, __in DWORD nNumberOfBytesToRead, __out DWORD* pnBytesRead, __out DWORD* pnMinNumberOfBytesNeeded ); Parameters hEventLog A handle to the event log to be read. This handle is returned by the OpenEventLog function. dwReadFlags The options for how the read operation is to proceed. This parameter must include one of the following values. Value Meaning EVENTLOG_SEEK_READ 0x0002 The read operation proceeds from the record specified by the dwRecordOffset parameter. This flag cannot be used with EVENTLOG_SEQUENTIAL_READ. EVENTLOG_SEQUENTIAL_READ 0x0001 The read operation proceeds sequentially from the last call to the ReadEventLog function using this handle. This flag cannot be used with EVENTLOG_SEEK_READ. If the buffer is large enough, more than one record can be read at the specified seek position; you must specify one of the following flags to indicate the direction for successive read operations. Value Meaning EVENTLOG_FORWARDS_READ 0x0004 The log is read in chronological order. This flag cannot be used with EVENTLOG_BACKWARDS_READ. EVENTLOG_BACKWARDS_READ 0x0008 The log is read in reverse chronological order. This flag cannot be used with EVENTLOG_FORWARDS_READ. dwRecordOffset The number of the log-entry record at which the read operation should start. This parameter is ignored unless dwReadFlags includes the EVENTLOG_SEEK_READ flag. lpBuffer A pointer to a buffer for the data read from the event log. This parameter cannot be NULL, even if the nNumberOfBytesToRead parameter is zero. The buffer will be filled with an EVENTLOGRECORD structure. As of Windows Server 2003 and Windows XP SP2, the maximum size of this buffer is 0x7ffff bytes. nNumberOfBytesToRead The size of the buffer, in bytes. This function will read as many whole log entries as will fit in the buffer; the function will not return partial entries, even if there is room in the buffer. pnBytesRead A pointer to a variable that receives the number of bytes read by the function. pnMinNumberOfBytesNeeded A pointer to a variable that receives the number of bytes required for the next log entry. This count is valid only if ReadEventLog returns zero and GetLastError returns ERROR_INSUFFICIENT_BUFFER. Return Value If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. Remarks When this function returns successfully, the read position in the event log is adjusted by the number of records read. Only a whole number of event log records will be returned. Note The configured file name for this source may also be the configured file name for other sources (several sources can exist as subkeys under a single log). Therefore, this function may return events that were logged by more than one source. Example Code For an example, see Querying for Event Information. Requirements Client Requires Windows Vista, Windows XP, Windows 2000 Professional, or Windows NT Workstation. Server Requires Windows Server 2008, Windows Server 2003, Windows 2000 Server, or Windows NT Server. Header Declared in Winbase.h; include Windows.h. Library Use Advapi32.lib. DLL Requires Advapi32.dll. Unicode Implemented as ReadEventLogW (Unicode) and ReadEventLogA (ANSI). See Also Event Logging Functions ClearEventLog CloseEventLog EVENTLOGRECORD OpenEventLog ReportEvent Send comments about this topic to Microsoft 偶觉得搞文本操作 还是尽量用高级一点的语言吧比如 C# Java, VB 甚至Delphi都勉强. 用C. 的确有伤大脑. |
|
|
|
[求助]如何通过文件句柄得到文件路径?
GetFileInformationByHandleEx Function Retrieves file information for the specified file. BOOL WINAPI GetFileInformationByHandleEx( __in HANDLE hFile, __in FILE_INFO_BY_HANDLE_CLASS FileInformationClass, __out LPVOID lpFileInformation, __in DWORD dwBufferSize ); Parameters hFile A handle to the file. This handle should not be a pipe handle. The GetFileInformationByHandleEx function does not work with pipe handles. FileInformationClass The type of information to be returned to the calling application. For a list of values, see FILE_INFO_BY_HANDLE_CLASS. lpFileInformation A pointer to the buffer that receives the requested file information. The structure that is returned corresponds to the class that is specified by FileInformationClass. FileInformationClass FileInformation structure returned FileBasicInfo FILE_BASIC_INFO FileStandardInfo FILE_STANDARD_INFO FileNameInfo FILE_NAME_INFO FileStreamInfo FILE_STREAM_INFO FileCompressionInfo FILE_COMPRESSION_INFO FileAttributeTagInfo FILE_ATTRIBUTE_TAG_INFO FileIdBothDirectoryInfo FILE_ID_BOTH_DIR_INFO FileIdBothDirectoryRestartInfo FILE_ID_BOTH_DIR_INFO dwBufferSize The size of the lpFileInformation buffer, in bytes. Return Value If the function succeeds, the return value is nonzero. If the function fails, the return value is zero. To get extended error information, call GetLastError. Remarks If FileInformationClass is FileStreamInfo and the calls succeed but no streams are returned, the error that is returned by GetLastError is ERROR_HANDLE_EOF. Certain file information classes behave slightly differently on different operating system releases. These classes are supported by the underlying drivers, and any information they return is subject to change between operating system releases. This function is declared in Fileextd.h and implemented in Fileextd.lib; both are available for download at MSDN on the Win32 FileID API Library page. Transacted Operations If there is a transaction bound to the thread at the time of the call, then the function returns the compressed file size of the isolated file view. Requirements 这个函数貌似可以返回。。 只是我感觉你的SDK 里面没有的可能性极大。 |
|
[求助]判断当前用户是否具有管理员权限,可是该函数怎么总是返回FALSE呢(DELPHI)
IsUserAnAdmin Function -------------------------------------------------------------------------------- Tests whether the current user is a member of the Administrator's group. Syntax BOOL IsUserAnAdmin(VOID); Return Value Returns TRUE if the user is a member of the Administrator's group; otherwise, FALSE. Remarks This function is a wrapper for CheckTokenMembership. It is recommended to call that function directly to determine Administrator group status rather than calling IsUserAnAdmin. Note This function is available through Windows Vista. It might be altered or unavailable in subsequent versions of Microsoft Windows. Function Information Minimum DLL Version shell32.dll version 5.0 or later Custom Implementation No Header shlobj.h Import library shell32.lib Minimum operating systems Windows 2000 See Also CheckTokenMembership F5 。 |
操作理由
RANk
{{ user_info.golds == '' ? 0 : user_info.golds }}
雪币
{{ experience }}
课程经验
{{ score }}
学习收益
{{study_duration_fmt}}
学习时长
基本信息
荣誉称号:
{{ honorary_title }}
能力排名:
No.{{ rank_num }}
等 级:
LV{{ rank_lv-100 }}
活跃值:
在线值:
浏览人数:{{ visits }}
最近活跃:{{ last_active_time }}
注册时间:{{ user_info.create_date_jsonfmt }}
勋章
兑换勋章
证书
证书查询 >
能力值