[ros-kernel] New PS program.

James Tabor jimtabor at adsl-64-217-116-74.dsl.hstntx.swbell.net
Sun Jul 25 02:36:00 CEST 2004 

Hi,
Here is a new ps.exe and source. I've tested it with Xp and 2k. It works fine.
It uses EnumThreadWindows so you will have to go in the source (win32k) and
remove the WS_CHILD check from win32k/ntuser/window.c NtUserBuildHwndList.


//      if(dwCount < nBufSize && pWnd && (Window->Style & WS_CHILD))
       if(dwCount < nBufSize && pWnd)
       {
         Status = MmCopyToCaller(pWnd++, &Window->Self, sizeof(HWND));
         if(!NT_SUCCESS(Status))
         {
           SetLastNtError(Status);
           break;
         }
       }

//      if(!(Window->Style & WS_CHILD))
//      {
         dwCount++;
//      }

WS_CHILD! no way that could be right! With the ps program running on Xp. I see
most of the windows with the bit cleared. More like just about all of them.

Look at the Xp dump:

P     PID     PPID     KTime      UTime   NAME
t              TID     KTime      UTime   State      WaitResson
w             Hwnd  WndStile              WndName
P       0        0   4:54:41    0:00:00   ProcName:
t                0   4:54:41    0:00:00   Running    Executive
w            10088  84800003
w            100b6  84800000
w            1008c  86000000              Start Menu
w          463007a  84800003
w            70046  84800001
w            1008a  84800003
w            7004e  84800003
w            7004a  840000c3
w            70040  96000000
w            100a0  84800002
w            100ac  84800002
w            10096  84800002
w            10026  04cf0000              NetDDE Agent
w          2cc00f6  14ef0000              Command Prompt - a:\ps
w         357e0126  14cf0000              EnumWnd Test
w            20128  84000000              78
w            200ee  84000000              _IS_Low_Light
w            100e0  84000000              OfotoUSBSHiddenWindow
w            300de  04c00000
w            100dc  04cf0000              SM1BG
w            100d8  04cf0000              QTPlayer Tray Icon
w            100d4  04cf0000              MS_WebcheckMonitor
w            100ce  04cf0000              LVComSWnd
w            200bc  0cc00000              HPGS2WND_WINDOW
w            200ba  04cf0000              Connections Tray
w            2005c  84c808c4              Power Meter
w            1007e  04c00000
w            70032  04c00000
w            90042  c4000000
w            c0048  84000000
w            700f8  84000000              SysFader
w            10098  84800000
w            10090  96000000              Program Manager
P       4        0   0:01:33    0:00:00   ProcName: System


Good example is this one:
w            200bc  0cc00000              HPGS2WND_WINDOW
Bit 0x40000000 is not set.
 From winuser.h -> #define WS_CHILD        0x40000000.

But this one is set:
w            90042  c4000000

Have fun,
James

ps. don't compile the program with -D__USE_W32API.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ps.zip
Type: application/x-zip-compressed
Size: 89805 bytes
Desc: not available
Url : http://reactos.com:8080/pipermail/ros-kernel/attachments/20040725/718c9929/ps-0001.bin

More information about the Ros-kernel mailing list