tmext01.txt

window编程,非常的好

 TMext01.dll and TMext01x.dll are extensions for task managers.
 They allow user to apply selected hooks to selected (existing)
process.

 TMext01.dll can be applied via both -n and -o options.
Examples:  apihooks -nq TMext01.dll taskmgr
	   apihooks -oq TMext01.dll procdump.exe
 After application of TMext01.dll to task manager choose process
where you want to apply hooks from task manager's process list and
click on it with the secondary mouse button. Popup menu appears
which has standard "End Process" or "Kill task" item modified to
"Apply Hooks | End Process". Now when you select this item an
message box appears asking you for end process confirmation. If you
choose Yes, the process is terminated, if you choose No, the open-
file common dialog appears. There you can pick module with hooks.
Then if all went OK message box should appear informing hooks were
applied.

 TMext01x.dll can be applied via -n option only.
Examples:  apihooks -nq TMext01.dll taskmgr
	   apihooks -nq TMext01.dll c:\procdump.exe
 After application of TMext01x.dll to task manager choose process
where you want to apply hooks from task manager's process list and
click on it with the secondary mouse button. Popup menu appears
which has new "Apply Hooks" item on the edge.
 Now when you select this item open-file common dialog appears.
There you can pick module with hooks. Then if all went OK message
box should appear informing hooks were applied.

 When using TMext01(x) with ProcDump in Windows 95/98, you have to
wait several seconds after hooks application.

 Using in Windows 2000:
 As I wrote for -n hooking is better W2K version while for -o
option is better (because it returns always) WNT-2K version (required
for protected processes). So how to combine both ways? You have taskmgr
in \WINNT\SYSTEM32 directory, move procdump and apihooks.dll (WNT-2K)
version there. apihooks.exe can be any. In directory where you have
tmext01(x).dll, tm.bat and pd.bat copy apihooks.dll (W2K or ALL version)
and apihooks.exe (choose version). Now in current directory (with .bat
files but without taskgr or procdump) run tm.bat or pd.bat and all is as
it should be: taskmgr or procdump are hooked using W2K/ALL version and
tmext01(x).dll uses WNT-2K version.

 If you have privilege to debug programs you can apply hooks to
everything except Idle, System and smss.exe (kernel32.dll not present).
 The side effect is task managers can manipulate with these protected
processes: You can kill them; taskmgr can change their priority (all
processes except Idle); procdump can display modules in all processes
except Idle and System (and could dump them if it supported Windows
2000 better). The same effect can be observed on any process viewer:
apply TMext01(x).dll to Process Viewer (pview.exe) and you'll be able
to see modules in protected processes.
 Tip: For the fastest reboot/shut down (without saving) kill winlogon.

 And don't forget: Don't use W2K version for -o hooking protected
processes! In 90% it never returns!