附件
我也来分析看雪的seh实例程序。当然第一步是ollydbg载入啦
入口
00401000 > $ 8D4424 F8 lea eax, dword ptr [esp-8] ;;把esp-8后的地址传给 eax,lea的 ;;用法,别把[]当成取值啦,这里这样用是提前把esp指向
;;_EXCEPTION_REGISTRATION结构地址,当然下面就是在堆栈中去构造那个结构,参考图1,2
00401004 . 64:8705 00000>xchg dword ptr fs:[0], eax ;;交换指令,eax存放旧的fs[0], 现在fs:[0]被替换,为我们提前准备的地址
0040100B . BB 2E104000 mov ebx, 0040102E ;;开始构造,放我们的异常处理函数
00401010 . 53 push ebx ;;push一下, [esp-4] : handler
00401011 . 50 push eax ;;push两下, [esp-8] : pre
00401012 . BE 00000000 mov esi, 0 ;;构造异常,esi放入0地址
00401017 . 8B06 mov eax, dword ptr [esi] ;;取0地址的值,当然出错啦,相当于在 ;;c语言里这样用: int a = *0;
;;正常情况不会到这里了,直接到我们定义的异常处理函数地址
00401019 . 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
0040101B . 68 00304000 push 00403000 ; |Title = "OK"
00401020 . 68 10304000 push 00403010 ; |Text = "SEH Fail"
00401025 . 6A 00 push 0 ; |hOwner = NULL
00401027 . E8 1C000000 call ; \MessageBoxA
0040102C . EB 13 jmp short 00401041
0040102E . 6A 00 push 0 ; /Style = MB_OK|MB_APPLMODAL
00401030 . 68 00304000 push 00403000 ; |Title = "OK"
00401035 . 68 03304000 push 00403003 ; |Text = "SEH Succeed "
0040103A . 6A 00 push 0 ; |hOwner = NULL
0040103C . E8 07000000 call ; \MessageBoxA
00401041 > 6A 00 push 0 ; /ExitCode = 0
00401043 . E8 06000000 call ; \ExitProcess
00401048 $- FF25 08204000 jmp dword ptr [<&USER32.MessageBoxA>>; USER32.MessageBoxA
0040104E .- FF25 00204000 jmp dword ptr [<&KERNEL32.ExitProces>; kernel32.ExitProcess
很明显是masm的,注释在代码中
图1, 先指向esp-8
图 2 push两下放好数据
OK,异常产生了,单步过这一句,od提示访问[00000000]异常,在跟壳的时候貌似经常出现这些访问异常
00401017 . 8B06 mov eax, dword ptr [esi]
shift+f7
到了ntdll区域,看od提示
7C92EAEC > 8B4C24 04 mov ecx, dword ptr [esp+4]
7C92EAF0 8B1C24 mov ebx, dword ptr [esp] ;;停在这里,可见F7的作用,当然就是step了一下
7C92EAF3 51 push ecx
7C92EAF4 53 push ebx
7C92EAF5 E8 C78C0200 call 7C9577C1
7C92EAFA 0AC0 or al, al
7C92EAFC 74 0C je short 7C92EB0A
7C92EAFE 5B pop ebx
这个时候看堆栈,换堆栈了,这个堆栈地址应该是内核堆栈,
OD ALT+M可以看到主线程的堆栈是
0012D000 - 00130000
看看有些什么东西,下面就很枯燥了,一堆结构指针以及数据,不过用来做坏事相当有用哦(@_@)
0012FCCC 0012FCD4 ;; 指向EXCEPTION_RECORD,不就在下面吗
0012FCD0 0012FCF0 ;; 指向EXCEPTION_CONTEXT,EXCEPTION_RECORD结构之后
0012FCD4 C0000005 ;; 异常代码,windows.inc 定义的STATUS_开头的类型, 这里就是读取内存 ;; 异常,还有很多,暂时不管,你脱壳时迟早会遇到,到时有兴趣再查一样
0012FCD8 00000000 ;; 异常标识,0--可修复, 1-不可修复, 2-正在展开,不要试图修复什 ;; 么,需要的话,释放必要的资源
0012FCDC 00000000 ;; 指向另一个EXCEPTION_RECORD结构
0012FCE0 00401017 Seh.00401017 ;; 异常发生的地址,被抓住了吧
0012FCE4 00000002 ;; ExceptionInformation所含有的dword数目
0012FCE8 00000000 ;; ExceptionInformation 1
0012FCEC 00000000 ;; ExceptionInformation 2
0012FCF0 0001003F ;; EXCEPTION_CONTEXT结构, ContextFlags
0012FCF4 00000000 ;; iDr0
0012FCF8 00000000 ;; iDr1
0012FCFC 00000000 ;; iDr2
0012FD00 00000000 ;; iDr3
0012FD04 00000000 ;; iDr6
0012FD08 00000000 ;; iDr7
0012FD0C FFFF027F ;; FloatSave 1C - 88h, 这里就是 0012FD0C - 0012FD78
;;不重要,略去
0012FD7C 00000000 ;; Gs
0012FD80 0000003B ;; Fs
0012FD84 00000023 ;; Es
0012FD88 00000023 ;; Ds
0012FD8C 7C930738 ntdll.7C930738 ;; Edi
0012FD90 00000000 ;; Esi
0012FD94 0040102E Seh.0040102E ;; Ebx
0012FD98 7C92EB94 ntdll.KiFastSystemCallRet ;; Edx
0012FD9C 0012FFB0 ;; Ecx
0012FDA0 0012FFE0 ;; Eax
0012FDA4 0012FFF0 ;; Ebp
0012FDA8 00401017 Seh.00401017 ;; Eip,指向的是发生异常的地址
0012FDAC 0000001B ;; Cs
0012FDB0 00010383 ;; Flag
0012FDB4 0012FFBC ;; Esp
0012FDB8 00000023 ;; Ss
0012FDBC 0000027F
0012FDC0 00000000
结构分析完了, 现在继续走, 就是处理这些数据了
7C92EAF3 51 push ecx ;;0012FCF0, 看上面的堆栈,EXCEPTION_CONTEXT结构地址
7C92EAF4 53 push ebx ;;0012FCD4, EXCEPTION_RECORD结构指针
7C92EAF5 E8 C78C0200 call 7C9577C1 ;;如果f8过,会出现SEH succeed 提示窗口,即执行了程序 ;;自己的异常代码,F7跟进追踪
7C92EAFA 0AC0 or al, al
7C92EAFC 74 0C je short 7C92EB0A
7C92EAFE 5B pop ebx
7C92EAFF 59 pop ecx
;; 到这里
7C9577C1 8BFF mov edi, edi ; ntdll.7C930738
7C9577C3 55 push ebp
7C9577C4 8BEC mov ebp, esp
7C9577C6 83EC 64 sub esp, 64
7C9577C9 56 push esi
7C9577CA FF75 0C push dword ptr [ebp+C] ;;ebp+4返回地址,+8参数1地址。+C参数2地址
7C9577CD 8B75 08 mov esi, dword ptr [ebp+8]
7C9577D0 56 push esi
7C9577D1 C645 FF 00 mov byte ptr [ebp-1], 0
7C9577D5 E8 C2FFFFFF call 7C95779C ;; 跟进, 没干什么, 检测 7C99C320 地址是否指向 7C99C320??
7C9577DA 84C0 test al, al
7C9577DC 0F85 84720100 jnz 7C96EA66
7C9577E2 53 push ebx ;; 0012FCD4, EXCEPTION_RECORD结构指针
7C9577E3 8D45 F4 lea eax, dword ptr [ebp-C] ;; 局部变量3 ,ebp = 0012FCBC ,存放线程堆栈地址上限
7C9577E6 50 push eax
7C9577E7 8D45 F8 lea eax, dword ptr [ebp-8] ;; local2, 存放下限
7C9577EA 50 push eax
7C9577EB E8 1CC1FCFF call 7C92390C ;; 取线程堆栈地址范围, 小技巧, dd跟随ebp地址, dd跟随fs指向的地址, 寄存器窗口上有
7C9577F0 E8 38C1FCFF call 7C92392D ;; mov eax, dword ptr fs:[0]
7C9577F5 8365 08 00 and dword ptr [ebp+8], 0 ;; 参数1清零
7C9577F9 8BD8 mov ebx, eax ;; 后面是一系列检测地址是否合法,可以略看,大概是检测堆栈地址,SEH异常处理函数地址
7C9577FB 83FB FF cmp ebx, -1
7C9577FE 0F84 8F000000 je 7C957893
7C957804 57 push edi
7C957805 3B5D F8 cmp ebx, dword ptr [ebp-8]
7C957808 ^ 0F82 1D32FFFF jb 7C94AA2B
7C95780E 8D43 08 lea eax, dword ptr [ebx+8]
7C957811 3B45 F4 cmp eax, dword ptr [ebp-C]
7C957814 ^ 0F87 1132FFFF ja 7C94AA2B
7C95781A F6C3 03 test bl, 3
7C95781D ^ 0F85 0832FFFF jnz 7C94AA2B
7C957823 8B43 04 mov eax, dword ptr [ebx+4]
7C957826 3B45 F8 cmp eax, dword ptr [ebp-8]
7C957829 72 09 jb short 7C957834
7C95782B 3B45 F4 cmp eax, dword ptr [ebp-C]
7C95782E ^ 0F82 F731FFFF jb 7C94AA2B
7C957834 50 push eax ;; 异常处理函数地址
7C957835 E8 67000000 call 7C9578A1 ;; 可以看见利用fs一系列指针,fs:[18]即为fs指向的地址
;; fs:[30],貌似指向PEB,PEB:[C]又是什么,继续偏移+18,找到ImageBase,再取入口地址,来检测异常处理函数地址^_^!!,真不嫌麻烦
下一个call继续跟进,得到NTHEADER地址
7C9579D1 E8 738EFDFF call RtlImageNtHeader
;;后面不太清楚在干啥,反正是系统API就直接F8,是call xxxxxxxx这种就F7进, 否则跑飞了又要重来了,还是很痛苦滴
7C95783A 84C0 test al, al
7C95783C ^ 0F84 E931FFFF je 7C94AA2B
当到了这里时
7C923799 55 push ebp
7C92379A 8BEC mov ebp, esp
7C92379C FF75 0C push dword ptr [ebp+C]
7C92379F 52 push edx
7C9237A0 64:FF35 0000000>push dword ptr fs:[0]
7C9237A7 64:8925 0000000>mov dword ptr fs:[0], esp ; 替换fs:[0]了,指向我们定义的地址
7C9237AE FF75 14 push dword ptr [ebp+14] ; 参数4 _lpDispatchrContext ?,大概放了线程堆栈范围
7C9237B1 FF75 10 push dword ptr [ebp+10] ; 参数3 _lpDContext,指向Context结构
7C9237B4 FF75 0C push dword ptr [ebp+C] ; 参数2 _lpSEH ,指向ERR结构
7C9237B7 FF75 08 push dword ptr [ebp+8] ; 参数1 _lpExceptionRecord ,指向ExceptionRecord结构
7C9237BA 8B4D 18 mov ecx, dword ptr [ebp+18] ;; 取我们定义的地址,到这里可以看下堆栈
7C9237BD FFD1 call ecx ;; 直接去执行了
7C9237BF 64:8B25 0000000>mov esp, dword ptr fs:[0]
7C9237C6 64:8F05 0000000>pop dword ptr fs:[0]
7C9237CD 8BE5 mov esp, ebp
7C9237CF 5D pop ebp
7C9237D0 C2 1400 retn 14
相关数据结构
;//================================以下是两个成员的详细结构
EXCEPTION_RECORD STRUCT
ExceptionCode DWORD ? ;//异常码
ExceptionFlags DWORD ? ;//异常标志
pExceptionRecord DWORD ? ;//指向另外一个EXCEPTION_RECORD的指针
ExceptionAddress DWORD ? ;//异常发生的地址
NumberParameters DWORD ? ;//下面ExceptionInformation所含有的dword数目
ExceptionInformation DWORD EXCEPTION_MAXIMUM_PARAMETERS dup(?)
EXCEPTION_RECORD ENDS ;//EXCEPTION_MAXIMUM_PARAMETERS ==15
;//================================具体解释========================================
ExceptionCode 异常类型,SDK里面有很多类型,你可以在windows.inc里查找STATUS_来找到更多
的异常类型,下面只给出hex值,具体标识定义请查阅windows.inc,你最可能遇到的几种类型如下:
C0000005h----读写内存冲突
C0000094h----非法除0
C00000FDh----堆栈溢出或者说越界
80000001h----由Virtual Alloc建立起来的属性页冲突
C0000025h----不可持续异常,程序无法恢复执行,异常处理例程不应处理这个异常
C0000026h----在异常处理过程中系统使用的代码,如果系统从某个例程莫名奇妙的返回,则出现此代码,
如果RtlUnwind时没有Exception Record参数也同样会填入这个代码
80000003h----调试时因代码中int3中断
80000004h----处于被单步调试状态
注:也可以自己定义异常代码,遵循如下规则:
_____________________________________________________________________+
位: 31~30 29~28 27~16 15~0
_____________________________________________________________________+
含义: 严重程度 29位 功能代码 异常代码
0==成功 0==Mcrosoft MICROSOFT定义 用户定义
1==通知 1==客户
2==警告 28位
3==错误 被保留必须为0
ExceptionFlags 异常标志
0----可修复异常
1----不可修复异常
2----正在展开,不要试图修复什么,需要的话,释放必要的资源
pExceptionRecord 如果程序本身导致异常,指向那个异常结构
ExceptionAddress 发生异常的eip地址
ExceptionInformation 附加消息,在调用RaiseException可指定或者在异常号为C0000005h即内存异常时含义如下
第一个dword 0==读冲突 1==写冲突
第二个dword 读写冲突地址
;//================================解释结束========================================
off.
CONTEXT STRUCT ; _
ContextFlags DWORD ? ; | +0
iDr0 DWORD ? ; | +4
iDr1 DWORD ? ; | +8
iDr2 DWORD ? ; >调试寄存器 +C
iDr3 DWORD ? ; | +10
iDr6 DWORD ? ; | +14
iDr7 DWORD ? ; _| +18
FloatSave FLOATING_SAVE_AREA <> ;浮点寄存器区 +1C~~~88h
regGs DWORD ? ;--| +8C
regFs DWORD ? ; |\段寄存器 +90
regEs DWORD ? ; |/ +94
regDs DWORD ? ;--| +98
regEdi DWORD ? ;____________ +9C
regEsi DWORD ? ; | 通用 +A0
regEbx DWORD ? ; | 寄 +A4
regEdx DWORD ? ; | 存 +A8
regEcx DWORD ? ; | 器 +AC
regEax DWORD ? ;_______|___组_ +B0
regEbp DWORD ? ;++++++++++++++++ +B4
regEip DWORD ? ; |控制 +B8
regCs DWORD ? ; |寄存 +BC
regFlag DWORD ? ; |器组 +C0
regEsp DWORD ? ; | +C4
regSs DWORD ? ;++++++++++++++++ +C8
ExtendedRegisters db MAXIMUM_SUPPORTED_EXTENSION dup(?)
CONTEXT ENDS
;//================================以上是两个成员的详细结构
2008年4月20日
SEH原理追踪
2008年4月19日
SEH学习
据我所知,SEH在很多加壳程序里经常出现。
貌似就是try{} catch{} finally{}的本质体现
很多介绍SEH的教程前面都有这么一句
push 00401037 ; SE handler installation
push dword ptr fs:[0]
mov dword ptr fs:[0], esp
什么意思呢?
fs指向一个TIB结构 (THREAD INFORMATION BLOCK)
第一个元素fs:[0]指向一个_EXCEPTION_REGISTRATION结构
fs:[0]->
_EXCEPTION_REGISTRATION struc
prev dd ? ;前一个_EXCEPTION_REGISTRATION结构
handler dd ? ;异常处理例程入口
_EXCEPTION_REGISTRATION ends
这里
push 00401037 ; SE handler installation
push dword ptr fs:[0]
mov dword ptr fs:[0], esp
第一步放我们的异常处理函数地址
第二步放fs:[0]指向的异常处理函数地址
第三步用esp地址覆盖fs:[0]地址
结果就是这样,
图中栈顶数据为旧的fs:[0]地址,现在新的fs:[0]还是指向他,
改变的是第二个结构,即
handler dd ? ;异常处理例程入口
这样做,当发生异常就可以跳到我们自己定义的异常处理函数去了。
可以用od数据窗口跟踪最初的结构,比如dd fs:[0]
可以看出是这样的链式结构
2008年4月18日
tortoise SVN
今天在公司checkout了一个项目,死活都有错,用eclipse 的svn插件看不出log(也许我没看到)
使用乌龟svn看了看,果然被老大级的次长提交过,版本升级了.
好,直接checkout以前的版本,工作继续~~~~~
webwork开发-eclipse配置
总结了一下webwork开发的环境配置,转载请注明出处,以慰苦劳.
凡人凡居
在开发项目时,不管什么项目都需要一个好的开发环境,eclipse就是很好的了,当然很多牛人可能会有更多更好的办法,不过既然是主流,学好他也是我等小民的福气.
学习webwork时, 第一反应就是能不能集成到eclipse来,tomcate也继承进来,这样能调试就轻松了.也容易上手了. 恩,说干就干吧.
安装jdk1.5(现在好像有1.6了) 添加windows环境变量(我的电脑->属性->高级->环境变量)
添加JAVA_HOME: jdk路径
添加PATH值: 添加jdk/bin值
安装Tomcat5.5(好像有6.0了)
安装到需要填user/password画面时, password填入"fanren",其他默认
安装过程中查找系统中已安装的JRE,检查JRE安装路径是否正确
安装后启动Tomcat, http://localhost:8080查看经典画面
安装eclipse
http://www.eclipse.org/downloads/
我下载的for javaee的windows版本
解压即可,绿色产品.
启动eclipse
指定workspace
添加Ant View(Window->Show View->Ant)
eclipse环境设置Tomcat Server
Window > ShowView > Other > Server 选择Server>Servers
选择画面下方的Servers Tab, 单击鼠标右键, new->Server
选择Tomcat 5.5 server
指定tomcate安装目录, 其他默认, ok, server tab出现Tomcat server了
右键启动
浏览http://localhost:8080, 有反应就成功了, 我这里出错提示,因为没项目嘛
新建NewLife项目 new> project> web> Dynamic Web Project
其他默认就可以了,finish
在src目录下添加子目录
conf (存放配置文件)
java (存放java源文件)
在web\WEB-INF新建子目录
classes (存放class文件和配置文件)
选择"NewLife"项目, 右键选择Properties
选择"Java Build Path", 单击Source tab, 单击Add Folder,展开NewLife>src文件夹
勾上src下的conf,java, 点击OK, 出现递归警告, remove掉src目录就好了
在"Default output folder:", 点击Browse, 选择WEB-INF\classes(新建的classes目录),
点击OK, classes目录会自动隐藏. 注意这里要选择 "java"视图, 默认是"java ee"视图, 右上角点击小窗口图标进行选择.
项目与Tomcat Server相连
选择下方的Servers Tab,右键选择 "Add and Remove Projects"
点击NewLife , 点击add>, 项目出现先右侧, OK
导入webwork lib库
参考http://wiki.javascud.org/display/ww2cndoc/Getting+Started
选择web/WEB-INF/lib,右键选择import>Gerneral>FileSystem,
选择"webwork-2.2.5\lib\default",确定->全选->Finish,
在"Web App Libraries"下可以看见导入的jar包
按照同样方法导入webwork-2.2.5.jar, lib/spring下的所有jar包,为什么使用spring,wiki上有说明
编写配置文件, copy吧
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>NewLife</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>webwork</filter-name>
<filter-class>
com.opensymphony.webwork.dispatcher.FilterDispatcher
</filter-class>
</filter>
<filter-mapping>
<filter-name>webwork</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- As of 2.2, Spring is the preferred IoC container rather than XWork,
so you'll have to include the spring jars if you want to use
Spring's IoC capabilities in WebWork. (Thanks Hani for commenting)
If you want to use deprecated integrated IoC container instead, you may
want to omit the following listener configuration.
-->
<!-- The following taglib directive would be needed if your servlet container would comply
to Servlet Spec <= 2.2
<taglib>
<taglib-uri>/webwork</taglib-uri>
<taglib-location>/WEB-INF/lib/webwork.jar</taglib-location>
</taglib>
-->
</web-app>
xwork.xml
<!DOCTYPE xwork PUBLIC "-//OpenSymphony Group//XWork 1.1.1//EN"
"http://www.opensymphony.com/xwork/xwork-1.1.1.dtd">
<xwork>
<!-- Include webwork defaults (from WebWork JAR). -->
<include file="webwork-default.xml" />
<!-- Configuration for the default package. -->
<package name="default" extends="webwork-default">
<default-interceptor-ref name="completeStack"/>
<action name="helloWorld" class="fanren.HelloWorld">
<result name="success">WEB-INF/jsp/hello.jsp</result>
</action>
</package>
</xwork>
Web/WEB-INF/jsp/hello.jsp
<%@ taglib prefix="ww" uri="/webwork" %>
<html>
<head>
<title>Hello Page</title>
</head>
<body>
The message generated by my first action is:
<ww:property value="message"/>
</body>
</html>
重启tomcat, 访问http://localhost:8080/NewLife/helloWorld.action
出现
The message generated by my first action is: Hello, WebWorld! The time is: 2008-4-18
调试也可以了, 以debug模式启动tomcat, 记得先下好断点.
2008年4月17日
a duplicate insert block exists for class CDialog
重新学习mfc啦, 又遇到了以前遇到的问题, 以前有老师在, 就没加下方法, 现在有google在, 不过千万别看中文的解决方法.
原因就是mfc假死了, 一直在那儿build,又build不出来个究竟, 怒了, 直接灭掉. 于是资源出现问题了,刚建的对话框没了,于是删啊删啊, 把该删的都删了,重新创建对话框还是有错误(见标题), 于是google之,
解决方法: 删除不要的dialog.cpp, dialog.h, .clw文件, 重新打开vc, ctrl+w进入类视图, 直接点ok重建,就好了
危害:不想重头来过的话,解决它吧!
2008年4月10日
测试代码高亮
如果速度你可以忍受的话,可以试试!
别人写出来了,我就不改着名再写了
int main()
{
printf("hello, beauty!\n");
return 0;
}
比较
int main()
{
printf("hello, beauty!\n");
return 0;
}
本博客的模板代码
黑白永远是最提神的搭配.
round4的, 可以对比着改改,我刚弄, 没有改多少, 可以让你从不会到稍微会一点,
不需要多少知识,真的. 有一点注释(其实都没必要)
直接贴过去也可以, 注意贴过去就成我的标题了哦@_@
如下<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html expr:dir='data:blog.languageDirection' xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'>
<head>
<b:include data='blog' name='all-head-content'/>
<title><data:blog.pageTitle/></title>
<b:skin><![CDATA[/*
-----------------------------------------------
Blogger Template Style
Name: Rounders 4
Designer: Douglas Bowman
Modifier: 凡人
URL: www.stopdesign.com
Date: 27 Feb 2004
Updated by: Blogger Team
----------------------------------------------- */
/* Variable definitions
====================
<Variable name="mainBgColor" description="Main Background Color"
type="color" default="#466" value="#000000">
<Variable name="mainTextColor" description="Text Color" type="color"
default="#ced" value="#cceedd">
<Variable name="postTitleColor" description="Post Title Color" type="color"
default="#fff" value="#ffffff">
<Variable name="dateHeaderColor" description="Date Header Color"
type="color" default="#cf4" value="#ccff44">
<Variable name="borderColor" description="Post Border Color" type="color"
default="#bbb" value="#bbbbbb">
<Variable name="mainLinkColor" description="Link Color" type="color"
default="#fff" value="#ffffff">
<Variable name="mainVisitedLinkColor" description="Visited Link Color"
type="color" default="#fff" value="#ffffff">
<Variable name="titleTextColor" description="Blog Title Color"
type="color" default="#fff" value="#ffffff">
<Variable name="topSidebarHeaderColor"
description="Top Sidebar Title Color"
type="color" default="#fff" value="#ffffff">
<Variable name="topSidebarBgColor"
description="Top Sidebar Background Color"
type="color" default="#9b5" value="#000000">
<Variable name="topSidebarTextColor" description="Top Sidebar Text Color"
type="color" default="#fff" value="#ffffff">
<Variable name="topSidebarLinkColor" description="Top Sidebar Link Color"
type="color" default="#fff" value="#ffffff">
<Variable name="topSidebarVisitedLinkColor"
description="Top Sidebar Visited Link Color"
type="color" default="#eee" value="#eeeeee">
<Variable name="bottomSidebarBgColor"
description="Bottom Sidebar Background Color"
type="color" default="#fff" value="#ffffff">
<Variable name="bottomSidebarTextColor"
description="Bottom Sidebar Text Color"
type="color" default="#666" value="#666666">
<Variable name="bottomSidebarLinkColor"
description="Bottom Sidebar Link Color"
type="color" default="#475" value="#ffffff">
<Variable name="bottomSidebarVisitedLinkColor"
description="Bottom Sidebar Visited Link Color"
type="color" default="#798" value="#779988">
<Variable name="bodyFont" description="Text Font" type="font"
default="normal normal 100% 'Trebuchet MS',Verdana,Arial,Sans-serif" value="normal normal 100% 'Trebuchet MS',Verdana,Arial,Sans-serif">
<Variable name="pageTitleFont" description="Blog Title Font" type="font"
default="normal bold 300% 黑体" value="normal bold 300% 黑体">
<Variable name="descriptionFont" description="Description Font" type="font"
default="normal normal 100% 'Trebuchet MS',Verdana,Arial,Sans-serif" value="normal normal 100% 'Trebuchet MS',Verdana,Arial,Sans-serif">
<Variable name="headerFont" description="Sidebar Title Font" type="font"
default="normal bold 100% 'Trebuchet MS',Verdana,Arial,Sans-serif" value="normal bold 100% 'Trebuchet MS',Verdana,Arial,Sans-serif">
<Variable name="postTitleFont" description="Post Title Font" type="font"
default="normal bold 135% 'Trebuchet MS',Verdana,Arial,Sans-serif" value="normal bold 200% 黑体">
<Variable name="startSide" description="Start side in blog language"
type="automatic" default="left" value="left">
<Variable name="endSide" description="End side in blog language"
type="automatic" default="right" value="right">
*/
body {
background:#bca;
margin:0;
text-align:center;
line-height: 1.5em;
font: x-small Trebuchet MS, Verdana, Arial, Sans-serif;
color:$mainTextColor;
font-size/* */:/**/small;
font-size: /**/small;
}
/* 贴源代码用的 */
code {
display: block; /* fixes a strange ie margin bug */
font-family: Courier New;
font-size: 10pt;
overflow:auto;
background: #000000 left top repeat-y;
border: 1px solid #ccc;
padding: 10px 10px 10px 21px;
max-height:200px;
line-height: 1.2em;
}
/* Page Structure
----------------------------------------------- */
/* The images which help create rounded corners depend on the
following widths and measurements. If you want to change
these measurements, the images will also need to change.
*/
#outer-wrapper {
width:80%; /* 这些比例就是能缩小放大你的博客格局, 很多我手动调的 */
margin:0 auto;
text-align:$startSide;
font: $bodyFont;
}
#main-wrap1 {
width:70%;
float:$startSide;
background:$mainBgColor $startSide bottom; /* 记得把那些边框圆角图片去掉, 要不就露馅了*/
margin:15px 0 0;
padding:0 0 10px;
color:$mainTextColor;
font-size:97%;
line-height:1.5em;
word-wrap: break-word; /* fix for long text breaking sidebar float in IE */
overflow: hidden; /* fix for long non-text content breaking IE sidebar float */
}
#main-wrap2 {
float:$startSide;
width:100%;
padding:10px 0 0;
}
#main {
padding:0;
width:100%; /* 必须100% */
}
#sidebar-wrap {
background: #000 $startSide top;
width:26%;
float:$endSide;
margin:15px 0 0;
font-size:97%;
line-height:1.5em;
word-wrap: break-word; /* fix for long text breaking sidebar float in IE */
overflow: hidden; /* fix for long non-text content breaking IE sidebar float */
}
.main .widget {
margin-top: 0;
margin-$endSide: 13px;
margin-bottom: 4px;
margin-$startSide: 13px;
}
.main .Blog {
margin: 0;
}
/* Links
----------------------------------------------- */
a:link {
color: $mainLinkColor;
}
a:visited {
color: $mainVisitedLinkColor;
}
a:hover {
color: $mainVisitedLinkColor;
}
a img {
border-width:0;
}
/* Blog Header
----------------------------------------------- */
#header-wrapper {
background: #000 $startSide top;
margin-top:22px;
margin-$endSide:0;
margin-bottom:0;
margin-$startSide:0;
padding-top:8px;
padding-$endSide:0;
padding-bottom:0;
padding-$startSide:0;
color:$titleTextColor;
}
#header {
text-align:center;
letter-spacing:20px;
background: no-repeat $startSide bottom;
padding:0 15px 8px;
}
#header h1 {
margin:0;
padding:10px 30px 5px;
line-height:1.2em;
font: $pageTitleFont;
}
#header a,
#header a:visited {
text-decoration:none;
color: $titleTextColor;
}
#header .description {
margin:0;
padding:5px 30px 10px;
line-height:1.5em;
font: $descriptionFont;
}
/* Posts
----------------------------------------------- */
h2.date-header {
margin-top:0;
margin-$endSide:28px;
margin-bottom:0;
margin-$startSide:43px;
font-size:85%;
line-height:2em;
text-transform:uppercase;
letter-spacing:.2em;
color:$dateHeaderColor;
}
.post {
margin:.3em 0 25px;
padding:0 13px;
border:1px dotted $borderColor;
border-width:1px 0;
}
.post h3 {
margin:0;
line-height:1.5em;
background:url("http://www.blogblog.com/rounders4/icon_arrow.gif") no-repeat 10px .5em;
display:block;
border:1px dotted $borderColor;
border-width:0 1px 1px;
padding-top:2px;
padding-$endSide:14px;
padding-bottom:2px;
padding-$startSide:29px;
color: $postTitleColor;
font: $postTitleFont;
}
.post h3 a, .post h3 a:visited {
text-decoration:none;
color: $postTitleColor;
}
.post h3 a:hover {
background-color: $borderColor;
color: $postTitleColor;
}
.post-body {
border:1px dotted $borderColor;
border-width:0 1px 1px;
border-bottom-color:$mainBgColor;
padding-top:10px;
padding-$endSide:14px;
padding-bottom:1px;
padding-$startSide:29px;
line-height: 25px;
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 14px;
}
html>body .post-body {
border-bottom-width:0;
}
.post p {
margin:0 0 .75em;
}
.post-footer {
background: #000;
margin:0;
padding-top:2px;
padding-$endSide:14px;
padding-bottom:2px;
padding-$startSide:29px;
border:1px dotted $borderColor;
border-width:1px;
font-size:100%;
line-height:1.5em;
color: #acb;
}
.post-footer p {
margin: 0;
}
html>body .post-footer {
border-bottom-color:transparent;
}
.uncustomized-post-template .post-footer {
text-align: $endSide;
}
.uncustomized-post-template .post-author,
.uncustomized-post-template .post-timestamp {
display: block;
float: $startSide;
text-align:$startSide;
margin-$endSide: 4px;
}
.post-footer a {
color: #fff;
}
.post-footer a:hover {
color: #eee;
}
a.comment-link {
/* IE5.0/Win doesn't apply padding to inline elements,
so we hide these two declarations from it */
background/* */:/**/url("http://www.blogblog.com/rounders4/icon_comment_$startSide.gif") no-repeat $startSide 45%;
padding-$startSide:14px;
}
html>body a.comment-link {
/* Respecified, for IE5/Mac's benefit */
background:url("http://www.blogblog.com/rounders4/icon_comment_$startSide.gif") no-repeat $startSide 45%;
padding-$startSide:14px;
}
.post img {
margin-top:0;
margin-$endSide:0;
margin-bottom:5px;
margin-$startSide:0;
padding:4px;
border:1px solid $borderColor;
}
blockquote {
margin:.75em 0;
border:1px dotted $borderColor;
border-width:1px 0;
padding:5px 15px;
color: $dateHeaderColor;
}
.post blockquote p {
margin:.5em 0;
}
#blog-pager-newer-link {
float: $startSide;
margin-$startSide: 13px;
}
#blog-pager-older-link {
float: $endSide;
margin-$endSide: 13px;
}
#blog-pager {
text-align: center;
}
.feed-links {
clear: both;
line-height: 2.5em;
margin-$startSide: 13px;
}
/* Comments
----------------------------------------------- */
#comments {
margin:-25px 13px 0;
border:1px dotted $borderColor;
border-width:0 1px 1px;
padding-top:20px;
padding-$endSide:0;
padding-bottom:15px;
padding-$startSide:0;
}
#comments h4 {
margin:0 0 10px;
padding-top:0;
padding-$endSide:14px;
padding-bottom:2px;
padding-$startSide:29px;
border-bottom:1px dotted $borderColor;
font-size:120%;
line-height:1.4em;
color:$postTitleColor;
}
#comments-block {
margin-top:0;
margin-$endSide:15px;
margin-bottom:0;
margin-$startSide:9px;
}
.comment-author {
background:url("http://www.blogblog.com/rounders4/icon_comment_$startSide.gif") no-repeat 2px .3em;
margin:.5em 0;
padding-top:0;
padding-$endSide:0;
padding-bottom:0;
padding-$startSide:20px;
font-weight:bold;
}
.comment-body {
margin:0 0 1.25em;
padding-top:0;
padding-$endSide:0;
padding-bottom:0;
padding-$startSide:20px;
}
.comment-body p {
margin:0 0 .5em;
}
.comment-footer {
margin:0 0 .5em;
padding-top:0;
padding-$endSide:0;
padding-bottom:.75em;
padding-$startSide:20px;
}
.comment-footer a:link {
color: #ced;
}
.deleted-comment {
font-style:italic;
color:gray;
}
/* Profile
----------------------------------------------- */
.profile-img {
float: $startSide;
margin-top: 5px;
margin-$endSide: 5px;
margin-bottom: 5px;
margin-$startSide: 0;
border: 4px solid $topSidebarTextColor;
}
.profile-datablock {
margin-top: 0;
margin-$endSide: 15px;
margin-bottom: .5em;
margin-$startSide: 0;
padding-top: 8px;
}
.profile-link {
background:url("http://www.blogblog.com/rounders4/icon_profile_$startSide.gif") no-repeat $startSide .1em;
padding-$startSide:15px;
font-weight:bold;
}
.profile-textblock {
clear: both;
margin: 0;
}
.sidebar .clear, .main .widget .clear {
clear: both;
}
#sidebartop-wrap {
background:$topSidebarBgColor no-repeat $startSide bottom;
margin:0px 0px 15px;
padding:0px 0px 10px;
color:$topSidebarTextColor;
}
#sidebartop-wrap2 {
background: $topSidebarBgColor no-repeat $startSide top;
padding: 10px 0 0;
margin:0;
border-width:0;
}
#sidebartop h2 {
line-height:1.5em;
color:$topSidebarHeaderColor;
border-bottom: 1px dotted $topSidebarHeaderColor;
font: $headerFont;
margin-bottom: 0.5em;
}
#sidebartop a {
color: $topSidebarLinkColor;
}
#sidebartop a:hover {
color: $topSidebarVisitedLinkColor;
}
#sidebartop a:visited {
color: $topSidebarVisitedLinkColor;
}
/* Sidebar Boxes
----------------------------------------------- */
.sidebar .widget {
margin:.5em 13px 1.25em;
padding:0 0px;
}
.widget-content {
margin-top: 0.5em;
}
#sidebarbottom-wrap1 {
margin:0 0 15px;
padding:10px 0 0;
color: $bottomSidebarTextColor;
}
#sidebarbottom-wrap2 {
background: no-repeat $startSide bottom;
padding:0 0 8px;
}
#sidebar {
color: $bottomSidebarTextColor;
}
#sidebar h2 {
color: $bottomSidebarTextColor;
border-bottom: 1px dotted $bottomSidebarTextColor;
margin-bottom: 0.5em;
}
#sidebar a {
color: $bottomSidebarLinkColor;
}
#sidebar a:hover,
#sidebar a:visited {
color: $bottomSidebarVisitedLinkColor;
}
.sidebar h2 {
margin:0;
padding:0 0 .2em;
line-height:1.5em;
font:$headerFont;
}
.sidebar ul {
list-style:none;
margin:0 0 1.25em;
padding:0;
}
.sidebar ul li {
background:url("http://www.blogblog.com/rounders4/icon_arrow_sm.gif") no-repeat 2px .25em;
margin:0;
padding-top:0;
padding-$endSide:0;
padding-bottom:3px;
padding-$startSide:16px;
margin-bottom:3px;
border-bottom:1px dotted $borderColor;
line-height:1.4em;
}
.sidebar p {
margin:0 0 .6em;
}
/* Footer
----------------------------------------------- */
#footer-wrap1 {
clear:both;
margin:0 0 10px;
padding:15px 0 0;
}
#footer-wrap2 {
background:#447766 $startSide top;
color:$titleTextColor;
}
#footer {
background: $startSide bottom;
padding:8px 15px;
}
#footer hr {display:none;}
#footer p {margin:0;}
#footer a {color:$titleTextColor;}
#footer .widget-content {
margin:0;
}
/** Page structure tweaks for layout editor wireframe */
body#layout #main-wrap1,
body#layout #sidebar-wrap,
body#layout #header-wrapper {
margin-top: 0;
}
body#layout #header, body#layout #header-wrapper,
body#layout #outer-wrapper {
margin-$startSide:0,
margin-$endSide: 0;
padding: 0;
}
body#layout #outer-wrapper {
width:%65;
}
body#layout #footer-wrap1 {
padding-top: 0;
}
]]></b:skin>
</head>
<body>
<div id='outer-wrapper'>
<div id='header-wrapper'>
<b:section class='header' id='header' maxwidgets='1'>
<b:widget id='Header1' locked='true' title='凡人凡居 (标题)' type='Header'/>
</b:section>
</div>
<div id='crosscol-wrapper' style='text-align:center'>
<b:section class='crosscol' id='crosscol' showaddelement='no'/>
</div>
<div id='main-wrap1'><div id='main-wrap2'>
<b:section class='main' id='main' showaddelement='no'>
<b:widget id='Blog1' locked='true' title='博客文章' type='Blog'/>
</b:section>
</div></div>
<div id='sidebar-wrap'>
<div id='sidebartop-wrap'><div id='sidebartop-wrap2'>
<b:section class='sidebar' id='sidebartop'>
<b:widget id='Profile1' locked='false' title='Host' type='Profile'/>
</b:section>
</div></div>
<div id='sidebarbottom-wrap1'><div id='sidebarbottom-wrap2'>
<b:section class='sidebar' id='sidebar' preferred='yes'>
<b:widget id='LinkList2' locked='false' title='Favorite area' type='LinkList'/>
<b:widget id='BlogArchive1' locked='false' title='博客归档' type='BlogArchive'/>
<b:widget id='LinkList1' locked='false' title='Links' type='LinkList'/>
</b:section>
</div></div>
</div>
<div id='footer-wrap1'><div id='footer-wrap2'>
<b:section class='footer' id='footer'/>
</div></div>
</div>
</body>
</html>
2008年4月9日
2008年4月7日
扩展发表文章(Expandable post summaries with Beta)
I came up with two better versions later. Use one of them instead of this older version.
1. One with which you can selectively make some of the old posts expandable i.e. only summaries will show up for them and clicking a "read more..." link will take you to the post page.
2. One that expands posts in the main page itself - Peekaboo style.]
Jornada left a comment in my blog that he found a blog which explained how to show expandable post summaries with Beta. Good thing about showing only post summary in the main page is that your readers can quickly find all that you have written about. Also, your blog gets an 'online journal'-like neat look. A "Read more" link is provided which takes them to the post page to read the entire post. Please note that you, as the author, have the flexibility to choose the portion of your post that appears as summary.
This hack is only an adaptation of Blogger's original instructions for expandable post summaries to Beta template. You can find Jornada's post about this here. I thought I will re-post the instructions with minor modifications for my readers.<div class="post-header-line-1">
<div class="post-body">
<span style="font-weight: bold; color: rgb(255, 0, 0);">
<b:if cond="data:blog.pageType == "item"">
<style>.fullpost{display:inline;}</style>
</b:if><p><data:post.body></data:post.body></p>
<b:else>
<style>.fullpost{display:none;}</style>
</b:else><p><data:post.body></data:post.body></p>
<a style="color: rgb(255, 0, 0);" href="data:post.url">Read More......</a>
</span>
<div style="clear: both;"> <!-- clear for photos floats -->
</div>
Step 2. Goto Settings->Formatting and at the bottom, you will find the text box provided to specify the "Post template". Copy/paste these lines into that text box and save the settings.
Type your summary here
<span class="fullpost">
Type rest of the post here
</span>
If you create a new post now, it shows you clearly where to type the summary and where to add the rest of the post. Follow the format and only summary will show up in your main page. Please note that you also need to divide your old posts like this (atleast the ones showing up in main page) into summary and full portions by editing them.
2008年4月4日
特定进程cpu占用率
Introduction
The information in this article applies to Windows NT, Win2K/XP. There is no specific Win32 API that retrieves the CPU usage. An undocumented API, NtQuerySystemInformation in ntdll.dll, would help us retrieve the CPU usage. However, CPU usage can be retrieved by using performance counters. Since PDH.dll (Performance Data Helper) is not distributed with the Visual Studio, and not everyone has this file, I decided to do it without the help of PDH.dll.
The CPU usage counter is of type PERF_100NSEC_TIMER_INV which has the following calculation:
100*(1-(X1-X0)/(Y1-Y0))
X - CounterData
Y - 100NsTime
Time base - 100Ns
where the denominator (Y) represents the total elapsed time of the sample interval and the numerator (X) represents the time during the interval when the monitored components were inactive.
My CCpuUsage class has a method called GetCpuUsage which runs through the performance objects and counters and retrieves the CPU usage. Since the CPU usage can be determined by two samplings, the first call to GetCpuUsage() returns 0, and all calls thereafter returns the CPU usage.
Comment
On Windows NT, CPU usage counter is '% Total processor time' whose index is 240 under 'System' object whose index is 2. However, in Win2K/XP, Microsoft moved that counter to '% processor time' whose index is 6 under '_Total' instance of 'Processor' object whose index is 238. Read 'INFO: Percent Total Performance Counter Changes on Windows 2000' (Q259390) in MSDN.
There is no difference between WinNT and Win2K/XP in the performance counters for getting CPU usage for a specific process. The counter '% processor time' whose index is 6 under the object 'Process' whose index is 230.
The Sample
#include "CpuUsage.h"
int main(int argc, char* argv[])
{
int processID=0;
CCpuUsage usageA;
CCpuUsage usageB;
CCpuUsage usageC;
printf("SystemWide Cpu Usage "
"Explorer cpu usage "
"Cpu Usage for processID 0\n");
printf("==================== "
"================== "
"========================\n");
while (true)
{
// Display the system-wide cpu usage and the "Explorer" cpu usage
int SystemWideCpuUsage = usageA.GetCpuUsage();
int ProcessCpuUsageByName = usageB.GetCpuUsage("explorer");
int ProcessCpuUsageByID = usageC.GetCpuUsage(processID);
printf("%19d%%%22d%%%31d%%\r",SystemWideCpuUsage,
ProcessCpuUsageByName, ProcessCpuUsageByID);
Sleep(1000);
}
return 0;
}
src
demo
