"NANIKA(Temporary)"
Documents - memory object -

Outline
"SAKURA" createsa specific memory object at the time the program is ran. All other processes get or analyze information from a memory object, can detect information which cannot usually be detected, and can get this information at a low cost.
Note: The memory object can only be used from the local machine. It can not be used via the network.
Specification - MUTEX
"SAKURA" creates a MUTEX object named "sakura" Therefore, by checking for the existant of this mutex object, you can verify the existence of "SAKURA" at a very low cost.
Example:
  • C
    hmutex=OpenMutex(MUTEX_ALL_ACCESS,FALSE,"sakura");
if (hmutex==0) {
  // NO EXIST
} else {
  // EXIST
  CloseHandle(hmutex);
}
  • Pascal
    hmutex:=openmutex(mutex_all_access,false,'sakura');
if (hmutex=0) then begin
  // NO EXIST
end else begin
  // EXIST
  closehandle(hmutex);
end;
Specification - File Mapping Objects
"SAKURA" keeps filemapping for the object named "Sakura". Therefore, by checking this memory you can get the "SAKURA" process list, the ghost name of each process, and the window handle on the local machine.
  • memory map
    0-3 long value. The total size is specified.
    4- data main body
  • Data Main Body Format
    The main body is a continuation of the entry by following the one entry.
          entry[1]value[13][10]
      Example: 53137ee8825085dba1707e3bea9e474b.hwnd[1]1024[13][10]
  • Meaning of the Data
    Added the unique value of each process(In this case a MD5 value - 53137ee8825085dba1707e3bea9e474b), the entry name describe following scope Operator ".". The entry name and value is separate by one character of code 1. One line is terminated by a carriage return(CR:0x0d) + line feed(LF:0x0a).
    valid entry is following:
    • [ID].hwnd - window handle for process (main window)
    • [ID].name - Active ghost name for process
    The above hwnd example is one of the so-called 'main body' window handles. It is guaranteed to have all functions such as the Direct SSTP Server.
  • Data Size
    For the time being the data size is 1024 * 64 bytes. The data size also has a top long value. Therefore, the real size is (1024 * 64) - 4 bytes.
return to specifications page
This page is based on phase 59.30 (2001/05/18)
This page was translated by:Yoshiyuki.Sakakibara
Checking by:Brad Johnson