Hi All,

is there a way to get the process identifier(PID) and Handle from the process name? e.g. D14 from firefox.exe

I've used GetWindowThreadProcessID and OpenProcess to enable writeprocessmemory...However, it doesn't work cuz it tells me an error after the OpenProcess which returns handle==0.. Which means it can't writeprocessmemory due to lack of a process handle.

the command for my OpenProcess is like this:

          Invoke OpenProcess, PROCESS_ALL_ACCESS,NULL, eax
          MOV pHandle, EAX
            .if pHandle==0
            invoke MessageBox,0,add errormsg,addr errorcap,MB_OK
            .endif
          Invoke WriteProcessMemory, pHandle, Address, Value, Bytes, NULL

And it keeps returning me the error message when i uses writeprocessmemory...
Pls advise..

Posted on 2005-10-23 03:35:43 by DominicTFY
maybe this helps you...

usage:
...
invoke FindProcessByName,chr$("firefox.exe"),PROCESS_HANDLE
Invoke WriteProcessMemory,eax, Address, Value, Bytes, NULL
...


.486                      ; force 32 bit code
.model flat, stdcall      ; memory model & calling convention
option casemap :none      ; case sensitive

include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\kernel32.inc
include \masm32\include\shell32.inc
include \masm32\include\advapi32.inc
include \masm32\include\gdi32.inc
include \masm32\include\comctl32.inc
include \masm32\include\comdlg32.inc
include \masm32\include\masm32.inc
include \masm32\include\ole32.inc
include \masm32\macros\macros.asm

includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\comctl32.lib
includelib \masm32\lib\comdlg32.lib
includelib \masm32\lib\ole32.lib
includelib \masm32\lib\masm32.lib

FindProcessByName PROTO :DWORD,:DWORD

.const
PROCESS_HANDLE equ 0
PROCESS_ID equ 1

.code
align 4
FindProcessByName proc uses ebx ecx edx esi edi _exename:dword,_returntype:dword
LOCAL Process :PROCESSENTRY32

lea esi,Process
assume esi:ptr PROCESSENTRY32
mov .dwSize, sizeof PROCESSENTRY32
        invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
        mov edi,eax
        invoke Process32First,edi,esi
        .while eax!=FALSE
        lea eax,.szExeFile
        invoke lstrcmpi,eax,_exename
        .if eax==0
        ;---found process---
        mov eax,.th32ProcessID
        jmp @return
        .endif
        invoke  Process32Next,edi,esi
        .endw
        @return:
        assume esi:nothing
        push eax
        invoke CloseHandle,edi
        pop eax
        .if _returntype==PROCESS_HANDLE
        invoke OpenProcess,PROCESS_ALL_ACCESS,0,eax ;return hProcess
        .endif
ret
FindProcessByName endp

end


hope you dont want do bad things with the firefox.exe ;)
Posted on 2005-10-23 05:53:26 by diablo2oo2
thx, diablo2oo2...

It Worked! Nice 1..
Posted on 2005-10-23 06:29:29 by DominicTFY
What are you patching FireFox for?
Posted on 2005-10-23 09:29:55 by f0dder
Hi f0dder,

i m not patching firefox..i'm just making an example. Trust me that i'm not doing anything illegal.  ;)

DominicTFY
Posted on 2005-10-25 19:48:52 by DominicTFY