Can I just substitute any .exe name for process here ?
The .wap file also is a project file. How do I assemble this code.

Thanks.


.data

process db "explorer.exe",0


GetProcessID PROTO :DWORD
KillProcess  PROTO :DWORD
.code

WinMain PROC hInst:DWORD,hPrev:DWORD,lpCmd:DWORD,nShow:DWORD

LOCAL p :DWORD

invoke GetProcessID,addr process
invoke KillProcess,eax
invoke ExitProcess,NULL

ret
WinMain ENDP

GetProcessID PROC lpszProcessName:DWORD

LOCAL th32ProcessID :DWORD
LOCAL hSnapshot :DWORD
LOCAL pe :PROCESSENTRY32


invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,th32ProcessID
mov hSnapshot,eax
invoke Process32First,hSnapshot,addr pe
@l1:
lea ebx,pe.szExeFile
invoke lstrcmp,ebx,lpszProcessName
cmp eax,0
je @l2
invoke Process32Next,hSnapshot,addr pe
.if eax == 0
invoke GetLastError
.if eax == ERROR_NO_MORE_FILES
jmp @l3
.else
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,th32ProcessID
mov hSnapshot,eax
invoke Process32First,hSnapshot,addr pe
jmp @l1
.endif
.endif

jmp @l1

@l2: ;//the process is found

mov eax,pe.th32ProcessID
ret

@l3: ;//not found
mov eax,FALSE

ret
GetProcessID ENDP


KillProcess PROC prID:DWORD

LOCAL hPr :DWORD

invoke OpenProcess,SYNCHRONIZE or PROCESS_TERMINATE,FALSE,prID
invoke TerminateProcess,eax,NULL
.if eax!=0
ret
.else
mov eax,FALSE
.endif
ret
KillProcess ENDP
Posted on 2006-01-19 07:34:42 by skywalker
I think i've already gave you the answer

http://www.masmforum.com/simple/index.php?topic=3566.0

You can terminate with it any process by it's name.
Posted on 2006-01-20 04:39:25 by shaka_zulu
that's very easy.because i have made this mistake before.

this sentence:
invoke TerminateProcess,eax,NULL

the second param shouldn't be NULL,it must be set the value 1:

like this:
invoke TerminateProcess,eax,1

if the second param is NULL,you may find the explorer.exe will be reloaded by system at once.




following is my code :)

.386
.Model Flat,StdCall
Option CaseMap :None

Include \Masm32\Include\Windows.inc
Include \Masm32\Include\User32.inc
Include \Masm32\Include\Kernel32.inc
Include \Masm32\Include\Advapi32.inc

IncludeLib \Masm32\Lib\User32.lib
IncludeLib \Masm32\Lib\Kernel32.lib
IncludeLib \Masm32\Lib\Advapi32.lib

CTEXT MACRO y:VARARG
LOCAL sym
CONST segment
ifidni <y>,<>
sym db 0
? ? else
sym db y,0
endif
CONST ends
exitm <offset sym>
ENDM

.Data
stProcess db "explorer.exe",0

.Data?
tkp TOKEN_PRIVILEGES<>
sdnv LUID <>
hToken dd ?

.Code
EnableDebugPriv Proc
invoke GetCurrentProcess
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr hToken
invoke LookupPrivilegeValue,0,CTEXT("SeDebugPrivilege"),addr sdnv
mov tkp.PrivilegeCount,1
m2m tkp.Privileges.Luid.LowPart,sdnv.LowPart
m2m tkp.Privileges.Luid.HighPart,sdnv.HighPart
mov tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges,hToken,FALSE,addr tkp,sizeof tkp,0,0
invoke CloseHandle,hToken
ret
EnableDebugPriv EndP

KillProcess Proc
Local @stProcess:PROCESSENTRY32
Local @hSnapShot

invoke RtlZeroMemory,addr @stProcess,sizeof @stProcess
mov @stProcess.dwSize,sizeof @stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov @hSnapShot,eax
invoke Process32First,@hSnapShot,addr @stProcess
.While eax
invoke lstrcmpi,addr @stProcess.szExeFile,addr stProcess
.if eax == 0
invoke OpenProcess,PROCESS_TERMINATE,FALSE,@stProcess.th32ProcessID
.if eax
mov ebx,eax
invoke TerminateProcess,ebx,1
invoke CloseHandle,ebx
.endif
.endif
invoke Process32Next,@hSnapShot,addr @stProcess
.EndW
invoke CloseHandle,@hSnapShot
ret
KillProcess EndP

Start:
invoke EnableDebugPriv
invoke KillProcess
invoke ExitProcess,0
End Start
Posted on 2006-02-13 01:24:47 by MengXP
Hello there!
My answer is yes, you can substitude any name in my app to terminate the process,

.data

  process db "explorer.exe",0

you can replace it whatever you want.
Posted on 2006-02-13 02:30:33 by shaka_zulu

that's very easy.because i have made this mistake before.

this sentence:
invoke TerminateProcess,eax,NULL

the second param shouldn't be NULL,it must be set the value -1:

like this:
invoke TerminateProcess,eax,-1

if the second param is NULL,you may find the explorer.exe will be reloaded by system at once.




following is my code :)

.386
.Model Flat,StdCall
Option CaseMap :None

Include \Masm32\Include\Windows.inc
Include \Masm32\Include\User32.inc
Include \Masm32\Include\Kernel32.inc
Include \Masm32\Include\Advapi32.inc

IncludeLib \Masm32\Lib\User32.lib
IncludeLib \Masm32\Lib\Kernel32.lib
IncludeLib \Masm32\Lib\Advapi32.lib

CTEXT MACRO y:VARARG
LOCAL sym
CONST segment
ifidni <y>,<>
sym db 0
    else
sym db y,0
endif
CONST ends
exitm <offset sym>
ENDM

.Data
stProcess db "explorer.exe",0

.Data?
tkp TOKEN_PRIVILEGES<>
sdnv LUID <>
hToken dd ?

.Code
EnableDebugPriv Proc
invoke GetCurrentProcess
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr hToken
invoke LookupPrivilegeValue,0,CTEXT("SeDebugPrivilege"),addr sdnv
mov tkp.PrivilegeCount,1
m2m tkp.Privileges.Luid.LowPart,sdnv.LowPart
m2m tkp.Privileges.Luid.HighPart,sdnv.HighPart




I am getting a syntax error on the m2m lines. Is there an include file missing ?

Thanks.
Posted on 2006-02-15 15:52:09 by skywalker

m2m MACRO M1, M2
  push M2
  pop  M1
ENDM


he might have just forgotten to add them, it's a very commonly used macro.

Regards,
Bryant Keller
Posted on 2006-02-15 16:15:06 by Synfire
thanks to Synfire.
8)
Posted on 2006-02-16 08:06:12 by MengXP