Can I just substitute any .exe name for process here ?
The .wap file also is a project file. How do I assemble this code.
Thanks.
.data
process db "explorer.exe",0
GetProcessID PROTO :DWORD
KillProcess PROTO :DWORD
.code
WinMain PROC hInst:DWORD,hPrev:DWORD,lpCmd:DWORD,nShow:DWORD
LOCAL p :DWORD
invoke GetProcessID,addr process
invoke KillProcess,eax
invoke ExitProcess,NULL
ret
WinMain ENDP
GetProcessID PROC lpszProcessName:DWORD
LOCAL th32ProcessID :DWORD
LOCAL hSnapshot :DWORD
LOCAL pe :PROCESSENTRY32
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,th32ProcessID
mov hSnapshot,eax
invoke Process32First,hSnapshot,addr pe
@l1:
lea ebx,pe.szExeFile
invoke lstrcmp,ebx,lpszProcessName
cmp eax,0
je @l2
invoke Process32Next,hSnapshot,addr pe
.if eax == 0
invoke GetLastError
.if eax == ERROR_NO_MORE_FILES
jmp @l3
.else
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,th32ProcessID
mov hSnapshot,eax
invoke Process32First,hSnapshot,addr pe
jmp @l1
.endif
.endif
jmp @l1
@l2: ;//the process is found
mov eax,pe.th32ProcessID
ret
@l3: ;//not found
mov eax,FALSE
ret
GetProcessID ENDP
KillProcess PROC prID:DWORD
LOCAL hPr :DWORD
invoke OpenProcess,SYNCHRONIZE or PROCESS_TERMINATE,FALSE,prID
invoke TerminateProcess,eax,NULL
.if eax!=0
ret
.else
mov eax,FALSE
.endif
ret
KillProcess ENDP
The .wap file also is a project file. How do I assemble this code.
Thanks.
.data
process db "explorer.exe",0
GetProcessID PROTO :DWORD
KillProcess PROTO :DWORD
.code
WinMain PROC hInst:DWORD,hPrev:DWORD,lpCmd:DWORD,nShow:DWORD
LOCAL p :DWORD
invoke GetProcessID,addr process
invoke KillProcess,eax
invoke ExitProcess,NULL
ret
WinMain ENDP
GetProcessID PROC lpszProcessName:DWORD
LOCAL th32ProcessID :DWORD
LOCAL hSnapshot :DWORD
LOCAL pe :PROCESSENTRY32
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,th32ProcessID
mov hSnapshot,eax
invoke Process32First,hSnapshot,addr pe
@l1:
lea ebx,pe.szExeFile
invoke lstrcmp,ebx,lpszProcessName
cmp eax,0
je @l2
invoke Process32Next,hSnapshot,addr pe
.if eax == 0
invoke GetLastError
.if eax == ERROR_NO_MORE_FILES
jmp @l3
.else
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,th32ProcessID
mov hSnapshot,eax
invoke Process32First,hSnapshot,addr pe
jmp @l1
.endif
.endif
jmp @l1
@l2: ;//the process is found
mov eax,pe.th32ProcessID
ret
@l3: ;//not found
mov eax,FALSE
ret
GetProcessID ENDP
KillProcess PROC prID:DWORD
LOCAL hPr :DWORD
invoke OpenProcess,SYNCHRONIZE or PROCESS_TERMINATE,FALSE,prID
invoke TerminateProcess,eax,NULL
.if eax!=0
ret
.else
mov eax,FALSE
.endif
ret
KillProcess ENDP
I think i've already gave you the answer
http://www.masmforum.com/simple/index.php?topic=3566.0
You can terminate with it any process by it's name.
http://www.masmforum.com/simple/index.php?topic=3566.0
You can terminate with it any process by it's name.
that's very easy.because i have made this mistake before.
this sentence:
invoke TerminateProcess,eax,NULL
the second param shouldn't be NULL,it must be set the value 1:
like this:
invoke TerminateProcess,eax,1
if the second param is NULL,you may find the explorer.exe will be reloaded by system at once.
following is my code :)
.386
.Model Flat,StdCall
Option CaseMap :None
Include \Masm32\Include\Windows.inc
Include \Masm32\Include\User32.inc
Include \Masm32\Include\Kernel32.inc
Include \Masm32\Include\Advapi32.inc
IncludeLib \Masm32\Lib\User32.lib
IncludeLib \Masm32\Lib\Kernel32.lib
IncludeLib \Masm32\Lib\Advapi32.lib
CTEXT MACRO y:VARARG
LOCAL sym
CONST segment
ifidni <y>,<>
sym db 0
? ? else
sym db y,0
endif
CONST ends
exitm <offset sym>
ENDM
.Data
stProcess db "explorer.exe",0
.Data?
tkp TOKEN_PRIVILEGES<>
sdnv LUID <>
hToken dd ?
.Code
EnableDebugPriv Proc
invoke GetCurrentProcess
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr hToken
invoke LookupPrivilegeValue,0,CTEXT("SeDebugPrivilege"),addr sdnv
mov tkp.PrivilegeCount,1
m2m tkp.Privileges.Luid.LowPart,sdnv.LowPart
m2m tkp.Privileges.Luid.HighPart,sdnv.HighPart
mov tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges,hToken,FALSE,addr tkp,sizeof tkp,0,0
invoke CloseHandle,hToken
ret
EnableDebugPriv EndP
KillProcess Proc
Local @stProcess:PROCESSENTRY32
Local @hSnapShot
invoke RtlZeroMemory,addr @stProcess,sizeof @stProcess
mov @stProcess.dwSize,sizeof @stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov @hSnapShot,eax
invoke Process32First,@hSnapShot,addr @stProcess
.While eax
invoke lstrcmpi,addr @stProcess.szExeFile,addr stProcess
.if eax == 0
invoke OpenProcess,PROCESS_TERMINATE,FALSE,@stProcess.th32ProcessID
.if eax
mov ebx,eax
invoke TerminateProcess,ebx,1
invoke CloseHandle,ebx
.endif
.endif
invoke Process32Next,@hSnapShot,addr @stProcess
.EndW
invoke CloseHandle,@hSnapShot
ret
KillProcess EndP
Start:
invoke EnableDebugPriv
invoke KillProcess
invoke ExitProcess,0
End Start
this sentence:
invoke TerminateProcess,eax,NULL
the second param shouldn't be NULL,it must be set the value 1:
like this:
invoke TerminateProcess,eax,1
if the second param is NULL,you may find the explorer.exe will be reloaded by system at once.
following is my code :)
.386
.Model Flat,StdCall
Option CaseMap :None
Include \Masm32\Include\Windows.inc
Include \Masm32\Include\User32.inc
Include \Masm32\Include\Kernel32.inc
Include \Masm32\Include\Advapi32.inc
IncludeLib \Masm32\Lib\User32.lib
IncludeLib \Masm32\Lib\Kernel32.lib
IncludeLib \Masm32\Lib\Advapi32.lib
CTEXT MACRO y:VARARG
LOCAL sym
CONST segment
ifidni <y>,<>
sym db 0
? ? else
sym db y,0
endif
CONST ends
exitm <offset sym>
ENDM
.Data
stProcess db "explorer.exe",0
.Data?
tkp TOKEN_PRIVILEGES<>
sdnv LUID <>
hToken dd ?
.Code
EnableDebugPriv Proc
invoke GetCurrentProcess
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr hToken
invoke LookupPrivilegeValue,0,CTEXT("SeDebugPrivilege"),addr sdnv
mov tkp.PrivilegeCount,1
m2m tkp.Privileges.Luid.LowPart,sdnv.LowPart
m2m tkp.Privileges.Luid.HighPart,sdnv.HighPart
mov tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges,hToken,FALSE,addr tkp,sizeof tkp,0,0
invoke CloseHandle,hToken
ret
EnableDebugPriv EndP
KillProcess Proc
Local @stProcess:PROCESSENTRY32
Local @hSnapShot
invoke RtlZeroMemory,addr @stProcess,sizeof @stProcess
mov @stProcess.dwSize,sizeof @stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov @hSnapShot,eax
invoke Process32First,@hSnapShot,addr @stProcess
.While eax
invoke lstrcmpi,addr @stProcess.szExeFile,addr stProcess
.if eax == 0
invoke OpenProcess,PROCESS_TERMINATE,FALSE,@stProcess.th32ProcessID
.if eax
mov ebx,eax
invoke TerminateProcess,ebx,1
invoke CloseHandle,ebx
.endif
.endif
invoke Process32Next,@hSnapShot,addr @stProcess
.EndW
invoke CloseHandle,@hSnapShot
ret
KillProcess EndP
Start:
invoke EnableDebugPriv
invoke KillProcess
invoke ExitProcess,0
End Start
Hello there!
My answer is yes, you can substitude any name in my app to terminate the process,
.data
process db "explorer.exe",0
you can replace it whatever you want.
My answer is yes, you can substitude any name in my app to terminate the process,
.data
process db "explorer.exe",0
you can replace it whatever you want.
that's very easy.because i have made this mistake before.
this sentence:
invoke TerminateProcess,eax,NULL
the second param shouldn't be NULL,it must be set the value -1:
like this:
invoke TerminateProcess,eax,-1
if the second param is NULL,you may find the explorer.exe will be reloaded by system at once.
following is my code :)
.386
.Model Flat,StdCall
Option CaseMap :None
Include \Masm32\Include\Windows.inc
Include \Masm32\Include\User32.inc
Include \Masm32\Include\Kernel32.inc
Include \Masm32\Include\Advapi32.inc
IncludeLib \Masm32\Lib\User32.lib
IncludeLib \Masm32\Lib\Kernel32.lib
IncludeLib \Masm32\Lib\Advapi32.lib
CTEXT MACRO y:VARARG
LOCAL sym
CONST segment
ifidni <y>,<>
sym db 0
else
sym db y,0
endif
CONST ends
exitm <offset sym>
ENDM
.Data
stProcess db "explorer.exe",0
.Data?
tkp TOKEN_PRIVILEGES<>
sdnv LUID <>
hToken dd ?
.Code
EnableDebugPriv Proc
invoke GetCurrentProcess
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr hToken
invoke LookupPrivilegeValue,0,CTEXT("SeDebugPrivilege"),addr sdnv
mov tkp.PrivilegeCount,1
m2m tkp.Privileges.Luid.LowPart,sdnv.LowPart
m2m tkp.Privileges.Luid.HighPart,sdnv.HighPart
I am getting a syntax error on the m2m lines. Is there an include file missing ?
Thanks.
m2m MACRO M1, M2
push M2
pop M1
ENDM
he might have just forgotten to add them, it's a very commonly used macro.
Regards,
Bryant Keller
thanks to Synfire.
8)
8)