Using this code, it ends a netscape in about 1 -2 seconds, but over 20 seconds for the attached timer program. Curious as to why that is.

; end_proc.asm End any process, BUT BE CAREFUL !
;
;
.386
.Model Flat,StdCall
Option CaseMap :None

Include \Masm32\Include\Windows.inc
Include \Masm32\Include\User32.inc
Include \Masm32\Include\Kernel32.inc
Include \Masm32\Include\Advapi32.inc

IncludeLib \Masm32\Lib\User32.lib
IncludeLib \Masm32\Lib\Kernel32.lib
IncludeLib \Masm32\Lib\Advapi32.lib


m2m MACRO M1, M2
  push M2
  pop  M1
ENDM

CTEXT  MACRO y:VARARG
  LOCAL sym
  CONST segment
  ifidni <y>,<>       
      sym db 0     
    else       
      sym db y,0
  endif
  CONST ends
  exitm <offset sym>
ENDM

.Data
stProcess  db "timer.exe",0

.Data?
tkp      TOKEN_PRIVILEGES<>
sdnv      LUID <>
hToken      dd ?

.Code
EnableDebugPriv  Proc
  invoke  GetCurrentProcess
  invoke  OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY,addr hToken
  invoke  LookupPrivilegeValue,0,CTEXT("SeDebugPrivilege"),addr sdnv
  mov  tkp.PrivilegeCount,1
  m2m  tkp.Privileges.Luid.LowPart,sdnv.LowPart
  m2m  tkp.Privileges.Luid.HighPart,sdnv.HighPart
  mov  tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED
  invoke  AdjustTokenPrivileges,hToken,FALSE,addr tkp,sizeof tkp,0,0
  invoke  CloseHandle,hToken
  ret
EnableDebugPriv  EndP

KillProcess  Proc
      Local  @stProcess:PROCESSENTRY32
      Local  @hSnapShot

      invoke  RtlZeroMemory,addr @stProcess,sizeof @stProcess
      mov  @stProcess.dwSize,sizeof @stProcess
      invoke  CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
      mov  @hSnapShot,eax
      invoke  Process32First,@hSnapShot,addr @stProcess
      .While  eax
        invoke  lstrcmpi,addr @stProcess.szExeFile,addr stProcess
        .if  eax == 0
            invoke  OpenProcess,PROCESS_TERMINATE,FALSE,@stProcess.th32ProcessID
            .if  eax
              mov  ebx,eax
              invoke  TerminateProcess,ebx,1
              invoke  CloseHandle,ebx
            .endif
        .endif
        invoke  Process32Next,@hSnapShot,addr @stProcess
      .EndW
      invoke  CloseHandle,@hSnapShot
      ret
KillProcess  EndP

Start:
  invoke  EnableDebugPriv
  invoke  KillProcess
  invoke  ExitProcess,0
End  Start
Attachments:
Posted on 2006-02-16 13:44:28 by skywalker
i have tried
this code killed the timer.exe at once
why it spends 20s killing the timer.exe on your computer?!
:shock:

My Computer
CIII 1G + 256M + Windows XP Professional SP2(CN)
Posted on 2006-02-16 22:42:28 by MengXP
Hi

Same thing here, no problem killing the timer process on Win2K. One small point though, I added the code to a test dialog and after a successful TerminateProcess the callback continued on to a C0000005 access violation,

77E189CE  test        byte ptr ,0C0h

A simple 'uses ebx' in KillProcess Proc solved the problem.  Perhaps in your situation not preserving the register didn't cause a crash but did cause some kind of hang/delay.

Kayaker
Posted on 2006-02-17 01:30:03 by Kayaker
Is there any way we can get the full name of the process including the directory address in NT based machines ? cause the szExeFile member of the PROCESSENTRY32 structure used to return the full address of the process in windows 9x/ME
Posted on 2006-02-17 01:42:04 by XCHG

Hi

Same thing here, no problem killing the timer process on Win2K. One small point though, I added the code to a test dialog and after a successful TerminateProcess the callback continued on to a C0000005 access violation,

77E189CE  test        byte ptr ,0C0h

A simple 'uses ebx' in KillProcess Proc solved the problem.  Perhaps in your situation not preserving the register didn't cause a crash but did cause some kind of hang/delay.

Kayaker


Thanks.

I'll put it right after the second Local and try it.
Is that the equivalent of the old push ebx, pop ebx?

Andy

Posted on 2006-02-17 08:33:30 by skywalker

i have tried
this code killed the timer.exe at once
why it spends 20s killing the timer.exe on your computer?!
:shock:

My Computer
CIII 1G + 256M + Windows XP Professional SP2(CN)


That's what I am trying to figure out.

I'll try it out on some different computers and see what I find.

Posted on 2006-02-17 08:36:45 by skywalker

Is there any way we can get the full name of the process including the directory address in NT based machines ? cause the szExeFile member of the PROCESSENTRY32 structure used to return the full address of the process in windows 9x/ME

do a Module32First to get the extra info.

invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,pe32.th32ProcessID
mov hSnapM,eax
.if eax != INVALID_HANDLE_VALUE
invoke Module32First,hSnapM,addr me32
invoke CloseHandle,hSnapM
.endif
Posted on 2006-02-17 09:50:36 by drizz
Here is the code i have written in Delphi, it just gives me my own exe path and a list of DLL files instead of the EXEs

Posted on 2006-02-18 07:43:18 by XCHG

it just gives me my own exe path
and what was your question? just replace GetCurrentProcessId with th32ProcessID when enumerating, and just do the Module32First
Posted on 2006-02-18 20:24:47 by drizz