hi @all

i have translate donkey?s Windows Task Manager listview spy
in masm32 i will not work can your help me

.586
.model flat, stdcall  ;32 bit memory model
option casemap :none  ;case sensitive

include task.inc
.const
LVFI_STRING equ 0002h
LVFI_WRAP equ 0020h
.data
pSMSS DB "SMSS.EXE",0
sztask db"Windows Task Manager",0
szSys32 db "Syslistview32",0
szPorc db "Processes",0
szPid db "#32770",0
lvim          LV_FINDINFO<> 


.data?
PID dd ?
cbWritten dd ?
hTaskMan dd ?
.code
start:
invoke FindTaskMan
mov lvim.flags,LVFI_STRING+LVFI_WRAP
mov lvim.psz,offset pSMSS
mov lvim.vkDirection,VK_DOWN
invoke TaskFindItem,eax,0,offset lvim
invoke MessageBox,0,eax,0,MB_OK

FindTaskMan Proc


; Not sure if TaskMan is localized but this will
; only find the handle for an English Task Manager

invoke FindWindow,NULL,addr sztask
or eax,eax
jnz @1
xor eax,eax
dec eax
RET
@1:
mov hTaskMan,eax

; Scan each of the tab dialogs in turn until
; we find the one with the processes listview

xor ebx,ebx
@2:
invoke FindWindowEx,addr hTaskMan,ebx,addr szPid,NULL
or eax,eax
jnz @3
xor eax,eax
dec eax
RET
@3:
; Save the dialog handle for the next search
mov ebx,eax
; See if our listview is here
invoke FindWindowEx,eax,NULL,addr szSys32,addr szPorc
or eax,eax
jz @2

RET

FindTaskMan endp


TaskFindItem Proc hlv:DWORD,iStart:DWORD,pLVFINDINFO:DWORD

LOCAL pMem :DWORD
;LOCAL PID :DWORD
LOCAL hProcess :DWORD
;LOCAL cbWritten :DWORD

mov ,-1
; Get the PID of the TaskMan from the listview handle
invoke GetWindowThreadProcessId,,OFFSET PID

; Open the TaskMan process
invoke OpenProcess,PROCESS_VM_OPERATION\
+PROCESS_VM_READ + PROCESS_VM_WRITE,NULL,
mov ,eax
or eax,eax
jnz @1
xor eax,eax
dec eax
ret
@1:

; Allocate a 4K buffer in the TaskMan's space (4K is the minimum size)
invoke VirtualAllocEx, eax, NULL, 4096, MEM_COMMIT, PAGE_READWRITE
mov ,eax
or eax,eax
jnz @2
invoke CloseHandle,
xor eax,eax
dec eax
ret
@2:

mov edi,
mov ebx,
; Is this a string search
mov eax,
test eax,LVFI_STRING
jz @3 ; no? then skip the string copy
; Need the string information
invoke lstrlen,
inc eax

mov ecx,
add ecx,256
mov ,ecx

; Write the string
invoke WriteProcessMemory, , ecx,\
ebx, eax, OFFSET cbWritten
@3:

; Write the structure
invoke WriteProcessMemory, , ,\
, SIZEOF LV_FINDINFO, OFFSET cbWritten

; Finally we send our message
invoke SendMessage,,LVM_FINDITEM,,

; push the result
push eax

; Reset the string pointer just in case it is needed elsewhere
mov ,ebx

; Clean up the memory and close the process handle
invoke VirtualFreeEx, , , NULL, MEM_RELEASE
invoke CloseHandle,

; pop the result
pop eax
RET
TaskFindItem ENDp
end start


belcoder
Posted on 2006-10-22 13:34:19 by BelCoder
Hi BelCoder

Wow, I don't even remember writing that :) And I can't find a copy of the original anywhere, probably just scrapped it because I lost interest. However it is a pretty standard example of interprocess messaging using VirtualAllocEx to marshal the data. The thing is that it will obviously only run on 2K+ since that set of functions is not available on 98 (you would have to use ordinals to allocate some shared memory). What OS are you using and where does the routine fail (ie which function returns an error) ?

Donkey
Posted on 2006-10-22 14:51:09 by donkey
hi donkey

im using winxp pro sp2

i search an example thats spy listview item form another prog
can you me send a complete example

sorry for my bad english

thx
Posted on 2006-10-22 14:57:55 by BelCoder
Hi BelCoder,

Not sure if SP2 has any restrictions on this type of code, it is after all injecting a memory buffer into another process. Can't see why it would restrict that though, it would really scr*w up some COM marshalling if they did. I would gladly send you an example but I don't have one, as I said in my earlier post I did not keep a copy of this for some reason, perhaps it was setting off whatever virus scanner I was using at the time or something, don't remember it at all. However, my website has a sample project called "Extracting information from the desktop" that uses the exact same technique and you should be able to modify it to your needs.

Donkey
Posted on 2006-10-22 15:06:03 by donkey