yo all members, i'm a french newbie programmers and it's my second question on this board. So :
i want to find all process which run on windows like rundll32.exe, mstask.exe, explorer.exe, smss.exe, etc...
i success on win98 but not on win NT and win NT is most important for me :)
So, i paste my code and if someone can help me, it will be very brilliant
i put too a source in c++ to help you to understand
PS: i use psapi.dll for the process on NT



.386
.MODEL Flat, STDCALL
option casemap:none

; Prototype de WinMain (4 arguments)
WinMain PROTO :DWORD, :DWORD, :DWORD, :DWORD
InsertColumn PROTO
InsertItem PROTO :DWORD, :DWORD
GetProcess PROTO
GetProcessNT PROTO :DWORD
GetProcess98 PROTO


;____________________Inclusion des biblioth?ques_______________________

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
include \masm32\include\gdi32.inc
include \masm32\include\comctl32.inc

includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\comctl32.lib

;____________________D?claration des variables initialis?es____________

.DATA

ClassName db "WndClass", 0
WindowName db "Get Process List", 0
ListviewClass db "SysListView32", 0
szProcess db "Process", 0
szProcessID db "ProcessID", 0
szLibName db "psapi.dll", 0
szEnumProcesses db "EnumProcesses", 0
EnumProcesses dd 0
szGetModuleFileNameEx db "GetModuleFileNameEx", 0
GetModuleFileNameEx dd 0
szCaptionError db "Working Only On NT Station", 0
szTitleError db "GetProcessList", 0
Format db "%d", 0

lpidProcess dd 1024 dup(0)

;___________________D?claration des donn?es non-initialis?es___________

.DATA?

hInstance HINSTANCE ?
CommandLine LPSTR ?
hList HWND ?
hDLL HWND ?
cbNeeded dd ?
testtest db 128 dup(?)


;___________________D?claration des constantes et boutons______________

.CONST

IDC_LIST equ 1000

;___________________________Code source________________________________

.CODE

start:
invoke GetModuleHandle, NULL
mov hInstance, eax
invoke GetCommandLine
mov CommandLine, eax
invoke WinMain, hInstance, NULL, CommandLine, SW_SHOWDEFAULT
invoke ExitProcess, NULL
call InitCommonControls

WinMain Proc hInst:HINSTANCE, hPrevInst:HINSTANCE, lpCmdLine:LPSTR, CmdShow:DWORD

; d?claration des
; variables locales

LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
LOCAL hwnd:HWND

; initialisation des membres
; de la structure de la fen?tre

mov wc.cbSize, SIZEOF WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra, NULL
mov wc.cbWndExtra, NULL
push hInstance
pop wc.hInstance
invoke LoadIcon, NULL, IDI_APPLICATION
mov wc.hIcon, eax
mov wc.hIconSm, eax
invoke LoadCursor, NULL, IDC_ARROW
mov wc.hCursor, eax
mov wc.hbrBackground, COLOR_WINDOW+1
mov wc.lpszMenuName, NULL
mov wc.lpszClassName, OFFSET ClassName

; enregistrement de la classe fen?tre

invoke RegisterClassEx, ADDR wc

; cr?ation de la fen?tre

invoke CreateWindowEx, WS_EX_CLIENTEDGE,
ADDR ClassName,
ADDR WindowName,
WS_OVERLAPPEDWINDOW,
300,
300,
400,
300,
NULL,
NULL,
hInst,
NULL

mov hwnd, eax ; r?cup?ration de l'handle
; de la fen?tre


invoke ShowWindow, hwnd, CmdShow
invoke UpdateWindow, hwnd

.WHILE TRUE
invoke GetMessage, ADDR msg, hwnd, 0, 0
.BREAK .IF (!eax)
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
.ENDW

mov eax, msg.wParam
ret

WinMain endp

WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM


.IF uMsg == WM_CLOSE

invoke PostQuitMessage, 0

.ELSEIF uMsg == WM_CREATE

invoke CreateWindowEx, NULL, ADDR ListviewClass, NULL, WS_VISIBLE+WS_CHILD+LVS_REPORT,
0, 0, 0, 0, hWnd, IDC_LIST, hInstance, NULL

mov hList, eax

call InsertColumn
call GetProcess

.ELSEIF uMsg == WM_SIZE

mov eax, lParam
mov edx, eax
shr edx, 16
and edx, 0FFFFh

invoke MoveWindow, hList, 0, 0, eax, edx, TRUE

.ELSE
invoke DefWindowProc, hWnd, uMsg, wParam, lParam
ret
.ENDIF

xor eax, eax
ret

WndProc endp

InsertColumn proc

LOCAL lvc:LV_COLUMN

mov lvc.imask, LVCF_FMT or LVCF_TEXT or LVCF_WIDTH
mov lvc.lx, 210
push OFFSET szProcess
pop lvc.pszText

invoke SendMessage, hList, LVM_INSERTCOLUMN, 0, ADDR lvc

mov lvc.fmt, LVCFMT_CENTER
push OFFSET szProcessID
pop lvc.pszText

invoke SendMessage, hList, LVM_INSERTCOLUMN, 1, ADDR lvc

ret

InsertColumn endp

InsertItem proc pPName:DWORD, pPiD:DWORD

LOCAL lvi:LV_ITEM

mov lvi.imask, LVIF_TEXT
mov lvi.iItem, 0
mov lvi.iSubItem, 0
push pPName
pop lvi.pszText

invoke SendMessage, hList, LVM_INSERTITEM, 0, ADDR lvi

mov lvi.iSubItem, 1
push pPiD
pop lvi.pszText

invoke SendMessage, hList, LVM_SETITEM, 1, ADDR lvi

ret

InsertItem endp

GetProcess proc uses esi edi

LOCAL CountProcess : DWORD

invoke LoadLibrary, ADDR szLibName
mov hDLL, eax

.IF (hDLL != NULL)

; ///////////////// R?cup?ration des adresses dans psapi.Dll \\\\\\\\\\\\\\\\\\\\\\

invoke GetProcAddress, hDLL, ADDR szGetModuleFileNameEx
mov GetModuleFileNameEx, eax
invoke GetProcAddress, hDLL, ADDR szEnumProcesses
mov EnumProcesses, eax

; //////////////// Fonction pour mettre les pid dans un tableau \\\\\\\\\\\\\\\\\\\\

push OFFSET cbNeeded
push SIZEOF lpidProcess
push OFFSET lpidProcess
call [EnumProcesses]


.IF (eax != NULL)

; //////////////// Division pour conna?tre le nb de process \\\\\\\\\\\\\\\

mov eax, cbNeeded
mov ecx, SIZEOF DWORD
cdq
idiv ecx
mov CountProcess, eax

;invoke wsprintf, ADDR testtest, ADDR Format, CountProcess
;invoke MessageBox, NULL, ADDR testtest, ADDR WindowName, NULL

; Utilisation d'ecx comme compteur du nb de process
xor edi, edi

; On r?cup?re l'addr de lpidProcess dans esi
lea esi, lpidProcess


; //////////////////// On commence la boucle pour traiter chaque process un ? un \\\\\\\\\\\\\\\\\\\\

beginloop:

; On incr?mente l'indice du tableau et on passe le pid ? la fonction
; GetprocessNT qui s'occupe d'ins?rer le nom du process dans le listview
push [ esi ]
call GetProcessNT
add esi, 4

cmp edi, CountProcess
jz endloop
inc edi
jmp beginloop
endloop:

.ENDIF
.ELSE

call GetProcess98
.ENDIF

ret

GetProcess endp

GetProcessNT proc PID : DWORD

LOCAL hProcess:HANDLE
LOCAL hModule:HANDLE
LOCAL buf[128]:BYTE

; HANDLE MODULE

LOCAL szProcessName[256] : BYTE


invoke wsprintf, ADDR buf, ADDR Format, PID
invoke MessageBox, NULL, ADDR buf, ADDR WindowName, NULL

invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, PID
mov hProcess, eax
.IF eax != NULL

; invoke wsprintf, ADDR buf, ADDR Format, PID
; invoke MessageBox, NULL, ADDR buf, ADDR WindowName, NULL

mov eax, SIZEOF szProcessName
push eax
lea eax, szProcessName
push eax
push hModule
push hProcess
call [GetModuleFileNameEx]



lea eax, szProcessName
push eax
lea eax, PID
push eax
call InsertItem

.ENDIF

ret

GetProcessNT endp

GetProcess98 proc

LOCAL hProcessSnap:HANDLE
LOCAL pe32:PROCESSENTRY32

invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0
mov hProcessSnap, eax

.IF (hProcessSnap != INVALID_HANDLE_VALUE)

mov pe32.dwSize, SIZEOF pe32
invoke Process32First, hProcessSnap, ADDR pe32

.WHILE eax != NULL

push 0
lea eax, pe32.szExeFile
push eax
call InsertItem

invoke Process32Next, hProcessSnap, ADDR pe32
.ENDW

.ENDIF

ret

GetProcess98 endp

end start


i join my asm file and psapi.dll : http://www.winutils.com/psapi.dll
oh, the goal of this program is to catch all system process and to display them in a listview
sorry for my very bad english and thanx a lot for your help :)
Posted on 2002-06-26 08:45:19 by SpYflaX
look at this source...
Posted on 2002-06-26 16:29:57 by hunter
ohh great, thanx a lot hunter :)
Posted on 2002-06-26 16:46:23 by SpYflaX