Hi All,

I have found a VB code listing running processes. Now I am trying to write that code in asm, but it won't work. What is wrong in my code? The function EnumProcess doesn't succed (eax==0). I have copied the psapi.lib from 98 SDK lib map to masm32 lib map. I have also run l2extia to create a psapi.inc file. Here is my code. Can someone tell me what's wrong?

DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM
LOCAL processes[100]:dword

mov eax,uMsg

.elseif eax==WM_COMMAND
mov eax,wParam
and eax,0FFFFh
; PushButton action =============================
.if lParam != 0
mov edx,wParam
shr edx,16
.if dx == BN_CLICKED
.if ax == IDC_BTN1
mov osinfo.dwOSVersionInfoSize,148
mov osinfo.szCSDVersion,128
invoke GetVersionEx,addr osinfo
.if eax==TRUE
.if osinfo.dwPlatformId==1 ;win95/98
.elseif osinfo.dwPlatformId==2 ;winNT
invoke EnumProcesses,addr processes,sizeof processes,100
.if eax!=0
invoke SetDlgItemText,hWin,IDC_EDT1,SADD('EnumProcesses. OK!')
invoke SetDlgItemText,hWin,IDC_EDT1,SADD('EnumProcesses. Did not Work')

.elseif eax==WM_CLOSE
invoke EndDialog,hWin,0
mov eax,FALSE
mov eax,TRUE

DlgProc endp
Posted on 2002-12-15 16:20:18 by minor28
This line is your problem...

invoke EnumProcesses,addr processes,sizeof processes,100

The function expects the third varible to be a pointer to a dword so that it can return the number bytes copied into your processes array.

To fix the problem add another local variable to your procedure called dwNeeded

local dwNeeded:dword

and call the function like this...

invoke EnumProcesses,addr processes,sizeof processes,addr dwNeeded
Posted on 2002-12-16 10:32:52 by BubbaFate
Thanks BubbaFate

Now I can list running processes. The project is attached. Two questions:

1) why is the value given to nModules at line 75 changed after the invoke at line 82. It is a completly different value at the compare at line 92?

2) How do I make a line feed after each process name?

Well I have another request too.

3) I suppose my code is not the most effective so I would appreciate comments on my code.

BTW. I haven't written code for Win 9xx. It only works on NT.

Posted on 2002-12-17 02:27:26 by minor28
I think your first question about nModules being changed is caused by not popping arguments off the stack in the proper order... The first thing you push is nModules, and then you push your counter. But when you pop those back off you do it backwards by popping nModules first. Also each time your loop executes you push one argument yet pop two, that?s not a very good thing.

As far as a line feed goes, just send this

crlf db 0Dh, 0Ah, 0

to the edit control after you send the module name.

One of the biggest problems I have with your code is readability, just one example is how you are trying to use eax as nModules, and ecx as a counter across function calls. In order to accomplish this you have to push and pop these arguments, it would be much easier just to declare some local variables to handle this.

To accomplish this task on win 9x then you can use the toolhelp functions. CreateToolhelp32Snapshot, Process32First, Process32Next are the functions you should look into. Now if you want this program to work on all versions of Windows you are going to have to load the psapi functions and the toolhelp functions dynamically so the loader is happy on all platforms.

There is an alternative however; the toolhelp functions are supported on all win 9x platforms, and on win 2000 and up. So if you are willing to leave NT 4.0 and below in the dark then, you can just use toolhelp exclusively.
Posted on 2002-12-17 13:11:09 by BubbaFate
Thanks for your reply. It was to a great help for me.

SendMessage CR and LF did the job.

One push and two pops is no good. I should have seen that myself. You are right the code is not easy to read. In the first place I did declare a local variable nModules. After division by 4 nModules got the value 37 and hold it until line of "invoke GetModuleFileNameEx". After the call nModules changed to 58xxxxxx (looks like an address). I don't understand why. I do nothing to nModules. That's why I pushed and poped.

I will try tollhelp functions later.
Posted on 2002-12-17 15:37:03 by minor28
I think this is better readable.
Posted on 2002-12-18 02:04:33 by minor28
Hi all

Now I think this program works on all versions of Windows. The psapi functions are loaded only on NT and win 2000 platforms. I have tested on win 98 and win 2000. I would appreciate comments on my code.

Posted on 2002-12-18 16:20:03 by minor28