Process View

Hunk · February 21, 2012, 02:47:25 AM

Hi,

I am having some issue regarding my process view application. This is the code:

.386								; x86 instruction set.
.model flat,stdcall				; Flat model with calling convention
option casemap:none				; Case sensitive none.


include windows.inc
include kernel32.inc
include user32.inc
include comctl32.inc
include comdlg32.inc
includelib user32.lib
includelib kernel32.lib
includelib comdlg32.lib
includelib comctl32.lib				; Include and lib files.

DlgProc	proto	:DWORD, :DWORD, :DWORD, :DWORD			;Dialog procedure proto types.

.const



.data?
hInstance		HINSTANCE		?
hList			HANDLE			?
Proc32			PROCESSENTRY32 <>
Buffer			dd				256 dup (?)
hSnapshot		HANDLE			?
hDll				HANDLE			?

.data
H1		db		"PID",0
H2		db		"Process",0
Dll		db		"kernel32.dll",0
Proc1	db		"Process32First",0
Proc2	db		"Process32Next",0
Fmt		db		"0%xh",0
Fmt2	db		"%s",0

.code
start:
		invoke InitCommonControls
		invoke GetModuleHandle, NULL
		mov hInstance, eax
		invoke DialogBoxParam, hInstance, 1001, NULL, addr DlgProc, NULL
		invoke ExitProcess,0
DlgProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
			LOCAL lvc: LV_COLUMN
			LOCAL lvi: LV_ITEM

		.if uMsg == WM_INITDIALOG
			
			invoke GetDlgItem, hWnd, 1002
			mov hList, eax
			invoke SendMessage,hList, LVM_SETEXTENDEDLISTVIEWSTYLE,0, LVS_EX_GRIDLINES
			mov lvc.imask, LVCF_FMT or LVCF_SUBITEM or LVCF_TEXT or LVCF_WIDTH	
			mov lvc.fmt, LVCFMT_CENTER
			mov lvc.lx, 80
			mov lvc.pszText, offset H1
			mov lvc.iSubItem, 0
			invoke SendMessage, hList, LVM_INSERTCOLUMN, 0, addr lvc
			mov lvc.lx, 300
			mov lvc.pszText, offset H2
			mov lvc.iSubItem, 1
			invoke SendMessage, hList, LVM_INSERTCOLUMN, 1, addr lvc
			
			mov lvi.imask, LVIF_TEXT
			mov lvi.iItem,0
			
			invoke  CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
			mov hSnapshot, eax
			mov Proc32.dwSize, sizeof Proc32
			invoke GetModuleHandle, addr Dll
			mov hDll, eax
			invoke GetProcAddress, eax, addr Proc1
			
			Push offset Proc32
			Push hSnapshot
			Call  eax
			mov lvi.iSubItem,0
			
			.while eax
				invoke wsprintf, addr Buffer, addr Fmt, Proc32.th32ProcessID
				mov lvi.pszText, offset Buffer
				invoke SendMessage, hList, LVM_INSERTITEM, 0,addr lvi
				invoke wsprintf, addr Buffer, addr Fmt2, addr Proc32.szExeFile
				inc lvi.iSubItem
				mov lvi.pszText, offset Buffer
				invoke SendMessage, hList, LVM_SETITEM, 0,addr lvi
				inc lvi.iItem
				invoke GetProcAddress, hDll, addr Proc2
				Push offset Proc32
				Push hSnapshot
				Call eax
			.endw
			invoke CloseHandle, hSnapshot		
		.elseif uMsg == WM_CLOSE
			invoke EndDialog, hWnd,0
		.endif
		xor eax,eax
		Ret
DlgProc EndP
end start

This is the output which I am getting.

May I know why I am not getting the full list?

qWord · February 21, 2012, 03:24:44 AM

lvi.iSubItem must be reset each iteration.
Also, what is the reason of recalling GetProcAddress() in the loop?

Hunk · February 21, 2012, 04:03:07 AM

Code Select

inc lvi.iSubItem
This is being incremented every time.

GetProcAddress is for grabbing the address of Proc32First and Proc32Next, because I tried to implement them directly but they are not working, kind of error is there. So i used this method.

qWord · February 21, 2012, 04:13:15 AM

Quote from: Hunk on February 21, 2012, 04:03:07 AM
Code Select Expand
inc lvi.iSubItem
This is being incremented every time.

You have two columns: iSubItem must not exceed 1.

Quote from: Hunk on February 21, 2012, 04:03:07 AM
GetProcAddress is for grabbing the address of Proc32First and Proc32Next, because I tried to implement them directly but they are not working, kind of error is there. So i used this method.

Commonly you load function pointers only one time and then store them in an corresponding variable.

Hunk · February 21, 2012, 04:23:20 AM

:U Thanks Qword Bro, problem solved.

dedndave · February 21, 2012, 04:28:40 AM

some time ago, Erol gave a nice example of how to call a function after GetProcAddress...
http://www.masm32.com/board/index.php?topic=11772.msg89003#msg89003

Hunk · February 23, 2012, 11:14:44 AM

thank you dendave very cool one :U you saved my lots of time. I was always using my lengthy process to retrieve the address again and again. Kind of a big headache before for me. thanks once again.

btw, I am having last and very small problem here. I am trying to kill the process with trackpopmenu. Menu is working fine. I am using following code t terminate the process, but dont know to grab the selected item process id. can anyone give me some idea how to grab the process ID info with right click ?

i

Code Select

nvoke OpenProcess, PROCESS_TERMINATE,1,dwProcess ID <-----------------------
invoke TerminateProcess,eax,0

qWord · February 23, 2012, 11:53:34 AM

Store PROCESSENTRY32.th32ProcessID in the corresponding LV_ITEM.lParam. To determine which item was right-clicked, use the LVM_HITTEST message.

Hunk · February 24, 2012, 10:32:17 AM

Thanks Qword for the hint. According to your instructions, I have done few changes in the code. But I tried to debug it to see if it is working or not, after sendmessage I am getting -1 value. May I know, what I am doing wrong here. :bg

Code Select

LOCAL lvh:LVHITTESTINFO <----------structure


invoke SendMessage, hList, LVM_INSERTITEM, Proc32.th32ProcessID,addr lvi <<---------------------- storing

invoke GetCursorPos, addr lvh.pt <--------------------------------------------- location of right click
invoke SendMessage, hList, LVM_HITTEST,-1, addr lvh
invoke TrackPopupMenu, hMenu,TPM_LEFTALIGN, lvh.pt.x, lvh.pt.y,NULL,hWnd,NULL

xandaz · February 24, 2012, 12:09:09 PM

I'm always available to share some of my examples. Here goes a process enumerator/killer that works comme si comme sa. It has some issues but i never got back to it so it still needs fixing.
Hail M32F

News:

Process View