how to call TASK MANAGER thu Assembly Program?

[ravi]

hi buddies,
i was working over little ,  new program.
I am trying to call Task Manager (in xp) thru assembly program.
does anybuddy know that?
ravi

[Jeff]

the actual task manager program is:
taskmgr.exe
in the windows\system32 directory.  i believe thats what you are looking for.

[Darrel]

Hi ravi,

You'll need to use CoInitialize, CoCreateInstance, CoUninitialize, and the interfaces ITaskScheduler, ITask, ITaskTrigger, and IPersistFile. You will need mstask.lib also

Regards,

Darrel

EDIT: If you're referring to scheduled tasks, if not my bad.

[Darrel]

Code Select Expand

.data
    szTaskManager BYTE "C:\WINDOWS\SYSTEM32\taskmgr.exe",0

.code
Start:
    INVOKE ShellExecute,NULL,NULL,ADDR szTaskManager,NULL,NULL,SW_SHOWDEFAULT ;shell32.dll

[NMMX]

Hmm, but not everyone installs Windows to hd C:\ or \Windows, it can be something like
F:\WINNT\System32.

How would you apply GetSystemDirectory to this code?
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/sysinfo/base/getsystemdirectory.asp

[Darrel]

Code Select Expand

.data?
    szSystemDirectory BYTE MAX_PATH dup(?)

.code
Start:

    INVOKE GetSystemDirectory,ADDR szSystemDirectory,MAX_PATH
    dec    eax
    cmp    BYTE PTR[eax],05Ch            ;"\"
    je     AddExe

    inc    eax
    mov    BYTE PTR[eax],05Ch            ;"\"

AddExe:
    inc    eax
    mov    DWORD PTR[eax],06B736174h     ;"task" reverse order
    mov    DWORD PTR[eax+4],02E72676Dh   ;"mgr." reverse order
    mov    DWORD PTR[eax+8],0657865h     ;"exe",0 reverse order

    INVOKE ShellExecute,NULL,NULL,ADDR szSystemDirectory,NULL,NULL,SW_SHOWDEFAULT


[brixton]

Instead of using a hardcoded C:\WINNT, use %systemroot% to get the WINNT/Windows directory.

Therefore the string would be:

Code Select Expand

szTaskManager BYTE "%systemroot%\SYSTEM32\taskmgr.exe",0

And should always give the correct directory  :U

[ravi]

well thanx darrel,

i haven't run it but probably it was towards what i must think.
but it would be better to check whether the key is disabled or not in registry.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System  (key must be set to 1 for disabling TASKMGR)

I was trying to run taskmgr thru my prog b'coz a virus like script or trojan whatever u name it entered my system and disabled Taskmgr.exe,and being the member(mostly user) of this group i don't use any ANtivirus.I tried to run it manually but it didn't work out.Even i call it frm c,but of no use.well i will check all of ur postings and post whatever happens for others to sue (  :bg use).

[ravi]

thanx frnds especially DARREL and BRIXTON.

I was about to submit this code earlier but u know the DIS-connectivity(i mean connectivity) of DIAL UP helps u very much .

now the FINAL code looks as:

.386
        .model flat,stdcall
        option casemap:none   ; case sensitive
   
; ####################################################
   
        include \masm32\include\windows.inc
        include \masm32\include\user32.inc
        include \masm32\include\kernel32.inc
        include \masm32\include\shell32.inc

         
        includelib \masm32\lib\user32.lib
        includelib \masm32\lib\kernel32.lib
        includelib \masm32\lib\shell32.lib

.data
    szTaskManager BYTE "%SYSTEMROOT%\SYSTEM32\taskmgr.exe",0

.code
Start:
    INVOKE ShellExecute ,NULL,NULL,ADDR szTaskManager,NULL,NULL,SW_SHOWDEFAULT
    invoke ExitProcess,NULL
end Start

[ravi]

continued from last post:----discontinued one

now the program is working properly.I have tested that

TWO essentials are :

1.    include \masm32\include\shell32.inc ; necessary to use shellexecute function call b'coz prototype is given in shell32
       and
2.    invoke ExitProcess,NULL  ; if not called windows warning message will appear  "WIndows has encountered the problem with filenameucreated.exe and needs to be closed"


           i hope now this query is completed with all documentation and practical example .I ,further , intend to enhance it by checking the registry key.As soon as i do that i will inform to all.
Thanx to all (again to darrel and brixton )
         bye

"there is never a wrong time to do the right thing"

[farrier]

ravi,

One thing to consider:

using %SYSTEMROOT% will assemble a file which will run on the machine you have assembled it on and only other machines that have a %SYSTEMROOT% which is identical.  For instance, your %SYSTEMROOT% on your machine is probably c:\windows  , mine is d:\window , for a number of reasons.  So, if you sent me your program, it would not work on my machine.  You should use Darrel's suggestion to make your programs universal.

hth,

farrier
...just another dial-up user :(

[Jeff]

within the program, its not going to replace %SYSTEMROOT% with whatever value it is, it will only be replaced at runtime.

[edit]
hmmm, sorry, apparently it isnt.  but normally it would.  :/

[brixton]

Really?  It isn't?

Odd -- my bad.  I suppose I am thinking along the lines of when a batch file uses the %systemroot% or %windir% references.  Maybe you could create the batch file and use them, then execute the batch file  :P