Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Campus => Topic started by: travism on October 20, 2008, 02:12:28 AM

Title: my spyware killer help
Post by: travism on October 20, 2008, 02:12:28 AM
Ok so from my other thread im trying to write a spyware killer that will search for the spyware.exe's and kill them so if they respawn they will be killed again, Im trying to sort through the array but after the first pass from the while it just starts removing one character at a time, so then i though i just need to know the length to jump to the next one, that would be very time consuming to count each one and put it in.. is there a easier way to do this? or more efficient?

Code Select
; ¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤
include \masm32\include\masm32rt.inc
; ¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤÷¤
.data
avNames db 2 dup ( "Test.exe",0,"Test2.exe",0)
.data?
hSnap HANDLE ?
PE32  PROCESSENTRY32 <?>
.code
start:
      push 0
      push TH32CS_SNAPPROCESS
      call CreateToolhelp32Snapshot

      mov hSnap,eax
      mov [PE32.dwSize],sizeof PE32

      push offset PE32
      push hSnap
      call Process32First

      mov ecx,0
      .WHILE ecx != 3
             lea eax,[avNames]
             push ecx
             add ecx,eax
             
             push ecx
             push offset PE32.szExeFile
             call lstrcmpi
             .IF eax == 0
                 push [PE32.th32ProcessID]
                 push FALSE
                 push PROCESS_TERMINATE
                 call OpenProcess

                 push 0
                 push eax
                 call TerminateProcess
             .ENDIF
             push offset PE32
             push hSnap
             call Process32Next
             pop ecx
             inc ecx
      .ENDW
end start 
Title: Re: my spyware killer help
Post by: hutch-- on October 20, 2008, 02:23:37 AM
Travis,

What is wrong with the idea of a string array where you just iterate from one member to the next like normal ? There are various techniques for enumerating a task list.

There is an algo in the masm32 library to tokenise lines of text, just run whatever enueration you choose, write them sequentially to a string buffer then run the "ltok" algo to treat it as an array of pointers to each string. It will be easily fast enough to do what you are after.
Title: Re: my spyware killer help
Post by: travism on October 20, 2008, 02:26:13 AM
agh! why didnt i think of that! Ah thanks again hutch :)
Title: Re: my spyware killer help
Post by: donkey on October 20, 2008, 04:32:08 AM
A string array is definitely the way to go, I generally hate the overhead associated with them because of compaction and garbage collection etc... so I almost always use the common control DSA functions to manage them, saves alot of "donkey work"

DSA_Create (http://msdn.microsoft.com/en-us/library/bb775647.aspx)
Text only | Text with Images