How can i know it this running process handle value?

[akna]

Hi

.386
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
includelib \masm32\lib\kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
include \masm32\macros\macros.asm

.data
caption db "getcurrentprocess",0

.data?
szBuffer db 16 dup (0)

.code
start:
invoke GetCurrentProcess
INVOKE wsprintf, ADDR szBuffer, SADD("Handle = %u"),eax
invoke MessageBox,NULL,addr szBuffer,addr caption,MB_OK
invoke ExitProcess,0
end start

This code not work.

[sinsi]

Maybe try and make szBuffer a bit longer, since it needs to copy the original 'handle blah".

[MichaelW]

The buffer should be 20 bytes, but the code nevertheless works correctly for me. I would replace %u with %d.

http://msdn.microsoft.com/en-us/library/ms683179(VS.85).aspx

[akna]

Maybe try and make szBuffer a bit longer, since it needs to copy the original 'handle blah".

Not good.Always Handle = 4294967295

[jj2007]

RTFM
GetCurrentProcess Function

Return Value

The return value is a pseudo handle to the current process.
Remarks

A pseudo handle is a special constant, currently (HANDLE)-1, that is interpreted as the current process handle. For compatibility with future operating systems, it is best to call GetCurrentProcess instead of hard-coding this constant value.

[sinsi]

Well, fuck me. From MDSN

GetCurrentProcess

Return Value
The return value is a pseudo handle to the current process.

Remarks
A pseudo handle is a special constant, currently (HANDLE)-1, that is interpreted as the current process handle.

And your handle is 4294967295 which is -1 in 32-bit (FFFFFFFF)

This has cleared up a problem for me actually, using GetCurrentProcess then setting the affinity wouldn't work.
INVALID_HANDLE_VALUE eh?


edit: jj to the rescue! spanked heh heh

[jj2007]

Hint: Launch Olly, and see what GetCurrentProcess does. An absolutely fascinating algo is waiting for you :green

[sinsi]

Don't tell me - 'mov eax,-1' is it Stanley?

[qWord]

use OpenProcess(PROCESS_ALL_ACCESS,FALSE,GetCurrentProcessId()) to get the real process handle

[jj2007]

Don't tell me - 'mov eax,-1' is it Stanley?

Mate, you are wasting precious space: mov eax, -1 is a five byte instruction. Windows is lean and mean, as we all know :green

[BlackVortex]

Hahaha, here it is :

Code Select Expand

755DE674 >  83C8 FF         OR EAX,FFFFFFFF
755DE677    C3              RET



[sinsi]

Sorry, 'or eax,-1' it is - even in win7  :bg

Anyway, windbg rules ok?
japeth has a nice command-line one going too...

edit: ok BV

[dedndave]

"optimized" version...

        push    0FFh
        pop     eax
        ret

[jj2007]

"optimized" version...

        push    0FFh
        pop     eax
        ret

Hey, it's not shorter than the MS solution...!

[dedndave]

ahhhhhhh - thanks for pointing that out - i like that use of OR - i will have to remember that one