Howlong.exe ?

[skywalker]

I only just discovered this and a bunch of other commands.
Is it possible to kind of "debug" this to see how it works?

I remember that Win98 use to have some prog on CD that would show you the time that a program took when you ran it but don't remember what it's called. I recall it was a command line prog.

taskkill /s SEVEN /f /im notepad.exe

Thanks.

[evlncrn8]

most likely, open process -> terminate process / thread... hardly rocket science
have to admit i find your intrest in this sort of thing somewhat 'suspect'...
as these sort of things aren't the usual things most people would code...

[Vortex]

What has to do debug with taskkill?

[Tedd]

(I'm presuming there are two questions in there - the separation isn't explicit.)

The commands are mostly internal to cmd.exe, so you'd have to 'debug' that whole mess to follow the code. The ones that aren't, are usually exe/com files in "\windows\system32"

Don't know what the timing program was, but it's simple enough to do:
stTime = GetTickCount()
CreateProcess(....)
;wait for the process to finish - I'm sure there's a better way than polling with GetExitCodeProcess (just can't seem to think of it right now)
RunningTime = GetTickCount() - stTime


And for an equivalent 'killall' - http://www.masm32.com/board/index.php?topic=7304.msg54027#msg54027

[P1]

Is it possible to kind of "debug" this to see how it works?

M$ has crippled Debug.  U command is for the most part very aggrevating.

When you have the source, it's very easy to produce debug files.

If your referring to 'Debug' as an RE tool, Look elsewhere, but skip DOS 'Debug' as a tool for that.

Regards,  P1   :8)

[Evenbit]

(I'm presuming there are two questions in there - the separation isn't explicit.)

The commands are mostly internal to cmd.exe, so you'd have to 'debug' that whole mess to follow the code. The ones that aren't, are usually exe/com files in "\windows\system32"

Don't know what the timing program was, but it's simple enough to do:
stTime = GetTickCount()
CreateProcess(....)
;wait for the process to finish - I'm sure there's a better way than polling with GetExitCodeProcess (just can't seem to think of it right now)
RunningTime = GetTickCount() - stTime

Just use the 'WaitForSingleObject' call.  Here is an example in HLA using two methods for timing:  (1) a built-in HLA 'timer' object,  (2) calls to 'GetThreadTimes' (although 'GetProcessTimes' would work too) --

Code Select Expand

program tim;
#include( "stdlib.hhf" )
#include( "w.hhf" )

var

    qwKTStart.lo   :w.FILETIME;
    qwKTEnd.lo     :w.FILETIME;
    qwUTStart   :w.FILETIME;
    qwUTEnd     :w.FILETIME;
    qwDummy     :w.FILETIME;
    qwKTTotal   :w.FILETIME;
    qwUTTotal   :w.FILETIME;

static
cmdLn :str.strvar(256);
theTime :pointer to timer;
sui :w.STARTUPINFO;
pi :w.PROCESS_INFORMATION;
t :dword;
fpt :real80;
tenPt0 :real64 := 10.0;

begin tim;

arg.c();
mov( eax, edx );
for( mov( 1, ecx ); ecx < edx; inc( ecx )) do

arg.v( ecx );
str.cat( (type string eax), cmdLn );
str.cat( " ", cmdLn );

endfor;

mov( NULL, esi );
timer.create();
mov( esi, theTime );
stdout.put( "Timing '", cmdLn, "'" nl );
mov( @size( sui ), sui.cb );
mov( NULL, sui.lpDesktop );
mov( arg.v(0), sui.lpTitle );
mov( 0, sui.dwFlags );
mov( 0, sui.cbReserved2 );
mov( NULL, sui.lpReserved2 );
theTime.start();

    w.GetCurrentThread();
    w.GetThreadTimes(eax, qwDummy, qwDummy, qwKTStart.lo, qwUTStart);

w.CreateProcess
(
NULL,
cmdLn,
NULL,
NULL,
false,
0,
NULL,
NULL,
sui,
pi
);

w.WaitForSingleObject

(
pi.hProcess,
w.INFINITE
);

    w.GetCurrentThread();
    w.GetThreadTimes(eax, qwDummy, qwDummy, qwKTEnd.lo, qwUTEnd);

theTime.stop();
div( 100, edx:eax );
mov( eax, t);
fild( t );
fdiv( tenPt0 );
fstp( fpt );
stdout.put( "Finished, run time is ", fpt:6:1, nl );

    mov(qwKTStart.lo, eax);
    mov(qwKTStart.hi, ebx);
    mov(ebx, qwKTStart.lo);
    mov(eax, qwKTStart.hi);
    mov(qwKTEnd.lo, eax);
    mov(qwKTEnd.hi, ebx);
    mov(ebx, qwKTEnd.lo);
    mov(eax, qwKTEnd.hi);

    mov(qwUTStart.lo, eax);
    mov(qwUTStart.hi, ebx);
    mov(ebx, qwUTStart.lo);
    mov(eax, qwUTStart.hi);
    mov(qwUTEnd.lo, eax);
    mov(qwUTEnd.hi, ebx);
    mov(ebx, qwUTEnd.lo);
    mov(eax, qwUTEnd.hi);

    mov(qwKTStart.lo, eax);
    mov(qwKTStart.hi, ebx);
    sub(qwKTEnd.lo, eax);
    sbb(qwKTEnd.hi, ebx);
    mov(eax, qwKTTotal.lo);
    mov(ebx, qwKTTotal.hi);

    mov(qwUTStart.lo, eax);
    mov(qwUTStart.hi, ebx);
    sub(qwUTEnd.lo, eax);
    sbb(qwUTEnd.hi, ebx);
    mov(eax, qwUTTotal.lo);
    mov(ebx, qwUTTotal.hi);

    stdout.puts(nl nl "   Thread Times:" nl);
    stdout.puts(nl "Kernal: ");
    stdout.putu64(qwKTStart.lo);
    stdout.puts(nl "User: ");
    stdout.putu64(qwUTStart);
    stdout.newln();

    stdout.puts(nl "Kernal: ");
    stdout.putu64(qwKTEnd.lo);
    stdout.puts(nl "User: ");
    stdout.putu64(qwUTEnd);
    stdout.newln();

    stdout.puts(nl "Kernal: ");
    stdout.putu64(qwKTTotal);
    stdout.puts(nl "User: ");
    stdout.putu64(qwUTTotal);
    stdout.newln();

end tim;

Nathan.

[Tedd]

WaitForSingleObject - that's the one! - cheers Evenbit :U
..and GetProcessTimes



Tadaa! FREE software!! :dance:

(Y'know Skywalker, I should start charging you soon!)


[I'm not responsible for the times this pumps out - it just prints what the function gives; they don't necessarily make sense :lol]


[attachment deleted by admin]

[P1]

Just use the 'WaitForSingleObject' call.  Here is an example in HLA using two methods for timing:  (1) a built-in HLA 'timer' object,  (2) calls to 'GetThreadTimes' (although 'GetProcessTimes' would work too) --

I read a design article that basically stated to never use WaitForSingleObject, but WaitForMultipleObjects.  The main point was Single can deadlock on you with no recourse for recovery.  Use Multiple with a timer object of your choice.  That so you can report a timeout without the user getting frustrated at waiting.

Regards,  P1   :8)

[Evenbit]

WaitForSingleObject - that's the one! - cheers Evenbit :U
..and GetProcessTimes



Tadaa! FREE software!! :dance:

(Y'know Skywalker, I should start charging you soon!)


[I'm not responsible for the times this pumps out - it just prints what the function gives; they don't necessarily make sense :lol]

Well my example was horribly broken.  Yours is much better.  A good way to improve upon it is to use the FileTimeToSystemTime function to convert the data to a better format.  The SYSTEMTIME structure has the following layout:

wYear
wMonth  (January is one)
wDayOfWeek  (Sunday is zero)
wDay
wHour
wMinute
wSecond
wMilliseconds

Nathan.

[Tedd]

I read a design article that basically stated to never use WaitForSingleObject, but WaitForMultipleObjects.  The main point was Single can deadlock on you with no recourse for recovery.  Use Multiple with a timer object of your choice.  That so you can report a timeout without the user getting frustrated at waiting.

Not sure if there's a point in there - WaitForSingleObject also has the option of a timeout period; or if you use a separate timer, then still, why is it any different with single or multiple? Actually, I wouldn't be suprised if they both wired to the same function internally.

Yours is much better.  A good way to improve upon it is to use the FileTimeToSystemTime function to convert the data to a better format.  The SYSTEMTIME structure has the following layout:

wYear
wMonth  (January is one)
wDayOfWeek  (Sunday is zero)
wDay
wHour
wMinute
wSecond
wMilliseconds

Yeah, I thought about that.. But then realised it's actually wrong. FileTimeToSystemTime converts a given file-time 'date' structure, into a system-time 'date' structure (emphasis on the word 'date.') Or, in other words, "5 seconds" is translated to "5 seconds after midnight January 1, 1601 AD" - and not "5 seconds ago."
So, for transforming to a more 'readable' format would require doing all of the divisions yourself - which I avoided mainly through expecting most processes being timed to take less than a day, even an hour or two.. and maybe I was just lazy :bdg

[skywalker]

Sorry it took so long to get back on this.

timeit timethis.exe not quite working

Program is attached.


[attachment deleted by admin]

[Evenbit]

Sorry it took so long to get back on this.

timeit timethis.exe not quite working

Program is attached.

OMG!!!  Just looked at the source code:

Code Select Expand

00000643  54                push esp
00000644  696D6554686973    imul ebp,[ebp+0x65],dword 0x73696854
0000064B  206578            and [ebp+0x78],ah
0000064E  65637574          arpl [gs:ebp+0x74],si
00000652  657320            gs jnc 0x675
00000655  7468              jz 0x6bf
00000657  6520636F          and [gs:ebx+0x6f],ah
0000065B  6D                insd
0000065C  6D                insd
0000065D  61                popa
0000065E  6E                outsb
0000065F  64207370          and [fs:ebx+0x70],dh
00000663  65636966          arpl [gs:ecx+0x66],bp
00000667  69656420627920    imul esp,[ebp+0x64],dword 0x20796220
0000066E  6974732061726775  imul esi,[ebx+esi*2+0x20],dword 0x75677261
00000676  6D                insd
00000677  656E              gs outsb


That right there is self-replication technology.  I did a string search and found "microsoft.com" embedded in it.  Oh My Lord... folks!  Run for your life!!!!  This is **DANGEROUS** malware using an ELF back-door to infect my Linux system!!

;-)

Nathan.

[skywalker]

But how do you know fer sure. Maybe the real author want's us to think MS wrote it.

Or maybe I wrote it. :-) (JOKE)

John (JOKE)