flat assembler
Message board for the users of flat assembler.
Index
> Windows > [SOLVED] Get process id by exe name |
Author |
|
Walter 17 Jul 2016, 23:49
pe32.th32ProcessID is a DWORD. MessageBox requires a character string.
|
|||
17 Jul 2016, 23:49 |
|
ASM.JR 18 Jul 2016, 00:26
Walter wrote: pe32.th32ProcessID is a DWORD. MessageBox requires a character string. So, how convert for string? I edited my code above. |
|||
18 Jul 2016, 00:26 |
|
Walter 18 Jul 2016, 20:23
Code: ;**************** ;* wsprintf.asm * ;**************** format pe gui entry start include 'win32a.inc' section '.data' data readable writeable strFormat db '%ld',0 strCaption db 'wsprintf Example',0 strMessage rb 12 iValue rd 1 section '.code' code readable executable start: mov [iValue],-42 cinvoke wsprintf,strMessage,strFormat,[iValue] invoke MessageBox,0,strMessage,strCaption,0 invoke ExitProcess,0 section '.idata' import data readable writeable library kernel32,'kernel32.dll',\ user32,'user32.dll' import kernel32,\ ExitProcess,'ExitProcess' import user32,\ wsprintf,'wsprintfA',\ MessageBox,'MessageBoxA' |
|||
18 Jul 2016, 20:23 |
|
ASM.JR 18 Jul 2016, 21:42
@Walter,
thank you very much by your example above, but pid returned by my code above still not is equal to true id showed in Process Hacker software. See below: Code: format PE GUI include 'win32a.inc' entry start section '.idata' import data readable writeable library kernel32,'KERNEL32.DLL' ,\ user32,'USER32.DLL',\ advapi32,'ADVAPI32.DLL',\ shell32,'SHELL32.DLL' include '\fasmw17002\include\api\kernel32.inc' include '\fasmw17002\include\api\user32.inc' include '\fasmw17002\include\api\advapi32.inc' include '\fasmw17002\include\api\shell32.inc' struct PROCESSENTRY32 dwSize dd ? cntUsage dd ? th32ProcessID dd ? th32DefaultHeapID dd ? th32ModuleID dd ? cntThreads dd ? th32ParentProcessID dd ? pcPriClassBase dd ? dwFlags dd ? szExeFile db MAX_PATH dup(?) ends target db 'notepad.exe',0 pentry32 PROCESSENTRY32 TH32CS_SNAPPROCESS = 2 snap dd 0 strFormat db '%ld',0 strCaption db 'wsprintf Example',0 strMessage rb 12 iValue rd 1 section '.code' code readable executable start: mov [pentry32.dwSize],sizeof.PROCESSENTRY32 invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0 mov [snap], eax invoke Process32First,[snap],pentry32 .loop: mov edi,target invoke StrStrI,pentry32.szExeFile, edi cmp eax,0 je .next call .pid .next: invoke Process32Next,[snap],pentry32 cmp eax,0 jne .loop .pid: mov [iValue],pentry32.th32ProcessID cinvoke wsprintf,strMessage,strFormat,[iValue] invoke MessageBox,0,strMessage,strCaption,0 jne .bye .bye: invoke ExitProcess,NULL |
|||
18 Jul 2016, 21:42 |
|
ASM.JR 18 Jul 2016, 21:59
I have found another code for get pid and now works fine!
Code: format PE GUI include 'win32a.inc' entry start section '.idata' import data readable writeable library kernel32,'KERNEL32.DLL' ,\ user32,'USER32.DLL',\ advapi32,'ADVAPI32.DLL',\ shell32,'SHELL32.DLL' include '\fasmw17002\include\api\kernel32.inc' include '\fasmw17002\include\api\user32.inc' include '\fasmw17002\include\api\advapi32.inc' include '\fasmw17002\include\api\shell32.inc' struct PROCESSENTRY32 dwSize dd ? cntUsage dd ? th32ProcessID dd ? th32DefaultHeapID dd ? th32ModuleID dd ? cntThreads dd ? th32ParentProcessID dd ? pcPriClassBase dd ? dwFlags dd ? szExeFile db MAX_PATH dup(?) ends target db 'notepad.exe',0 pentry32 PROCESSENTRY32 TH32CS_SNAPPROCESS = 2 snap dd 0 strFormat db '%ld',0 strCaption db 'wsprintf Example',0 strMessage rb 12 iValue rd 1 section '.code' code readable executable GetProcessID: invoke CreateToolhelp32Snapshot, 2, 0 mov [snap], eax mov [pentry32.dwSize], sizeof.PROCESSENTRY32 invoke Process32First, [snap], pentry32 @@: mov ecx, 12 lea edi, [pentry32.szExeFile] mov esi, [esp+4] repe cmpsb cmp ecx, 0 jz exit invoke Process32Next, [snap], pentry32 jmp @R exit: invoke CloseHandle, [snap] mov eax, [pentry32.th32ProcessID] retn 4 start: stdcall GetProcessID, target mov [iValue],eax cinvoke wsprintf,strMessage,strFormat,[iValue] invoke MessageBox,0,strMessage,strCaption,0 invoke ExitProcess,NULL |
|||
18 Jul 2016, 21:59 |
|
DimonSoft 19 Jul 2016, 08:37
ASM.JR wrote: @Walter, In case you care what was wrong with your code. The number you see is not the process ID, it’s just an address of the th32ProcessID field. The problematic line of code is marked with arrow-comment. |
|||
19 Jul 2016, 08:37 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.