flat assembler
Message board for the users of flat assembler.

Index > Windows > invoke Process32First\Process32Next not show me news names !

Author
Thread Post new topic Reply to topic
Roman



Joined: 21 Apr 2012
Posts: 1766
Roman 22 Nov 2017, 08:40
My problem when i run my program.
And then run virus xmirg.exe my program not see xmirg.exe name !

But if i first run xmirg.exe virus and then run my program, then my program see name and terminate xmirg process. But name xmirg.exe stay (Process32First\Process32Next get me this name always) ! Why terminateprocess not destroy xmirg.exe name from process list ?

I use Process32First\Process32Next to get processes list of names.
My algorithm next:
1) Process32First
2) Process32Next if eax=1 do 2)
3) if eax=0 do 1)


Last edited by Roman on 22 Nov 2017, 08:50; edited 1 time in total
Post 22 Nov 2017, 08:40
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1766
Roman 22 Nov 2017, 08:46
The Process32First\Process32Next put always name to one place. To pName.

pName db 512 dup (0)

Then i check pName. And if pName=xmirg i do terminateprocess.
Post 22 Nov 2017, 08:46
View user's profile Send private message Reply with quote
Roman



Joined: 21 Apr 2012
Posts: 1766
Roman 22 Nov 2017, 11:55
I fixed my problem.
Post 22 Nov 2017, 11:55
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2024, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.