flat assembler
Message board for the users of flat assembler.

Index > Windows > psskill.exe

Author
Thread Post new topic Reply to topic
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Code:
include '%fasm%\win32ax.inc'
entry start

section '.rsrc' resource data executable readable writeable
        directory RT_ICON,icons,RT_GROUP_ICON,group_icons,RT_VERSION,versions

        resource icons,\
        1,LANG_NEUTRAL,icon_data1,\
        2,LANG_NEUTRAL,icon_data2,\
        3,LANG_NEUTRAL,icon_data3,\
        4,LANG_NEUTRAL,icon_data4
        resource group_icons,17,LANG_NEUTRAL,main_icon
        resource versions,1,LANG_NEUTRAL,version

        icon main_icon,\
        icon_data1,'%icons%\16x16.ico',\
        icon_data2,'%icons%\32x32.ico',\
        icon_data3,'%icons%\48x48.ico',\
        icon_data4,'%icons%\64x64.ico'

        versioninfo version,VOS__WINDOWS32,VFT_APP,VFT2_UNKNOWN,LANG_ENGLISH+SUBLANG_DEFAULT,0,\
                    'FileDescription','psskill...',\
                    'LegalCopyright','2001-2005 GmbH',\
                    'FileVersion','1.0.0.0',\
                    'ProductVersion','1.0.0.0',\
                    'OriginalFilename','psskill.exe',\
                    'Company','Semiono'

start:  ; l_inc
        invoke GetCommandLine
        invoke CommandLineToArgv,eax,argsNum
        cmp dword[argsNum],1
        push eax
        jbe @F  ; jump_if_below_or_equal
                push dword[eax+4]
                call AdjustMyToken
                stdcall findProcessID
                invoke OpenProcess,PROCESS_TERMINATE,FALSE,eax
                push eax
                invoke TerminateProcess,eax,1
                invoke CloseHandle
        @@:
        invoke LocalFree
ret
        argsNum dd ?

section '.idata' import data executable readable writeable
        library advapi32,'ADVAPI32.dll',kernel32,'KERNEL32.DLL',shell32,'SHELL32.DLL'
        include '%fasm%\api\advapi32.inc'
        import kernel32,OpenProcess,'OpenProcess',\
                        TerminateProcess,'TerminateProcess',\
                        CloseHandle,'CloseHandle',\
                        lstrcmpi,'lstrcmpiW',\
                        CreateToolhelp32Snapshot,'CreateToolhelp32Snapshot',\
                        Process32First,'Process32FirstW',\
                        Process32Next,'Process32NextW',\
                        GetCommandLine,'GetCommandLineW',\
                        LocalFree,'LocalFree'
        import shell32,CommandLineToArgv,'CommandLineToArgvW'

        TOKEN_ADJUST_PRIVILEGES equ 20h
        TOKEN_QUERY             equ 8h
        SE_PRIVILEGE_ENABLED    equ 2h

AdjustMyToken:
        invoke LookupPrivilegeValue,emptyStr,privName,tokenPriv.LUID1
        mov dword[tokenPriv.PrivilegeCount],1h
        mov dword[tokenPriv.Attributes],SE_PRIVILEGE_ENABLED
        invoke OpenProcessToken,-1,TOKEN_ADJUST_PRIVILEGES OR TOKEN_QUERY,hToken
        invoke AdjustTokenPrivileges,[hToken],FALSE,tokenPriv,0,0,0
        invoke CloseHandle,[hToken]
ret

        emptyStr                db '',0
        privName                db 'SeDebugPrivilege',0

struct TOKEN_PRIVILEGES
        PrivilegeCount          dd ?
        LUID1                   dd ?
        LUID2                   dd ?
        Attributes              dd ?
ends

        hToken  dd ?

        TH32CS_SNAPPROCESS      equ 2

findProcessID: ; takes one parameter through stack: pointer to the process name
        push ebp
        invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
        mov ebp,eax
        mov dword[procEntry.dwSize],sizeof.PROCESSENTRY32W
        invoke Process32First,eax,procEntry
        @@:
                invoke Process32Next,ebp,procEntry
                test eax,eax
                jz @F
                invoke lstrcmpi,procEntry.szExeFile,dword[esp+8]
                test eax,eax
        jnz @B
        mov eax,dword[procEntry.th32ProcessID]
        @@:
        pop ebp
retn 4

struct PROCESSENTRY32W
        dwSize                  dd ?
        cntUsage                dd ?
        th32ProcessID           dd ?
        th32DefaultHeapID       dd ?
        th32ModuleID            dd ?
        cntThreads              dd ?
        th32ParentProcessID     dd ?
        pcPriClassBase          dd ?
        dwFlags                 dd ?
        szExeFile               dw MAX_PATH dup (?)
ends

        tokenPriv               TOKEN_PRIVILEGES <>
        procEntry               PROCESSENTRY32W <>

        align 4
    

Please, i need a help!
How to may be closed all off the process?
example:
psskill calc.exe
that close all opened calcs processes ?
Embarassed

_________________
Memory=8388608


Last edited by semiono on 21 Oct 2009, 22:14; edited 2 times in total
Post 19 Oct 2009, 19:11
View user's profile Send private message ICQ Number Reply with quote
rugxulo



Joined: 09 Aug 2005
Posts: 2341
Location: Usono (aka, USA)
rugxulo
Vista (and presumably Win7) has TASKLIST and TASKKILL, so use those. Laughing
Post 20 Oct 2009, 07:19
View user's profile Send private message Visit poster's website Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
tskill.exe is dependent of Terminal Services! Are you need it? Rolling Eyes
taskkill.exe is depend of wbem! Are you need it for me? Rolling Eyes

WinXP/FAT32 is forever! ;-


Last edited by semiono on 21 Oct 2009, 22:23; edited 3 times in total
Post 20 Oct 2009, 14:15
View user's profile Send private message ICQ Number Reply with quote
r22



Joined: 27 Dec 2004
Posts: 805
r22
@semiono
Replace your MAIN proc with this

Code:
main:
        invoke GetCommandLine
        invoke CommandLineToArgv,eax,argsNum
        cmp dword[argsNum],1
        push eax
        jbe .endit
.nextprocess:
                push dword[eax+4]
                call AdjustMyToken
                stdcall findProcessID
                test eax,eax
                jz .endit
                invoke OpenProcess,PROCESS_TERMINATE,FALSE,eax
                push eax
                        invoke TerminateProcess,eax,1
                invoke CloseHandle
                jmp .nextprocess ;loop to find more than one with same name
        .endit:
    
Post 20 Oct 2009, 14:59
View user's profile Send private message AIM Address Yahoo Messenger Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Oh, sorry! I forget invoke ExitProcess,0 Very Happy
Now full work!

Code:
start:
        invoke GetCommandLine
        invoke CommandLineToArgv,eax,argsNum
        cmp dword[argsNum],1
        push eax
        jbe @F  ; jump_if_below_or_equal
                push dword[eax+4]
                call AdjustMyToken
                stdcall findProcessID
                test eax,eax
                jz @F ; r22
                invoke OpenProcess,PROCESS_TERMINATE,FALSE,eax
                push eax
                invoke TerminateProcess,eax,1
                invoke CloseHandle
                jmp start
        @@:
;        invoke LocalFree
        invoke ExitProcess,0
ret    

@r22 thanks!
Post 20 Oct 2009, 20:14
View user's profile Send private message ICQ Number Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Somebody haven't a tool somelike dll2inc (fasm converter)?
Please, give me it?

Somes api do not preset...
Code:
        include '%fasm%\api\advapi32.inc' 
        import kernel32,OpenProcess,'OpenProcess',\ect...    


Are You have src or bin of dll2inc ? Please! Confused
Post 22 Oct 2009, 18:25
View user's profile Send private message ICQ Number Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
You asking where to find dll2inc? If so, just look at the first thing on here:
http://comrade.ownz.com/sources.html
Post 22 Oct 2009, 19:24
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
windwakr, thanks!

Where is saved file will found?
dll2inc library.dll > my.inc ?

What is the switchers? dll2inc /a lib... - don't work!

http://comrade.ownz.com/sources.html - good works! i see all!
Post 22 Oct 2009, 22:11
View user's profile Send private message ICQ Number Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
Ya, it looks like you would use "dll2inc library.dll > whatever.inc"

I don't know about the switches, you would have to ask comrade.
Post 22 Oct 2009, 22:33
View user's profile Send private message Reply with quote
semiono



Joined: 31 Aug 2007
Posts: 176
Location: section '.code' executable
semiono
Well Smile
Post 22 Oct 2009, 22:36
View user's profile Send private message ICQ Number Reply with quote
windwakr



Joined: 30 Jun 2004
Posts: 827
Location: Michigan, USA
windwakr
Try sending him a PM
http://board.flatassembler.net/profile.php?mode=viewprofile&u=3

Although, it looks like he hasn't been very active lately, you may need to wait a while for a response.

_________________
----> * <---- My star, won HERE
Post 22 Oct 2009, 23:52
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.