GetProcessId Problem

Index > Windows > GetProcessId Problem

Author

Thread

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 14 Nov 2010, 21:20

Hello everyone. I have problem about GetProcessId API or dwProcessId from PROCESS_INFORMATION structure. It returns false PID or I'm doing something wrong.. First, I'm trying CreateProcess API, then moving pInfo.dwProcessId in to dword buffer and then trying itoa with base 10 conversation. But it shows only 497.. I don't know whats problem.. Can someone tell me what I'm doing wrong ? Here's code.

Code:

format PE GUI 4.0

include 'WIN32AX.INC' 

entry main 

section '.data' data readable writeable 
        
        startInfo STARTUPINFO <> 
        sizeof.startInfo = $ - startInfo
        procInfo PROCESS_INFORMATION <>
        sizeof.procInfo = $ - procInfo
        prog db "calc.exe", 0
        procId dd ?
        itdb db 10

section '.text' code readable executable 

proc main 

       ; invoke RtlZeroMemory, startInfo, sizeof.startInfo
       ; invoke RtlZeroMemory, procInfo, sizeof.procInfo
       ; mov [startInfo.cb], sizeof.startInfo
        
        invoke CreateProcess, 0, prog, 0, 0, DETACHED_PROCESS, NORMAL_PRIORITY_CLASS, 0, 0, startInfo, procInfo
        invoke GetProcessId,[procInfo.hProcess]
        mov [procId],eax
        cinvoke itoa,itdb,procId,10
        invoke MessageBox,0,itdb,itdb,MB_OK
        invoke WaitForSingleObject,[procInfo.hProcess], 0xffffffff ;  INFINITE


        
        invoke CloseHandle, procInfo.hProcess
        invoke CloseHandle, procInfo.hThread
        
        invoke MessageBox, 0, prog, prog, MB_OK 
        invoke ExitProcess, 0 

endp 

section '.idata' import data readable 

        library user32, 'user32.dll', kernel32, 'kernel32.dll', msvcrt, 'msvcrt.dll'

        include 'API\USER32.INC' 
        include 'API\KERNEL32.INC'
        import msvcrt, itoa, '_itoa'


section '.reloc' fixups data readable discardable

14 Nov 2010, 21:20

drobole

Joined: 03 Nov 2010
Posts: 67
Location: Norway

drobole 15 Nov 2010, 01:09

I'm not sure why GetProcessId doesn't work. After some searching it seems that others have problems with this function too.

Anyway, the PROCESS_INFORMATION struct has a field for the process id already, called dwProcessId, so you can get it from there

Code:

format PE GUI 4.0 

include 'WIN32AX.INC'  

entry main  

section '.data' data readable writeable  
                   
        startInfo STARTUPINFO <>  
        sizeof.startInfo = $ - startInfo 
        procInfo PROCESS_INFORMATION <> 
        sizeof.procInfo = $ - procInfo 
        prog db "calc.exe", 0         
  pidbuf db 32 dup 0
  fmt_d db "%d",0

section '.text' code readable executable  

proc main  
            
        invoke RtlZeroMemory, startInfo, sizeof.startInfo 
        invoke RtlZeroMemory, procInfo, sizeof.procInfo 
        mov [startInfo.cb], sizeof.startInfo 
         
        invoke CreateProcess, 0, prog, 0, 0, 0, 0, 0, 0, startInfo, procInfo                 
        invoke WaitForSingleObject,[procInfo.hProcess], 0xffffffff ;  INFINITE 
        
        cinvoke wsprintf, pidbuf, fmt_d, [procInfo.dwProcessId]
 
        invoke CloseHandle, procInfo.hProcess 
        invoke CloseHandle, procInfo.hThread 
          
        invoke MessageBox, 0, pidbuf, prog, MB_OK  
        invoke ExitProcess, 0  

endp  

section '.idata' import data readable  

        library user32, 'user32.dll', kernel32, 'kernel32.dll'

        include 'API\USER32.INC'  
        include 'API\KERNEL32.INC'         


section '.reloc' fixups data readable discardable

I see that you have out commented the RtlZeroMemory calls. Unless you know what you are doing I wouldn't recommend it.
The MSDN documentation states that several of the fields should be zero before using the struct:

http://msdn.microsoft.com/en-us/library/ms686331(VS.85).aspx

The cb member should also hold the size of the struct.

Only reason to out comment that code is if you like to live dangerously Shocked

Last edited by drobole on 15 Nov 2010, 10:47; edited 1 time in total

15 Nov 2010, 01:09

sinsi

Joined: 10 Aug 2007
Posts: 794
Location: Adelaide

sinsi 15 Nov 2010, 04:36

GetProcessId just returns a number, the same number in Task Manager's PID column.

15 Nov 2010, 04:36

drobole

Joined: 03 Nov 2010
Posts: 67
Location: Norway

drobole 15 Nov 2010, 08:28

You are passing the arguments to itoa in the wrong order and you are missing [] around procId

15 Nov 2010, 08:28

guignol

Joined: 06 Dec 2008
Posts: 763

guignol 15 Nov 2010, 09:25

drobole wrote:

You are passing the arguments to itoa in the wrong order and you are missing [] around procId

Code:

cinvoke itoa,[procId],itdb,10

15 Nov 2010, 09:25

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 15 Nov 2010, 09:47

sinsi, I'm trying exactly that but it doesn't show same value as Task Manager.
drobole, I tried that but after that MessageBox function were not triggered.

15 Nov 2010, 09:47

Alphonso

Joined: 16 Jan 2007
Posts: 295

Alphonso 15 Nov 2010, 09:51

Code:

section '.data' data readable writeable 
        
        startInfo STARTUPINFO <> 
        sizeof.startInfo = $ - startInfo
        procInfo PROCESS_INFORMATION <>
        sizeof.procInfo = $ - procInfo
        prog db "calc.exe", 0
        procId dd ?
        wsformat  db '%u',0
        Buff   rb 20

section '.text' code readable executable 

proc main 

        mov [startInfo.cb], sizeof.startInfo
        
        invoke CreateProcess, 0, prog, 0, 0, DETACHED_PROCESS, NORMAL_PRIORITY_CLASS, 0, 0, startInfo, procInfo
        cinvoke wsprintf,Buff,wsformat,[procInfo.dwProcessId]
        invoke MessageBox,0,Buff,prog,MB_OK
        invoke WaitForSingleObject,[procInfo.hProcess], 0xffffffff ;  INFINITE
        invoke MessageBox, 0, prog, prog, MB_OK
        invoke ExitProcess, 0 

endp

15 Nov 2010, 09:51

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 15 Nov 2010, 10:00

Alphonso, your code works fine. Thank you Smile

but I have 1 question, can it be done without using wsprintf ? Instead of wsprintf using itoa ?

15 Nov 2010, 10:00

drobole

Joined: 03 Nov 2010
Posts: 67
Location: Norway

drobole 15 Nov 2010, 10:51

I just realized wsprintf uses c calling convention Confused

@Overflowz
Look at guignol's example of how to use the itoa function correctly

15 Nov 2010, 10:51

Alphonso

Joined: 16 Jan 2007
Posts: 295

Alphonso 15 Nov 2010, 10:52

Sorry Overflowz I'm not that familiar with itoa so used wsprintf instead.

Code:

;try replacing

 cinvoke wsprintf,Buff,wsformat,[procInfo.dwProcessId] 

;with

 cinvoke itoa,[procInfo.dwProcessId],Buff,10

15 Nov 2010, 10:52

Overflowz

Joined: 03 Sep 2010
Posts: 1046

Overflowz 15 Nov 2010, 11:15

Ahh.. What a miss Sad

I was doing itoa call mistakelly.. Thanks now I got it whats problem. Works fine!

15 Nov 2010, 11:15

< Last Thread | Next Thread >

Forum Rules:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum