flat assembler
Message board for the users of flat assembler.

Index > Windows > GetProcessId Problem

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone. I have problem about GetProcessId API or dwProcessId from PROCESS_INFORMATION structure. It returns false PID or I'm doing something wrong.. First, I'm trying CreateProcess API, then moving pInfo.dwProcessId in to dword buffer and then trying itoa with base 10 conversation. But it shows only 497.. I don't know whats problem.. Can someone tell me what I'm doing wrong ? Here's code.
Code:
format PE GUI 4.0

include 'WIN32AX.INC' 

entry main 

section '.data' data readable writeable 
        
        startInfo STARTUPINFO <> 
        sizeof.startInfo = $ - startInfo
        procInfo PROCESS_INFORMATION <>
        sizeof.procInfo = $ - procInfo
        prog db "calc.exe", 0
        procId dd ?
        itdb db 10

section '.text' code readable executable 

proc main 

       ; invoke RtlZeroMemory, startInfo, sizeof.startInfo
       ; invoke RtlZeroMemory, procInfo, sizeof.procInfo
       ; mov [startInfo.cb], sizeof.startInfo
        
        invoke CreateProcess, 0, prog, 0, 0, DETACHED_PROCESS, NORMAL_PRIORITY_CLASS, 0, 0, startInfo, procInfo
        invoke GetProcessId,[procInfo.hProcess]
        mov [procId],eax
        cinvoke itoa,itdb,procId,10
        invoke MessageBox,0,itdb,itdb,MB_OK
        invoke WaitForSingleObject,[procInfo.hProcess], 0xffffffff ;  INFINITE


        
        invoke CloseHandle, procInfo.hProcess
        invoke CloseHandle, procInfo.hThread
        
        invoke MessageBox, 0, prog, prog, MB_OK 
        invoke ExitProcess, 0 

endp 

section '.idata' import data readable 

        library user32, 'user32.dll', kernel32, 'kernel32.dll', msvcrt, 'msvcrt.dll'

        include 'API\USER32.INC' 
        include 'API\KERNEL32.INC'
        import msvcrt, itoa, '_itoa'


section '.reloc' fixups data readable discardable     
Post 14 Nov 2010, 21:20
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole
I'm not sure why GetProcessId doesn't work. After some searching it seems that others have problems with this function too.

Anyway, the PROCESS_INFORMATION struct has a field for the process id already, called dwProcessId, so you can get it from there

Code:
format PE GUI 4.0 

include 'WIN32AX.INC'  

entry main  

section '.data' data readable writeable  
                   
        startInfo STARTUPINFO <>  
        sizeof.startInfo = $ - startInfo 
        procInfo PROCESS_INFORMATION <> 
        sizeof.procInfo = $ - procInfo 
        prog db "calc.exe", 0         
  pidbuf db 32 dup 0
  fmt_d db "%d",0

section '.text' code readable executable  

proc main  
            
        invoke RtlZeroMemory, startInfo, sizeof.startInfo 
        invoke RtlZeroMemory, procInfo, sizeof.procInfo 
        mov [startInfo.cb], sizeof.startInfo 
         
        invoke CreateProcess, 0, prog, 0, 0, 0, 0, 0, 0, startInfo, procInfo                 
        invoke WaitForSingleObject,[procInfo.hProcess], 0xffffffff ;  INFINITE 
        
        cinvoke wsprintf, pidbuf, fmt_d, [procInfo.dwProcessId]
 
        invoke CloseHandle, procInfo.hProcess 
        invoke CloseHandle, procInfo.hThread 
          
        invoke MessageBox, 0, pidbuf, prog, MB_OK  
        invoke ExitProcess, 0  

endp  

section '.idata' import data readable  

        library user32, 'user32.dll', kernel32, 'kernel32.dll'

        include 'API\USER32.INC'  
        include 'API\KERNEL32.INC'         


section '.reloc' fixups data readable discardable 
    


I see that you have out commented the RtlZeroMemory calls. Unless you know what you are doing I wouldn't recommend it.
The MSDN documentation states that several of the fields should be zero before using the struct:

http://msdn.microsoft.com/en-us/library/ms686331(VS.85).aspx

The cb member should also hold the size of the struct.

Only reason to out comment that code is if you like to live dangerously Shocked


Last edited by drobole on 15 Nov 2010, 10:47; edited 1 time in total
Post 15 Nov 2010, 01:09
View user's profile Send private message Reply with quote
sinsi



Joined: 10 Aug 2007
Posts: 693
Location: Adelaide
sinsi
GetProcessId just returns a number, the same number in Task Manager's PID column.
Post 15 Nov 2010, 04:36
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole
You are passing the arguments to itoa in the wrong order and you are missing [] around procId
Post 15 Nov 2010, 08:28
View user's profile Send private message Reply with quote
guignol



Joined: 06 Dec 2008
Posts: 701
guignol
drobole wrote:
You are passing the arguments to itoa in the wrong order and you are missing [] around procId
Code:
cinvoke itoa,[procId],itdb,10    
Post 15 Nov 2010, 09:25
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
sinsi, I'm trying exactly that but it doesn't show same value as Task Manager.
drobole, I tried that but after that MessageBox function were not triggered.
Post 15 Nov 2010, 09:47
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Code:
section '.data' data readable writeable 
        
        startInfo STARTUPINFO <> 
        sizeof.startInfo = $ - startInfo
        procInfo PROCESS_INFORMATION <>
        sizeof.procInfo = $ - procInfo
        prog db "calc.exe", 0
        procId dd ?
        wsformat  db '%u',0
        Buff   rb 20

section '.text' code readable executable 

proc main 

        mov [startInfo.cb], sizeof.startInfo
        
        invoke CreateProcess, 0, prog, 0, 0, DETACHED_PROCESS, NORMAL_PRIORITY_CLASS, 0, 0, startInfo, procInfo
        cinvoke wsprintf,Buff,wsformat,[procInfo.dwProcessId]
        invoke MessageBox,0,Buff,prog,MB_OK
        invoke WaitForSingleObject,[procInfo.hProcess], 0xffffffff ;  INFINITE
        invoke MessageBox, 0, prog, prog, MB_OK
        invoke ExitProcess, 0 

endp                                     
Post 15 Nov 2010, 09:51
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Alphonso, your code works fine. Thank you Smile but I have 1 question, can it be done without using wsprintf ? Instead of wsprintf using itoa ?
Post 15 Nov 2010, 10:00
View user's profile Send private message Reply with quote
drobole



Joined: 03 Nov 2010
Posts: 67
Location: Norway
drobole
I just realized wsprintf uses c calling convention Confused

@Overflowz
Look at guignol's example of how to use the itoa function correctly
Post 15 Nov 2010, 10:51
View user's profile Send private message Reply with quote
Alphonso



Joined: 16 Jan 2007
Posts: 294
Alphonso
Sorry Overflowz I'm not that familiar with itoa so used wsprintf instead.

Code:
;try replacing

 cinvoke wsprintf,Buff,wsformat,[procInfo.dwProcessId] 

;with

 cinvoke itoa,[procInfo.dwProcessId],Buff,10    
Post 15 Nov 2010, 10:52
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Ahh.. What a miss Sad I was doing itoa call mistakelly.. Thanks now I got it whats problem. Works fine!
Post 15 Nov 2010, 11:15
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.