flat assembler
Message board for the users of flat assembler.

Index > Windows > [SOLVED] Get process id by exe name

Author
Thread Post new topic Reply to topic
ASM.JR



Joined: 17 Jul 2016
Posts: 6
ASM.JR
Hello,

i'm new with ASM and have difficulties for capture id number of a determinated process and show it in a MessageBox, but only comes as empty.

Somone can help me please?

Here was my last attempt:

Code:
format PE GUI

include 'win32ax.inc'

entry start

section '.idata' import data readable writeable

library kernel32,'KERNEL32.DLL' ,\
        user32,'USER32.DLL',\
        advapi32,'ADVAPI32.DLL',\
        shell32,'SHELL32.DLL'

include '\fasmw17002\include\api\kernel32.inc'
include '\fasmw17002\include\api\user32.inc'
include '\fasmw17002\include\api\advapi32.inc'
include '\fasmw17002\include\api\shell32.inc'

struct PROCESSENTRY32

dwSize                     dd ? 
cntUsage                   dd ? 
th32ProcessID              dd ? 
th32DefaultHeapID          dd ? 
th32ModuleID               dd ? 
cntThreads                 dd ? 
th32ParentProcessID        dd ? 
pcPriClassBase             dd ? 
dwFlags                    dd ? 
szExeFile db MAX_PATH dup(?)

ends

target db 'notepad.exe',0
pentry32 PROCESSENTRY32
TH32CS_SNAPPROCESS = 2
snap dd 0
id  dd 0

section '.code' code readable executable

start:

mov    [pentry32.dwSize],sizeof.PROCESSENTRY32
        invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0
mov    [snap], eax
        invoke Process32First,[snap],pentry32
.loop:
        mov    edi,target
        invoke StrStrI,pentry32.szExeFile, edi
        cmp    eax,0
        je     .next
        call   .pid
.next:
        invoke Process32Next,[snap],pentry32
        cmp    eax,0
        jne    .loop
.pid:

mov dword[id],pentry32.th32ProcessID

invoke MessageBox, NULL,id,0,0

jne .bye

.bye:

invoke ExitProcess,NULL
    


Last edited by ASM.JR on 18 Jul 2016, 22:01; edited 4 times in total
Post 17 Jul 2016, 21:43
View user's profile Send private message Reply with quote
Walter



Joined: 26 Jan 2013
Posts: 143
Walter
pe32.th32ProcessID is a DWORD. MessageBox requires a character string.
Post 17 Jul 2016, 23:49
View user's profile Send private message Reply with quote
ASM.JR



Joined: 17 Jul 2016
Posts: 6
ASM.JR
Walter wrote:
pe32.th32ProcessID is a DWORD. MessageBox requires a character string.


So, how convert for string?

I edited my code above.
Post 18 Jul 2016, 00:26
View user's profile Send private message Reply with quote
Walter



Joined: 26 Jan 2013
Posts: 143
Walter
Code:
;****************
;* wsprintf.asm *
;****************

format pe gui
entry start

include 'win32a.inc'

section '.data' data readable writeable

    strFormat  db '%ld',0
    strCaption db 'wsprintf Example',0
    strMessage rb 12
    iValue     rd 1

section '.code' code readable executable

    start:

        mov     [iValue],-42
        cinvoke wsprintf,strMessage,strFormat,[iValue]
        invoke  MessageBox,0,strMessage,strCaption,0
        invoke  ExitProcess,0

section '.idata' import data readable writeable

    library kernel32,'kernel32.dll',\
            user32,'user32.dll'

    import kernel32,\
           ExitProcess,'ExitProcess'

    import user32,\
           wsprintf,'wsprintfA',\
           MessageBox,'MessageBoxA'
    
[/code]
Post 18 Jul 2016, 20:23
View user's profile Send private message Reply with quote
ASM.JR



Joined: 17 Jul 2016
Posts: 6
ASM.JR
@Walter,

thank you very much by your example above, but pid returned by my code above still not is equal to true id showed in Process Hacker software.

See below:

Code:
format PE GUI

include 'win32a.inc'

entry start 

section '.idata' import data readable writeable 

library kernel32,'KERNEL32.DLL' ,\ 
        user32,'USER32.DLL',\ 
        advapi32,'ADVAPI32.DLL',\ 
        shell32,'SHELL32.DLL' 

include '\fasmw17002\include\api\kernel32.inc' 
include '\fasmw17002\include\api\user32.inc' 
include '\fasmw17002\include\api\advapi32.inc' 
include '\fasmw17002\include\api\shell32.inc'

struct PROCESSENTRY32 

dwSize                     dd ?  
cntUsage                   dd ?  
th32ProcessID              dd ?  
th32DefaultHeapID          dd ?  
th32ModuleID               dd ?  
cntThreads                 dd ?  
th32ParentProcessID        dd ?  
pcPriClassBase             dd ?  
dwFlags                    dd ?  
szExeFile db MAX_PATH dup(?) 

ends 

target db 'notepad.exe',0 
pentry32 PROCESSENTRY32 
TH32CS_SNAPPROCESS = 2 
snap dd 0

strFormat  db '%ld',0
strCaption db 'wsprintf Example',0
strMessage rb 12
iValue     rd 1

section '.code' code readable executable 

start: 

mov    [pentry32.dwSize],sizeof.PROCESSENTRY32 
        invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0 
mov    [snap], eax 
        invoke Process32First,[snap],pentry32 
.loop: 
        mov    edi,target 
        invoke StrStrI,pentry32.szExeFile, edi 
        cmp    eax,0 
        je     .next 
        call   .pid 
.next: 
        invoke Process32Next,[snap],pentry32 
        cmp    eax,0 
        jne    .loop 
.pid:

mov     [iValue],pentry32.th32ProcessID
        cinvoke wsprintf,strMessage,strFormat,[iValue] 
        invoke  MessageBox,0,strMessage,strCaption,0

jne .bye 

.bye: 

invoke ExitProcess,NULL
    


Image
Post 18 Jul 2016, 21:42
View user's profile Send private message Reply with quote
ASM.JR



Joined: 17 Jul 2016
Posts: 6
ASM.JR
I have found another code for get pid and now works fine!

Code:
format PE GUI

include 'win32a.inc'

entry start 

section '.idata' import data readable writeable 

library kernel32,'KERNEL32.DLL' ,\ 
        user32,'USER32.DLL',\ 
        advapi32,'ADVAPI32.DLL',\ 
        shell32,'SHELL32.DLL' 

include '\fasmw17002\include\api\kernel32.inc' 
include '\fasmw17002\include\api\user32.inc' 
include '\fasmw17002\include\api\advapi32.inc' 
include '\fasmw17002\include\api\shell32.inc'

struct PROCESSENTRY32 

dwSize                     dd ?  
cntUsage                   dd ?  
th32ProcessID              dd ?  
th32DefaultHeapID          dd ?  
th32ModuleID               dd ?  
cntThreads                 dd ?  
th32ParentProcessID        dd ?  
pcPriClassBase             dd ?  
dwFlags                    dd ?  
szExeFile db MAX_PATH dup(?) 

ends 

target db 'notepad.exe',0 
pentry32 PROCESSENTRY32 
TH32CS_SNAPPROCESS = 2 
snap dd 0

strFormat  db '%ld',0
strCaption db 'wsprintf Example',0
strMessage rb 12
iValue     rd 1

section '.code' code readable executable

GetProcessID:
        invoke CreateToolhelp32Snapshot, 2, 0
        mov [snap], eax
        mov [pentry32.dwSize], sizeof.PROCESSENTRY32
        invoke Process32First, [snap], pentry32
@@:     mov ecx, 12
        lea edi, [pentry32.szExeFile]
        mov esi, [esp+4]
        repe cmpsb
        cmp ecx, 0
        jz exit
        invoke Process32Next, [snap], pentry32
        jmp @R
exit:
        invoke CloseHandle, [snap]
        mov eax, [pentry32.th32ProcessID]
        retn 4

start:
        stdcall GetProcessID, target
        mov     [iValue],eax
        cinvoke wsprintf,strMessage,strFormat,[iValue]  
        invoke  MessageBox,0,strMessage,strCaption,0

invoke ExitProcess,NULL
    
Post 18 Jul 2016, 21:59
View user's profile Send private message Reply with quote
DimonSoft



Joined: 03 Mar 2010
Posts: 809
Location: Belarus
DimonSoft
ASM.JR wrote:
@Walter,

thank you very much by your example above, but pid returned by my code above still not is equal to true id showed in Process Hacker software.

See below:

Code:
format PE GUI

include 'win32a.inc'

entry start 

section '.idata' import data readable writeable 

library kernel32,'KERNEL32.DLL' ,\ 
        user32,'USER32.DLL',\ 
        advapi32,'ADVAPI32.DLL',\ 
        shell32,'SHELL32.DLL' 

include '\fasmw17002\include\api\kernel32.inc' 
include '\fasmw17002\include\api\user32.inc' 
include '\fasmw17002\include\api\advapi32.inc' 
include '\fasmw17002\include\api\shell32.inc'

struct PROCESSENTRY32 

dwSize                     dd ?  
cntUsage                   dd ?  
th32ProcessID              dd ?  
th32DefaultHeapID          dd ?  
th32ModuleID               dd ?  
cntThreads                 dd ?  
th32ParentProcessID        dd ?  
pcPriClassBase             dd ?  
dwFlags                    dd ?  
szExeFile db MAX_PATH dup(?) 

ends 

target db 'notepad.exe',0 
pentry32 PROCESSENTRY32 
TH32CS_SNAPPROCESS = 2 
snap dd 0

strFormat  db '%ld',0
strCaption db 'wsprintf Example',0
strMessage rb 12
iValue     rd 1

section '.code' code readable executable 

start: 

mov    [pentry32.dwSize],sizeof.PROCESSENTRY32 
        invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0 
mov    [snap], eax 
        invoke Process32First,[snap],pentry32 
.loop: 
        mov    edi,target 
        invoke StrStrI,pentry32.szExeFile, edi 
        cmp    eax,0 
        je     .next 
        call   .pid 
.next: 
        invoke Process32Next,[snap],pentry32 
        cmp    eax,0 
        jne    .loop 
.pid:

mov     [iValue],pentry32.th32ProcessID                   ; <======
        cinvoke wsprintf,strMessage,strFormat,[iValue] 
        invoke  MessageBox,0,strMessage,strCaption,0

jne .bye 

.bye: 

invoke ExitProcess,NULL
    


Image

In case you care what was wrong with your code. The number you see is not the process ID, it’s just an address of the th32ProcessID field. The problematic line of code is marked with arrow-comment.
Post 19 Jul 2016, 08:37
View user's profile Send private message Visit poster's website Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.