flat assembler
Message board for the users of flat assembler.
Index
> Windows > undefine symbol |
Author |
|
kiTo 05 Feb 2006, 17:17
I can't understand why I get undefined symbol.
I have made it exactly as in http://board.flatassembler.net/topic.php?t=2510 Any hints? Quote:
|
|||
05 Feb 2006, 17:17 |
|
Reverend 05 Feb 2006, 19:33
EDIT: I guess both r22 and I started answering the same time
Paste this in your source code: Code: struct PROCESSENTRY32 dwSize dd ? cntUsage dd ? th32ProcessID dd ? th32DefaultHeapID dd ? th32ModuleID dd ? cntThreads dd ? th32ParentProcessID dd ? pcPriClassBase dd ? dwFlags dd ? szExeFile rb 260 ; MAX_PATH ends |
|||
05 Feb 2006, 19:33 |
|
kiTo 05 Feb 2006, 20:28
Thx for your quick answers.
heh, I forgot to include my struct.inc Here is my struct.inc Quote:
I really don't know why I used "." in the struct. But when i removed them, everything went good. Thx again guys. I will try to help when I have learned more. |
|||
05 Feb 2006, 20:28 |
|
Reverend 05 Feb 2006, 20:32
You used '.' in your structure, because this was the previous syntax. Probably you downloaded this include from some old package
|
|||
05 Feb 2006, 20:32 |
|
kiTo 05 Feb 2006, 22:06
The returnstring from MODULEENTRY.szExePath isn't the full string.
Why don't I get the full path? Code: ; Title: Process Viewer ; Author: kiTo ; Contact: kito.leet@gmail.com format PE GUI 4.0 entry start include 'p:\fasm\include\win32ax.inc' include 'p:\fasm\code\Process\struct.inc' section '.data' data readable writeable szApp db "kProc flat", 0 szTemp db 1024 dup(0) hSnap dd 0 hmSnap dd 0 Continue dd 0 pe32 PROCESSENTRY32 mo32 MODULEENTRY32 section '.code' code readable executable start: invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, NULL cmp eax, INVALID_HANDLE_VALUE je exit mov dword [hSnap], eax mov dword [pe32.dwSize], sizeof.PROCESSENTRY32 invoke Process32First, [hSnap], pe32 mov [Continue], 1 push dword [pe32.th32ProcessID] call ExePath .loop1: invoke Process32Next, [hSnap], pe32 mov dword [Continue], eax push dword [pe32.th32ProcessID] call ExePath cmp dword [Continue], 0 jne .loop1 exit: invoke ExitProcess, 0 proc ExePath stdcall,\ PID:DWORD invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, [PID] mov dword [hmSnap], eax mov dword [mo32.dwSize], sizeof.MODULEENTRY32 invoke Module32First, [hmSnap], mo32 invoke MessageBox, NULL, mo32.szExePath, NULL, MB_OK ret endp section '.idata' import data readable library kernel32, 'KERNEL32.DLL',\ user32, 'USER32.DLL' import kernel32,\ ExitProcess, 'ExitProcess',\ CreateToolhelp32Snapshot, 'CreateToolhelp32Snapshot',\ Process32First, 'Process32First',\ Process32Next, 'Process32Next',\ Module32First, 'Module32First',\ Module32Next, 'Module32Next' import user32,\ MessageBox, 'MessageBoxA' struct.inc Code: struct PROCESSENTRY32 dwSize dd ? cntUsage dd ? th32ProcessID dd ? th32DefaultHeapID dd ? th32ModuleID dd ? cntThreads dd ? th32ParentProcessID dd ? pcPriClassBase dd ? dwFlags dd ? szExeFile rb 260 ends struct MODULEENTRY32 dwSize dd ? th32ModuleID dd ? th32ProcessID dd ? GlblcntUsage dd ? ProccntUsage dd ? modBaseAddr dd ? modBaseSize dd ? hModule dd ? szModule rb 260 szExePath rb 1024 ends TH32CS_SNAPPROCESS = 0x02 TH32CS_SNAPMODULE = 0x08 |
|||
05 Feb 2006, 22:06 |
|
RedGhost 06 Feb 2006, 08:24
kiTo wrote: The returnstring from MODULEENTRY.szExePath isn't the full string. hi, it is not because your code is wrong, szExePath doesn't return the full path only the name of the process, i.e. as it's shown in the Processes tab of Task Manager... i know they allocated 260 bytes (MAX_PATH) so you would assume it's the full path, but i'm sure they just didn't want a buffer overflow or were conforming with all the other structures but hey thats microsoft _________________ redghost.ca |
|||
06 Feb 2006, 08:24 |
|
vbVeryBeginner 06 Feb 2006, 11:02
hi,
the full path is only for win9x machine, in win NT line, please reffer this http://www.elists.org/pipermail/delphi-talk/2004-September/019577.html psdk wrote:
according to psdk, that szExeFile should store a pointer address, which mean usually a dd size, but no idea why they allocate 260 bytes there. but if you use Code: invoke MessageBox,NULL,proEntry.szExeFile,NULL,MB_OK then you would see that the process name was actually store there (which against what they told us in psdk) and congratulation to m$, they did it again |
|||
06 Feb 2006, 11:02 |
|
kiTo 06 Feb 2006, 11:28
Thx for your help. But it seems to be strange, I have done an exactly copy of this little app in masm before fasm. And then I get the full path. And its the same os. (Windows XP pro sp1).
Here is a screenshot from the fasm-version: Here is a screenshot from the masm-version: Same code in masm Code: ; Shows every process that are running on the system ; Author: kiTo ; Contact: kito.leet@gmail.com ; Feel free to use it as you want. .386 .model flat, stdcall option casemap:none ExePath PROTO PID:DWORD include C:\masm32\include\windows.inc include C:\masm32\include\kernel32.inc include C:\masm32\include\user32.inc includelib C:\masm32\lib\kernel32.lib includelib C:\masm32\lib\user32.lib .data szErrorCreateSnapPROC db "CreateToolhelp32SnapshotPROC error", 0 szErrorCreateSnapMOD db "CreateToolhelp32SnapshotMOD error", 0 szErrorAccessDenied db "ACCESS DENIED!", 0 szRow db " ", 10, 0 szApp db "kiTo proc viewer v0.1", 0 .data? szProc db 1024 dup(?) SnapHandle dd ? ModHandle dd ? Continue dd ? pe32 PROCESSENTRY32 <?> me32 MODULEENTRY32 <?> .code start: invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, NULL .IF eax==INVALID_HANDLE_VALUE invoke MessageBox, NULL, ADDR szErrorCreateSnapPROC, NULL , MB_OK .ENDIF mov SnapHandle, eax mov [pe32.dwSize], sizeof( PROCESSENTRY32 ) invoke Process32First, SnapHandle, addr pe32 mov Continue, 1 .WHILE Continue != 0 invoke Process32Next, SnapHandle, addr pe32 .IF eax==FALSE mov Continue, 0 .endif push pe32.th32ProcessID call ExePath .ENDW invoke MessageBox, NULL, ADDR szProc, ADDR szApp, MB_OK + MB_ICONINFORMATION invoke ExitProcess, 0 ExePath proc PID:DWORD invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, PID .IF eax==INVALID_HANDLE_VALUE invoke GetLastError .IF eax==ERROR_ACCESS_DENIED ;invoke MessageBox, NULL, ADDR szErrorAccessDenied, NULL, MB_OK ret .ENDIF invoke MessageBox, NULL, ADDR szErrorCreateSnapMOD, NULL, MB_OK ret .ENDIF mov ModHandle, eax mov [me32.dwSize], sizeof( MODULEENTRY32 ) invoke Module32First, ModHandle, addr me32 invoke lstrcat, ADDR szProc, ADDR me32.szExePath invoke lstrcat, ADDR szProc, ADDR szRow ret ExePath endp end start |
|||
06 Feb 2006, 11:28 |
|
Reverend 06 Feb 2006, 12:41
They're not exact copies!
Code: ; fasm proc ExePath stdcall,\ PID:DWORD invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, [PID] mov dword [hmSnap], eax mov dword [mo32.dwSize], sizeof.MODULEENTRY32 invoke Module32First, [hmSnap], mo32 invoke MessageBox, NULL, mo32.szExePath, NULL, MB_OK ret endp Code: ; masm ExePath proc PID:DWORD invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, PID .IF eax==INVALID_HANDLE_VALUE invoke GetLastError .IF eax==ERROR_ACCESS_DENIED ;invoke MessageBox, NULL, ADDR szErrorAccessDenied, NULL, MB_OK ret .ENDIF invoke MessageBox, NULL, ADDR szErrorCreateSnapMOD, NULL, MB_OK ret .ENDIF mov ModHandle, eax mov [me32.dwSize], sizeof( MODULEENTRY32 ) invoke Module32First, ModHandle, addr me32 invoke lstrcat, ADDR szProc, ADDR me32.szExePath invoke lstrcat, ADDR szProc, ADDR szRow ret ExePath endp And some advices from me: - try to write more readable code - module snapshot handle is used only in this procedure so better declare the data as local |
|||
06 Feb 2006, 12:41 |
|
okasvi 06 Feb 2006, 12:45
i hope this works for you
Code: format PE GUI 4.0 include '%fasminc%\win32ax.inc' ;______________________________________________________________________________ macro zmem mem, memsize { push edi xor al, al mov edi, mem mov ecx, memsize rep stosb pop edi } TH32CS_SNAPMODULE equ 8 TH32CS_SNAPPROCESS equ 2 MAX_PATH equ 260 MAX_MODULE_NAME32 equ 255 struct PROCESSENTRY32 dwSize dd ? cntUsage dd ? th32ProcessID dd ? th32DefaultHeapID dd ? th32ModuleID dd ? cntThreads dd ? th32ParentProcessID dd ? pcPriClassBase dd ? dwFlags dd ? szExeFile db MAX_PATH dup (?) ends struct MODULEENTRY32 dwSize dd ? th32ModuleID dd ? th32ProcessID dd ? GlblcntUsage dd ? ProccntUsage dd ? modBaseAddr dd ? modBaseSize dd ? hModule dd ? szModule db MAX_MODULE_NAME32+1 dup (?) szExePath db MAX_PATH dup (?) ends ;______________________________________________________________________________ section '.text' code readable executable proc dwToAscSz stdcall uses eax ecx edx,\ dwValue:DWORD, lpBuffer:DWORD ; ------------------------------------------------------------- ; convert DWORD to ascii string ; dwValue is value to be converted ; lpBuffer is the address of the receiving buffer ; ------------------------------------------------------------- mov eax, [dwValue] mov edi, [lpBuffer] or eax,eax jnz sign zero: mov word [edi],30h jmp dw2asc sign: jns pos mov byte [edi],'-' neg eax inc edi pos: mov ecx,429496730 mov esi, edi .while (eax > 0) mov ebx,eax mul ecx mov eax,edx lea edx,[edx*4+edx] add edx,edx sub ebx,edx add bl,'0' mov [edi],bl inc edi .endw mov byte [edi], 0 ; terminate the string ; We now have all the digits, but in reverse order. .while (esi < edi) dec edi mov al, [esi] mov ah, [edi] mov [edi], al mov [esi], ah inc esi .endw dw2asc: mov eax, [lpBuffer] ret endp ;______________________________________________________________________________ start: ; list running processes zmem temp_buf2,2048 mov [procentry32.dwSize], sizeof.PROCESSENTRY32 invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS, 0 mov [hCThSnapShot], eax push eax invoke Process32First, eax, procentry32 jmp .pchk .next: zmem temp_buf1,256 stdcall dwToAscSz, [procentry32.th32ProcessID], temp_buf1 invoke CreateToolhelp32Snapshot, TH32CS_SNAPMODULE, [procentry32.th32ProcessID] mov [hCThSnapShot2], eax mov [moduentry32.dwSize], sizeof.MODULEENTRY32 invoke Module32First, [hCThSnapShot2], moduentry32 invoke lstrcat, temp_buf2, moduentry32.szExePath ;uncomment below and comment above if you want to get just filename ;invoke lstrcat, temp_buf2, procentry32.szExeFile invoke lstrcat, temp_buf2, szProcessAndPid invoke lstrcat, temp_buf2, temp_buf1 invoke lstrcat, temp_buf2, szCRLF invoke Process32Next, dword [esp+4], procentry32 .pchk: test eax, eax jnz .next invoke MessageBox, 0, temp_buf2, szMsgBoxTemp1, 0 invoke CloseHandle, [hCThSnapShot] invoke CloseHandle, [hCThSnapShot2] invoke ExitProcess,0 ;______________________________________________________________________________ section '.data' data readable writeable szProcess2Inject db "explorer.exe",0 szProcessAndPid db " - ",0 szMsgBoxTemp1 db "[Processes",0 szCRLF db 13,10,0 dwPID2Inject dd ? ;______________________________________________________________________________ section '.udata' readable writeable procentry32 PROCESSENTRY32 moduentry32 MODULEENTRY32 hCThSnapShot dd ? hCThSnapShot2 dd ? temp_buf1 rb 256 temp_buf2 rb 2048 ;______________________________________________________________________________ .end start edit: oh Reverend was faster than me and i forgot closing second handle... _________________ When We Ride On Our Enemies support reverse smileys |: Last edited by okasvi on 06 Feb 2006, 15:07; edited 1 time in total |
|||
06 Feb 2006, 12:45 |
|
vbVeryBeginner 06 Feb 2006, 15:04
some of the services didn't show full path (on WinNT) when using "okasvi" demo code.
btw, i look on google and i found this, http://www.elists.org/pipermail/delphi-talk/2004-September/019579.html , so i based the below code using his code. i don't know if win9x were came with psapi.dll or not, but it seems that most code check for user OS first then only run their proc depend on user OS. http://www.codeproject.com/threads/processapi.asp Code: ; [ tab = 4 ] format PE GUI 4.0 entry start include '%fasminc%\win32ax.inc' TH32CS_SNAPPROCESS = 0x02 PROCESS_QUERY_INFORMATION = 0x400 PROCESS_VM_READ = 0x10 struct PROCESSENTRY32 dwSize dd ? cntUsage dd ? th32ProcessID dd ? th32DefaultHeapID dd ? th32ModuleID dd ? cntThreads dd ? th32ParentProcessID dd ? pcPriClassBase dd ? dwFlags dd ? szExeFile rb 260 ends _proEntry PROCESSENTRY32 snap1.h dd ? pro.h dd ? buff rb 0xFFF fnBuff rb 0xFF tmpBuff rb 0xFF buffOff dd ? psapi db "psapi.dll",0 psapi.h dd ? proc.name db "GetModuleFileNameExA",0 proc.addr dd ? msgTitle db 'Show Process (full path) in WinNT Using Psapi.dll',0 f1 db "%X",9,0 ; hex f2 db "%lu",9,0 ; integer unsigned f3 db "%s",13,10,0 ; string section '.code' code readable executable start: invoke RtlZeroMemory,buff,0xFFF push buff pop [buffOff] invoke LoadLibrary,psapi mov [psapi.h],eax invoke GetProcAddress,eax,proc.name mov [proc.addr],eax invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,NULL mov [snap1.h],eax mov [_proEntry.dwSize],sizeof.PROCESSENTRY32 @@: invoke Process32First,eax,_proEntry invoke OpenProcess,PROCESS_QUERY_INFORMATION + PROCESS_VM_READ,FALSE,[_proEntry.th32ProcessID] mov [pro.h],eax push 0xFF push fnBuff push 0 push eax call [proc.addr] cmp eax,0 je leaveit cinvoke wsprintf,tmpBuff,f1,[_proEntry.th32ProcessID] invoke lstrcpy,[buffOff],tmpBuff invoke lstrlen,tmpBuff add [buffOff],eax invoke RtlZeroMemory,tmpBuff,0xFF cinvoke wsprintf,tmpBuff,f2,[_proEntry.cntThreads] invoke lstrcpy,[buffOff],tmpBuff invoke lstrlen,tmpBuff add [buffOff],eax invoke RtlZeroMemory,tmpBuff,0xFF invoke lstrcpy,[buffOff],fnBuff invoke lstrlen,fnBuff add [buffOff],eax push edx push [buffOff] pop edx mov [edx],byte 13 inc edx mov [edx],byte 10 add [buffOff],2 pop edx invoke RtlZeroMemory,fnBuff,0xFF ; [ leaveit ] leaveit: invoke CloseHandle,[pro.h] invoke Process32Next,[snap1.h],_proEntry cmp eax,FALSE jne @b invoke MessageBox,NULL,buff,msgTitle,MB_OK invoke ExitProcess,0 section '.idata' import data readable library kernel32,'KERNEL32.DLL',\ user32, 'USER32.DLL' include '%fasminc%\apia\Kernel32.inc' include '%fasminc%\apia\User32.inc' this is wat you would get if you assembly it. |
|||
06 Feb 2006, 15:04 |
|
< Last Thread | Next Thread > |
Forum Rules:
|
Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.
Website powered by rwasa.