undefined symbol

Magnum · November 20, 2012, 10:09:24 AM

Getting this error.

Andy

C:\masm32\SOURCE\kill_FEP.asm(91) : error A2006: undefined symbol : Process32First

dedndave · November 20, 2012, 11:09:49 AM

that function is one of a few that got left out of the kernel32.inc and krnl32p.inc files

Process32First
Process32FirstW
Process32Next
Process32NextW
Module32First
Module32FirstW
Module32Next
Module32NextW

http://www.masmforum.com/board/index.php?topic=18294.0

probably the best solution is to....

1) update the kernel32.inc and kernl32p.inc files
2) create DEF files using Erol's INC2DEF.EXE
3) create new kernel32.lib and kernl32p.lib

EDIT: removed the "A" from the function names :P

Magnum · November 20, 2012, 11:22:37 AM

Quote from: dedndave on November 20, 2012, 11:09:49 AM
that function is one of a few that got left out of the kernel32.inc and krnl32p.inc files

http://www.masmforum.com/board/index.php?topic=18294.0

probably the best solution is to....

1) update the kernel32.inc and kernl32p.inc files
2) create DEF files using Erol's INC2DEF.EXE
3) create new kernel32.lib and kernl32p.lib

I have the newest masm pkg installed. Where would I find newer ones ?

I will learn how to make libs.

Andy

dedndave · November 20, 2012, 12:39:10 PM

here you go, Andy - read through this thread...

http://www.masmforum.com/board/index.php?topic=18850.0

it has bits and pieces in the different posts, that all add up to a working method - lol

grab Erol's DEF2LIB.EXE :t
it will actually make much smaller LIB's than the ones in the masm32 package

EDIT: this post describes the problem...

http://www.masmforum.com/board/index.php?topic=18850.msg159809#msg159809

it isn't really a "bug", per se,
but Hutch's INC2L.EXE program needs a little update to properly handle the new UNICODE include files

P1 · November 21, 2012, 12:19:29 PM

Quote from: Magnum on November 20, 2012, 11:22:37 AMI have the newest masm pkg installed. Where would I find newer ones ?

I will learn how to make libs.

It helps to note in the .rc file, which version of MASM that was used for the project.

I have a backup of all my development versions for reuse to rebuilt code for a 'quick' update.

As Confucius say, Faintest ink, better than best memory ... Programers corollary, Backups save retyping from scratch.

Regards, P1 8)

Magnum · November 21, 2012, 02:52:57 PM

I had no rc file for this project.

I thought that maybe an include or library had changed, never occured that it might be caused by the new masm package.

Good idea, I will started including the version in my source.

Andy

dedndave · November 21, 2012, 03:07:45 PM

another thing that may help
i installed masm32 v10, then renamed the folder to masm32_v10
then, i installed masm32 v11
by simply renaming the folders, i can switch between versions

masm32
masm32_v11

masm32_v10
masm32

MichaelW · November 21, 2012, 03:27:27 PM

I just install different versions on different drives

P1 · November 22, 2012, 03:46:07 AM

Quote from: Magnum on November 21, 2012, 02:52:57 PMI had no rc file for this project.

It is a good habit to get into.

In the "StringFileInfo" block, I leave notes to myself and to others who care to look.

Including a Copyright Notice.

VALUE "LegalCopyright", "Copyright © my_name 2005-2012, All Rights Reserved.\0"

Regards, P1 8)

P1 · November 22, 2012, 03:49:59 AM

Quote from: dedndave on November 21, 2012, 03:07:45 PMi installed masm32 v10, then renamed the folder to masm32_v10

I just rename the ext. MASM32.V11. I keep all these directories on the same drive. So that the default program for .asm picks up in place on each version.

Regards, P1 8)

Magnum · November 22, 2012, 03:53:34 AM

When I run my program, it does the following:

1. Says program is not running
2. Then it says program has been terminated
3. CLOSE THIS WINDOW window appears on the open programs bar
4. Neither of the 2 programs are stopped
5.
6.

When run in a debugger, it does this:
(I find it interesting to see such differences when run in a debugger.)

1. Both programs are terminated.
2. CLOSE THIS WINDOW window appears on the open programs bar
3. Both programs are terminated but watchdog.exe restarts itself ??
4.

Code Select

; kill_FEP.asm Tuesday, November 20, 2012
; Help from Tedd,Dave,sinsi,Nordwind64,AsmGuru62,Jongware,
; Assembled with masm 11
.586
.model flat,stdcall
option casemap:none

include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\OLD_kernel32.inc ; newest kernel32.inc does not work
include \masm32\include\shlwapi.inc
include \masm32\macros\macros.asm
include \masm32\include\advapi32.inc
include \masm32\include\process.inc
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\OLD_kernel32.lib ; newest kernel32.lib does not work
includelib \masm32\lib\shlwapi.lib

; Local Prototypes

IsWinNT PROTO
ReqNTPrivilege PROTO :DWORD

.const

dwMaskNT DWORD 2

WinMain proto :DWORD,:DWORD,:DWORD,:DWORD

.data

msg_NotNT BYTE "This is NOT an NT system.",0
msg_NotPL BYTE "Privilege requested NOT granted.",0
BoxName BYTE "ASM Win NT Shutdown",0

ClassName BYTE "MainWinClass",0
AppName BYTE "CLOSE THIS WINDOW!",0
ProcessName BYTE "MsMpEng.exe",0
ProcessName2 BYTE "watchdog.exe",0

successtext BYTE "Program has been terminated! ",0
failedtext BYTE "Program is not currently running!",0
started BYTE "Terminator",0

.data?

hInstance HINSTANCE ?
CommandLine LPSTR ?

.code

start:

invoke GetModuleHandle, NULL
mov hInstance,eax

invoke GetCommandLine
mov CommandLine,eax

invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT

; with ReqNTPrivilege call, we ask for the 'SeShutdownPrivilege'
; note string names of possible privilege are in windows.inc

invoke ReqNTPrivilege, SADD("SeShutdownPrivilege")
.if eax == FALSE
invoke MessageBox,NULL,addr msg_NotPL,addr BoxName,MB_OK
invoke ExitProcess,NULL
.endif

invoke ExitProcess,eax

KillProcess proc lpszExecutable:LPSTR
LOCAL bLoop:BOOL
LOCAL bResult:BOOL
LOCAL pe32:PROCESSENTRY32
LOCAL hProcess:HANDLE
LOCAL hProcesses:HANDLE

mov bLoop,TRUE
mov bResult,FALSE

; Returns an open handle to the specified snapshot if successful or - 1 otherwise.
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov hProcesses,eax

mov pe32.dwSize,SIZEOF PROCESSENTRY32

invoke Process32First,hProcesses,ADDR pe32
.IF eax
.WHILE bLoop
invoke CompareString, LOCALE_USER_DEFAULT, NORM_IGNORECASE, addr pe32.szExeFile, -1, lpszExecutable, -1
.IF eax==2 ; check if strings are equal in lexical value

invoke OpenProcess, PROCESS_TERMINATE, FALSE, pe32.th32ProcessID ; returns handle

.IF eax!=NULL
mov hProcess, eax ; Need to save the process handle to terminate
invoke TerminateProcess, hProcess, 0
invoke CloseHandle, hProcess ; fails if eax is zero

mov bResult,TRUE;

.endif
.endif
; why go on to next process ?
invoke Process32Next, hProcesses, ADDR pe32
; Retrieves information about the next process recorded in a system snapshot.

mov bLoop,eax
.endw
invoke CloseHandle,hProcesses
.endif
mov eax,bResult
ret

KillProcess endp

WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
LOCAL hwnd:HWND
LOCAL tc :DWORD

mov wc.cbSize,SIZEOF WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra,NULL
mov wc.cbWndExtra,NULL
push hInstance
pop wc.hInstance
mov wc.hbrBackground,COLOR_BTNFACE+1
mov wc.lpszMenuName,NULL
mov wc.lpszClassName,OFFSET ClassName

invoke LoadIcon,NULL,IDI_APPLICATION
mov wc.hIcon,eax
mov wc.hIconSm,eax

invoke LoadCursor,NULL,IDC_ARROW
mov wc.hCursor,eax

invoke RegisterClassEx, addr wc

; If I want a window off screen
;
; Replacing CW_USEDEFAULT with NULL creates a "hidden" window

INVOKE CreateWindowEx,NULL,ADDR ClassName,ADDR AppName,\
WS_OVERLAPPEDWINDOW,NULL,\ ; creates a "hidden" window
CW_USEDEFAULT,CW_USEDEFAULT,CW_USEDEFAULT,NULL,NULL,\
hInst,NULL
mov hwnd,eax

invoke ShowWindow, hwnd,SW_MINIMIZE ;Minimal window
invoke UpdateWindow, hwnd

add tc,1 ; get rid of window quickly
; 2000 = 2 seconds

; loop until Tick count catches up with added time

@@:
invoke GetTickCount
.if tc > eax
jmp @B
.endif

; Close screen

invoke SendMessage,hwnd,WM_SYSCOMMAND,SC_CLOSE,NULL

; Loop until PostQuitMessage is sent

StartLoop:
invoke GetMessage,ADDR msg,NULL,0,0
cmp eax, 0
je ExitLoop
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
jmp StartLoop
ExitLoop:

mov eax,msg.wParam
ret
WinMain endp

WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM

LOCAL bResult:BOOL
LOCAL bLoop:BOOL
LOCAL tc :DWORD

.IF uMsg==WM_DESTROY
invoke PostQuitMessage,NULL
xor eax,eax ;return 0

.ELSEIF uMsg==WM_CLOSE
INVOKE DestroyWindow,hWnd
xor eax,eax ;return 0

.ELSEIF uMsg==WM_CREATE
mov eax, -1 ;FALSE

mov bResult,eax
invoke KillProcess,OFFSET ProcessName

mov bResult,eax ;

.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF

mov bLoop,FALSE

mov bResult,eax

; Thought a delay might help, but don't think it has ??

add tc,1 ; get rid of window quickly
; 2000 = 2 seconds

; loop until Tick count catches up with added time

@@:
invoke GetTickCount
.if tc > eax
jmp @B
.endif

invoke KillProcess,OFFSET ProcessName2

.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF

mov bLoop,FALSE

ret
xor eax,eax
.ELSE
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF

xor eax,eax
ret
WndProc endp

ReqNTPrivilege proc lpPrivilegeName:DWORD

; return TRUE (not zero) in eax if privilege is granted
; lpPrivilegeName parameter points to a string with request privilege name

LOCAL hProcess:DWORD
LOCAL hToken:DWORD
LOCAL phToken:DWORD
LOCAL RetLen:DWORD
LOCAL pRetLen:DWORD
LOCAL tkp:TOKEN_PRIVILEGES
LOCAL tkp_old:TOKEN_PRIVILEGES
;
invoke GetCurrentProcess
mov hProcess, eax
lea eax, hToken
mov phToken, eax
invoke OpenProcessToken, hProcess, \
TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, \
phToken
.if eax != FALSE
lea eax, tkp.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, \
lpPrivilegeName, \
eax
lea eax, RetLen
mov pRetLen, eax
mov tkp.PrivilegeCount, 1
mov tkp.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, hToken, \
NULL, \
addr tkp, \
sizeof tkp_old, \
addr tkp_old, \
pRetLen
.endif
ret

ReqNTPrivilege endp

end start

TouEnMasm · November 23, 2012, 12:36:21 AM

error:

Quote
invoke OpenProcessToken, hProcess, \
TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, \
phToken

phToken is defined as a local dword in the proc ,it's the out of the function
One correction to made is : (can be others)

Quote
invoke OpenProcessToken, hProcess, \
TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, \
addr phToken

BogdanOntanu · November 23, 2012, 01:17:16 AM

Magnum...

Please explain why you want to terminate MsMpEng.exe ?...

AFAIK this is a component of Windows One Care (older), Windows Defender, Windows Forepoint Protection and Windows Security essentials application

P1 · November 24, 2012, 09:43:04 AM

Quote from: Magnum on November 22, 2012, 03:53:34 AMProcessName BYTE "MsMpEng.exe",0
ProcessName2 BYTE "watchdog.exe",0

As long as we are on the subject ...

Who's "watchdog.exe" is this as well ???

Please understand, we are programers that have had our programs misused in ways we had not intended.

Regards, P1 8)

The MASM Forum

News:

undefined symbol

Magnum

dedndave

Magnum

dedndave

P1

Magnum

dedndave

MichaelW

P1

P1

Magnum

TouEnMasm

BogdanOntanu

P1