This used to work.
C:\masm32\SOURCE\kill1.asm(28) : error A2006: undefined symbol : Process32First
C:\masm32\SOURCE\kill1.asm(41) : error A2006: undefined symbol : Process32Next
.data
AppName db "Terminate",0
Item db "notebook.exe",0
errSnapshot db "CreateToolhelp32Snapshot failed.",0
errProcFirst db "Process32First failed.",0
.data?
hSnapshot HANDLE ?
ProcEnt PROCESSENTRY32 <?>
.code
start:
invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS,0
.IF (eax != INVALID_HANDLE_VALUE)
mov hSnapshot,eax
mov [ProcEnt.dwSize],SIZEOF ProcEnt
invoke Process32First, hSnapshot,ADDR ProcEnt
.IF (eax)
@@:
invoke lstrcmpi, ADDR Item ,ADDR [ProcEnt.szExeFile]
.IF (eax == 0)
invoke OpenProcess, PROCESS_TERMINATE,FALSE,[ProcEnt.th32ProcessID]
.IF (eax)
invoke TerminateProcess, eax,0
.ELSE
;failed for some reason
.ENDIF
.ENDIF
invoke Process32Next, hSnapshot,ADDR ProcEnt
test eax,eax
jnz @B
.ELSE
invoke MessageBox, NULL,ADDR errProcFirst,ADDR AppName,MB_OK or MB_ICONERROR
.ENDIF
invoke CloseHandle, hSnapshot
.ELSE
invoke MessageBox, NULL,ADDR errSnapshot,ADDR AppName,MB_OK or MB_ICONERROR
.ENDIF
invoke ExitProcess, NULL
there are a couple threads on that issue, Andy
you have to make a few slight mods to kernel32.inc and kernl32p.inc
and - rebuild the associated lib's
i seem to recall that Jochen attached the updated lib's - he may have put the inc's in there, as well
just use the forum search tool on the new and old forum for "process32first"
probably in the masm32 sub-forum
I can't see your include files. Are those functions called from kernel32 or toolhelp library?
Here's the one of my earliest exercises . Maybe it will be helpful despite of its awful style :biggrin:
This proggie also can be an example of producing huge output exceeding debug window's (rich?) edit control capabilities (32Kb).
.586
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
include \masm32\include\gdi32.inc
include \masm32\include\user32.inc
include \masm32\include\debug.inc
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\gdi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\debug.lib
Process32First PROTO :DWORD,:DWORD
Process32Next PROTO :DWORD,:DWORD
GetProcessList PROTO
ListProcessModules PROTO :DWORD
ListProcessThreads PROTO :DWORD
INVALID_HANDLE_VALUE=-1
DBGWIN_EXT_INFO = 0
.data
pe32 PROCESSENTRY32<sizeof PROCESSENTRY32>
me32 MODULEENTRY32<sizeof MODULEENTRY32>
te32 THREADENTRY32<sizeof THREADENTRY32>
krnl32 db "c:\\windows\\system32\\kernel32.dll",0
prFst db "Process32First",0
prNxt db "Process32Next",0
mdFst db "Module32First",0
mdNxt db "Module32Next",0
thFst db "Thread32First",0
thNxt db "Thread32Next",0
fmt db "%s",13,10,0
fmtInt db "%d",13,10,0
fmtHex db "0x%08X",13,10,0
fmtHex4 db "0x%04X",13,10,0
.data?
PID db ?
ProcessName db ?
hKrnl32 dd ?
ModuleName db ?
Executable db ?
ProcessID db ?
RefCount_g db ?
RefCount_p db ?
BaseAddress db ?
BaseSize db ?
ThreadID db ?
BasePriority db ?
DeltaPriority db ?
.code
start:
call main
invoke ExitProcess, NULL
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
main proc
invoke GetProcessList
ret
main endp
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
GetProcessList proc
LOCAL hProcessSnap:DWORD
LOCAL hProcess:DWORD
LOCAL dwPriorityClass:DWORD
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS, 0
mov hProcessSnap,eax
.if eax==INVALID_HANDLE_VALUE
PrintText "CreateToolhelp32Snapshot (of processes)failed"
ret
.endif
push offset krnl32
call LoadLibraryA
mov hKrnl32 ,eax
push offset prFst
push eax
call GetProcAddress
push offset pe32
push hProcessSnap
call eax
.if eax==FALSE
PrintText "Process32First invokation failed,closing handle "
invoke CloseHandle,hProcessSnap
ret
.endif
invoke FreeLibrary,hKrnl32
lbl0:
push offset pe32.szExeFile
push offset fmt
push offset ProcessName
call wsprintfA
PrintText "============================================================="
PrintText " "
PrintString ProcessName
add esp,12
mov eax, pe32.th32ProcessID
push eax
push offset fmtHex4
push offset PID
call wsprintfA
PrintString PID
PrintText "============================================================="
PrintText " "
PrintText " List of loaded modules "
PrintLine
add esp,12
invoke ListProcessModules,pe32.th32ProcessID
invoke ListProcessThreads,pe32.th32ProcessID
push offset krnl32
call LoadLibraryA
push offset prNxt
push eax
call GetProcAddress
push offset pe32
push hProcessSnap
call eax
.if eax==TRUE
invoke FreeLibrary,hKrnl32
jmp lbl0
.else
PrintError
.endif
invoke CloseHandle,hProcessSnap
ret
GetProcessList endp
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
ListProcessModules proc dwPID:DWORD
LOCAL hModuleSnap :DWORD
invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE, dwPID
mov hModuleSnap,eax
.if eax==INVALID_HANDLE_VALUE
PrintText "CreateToolhelp32Snapshot (of modules)failed"
PrintError
ret
.endif
push offset krnl32
call LoadLibraryA
mov hKrnl32 ,eax
push offset mdFst
push eax
call GetProcAddress
push offset me32
push hModuleSnap
call eax
.if eax==FALSE
PrintText "Module32First invokation failed,closing handle "
PrintError
invoke CloseHandle,hModuleSnap
ret
.endif
invoke FreeLibrary,hKrnl32
lbl1:
push offset me32.szModule
push offset fmt
push offset ModuleName
call wsprintfA
PrintString ModuleName
add esp,12
push offset me32.szExePath
push offset fmt
push offset Executable
call wsprintfA
PrintString Executable
add esp,12
mov eax, me32.th32ProcessID
push eax
push offset fmtHex
push offset ProcessID
call wsprintfA
PrintString ProcessID
add esp,12
mov eax, me32.GlblcntUsage
push eax
push offset fmtHex4
push offset RefCount_g
call wsprintfA
PrintString RefCount_g
add esp,12
mov eax, me32.ProccntUsage
push eax
push offset fmtHex4
push offset RefCount_p
call wsprintfA
PrintString RefCount_p
add esp,12
mov eax, me32.modBaseAddr
push eax
push offset fmtHex
push offset BaseAddress
call wsprintfA
PrintString BaseAddress
add esp,12
mov eax, me32.modBaseSize
push eax
push offset fmtInt
push offset BaseSize
call wsprintfA
PrintString BaseSize
PrintLine
add esp,12
push offset krnl32
call LoadLibraryA
push offset mdNxt
push eax
call GetProcAddress
push offset me32
push hModuleSnap
call eax
.if eax==TRUE
invoke FreeLibrary,hKrnl32
jmp lbl1
.else
PrintError
PrintText " "
PrintText " "
.endif
invoke FreeLibrary,hKrnl32
invoke CloseHandle, hModuleSnap
ret
ListProcessModules endp
; «««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««««
ListProcessThreads proc dwOwnerPID:DWORD
LOCAL hThreadSnap :DWORD
mov hThreadSnap,INVALID_HANDLE_VALUE
invoke CreateToolhelp32Snapshot, TH32CS_SNAPTHREAD, 0
mov hThreadSnap,eax
.if hThreadSnap==INVALID_HANDLE_VALUE
PrintText "CreateToolhelp32Snapshot (of threads) failed"
PrintError
ret
.endif
push offset krnl32
call LoadLibraryA
mov hKrnl32 ,eax
push offset thFst
push eax
call GetProcAddress
push offset te32
push hThreadSnap
call eax
.if eax==FALSE
PrintText "Thread32First invokation failed,closing handle "
PrintError
invoke CloseHandle,hThreadSnap
ret
.endif
invoke FreeLibrary,hKrnl32
PrintText " "
PrintText " List of threads "
PrintLine
lbl2:
mov eax,te32.th32OwnerProcessID
.if eax==dwOwnerPID
mov eax, te32.th32ThreadID
push eax
push offset fmtHex
push offset ThreadID
call wsprintfA
PrintString ThreadID
add esp,12
mov eax, te32.tpBasePri
push eax
push offset fmtInt
push offset BasePriority
call wsprintfA
PrintString BasePriority
add esp,12
mov eax, te32.tpDeltaPri
push eax
push offset fmtInt
push offset DeltaPriority
call wsprintfA
PrintString DeltaPriority
PrintLine
add esp,12
.endif
push offset krnl32
call LoadLibraryA
push offset thNxt
push eax
call GetProcAddress
push offset te32
push hThreadSnap
call eax
.if eax==TRUE
invoke FreeLibrary,hKrnl32
jmp lbl2
.else
PrintError
PrintText " "
PrintText " "
PrintText " "
.endif
invoke FreeLibrary,hKrnl32
invoke CloseHandle,hThreadSnap
ret
ListProcessThreads endp
end start
end
well - it used to work - with masm32 package version 10
when Hutch updated to masm32 version 11, he added UNICODE support - a big step
Process32First, Process32Next, Module32First, and Module32Next are a little bit odd
all 4 functions are exported by both kernel32.dll and kernl32p.dll
for most functions that provide ANSI and UNICODE support, there is an "A" version and a "W" version
for example, MessageBoxA and MessageBoxW
when the names are aliased, MessageBoxA is aliased to MessageBox if __UNICODE__ is not defined
MessageBoxW is aliased to MessageBox if __UNICODE__ is defined
Process32First et al are not defined that way - they have no "A" version
so - it makes for a little problem when you want to alias Process32FirstW as Process32First
Hutch uses a program named "inc2l.exe" to build libraries
it worked fine when there was no UNICODE support
but now, it chokes on the naming issue - so the functions are not imported
you can make some simple changes in the kernel32.inc and kernl32p.inc files
then, use Erol's inc2def and def2lib tools to build new libraries (he has a new version of def2lib, by the way)
I will need some details so I can build new libraries.
Will those new libraries work with Unicode or will I need to rename them for this code ?
Andy
they will work with ansi or unicode
you can look up those threads for details, and Erol's tools are easy to use :P
I'll get masm10 and use what I need.
:redface:
you're missing out on a good experience
Trying to show message if TerminateProcess fails.
Not working.
invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS,0
.IF (eax != INVALID_HANDLE_VALUE)
mov hSnapshot,eax
mov [ProcEnt.dwSize],SIZEOF ProcEnt
invoke Process32First, hSnapshot,ADDR ProcEnt
.IF (eax)
@@:
invoke lstrcmpi, ADDR Item ,ADDR [ProcEnt.szExeFile]
.IF (eax == 0)
invoke OpenProcess, PROCESS_TERMINATE,FALSE,[ProcEnt.th32ProcessID]
.IF (eax)
invoke TerminateProcess, eax,0
invoke Sleep,2000 ; Delay to give time to terminate process
.ELSEIF eax == ERROR_NO_MORE_FILES
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
Hi Magnum,
Download the bug-fixed kernel32.inc, kernlp.inc, kernel32.lib and kernlp.lib files in the following link:
http://masm32.com/board/index.php?topic=506.0
Then, replace those files in your "masm32" folder.
Thanks rsala for your work on those fixes.
I can compile my code without having to use older versions.
Andy
QuoteTrying to show message if TerminateProcess fails.
You're calling an error MessageBox in .ELSEIF branch. That's why it doesn't appear as expected.
Try this:
... ... ...
invoke OpenProcess, PROCESS_TERMINATE,FALSE,[ProcEnt.th32ProcessID]
.IF (eax)
invoke TerminateProcess, eax,0
invoke Sleep,2000 ; Delay to give time to terminate process
.IF eax==0
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
.ENDIF
.ELSEIF eax == ERROR_NO_MORE_FILES
Just a thought ;-)
invoke TerminateProcess, eax,0
push eax
invoke Sleep,2000 ; Delay to give time to terminate process
pop eax
.IF eax==0
QuoteJust a thought ;-)
Does Sleep function modify eax?
Anyway it's much better, I'm agree with you ;)
Quote from: jj2007 on April 05, 2013, 11:28:40 PM
Just a thought ;-)
invoke TerminateProcess, eax,0
push eax
invoke Sleep,2000 ; Delay to give time to terminate process
pop eax
.IF eax==0
It doesn't give error message if process isn't running.
push eax
invoke Sleep,2000 ; Delay to give time to terminate process
pop eax
.IF eax==0
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
.endif
Vertograd,
Tried this, but it doesn't work.
Getting the error to show sure is a P.I.T.A.
.IF (eax == 0)
invoke OpenProcess, PROCESS_TERMINATE,FALSE,[ProcEnt.th32ProcessID]
.IF (eax)
invoke TerminateProcess, eax,0
invoke Sleep,2000 ; Delay to give time to terminate process
.IF eax==0
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
.ENDIF
.ELSEIF eax == ERROR_NO_MORE_FILES
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
.ENDIF
Quote from: vertograd on April 05, 2013, 11:31:19 PM
Does Sleep function modify eax?
Who knows? ::)
include \masm32\include\masm32rt.inc
.code
start: mov eax, 12345
invoke Sleep, 123
MsgBox 0, str$(eax), "Should be 12345:", MB_OK
exit
end start
i have used GetExitCodeProcess to retrieve the exit code of the process to determine if it has terminated
if you think there is a possibility that it may not terminate, you could use a loop count to establish a "time-out"
after you have called TerminateProcess....
jmp short Term01
Term00: INVOKE Sleep,200
Term01: push 0
INVOKE GetExitCodeProcess,hProcess,esp
pop eax
cmp eax,STILL_ACTIVE
jz Term00
The code terminates the program fine, I can't find out how to display a message if the program is not running.
Ollydbg shows ERROR_NO_MORE_FILES, but testing for it fails.
Andy
I even tried testing after OpenProcess.
I think Windows is dame bramaged. :t
QuoteWho knows? ::)
include \masm32\include\masm32rt.inc
.code
start: mov eax, 12345
invoke Sleep, 123
MsgBox 0, str$(eax), "Should be 12345:", MB_OK
exit
end start
Ok, you're right. EAX is 0 after Sleep call :icon_confused:
But that's exactly what we want to achieve to let our error message box to appear :biggrin:
QuoteVertograd,
Tried this, but it doesn't work.
Getting the error to show sure is a P.I.T.A.
Could you post that error?
It's quite strange.I just tested this code on my machine.All worked - I saw an error message box.
I tried it both without push eax-pop eax and with them .
include \masm32\include\masm32rt.inc
.data
... ... ...
.code
start:
invoke OpenProcess, PROCESS_TERMINATE,FALSE, calcPID ; cmd -> CALC & TASKLIST -> calc PID
.IF (eax)
invoke TerminateProcess, eax,0
;push eax
invoke Sleep,2000 ; Delay to give time to terminate process
;pop eax
.IF eax==0
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
.ENDIF
.ENDIF
exit
end start
; terminate.asm Terminate any application
;
; Help from Tedd,sinsi,Nordwind64,AsmGuru62,Jongware,DednDave,vertograd
;
;
.586
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\old_kernel32.inc
includelib \masm32\lib\old_kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
.data
AppName db "Terminator",0
Item db "firefox.exe",0
errSnapshot db "CreateToolhelp32Snapshot failed.",0
errProcFirst db "Process32First failed.",0
err db "TerminateProcess failed !",0
NoMore db "ERROR_NO_MORE_FILES",0
Box db " ",0
.data?
hSnapshot HANDLE ?
ProcEnt PROCESSENTRY32 <?>
hProcess HANDLE ?
.code
start:
invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS,0
.IF (eax != INVALID_HANDLE_VALUE)
mov hSnapshot,eax
mov [ProcEnt.dwSize],SIZEOF ProcEnt
invoke Process32First, hSnapshot,ADDR ProcEnt
.IF (eax)
@@:
invoke lstrcmpi, ADDR Item ,ADDR [ProcEnt.szExeFile]
.IF (eax == 0)
invoke OpenProcess, PROCESS_TERMINATE,FALSE,[ProcEnt.th32ProcessID]
.IF (eax)
invoke TerminateProcess, eax,0
;push eax
invoke Sleep,2000 ; Delay to give time to terminate process
;pop eax
.IF eax==0
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
.ENDIF
.ENDIF
.endif
invoke Process32Next, hSnapshot,ADDR ProcEnt
test eax,eax
jnz @B
.ELSE
invoke MessageBox, NULL,ADDR errProcFirst,ADDR AppName,MB_OK or MB_ICONERROR
.ENDIF
invoke CloseHandle, hSnapshot
.ELSE
invoke MessageBox, NULL,ADDR errSnapshot,ADDR AppName,MB_OK or MB_ICONERROR
.ENDIF
invoke ExitProcess, NULL
end start
; terminate.asm Terminate any application
;
; Help from Tedd,sinsi,Nordwind64,AsmGuru62,Jongware,DednDave,vertograd
;
;
.586
.model flat, stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\old_kernel32.inc
includelib \masm32\lib\old_kernel32.lib
include \masm32\include\user32.inc
includelib \masm32\lib\user32.lib
.data
AppName db "Terminator",0
Item db "firefox.exe",0
errSnapshot db "CreateToolhelp32Snapshot failed.",0
errProcFirst db "Process32First failed.",0
err db "TerminateProcess failed !",0
NoMore db "ERROR_NO_MORE_FILES",0
Box db " ",0
.data?
hSnapshot HANDLE ?
ProcEnt PROCESSENTRY32 <?>
hProcess HANDLE ?
.code
start:
invoke CreateToolhelp32Snapshot, TH32CS_SNAPPROCESS,0
.IF (eax != INVALID_HANDLE_VALUE)
mov hSnapshot,eax
mov [ProcEnt.dwSize],SIZEOF ProcEnt
invoke Process32First, hSnapshot,ADDR ProcEnt
.IF (eax)
@@:
invoke lstrcmpi, ADDR Item ,ADDR [ProcEnt.szExeFile]
.IF (eax == 0)
invoke OpenProcess, PROCESS_TERMINATE,FALSE,[ProcEnt.th32ProcessID]
.IF (eax)
invoke TerminateProcess, eax,0
;push eax
invoke Sleep,2000 ; Delay to give time to terminate process
;pop eax
.IF eax==0
invoke MessageBox, NULL,ADDR err,ADDR Box,MB_OK or MB_ICONERROR
.ENDIF
.ENDIF
.endif
invoke Process32Next, hSnapshot,ADDR ProcEnt
test eax,eax
jnz @B
.ELSE
invoke MessageBox, NULL,ADDR errProcFirst,ADDR AppName,MB_OK or MB_ICONERROR
.ENDIF
invoke CloseHandle, hSnapshot
.ELSE
invoke MessageBox, NULL,ADDR errSnapshot,ADDR AppName,MB_OK or MB_ICONERROR
.ENDIF
invoke ExitProcess, NULL
end start
Sorry for the double post, my browser just hung.
I'm curios, why should the thread wait for an asynchronous process (TerminateProcess())? Also, why is the return value of Sleep() used for testing if TerminateProcess() fails :dazzled:
It isn't when push and pop were used.
Even OpenProcess can't be used.
Quote from: Magnum on April 06, 2013, 06:09:27 AM
It isn't when push and pop were used.
OK - that makes sense.
Quote from: Magnum on April 06, 2013, 06:09:27 AMEven OpenProcess can't be used.
of course it can be used.
Can you give a working example ?
I got the same result as with TerminateProcess.
Quote from: Magnum on April 06, 2013, 06:15:17 AM
Can you give a working example ?
sry, I'm not your Google replacement :t
No, I don't think you know the answer.
q
Hi Andy,
it looks a bit like Red John from The Mentalist.
Gunther
You are watching too much American T.V.
Arbeit und Party.
Shame on you. :biggrin:
Andy
looks more like you missed a target - lol
Hi Andy,
Quote from: Magnum on April 06, 2013, 10:52:18 AM
You are watching too much American T.V.
no, I've to improve my English language skills.
Gunther
Quote from: Gunther on April 06, 2013, 10:43:32 AM
it looks a bit like Red John from The Mentalist.
It does indeed (http://en.wikipedia.org/wiki/Red_John#The_Face_and_other_signatures). Andy sympathises with a serial killer 8)
Quote from: jj2007 on April 07, 2013, 02:57:09 AM
Quote from: Gunther on April 06, 2013, 10:43:32 AM
it looks a bit like Red John from The Mentalist.
It does indeed (http://en.wikipedia.org/wiki/Red_John#The_Face_and_other_signatures). Andy sympathises with a serial killer 8)
That's really shocking. :lol: :lol: :lol:
Gunther
Gunther,
As is frequently his practice, Jochen again looks for the negative.
I have some Italian friends, so he is not representative of Italy.
I used a program called stress, that has some cute tools to make the modified Qword avatar with the smiley face.
The small program is here. My grand kids use to like it.
http://www.robrob8.com/games/stress_relief.htm
Quote from: Magnum on April 07, 2013, 02:52:46 AM
As is frequently his practice, Jochen again looks for the negative.
Explain how you meant it, Andy:Quote from: qWord on April 06, 2013, 07:07:52 AM
sry, I'm not your Google replacement :t
Quote from: Magnum on April 06, 2013, 07:59:55 AM(http://masm32.com/board/index.php?action=dlattach;topic=1745.0;attach=1467;image)
As part of his criminal signature, Red John draws a smiley face on the wall with the blood of the victim (http://en.wikipedia.org/wiki/Red_John#The_Face_and_other_signatures)
(http://upload.wikimedia.org/wikipedia/commons/thumb/0/04/Red-John-Smiley-Face.png/220px-Red-John-Smiley-Face.png)
It was humor.
hu·mor
funny quality: the quality or content of something such as a story, performance, or joke that elicits amusement and laughter
ability to see something as funny: the ability to see that something is funny, or the enjoyment of things that are funny
funny things as genre: writings and other material created to make people laugh
Andy