Getting this error.
Andy
C:\masm32\SOURCE\kill_FEP.asm(91) : error A2006: undefined symbol : Process32First
that function is one of a few that got left out of the kernel32.inc and krnl32p.inc files
Process32First
Process32FirstW
Process32Next
Process32NextW
Module32First
Module32FirstW
Module32Next
Module32NextW
http://www.masmforum.com/board/index.php?topic=18294.0 (http://www.masmforum.com/board/index.php?topic=18294.0)
probably the best solution is to....
1) update the kernel32.inc and kernl32p.inc files
2) create DEF files using Erol's INC2DEF.EXE
3) create new kernel32.lib and kernl32p.lib
EDIT: removed the "A" from the function names :P
Quote from: dedndave on November 20, 2012, 11:09:49 AM
that function is one of a few that got left out of the kernel32.inc and krnl32p.inc files
http://www.masmforum.com/board/index.php?topic=18294.0 (http://www.masmforum.com/board/index.php?topic=18294.0)
probably the best solution is to....
1) update the kernel32.inc and kernl32p.inc files
2) create DEF files using Erol's INC2DEF.EXE
3) create new kernel32.lib and kernl32p.lib
I have the newest masm pkg installed. Where would I find newer ones ?
I will learn how to make libs.
Andy
here you go, Andy - read through this thread...
http://www.masmforum.com/board/index.php?topic=18850.0 (http://www.masmforum.com/board/index.php?topic=18850.0)
it has bits and pieces in the different posts, that all add up to a working method - lol
grab Erol's DEF2LIB.EXE :t
it will actually make much smaller LIB's than the ones in the masm32 package
EDIT: this post describes the problem...
http://www.masmforum.com/board/index.php?topic=18850.msg159809#msg159809 (http://www.masmforum.com/board/index.php?topic=18850.msg159809#msg159809)
it isn't really a "bug", per se,
but Hutch's INC2L.EXE program needs a little update to properly handle the new UNICODE include files
Quote from: Magnum on November 20, 2012, 11:22:37 AMI have the newest masm pkg installed. Where would I find newer ones ?
I will learn how to make libs.
It helps to note in the .rc file, which version of MASM that was used for the project.
I have a backup of all my development versions for reuse to rebuilt code for a 'quick' update.
As Confucius say, Faintest ink, better than best memory ... Programers corollary, Backups save retyping from scratch.
Regards, P1 8)
I had no rc file for this project.
I thought that maybe an include or library had changed, never occured that it might be caused by the new masm package.
Good idea, I will started including the version in my source.
Andy
another thing that may help
i installed masm32 v10, then renamed the folder to masm32_v10
then, i installed masm32 v11
by simply renaming the folders, i can switch between versions
masm32
masm32_v11
masm32_v10
masm32
I just install different versions on different drives
Quote from: Magnum on November 21, 2012, 02:52:57 PMI had no rc file for this project.
It is a good habit to get into.
In the "StringFileInfo" block, I leave notes to myself and to others who care to look.
Including a Copyright Notice.
VALUE "LegalCopyright", "Copyright © my_name 2005-2012, All Rights Reserved.\0"
Regards, P1 8)
Quote from: dedndave on November 21, 2012, 03:07:45 PMi installed masm32 v10, then renamed the folder to masm32_v10
I just rename the ext. MASM32.V11. I keep all these directories on the same drive. So that the default program for .asm picks up in place on each version.
Regards, P1 8)
When I run my program, it does the following:
1. Says program is not running
2. Then it says program has been terminated
3. CLOSE THIS WINDOW window appears on the open programs bar
4. Neither of the 2 programs are stopped
5.
6.
When run in a debugger, it does this:
(I find it interesting to see such differences when run in a debugger.)
1. Both programs are terminated.
2. CLOSE THIS WINDOW window appears on the open programs bar
3. Both programs are terminated but watchdog.exe restarts itself ??
4.
; kill_FEP.asm Tuesday, November 20, 2012
; Help from Tedd,Dave,sinsi,Nordwind64,AsmGuru62,Jongware,
; Assembled with masm 11
.586
.model flat,stdcall
option casemap:none
include \masm32\include\windows.inc
include \masm32\include\user32.inc
include \masm32\include\OLD_kernel32.inc ; newest kernel32.inc does not work
include \masm32\include\shlwapi.inc
include \masm32\macros\macros.asm
include \masm32\include\advapi32.inc
include \masm32\include\process.inc
includelib \masm32\lib\advapi32.lib
includelib \masm32\lib\user32.lib
includelib \masm32\lib\OLD_kernel32.lib ; newest kernel32.lib does not work
includelib \masm32\lib\shlwapi.lib
; Local Prototypes
IsWinNT PROTO
ReqNTPrivilege PROTO :DWORD
.const
dwMaskNT DWORD 2
WinMain proto :DWORD,:DWORD,:DWORD,:DWORD
.data
msg_NotNT BYTE "This is NOT an NT system.",0
msg_NotPL BYTE "Privilege requested NOT granted.",0
BoxName BYTE "ASM Win NT Shutdown",0
ClassName BYTE "MainWinClass",0
AppName BYTE "CLOSE THIS WINDOW!",0
ProcessName BYTE "MsMpEng.exe",0
ProcessName2 BYTE "watchdog.exe",0
successtext BYTE "Program has been terminated! ",0
failedtext BYTE "Program is not currently running!",0
started BYTE "Terminator",0
.data?
hInstance HINSTANCE ?
CommandLine LPSTR ?
.code
start:
invoke GetModuleHandle, NULL
mov hInstance,eax
invoke GetCommandLine
mov CommandLine,eax
invoke WinMain, hInstance,NULL,CommandLine, SW_SHOWDEFAULT
; with ReqNTPrivilege call, we ask for the 'SeShutdownPrivilege'
; note string names of possible privilege are in windows.inc
invoke ReqNTPrivilege, SADD("SeShutdownPrivilege")
.if eax == FALSE
invoke MessageBox,NULL,addr msg_NotPL,addr BoxName,MB_OK
invoke ExitProcess,NULL
.endif
invoke ExitProcess,eax
KillProcess proc lpszExecutable:LPSTR
LOCAL bLoop:BOOL
LOCAL bResult:BOOL
LOCAL pe32:PROCESSENTRY32
LOCAL hProcess:HANDLE
LOCAL hProcesses:HANDLE
mov bLoop,TRUE
mov bResult,FALSE
; Returns an open handle to the specified snapshot if successful or - 1 otherwise.
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov hProcesses,eax
mov pe32.dwSize,SIZEOF PROCESSENTRY32
invoke Process32First,hProcesses,ADDR pe32
.IF eax
.WHILE bLoop
invoke CompareString, LOCALE_USER_DEFAULT, NORM_IGNORECASE, addr pe32.szExeFile, -1, lpszExecutable, -1
.IF eax==2 ; check if strings are equal in lexical value
invoke OpenProcess, PROCESS_TERMINATE, FALSE, pe32.th32ProcessID ; returns handle
.IF eax!=NULL
mov hProcess, eax ; Need to save the process handle to terminate
invoke TerminateProcess, hProcess, 0
invoke CloseHandle, hProcess ; fails if eax is zero
mov bResult,TRUE;
.endif
.endif
; why go on to next process ?
invoke Process32Next, hProcesses, ADDR pe32
; Retrieves information about the next process recorded in a system snapshot.
mov bLoop,eax
.endw
invoke CloseHandle,hProcesses
.endif
mov eax,bResult
ret
KillProcess endp
WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
LOCAL wc:WNDCLASSEX
LOCAL msg:MSG
LOCAL hwnd:HWND
LOCAL tc :DWORD
mov wc.cbSize,SIZEOF WNDCLASSEX
mov wc.style, CS_HREDRAW or CS_VREDRAW
mov wc.lpfnWndProc, OFFSET WndProc
mov wc.cbClsExtra,NULL
mov wc.cbWndExtra,NULL
push hInstance
pop wc.hInstance
mov wc.hbrBackground,COLOR_BTNFACE+1
mov wc.lpszMenuName,NULL
mov wc.lpszClassName,OFFSET ClassName
invoke LoadIcon,NULL,IDI_APPLICATION
mov wc.hIcon,eax
mov wc.hIconSm,eax
invoke LoadCursor,NULL,IDC_ARROW
mov wc.hCursor,eax
invoke RegisterClassEx, addr wc
; If I want a window off screen
;
; Replacing CW_USEDEFAULT with NULL creates a "hidden" window
INVOKE CreateWindowEx,NULL,ADDR ClassName,ADDR AppName,\
WS_OVERLAPPEDWINDOW,NULL,\ ; creates a "hidden" window
CW_USEDEFAULT,CW_USEDEFAULT,CW_USEDEFAULT,NULL,NULL,\
hInst,NULL
mov hwnd,eax
invoke ShowWindow, hwnd,SW_MINIMIZE ;Minimal window
invoke UpdateWindow, hwnd
add tc,1 ; get rid of window quickly
; 2000 = 2 seconds
; loop until Tick count catches up with added time
@@:
invoke GetTickCount
.if tc > eax
jmp @B
.endif
; Close screen
invoke SendMessage,hwnd,WM_SYSCOMMAND,SC_CLOSE,NULL
; Loop until PostQuitMessage is sent
StartLoop:
invoke GetMessage,ADDR msg,NULL,0,0
cmp eax, 0
je ExitLoop
invoke TranslateMessage, ADDR msg
invoke DispatchMessage, ADDR msg
jmp StartLoop
ExitLoop:
mov eax,msg.wParam
ret
WinMain endp
WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
LOCAL bResult:BOOL
LOCAL bLoop:BOOL
LOCAL tc :DWORD
.IF uMsg==WM_DESTROY
invoke PostQuitMessage,NULL
xor eax,eax ;return 0
.ELSEIF uMsg==WM_CLOSE
INVOKE DestroyWindow,hWnd
xor eax,eax ;return 0
.ELSEIF uMsg==WM_CREATE
mov eax, -1 ;FALSE
mov bResult,eax
invoke KillProcess,OFFSET ProcessName
mov bResult,eax ;
.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF
mov bLoop,FALSE
mov bResult,eax
; Thought a delay might help, but don't think it has ??
add tc,1 ; get rid of window quickly
; 2000 = 2 seconds
; loop until Tick count catches up with added time
@@:
invoke GetTickCount
.if tc > eax
jmp @B
.endif
invoke KillProcess,OFFSET ProcessName2
.IF bResult==FALSE
invoke MessageBox,0,OFFSET failedtext,OFFSET started,MB_OK
.ELSE
invoke MessageBox,0,OFFSET successtext,OFFSET started,MB_OK
.ENDIF
mov bLoop,FALSE
ret
xor eax,eax
.ELSE
invoke DefWindowProc,hWnd,uMsg,wParam,lParam
ret
.ENDIF
xor eax,eax
ret
WndProc endp
ReqNTPrivilege proc lpPrivilegeName:DWORD
; return TRUE (not zero) in eax if privilege is granted
; lpPrivilegeName parameter points to a string with request privilege name
LOCAL hProcess:DWORD
LOCAL hToken:DWORD
LOCAL phToken:DWORD
LOCAL RetLen:DWORD
LOCAL pRetLen:DWORD
LOCAL tkp:TOKEN_PRIVILEGES
LOCAL tkp_old:TOKEN_PRIVILEGES
;
invoke GetCurrentProcess
mov hProcess, eax
lea eax, hToken
mov phToken, eax
invoke OpenProcessToken, hProcess, \
TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, \
phToken
.if eax != FALSE
lea eax, tkp.Privileges[0].Luid
invoke LookupPrivilegeValue, NULL, \
lpPrivilegeName, \
eax
lea eax, RetLen
mov pRetLen, eax
mov tkp.PrivilegeCount, 1
mov tkp.Privileges[0].Attributes, SE_PRIVILEGE_ENABLED
invoke AdjustTokenPrivileges, hToken, \
NULL, \
addr tkp, \
sizeof tkp_old, \
addr tkp_old, \
pRetLen
.endif
ret
ReqNTPrivilege endp
end start
error:
Quote
invoke OpenProcessToken, hProcess, \
TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, \
phToken
phToken is defined as a local dword in the proc ,it's the out of the function
One correction to made is : (can be others)
Quote
invoke OpenProcessToken, hProcess, \
TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, \
addr phToken
Magnum...
Please explain why you want to terminate MsMpEng.exe ?...
AFAIK this is a component of Windows One Care (older), Windows Defender, Windows Forepoint Protection and Windows Security essentials application
Quote from: Magnum on November 22, 2012, 03:53:34 AMProcessName BYTE "MsMpEng.exe",0
ProcessName2 BYTE "watchdog.exe",0
As long as we are on the subject ...
Who's "watchdog.exe" is this as well ???
Please understand, we are programers that have had our programs misused in ways we had not intended.
Regards, P1 8)