WIN32汇编列进程
http://www.52pojie.cn/home/attachment/200906/30/76433_1246362600iVEi.jpg;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;made by netknight
;Email:netknight@163.com
;QQ:175943462
;Blog:http://hi.baidu.com/netknight
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat,stdcall
option casemap:none
includeWindows.inc
includeuser32.inc
includegdi32.inc
includekernel32.inc
includeshell32.inc
include psapi.inc
include shlwapi.inc
include macros.inc
include advapi32.inc
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
includelibuser32.lib
includelibgdi32.lib
includelibkernel32.lib
includelibshell32.lib
includelib psapi.lib
includelib shlwapi.lib
includelib advapi32.lib
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; Equ 等值定义
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ICO_MAINequ 1000h ;图标
DLG_MAINequ 1
IDB_Listequ 1001
IDC_COUNT equ 1002
IDC_UPDATE equ 1003
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 数据段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.data?
hInstanceHINSTANCE ?
hwndListView dd ?
hOK dd ?
hCount dd ?
hUpdate dd ?
;hModule dd ?
hImageListdd ?
szName db 256 dup(?)
lpBuffer db 256 DUP (?)
plUserName db 256 DUP (?)
szBuffer db 1024 dup(?)
.data
TestSw dd 0
showdb "%8d",0
szFmtStrSysdb '%d-------System--------N/A',13,10,0
szFmtStrIdle db '%d-------System Idle Process--------N/A',13,10,0
szFmtStrProc db '是否要结束进程:%s',13,10,0
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
; 代码段
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GetProcName proc uses edi _hProcess:HANDLE
local hToken:HANDLE
local dwBytesRead:DWORD
local dwBytesRead2:DWORD
local dwSidType:DWORD
local pData:DWORD
local szDomainBuffer:BYTE
;local plUserName:BYTE
invoke RtlZeroMemory,addr plUserName,sizeof plUserName
invoke OpenProcessToken, _hProcess, TOKEN_QUERY, addr hToken
invoke GetTokenInformation, hToken, TokenUser, NULL, NULL, addr dwBytesRead
invoke GlobalAlloc, GPTR, dwBytesRead
mov pData, eax
invoke GetTokenInformation, hToken,TokenUser, pData, dwBytesRead, addr dwBytesRead
mov edi, pData
invoke LookupAccountSid, NULL, , addr plUserName, \
addr dwBytesRead, addr szDomainBuffer,\
addr dwBytesRead2, addr dwSidType
.if !eax
invoke lstrcpy,addr plUserName,CTXT("Unknown")
.endif
invoke FreeSid,
invoke GlobalFree, pData
ret
GetProcName endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
LoadListView proc uses edi row:DWORD,lpFind:DWORD
local lvi:LV_ITEM
local sfi:SHFILEINFO
local DirSw:DWORD,@_hProcess,hModule
local szBuff0:BYTE, szBuff1,szPath
mov edi,lpFind
assume edi:ptr PROCESSENTRY32
invoke RtlZeroMemory,addr szBuff0,sizeof szBuff0
invoke RtlZeroMemory,addr szBuff1,sizeof szBuff1
invoke RtlZeroMemory,addrszPath,sizeofszPath
mov lvi.imask, LVIF_TEXT or LVIF_IMAGE
push row
pop lvi.iItem
mov lvi.iSubItem, 0
lea eax,.szExeFile;这个是进程名
mov lvi.pszText,eax
mov lvi.iImage, 0
invoke wsprintf,addr lpBuffer,addr show,.th32ProcessID
invoke OpenProcess,PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE, .th32ProcessID
mov @_hProcess,eax
.if @_hProcess
;invoke EnumProcessModules,@_hProcess, addr hModule, sizeof hModule, 1024
invoke GetModuleFileNameEx,@_hProcess,0,addr szPath, sizeof szPath
;invoke GetModuleBaseName,@_hProcess,addr hModule,offset szName,sizeof szName
mov eax,.th32ProcessID
.if eax == 4;判断是否System进程
;invoke wsprintf,addr szBuffer,addr szFmtStrSys,.th32ProcessID
;invoke MessageBox,NULL,addr szBuffer,CTXT("11"),MB_APPLMODAL
.else
;invoke wsprintf,addr szBuffer,addr szFmtStrFull,.th32ProcessID,addr szName,addr szPath
;invoke MessageBox,NULL,addr szBuffer,CTXT("22"),MB_OK or MB_ICONINFORMATION
.endif
.else
;invoke wsprintf,addr szBuffer,addr szFmtStrIdle,.th32ProcessID
;invoke MessageBox,NULL,addr szBuffer,addr szBuffer,MB_OK or MB_ICONINFORMATION
.endif
.if !TestSw
invoke SHGetFileInfo,addr szPath, 0, addr sfi, sizeof SHFILEINFO,SHGFI_SYSICONINDEX or SHGFI_SMALLICON
mov eax, sfi.iIcon
mov lvi.iImage, eax
.endif
invoke SendMessage,hwndListView, LVM_INSERTITEM, 0, addr lvi
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
mov lvi.imask,LVIF_TEXT or LVCF_SUBITEM
inc lvi.iSubItem
lea eax,lpBuffer ;这个是进程PID
mov lvi.pszText,eax
;invoke MessageBox,NULL,addr lpBuffer,lvi.pszText,MB_APPLMODAL
invoke SendMessage,hwndListView,LVM_SETITEM, 0,addr lvi
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
mov lvi.imask,LVIF_TEXT or LVCF_SUBITEM
inc lvi.iSubItem
invoke GetProcName,@_hProcess
lea eax,plUserName ;这个是进程用户名
mov lvi.pszText,eax
invoke SendMessage,hwndListView,LVM_SETITEM, 0,addr lvi
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
mov lvi.imask,LVIF_TEXT or LVCF_SUBITEM
inc lvi.iSubItem
invoke lstrcmp,addr plUserName,CTXT("Unknown")
.if !eax
invoke lstrcpy,addr szPath,CTXT("FAIL!!!!")
.endif
lea eax,szPath;这个是进程路径
mov lvi.pszText,eax
invoke SendMessage,hwndListView,LVM_SETITEM, 0,addr lvi
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
assume edi:nothing
invoke CloseHandle,@_hProcess
invoke CloseHandle,hModule
ret
LoadListView endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
FillProcInfo proc _buff
local @stProcess:PROCESSENTRY32
local @hSnapShot,@dwProcNum
invoke RtlZeroMemory,addr @stProcess,sizeof @stProcess
mov @stProcess.dwSize,sizeof @stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov @hSnapShot,eax
invoke Process32First,@hSnapShot,addr @stProcess
xor edi,edi
.while eax
invoke LoadListView,edi,addr @stProcess
inc edi
invokeProcess32Next,@hSnapShot,addr @stProcess
.endw
mov @dwProcNum,edi
invoke CloseHandle,@hSnapShot
invoke wsprintf,addr szBuffer,CTXT("%d"),@dwProcNum;进程数
ret
FillProcInfo endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
InitListViewproc
local sfi:SHFILEINFO
local lvc:LV_COLUMN
local lpidl:DWORD
mov eax, LVS_EX_FULLROWSELECT or LVS_EX_HEADERDRAGDROP or\
LVS_EX_SUBITEMIMAGES or LVS_EX_GRIDLINES
invoke SendMessage,hwndListView, LVM_SETEXTENDEDLISTVIEWSTYLE, 0, eax
invoke SHGetFileInfo,CTXT("C:\"),0,addr sfi,sizeof SHFILEINFO,SHGFI_SYSICONINDEX or SHGFI_SMALLICON
invoke SendMessage,hwndListView,LVM_SETIMAGELIST,LVSIL_SMALL,eax
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
mov lvc.imask, LVCF_TEXT or LVCF_WIDTH
mov lvc.pszText,CTXT("ProcName")
mov lvc.lx, 150
invoke SendMessage,hwndListView, LVM_INSERTCOLUMN, 0, addr lvc
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
mov lvc.imask, LVCF_TEXT or LVCF_WIDTH
mov lvc.pszText,CTXT("PID")
mov lvc.lx, 80
invoke SendMessage,hwndListView, LVM_INSERTCOLUMN, 1, addr lvc
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
mov lvc.imask, LVCF_TEXT or LVCF_WIDTH
mov lvc.pszText,CTXT("ProcUseName")
mov lvc.lx, 120
invoke SendMessage,hwndListView, LVM_INSERTCOLUMN, 2, addr lvc
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
mov lvc.imask, LVCF_TEXT or LVCF_WIDTH
mov lvc.pszText,CTXT("ProcPath")
mov lvc.lx, 400
invoke SendMessage,hwndListView, LVM_INSERTCOLUMN, 3, addr lvc
ret
InitListViewendp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ShowCurrentFocus proc
local lvi:LV_ITEM
local buffer:BYTE,@_hProcess,@buff:DWORD,@buff1:DWORD,v
invoke SendMessage,hwndListView,LVM_GETNEXTITEM,-1, LVNI_FOCUSED
mov lvi.iItem,eax
mov lvi.iSubItem,0
mov lvi.imask,LVIF_TEXT
lea eax,buffer
mov lvi.pszText,eax
mov lvi.cchTextMax,256
invoke RtlZeroMemory,addr buffer,sizeof buffer
invoke RtlZeroMemory,addr szBuffer,sizeof szBuffer
invoke SendMessage,hwndListView,LVM_GETITEM,0,addr lvi
invoke wsprintf,addr @buff,addr szFmtStrProc,addr buffer
invoke MessageBox,NULL, addr @buff,CTXT("提示!"),MB_OKCANCEL
.if eax == IDOK
invoke SendMessage,hwndListView,LVM_GETNEXTITEM,-1, LVNI_FOCUSED
mov lvi.iItem,eax
mov lvi.iSubItem,1
mov lvi.imask,LVIF_TEXT
lea eax,buffer
mov lvi.pszText,eax
mov lvi.cchTextMax,256
invoke SendMessage,hwndListView,LVM_GETITEM,0,addr lvi
invoke StrToIntEx,addr ,0,addr v
invoke OpenProcess,PROCESS_ALL_ACCESS, FALSE, v
mov @_hProcess,eax
.if @_hProcess
invoke TerminateProcess,@_hProcess,0
.if eax
invoke MessageBox,NULL, CTXT("进程结束成功!"),CTXT("提示!"),MB_OK
.else
invoke MessageBox,NULL, CTXT("结束进程失败!"),CTXT("提示!"),MB_ICONERROR
.endif
.else
invoke MessageBox,NULL, CTXT("打开进程失败!"),CTXT("提示!"),MB_ICONERROR
.endif
.endif
invoke SendMessage,hwndListView,LVM_DELETEALLITEMS,0,0;清除所有列
call FillProcInfo
ret
ShowCurrentFocus endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
local tvinsert:TV_INSERTSTRUCT
local tvhit:TV_HITTESTINFO
local DlgHeight:DWORD
local DlgWidth:DWORD
local DlgRect:RECT
local DesktopRect:RECT
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
invoke LoadIcon,hInstance,ICO_MAIN
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
invoke GetDlgItem,hWnd,IDB_List
mov hwndListView,eax
invoke GetDlgItem,hWnd,IDC_COUNT
mov hCount,eax
invoke GetDlgItem,hWnd,IDC_UPDATE
mov hUpdate,eax
invoke GetDlgItem,hWnd,IDOK
mov hOK,eax
invoke EnableWindow,hUpdate,0
call InitListView
;以下是居中窗口
invoke GetWindowRect,hWnd,addr DlgRect
invoke GetDesktopWindow
mov ecx,eax
invoke GetWindowRect,ecx,addr DesktopRect
push0
moveax,DlgRect.bottom
subeax,DlgRect.top
movDlgHeight,eax
push eax
moveax,DlgRect.right
subeax,DlgRect.left
movDlgWidth,eax
push eax
moveax,DesktopRect.bottom
subeax,DlgHeight
shreax,1
push eax
moveax,DesktopRect.right
subeax,DlgWidth
shreax,1
push eax
push hWnd
call MoveWindow
;居中窗口结束
.elseif eax == WM_COMMAND
mov eax,wParam
.if ax == IDOK
invoke SendMessage,hwndListView,LVM_DELETEALLITEMS,0,0;清除所有列
call FillProcInfo
invoke EnableWindow,hOK,0
invoke EnableWindow,hUpdate,TRUE
.else
invoke SendMessage,hwndListView,LVM_DELETEALLITEMS,0,0;清除所有列
call FillProcInfo
.endif
invoke SetDlgItemText,hWnd,IDC_COUNT,addr szBuffer ;设置进程数
.elseif eax == WM_NOTIFY
push edi
mov edi,lParam
assume edi:ptr NMHDR
mov eax,.hwndFrom
.if eax==hwndListView
.if .code==NM_DBLCLK
invoke ShowCurrentFocus
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
invoke ExitProcess,NULL
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
下面是RC
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#include<resource.h>
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
#define ICO_MAIN 0x1000 //图标
#define DLG_MAIN 1
#define IDB_List 1001
#define IDC_COUNT 1002
#define IDC_UPDATE 1003
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
ICO_MAIN ICON"Main.ico"
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
DLG_MAIN DIALOG DISCARDABLE50, 50, 243, 221
STYLE DS_MODALFRAME | WS_POPUP | WS_VISIBLE | WS_CAPTION | WS_SYSMENU
CAPTION "listview进程枚举"
FONT 9, "宋体"
BEGIN
PUSHBUTTON "开始枚举(&F)",IDOK,186,201,53,15
CONTROL "List1",IDB_List,"SysListView32",LVS_REPORT |
LVS_SINGLESEL | WS_BORDER | WS_TABSTOP,5,5,232,191
LTEXT "进程数:",IDC_STATIC,11,205,32,9
LTEXT "----",IDC_COUNT,52,205,16,9
PUSHBUTTON "刷新(&U)",IDC_UPDATE,126,201,53,15
LTEXT "QQ:175943462",IDC_STATIC,73,205,48,7
END
//>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 看了。。。不错。。。 我靠太复杂了吧 支持,谢谢!!!!!!!!!!!! 看不懂啊。. 看看 老东西咯貌似 看看到底是什么东西
页:
[1]