📄 module.asm
字号:
include head.inc
ModalDlgProc PROTO :DWORD,:DWORD,:DWORD,:DWORD
EnumProc PROTO :DWORD,:DWORD
ProcessNameList PROTO
ModuleNameList PROTO:DWORD
ShowModuleInProcess PROTO :DWORD
.const
IDD_PROCESS equ 101
IDD_MODULE equ 102
IDD_CLASS equ 103
IDC_PROCESSITEMLIST equ 1001
IDC_PROCESSLIST equ 1002
IDC_MODULELIST equ 1003
IDC_MODULEITEMLIST equ 1004
IDC_CLASSLIST equ 1005
.data
pe PROCESSENTRY32 <sizeof PROCESSENTRY32>
me MODULEENTRY32 <sizeof MODULEENTRY32>
Process PROPSHEETPAGE <sizeof PROPSHEETPAGE>
Module PROPSHEETPAGE <sizeof PROPSHEETPAGE >
Class PROPSHEETPAGE <sizeof PROPSHEETPAGE >
psh PROPSHEETHEADER < sizeof PROPSHEETHEADER>
TitleName db "简单任务管理器",0
dpl db "SeDebugPrivilege",0
Fresh db "刷新",0
template db "%-8.8lx %-30s %-80s",0
templateModule db "%-8.8lx %-8.8lx %s",0
.data?
hInstance HANDLE ?
hProcessListBox HANDLE ?
hModuleShowList HANDLE ?
hModuleListBox HANDLE ?
hProcessShowList HANDLE ?
hClassListBox HANDLE ?
hOpenProcess HANDLE ?
hProcessSnapshot HANDLE ?
hModuleSnapshot HANDLE ?
hToken HANDLE ?
hFresh HANDLE ?
SelectCard dd ?,?,?
dwWidth dd 5 dup (?)
tkp TOKEN_PRIVILEGES <>
Rect RECT <>
ClassNameBuf db 50 dup (?)
WndTextBuf db 50 dup (?)
buffer db 200 dup (?)
.code
start:
invoke GetModuleHandle, NULL
mov hInstance,eax
invoke GetCurrentProcess
invoke OpenProcessToken,eax,TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, addr hToken
invoke LookupPrivilegeValue,NULL,addr dpl,addr tkp.Privileges.Luid
mov tkp.PrivilegeCount,1;只修改一种权限。
mov tkp.Privileges.Attributes,SE_PRIVILEGE_ENABLED;特权有效。
invoke AdjustTokenPrivileges,hToken, FALSE, addr tkp, 0,NULL, 0
invoke CloseHandle,hToken
invoke CreateToolhelp32Snapshot,TH32CS_SNAPALL,0;PROCESS,0;对于进程而言,可以用任何值。
mov hProcessSnapshot,eax
mov Process.pfnDlgProc ,offset ProcessDlgProc
mov Process.pszTemplate ,IDD_PROCESS
push hInstance
pop Process.hInstance
invoke CreatePropertySheetPage,addr Process;进程项。
mov SelectCard ,eax
invoke MemCopy ,addr Process,addr Class,sizeof PROPSHEETPAGE
mov Class.pszTemplate ,IDD_CLASS
mov Class.pfnDlgProc ,offset ClassDlgProc
invoke CreatePropertySheetPage,addr Class;类名项。
mov SelectCard+4,eax
invoke MemCopy ,addr Process,addr Module,sizeof PROPSHEETPAGE
mov Module.pszTemplate ,IDD_MODULE
mov Module.pfnDlgProc ,offset ModuleDlgProc
invoke CreatePropertySheetPage,addr Module;模块项。
mov SelectCard+8,eax
push hInstance
pop psh.hInstance
mov psh.pszCaption,offset TitleName
mov psh.dwFlags,PSH_USECALLBACK
mov psh.pfnCallback,offset pshproc
mov psh.nPages,3
mov psh.pStartPage ,0
mov psh.phpage ,offset SelectCard
invoke PropertySheet,addr psh;建立属性表单
invoke ExitProcess,eax
ProcessDlgProc proc uses edi hProcessWnd:dword,uMsg:dword,wParam:dword,lParam:dword
.if uMsg==WM_INITDIALOG
invoke GetDlgItem,hProcessWnd,IDC_PROCESSITEMLIST
mov hProcessListBox,eax
invoke GetDlgItem,hProcessWnd,IDC_MODULELIST
mov hModuleShowList,eax
invoke ProcessNameList
.elseif uMsg==WM_NOTIFY
invoke EnableWindow,hFresh,TRUE
mov edi,lParam
assume edi:ptr PSHNOTIFY
.if [edi].hdr.code==PSN_APPLY
invoke SendMessage,hProcessListBox,LB_RESETCONTENT,0,0
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov hProcessSnapshot,eax
invoke ProcessNameList
.endif
assume edi:nothing
.elseif uMsg==WM_COMMAND
mov eax,wParam
.if lParam
shr eax,16
.if ax==LBN_SELCHANGE
invoke SendMessage,hProcessListBox,LB_GETCURSEL,0,0
invoke SendMessage,hProcessListBox,LB_GETITEMDATA,eax,0
invoke ShowModuleInProcess,eax
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
ProcessDlgProc endp
ProcessNameList proc uses esi edi
LOCAL temp:BOOL
invoke Process32First,hProcessSnapshot,addr pe
mov temp,eax
.while temp
lea edi, pe.szExeFile
mov esi,edi
invoke lstrlen,edi
add edi,eax
.while byte ptr[edi]!='\' && edi>=esi
dec edi
.endw
.if edi!=esi;跳过反斜扛‘\'
inc edi
.endif
invoke SendMessage, hProcessListBox,LB_ADDSTRING,0,edi
invoke SendMessage, hProcessListBox,LB_SETITEMDATA,eax,pe.th32ProcessID
invoke Process32Next,hProcessSnapshot,addr pe
mov temp,eax
.endw
invoke SendMessage,hProcessListBox,LB_SETCURSEL,0,0
invoke SendMessage,hProcessListBox,LB_GETITEMDATA,eax,0
invoke ShowModuleInProcess,eax
ret
ProcessNameList endp
ShowModuleInProcess proc uses ebx esi edi ProcessID:DWORD
LOCAL temp:BOOL
invoke SendMessage,hModuleShowList,LB_RESETCONTENT,0,0
mov ebx,ProcessID
invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,ebx
mov hModuleSnapshot,eax
invoke Module32First,hModuleSnapshot,addr me
mov temp,eax
.while temp
.if me.th32ProcessID ==ebx
invoke SendMessage, hModuleShowList,LB_ADDSTRING,0,addr me.szExePath
.endif
invoke Module32Next,hModuleSnapshot,addr me
mov temp,eax
.endw
ret
ShowModuleInProcess endp
ClassDlgProc proc uses ebx esi edi hClassWnd:dword,uMsg:dword,wParam:dword,lParam:dword
.if uMsg==WM_INITDIALOG
invoke GetDlgItem,hClassWnd,IDC_CLASSLIST
mov hClassListBox,eax
invoke EnumWindows,addr EnumProc,NULL
.elseif uMsg==WM_NOTIFY
invoke EnableWindow,hFresh,TRUE
mov edi,lParam
assume edi:ptr PSHNOTIFY
.if [edi].hdr.code==PSN_APPLY
invoke SendMessage,hClassListBox,LB_RESETCONTENT,0,0
invoke EnumWindows,addr EnumProc,NULL
.endif
assume edi:nothing
.elseif uMsg==WM_COMMAND
mov eax,wParam
.if lParam
shr eax,16
.if ax==LBN_DBLCLK
invoke SendMessage,lParam,LB_GETCURSEL,0,0
invoke SendMessage,lParam,LB_GETTEXT,eax,addr buffer
lea edi,buffer
mov esi,edi
add edi,10
mov byte ptr [edi],0
inc edi
add esi,43
mov ebx,esi
.while byte ptr [ebx]==32
dec ebx
.endw
mov byte ptr [ebx+1],0
mov byte ptr [esi],0
inc esi
mov ebx,esi
add ebx,79
.while byte ptr [ebx]==32
dec ebx
.endw
mov byte ptr [ebx+1],0
invoke FindWindow,edi,esi
; invoke ShowWindow,eax,SW_HIDE;隐藏也可以的。
invoke PostMessage,eax,WM_CLOSE,0,0 ;应该过一段时间后再刷新,因为有些窗口的关闭需要一个过程。
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
ClassDlgProc endp
ModuleDlgProc proc uses edi hModuleWnd:dword,uMsg:dword,wParam:dword,lParam:dword
LOCAL tempBuffer[50]:byte
.if uMsg==WM_INITDIALOG
invoke GetDlgItem,hModuleWnd,IDC_MODULEITEMLIST
mov hModuleListBox ,eax
invoke GetDlgItem,hModuleWnd,IDC_PROCESSLIST
mov hProcessShowList,eax
invoke ModuleNameList,FALSE
invoke SendMessage,hModuleListBox,LB_SETCURSEL,0,0
invoke ModuleNameList,TRUE
.elseif uMsg==WM_NOTIFY
invoke EnableWindow,hFresh,TRUE
mov edi,lParam
assume edi:ptr PSHNOTIFY
.if [edi].hdr.code==PSN_APPLY
invoke SendMessage,hModuleListBox,LB_RESETCONTENT,0,0
invoke SendMessage,hProcessShowList,LB_RESETCONTENT,0,0
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,0
mov hProcessSnapshot,eax
invoke ModuleNameList,FALSE
invoke SendMessage,hModuleListBox,LB_SETCURSEL,0,0
invoke ModuleNameList,TRUE
.endif
assume edi:nothing
.elseif uMsg==WM_COMMAND
mov eax,wParam
.if lParam
.if ax==IDC_MODULEITEMLIST; 防止屏幕闪烁。
shr eax,16
.if ax==LBN_SELCHANGE
invoke SendMessage,hProcessShowList,LB_RESETCONTENT,0,0
invoke ModuleNameList,TRUE
.endif
.endif
.endif
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
ModuleDlgProc endp
ModuleNameList proc uses edi Entry:DWORD
LOCAL tempProcess:DWORD
LOCAL tempModule:DWORD
LOCAL tempBuffer[50]:byte
invoke Process32First,hProcessSnapshot,addr pe
mov tempProcess,eax
.while tempProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPMODULE,pe.th32ProcessID
mov hModuleSnapshot,eax
invoke Module32First,hModuleSnapshot,addr me
mov tempModule,eax
.while tempModule
.if !Entry
invoke SendMessage, hModuleListBox,LB_FINDSTRINGEXACT,-1,addr me.szModule
.if eax==LB_ERR;列表框中没找到相应的模块名。
invoke SendMessage, hModuleListBox,LB_ADDSTRING,0,addr me.szModule
.endif
.else
invoke SendMessage,hModuleListBox,LB_GETCURSEL,0,0
mov edi,eax
invoke SendMessage,hModuleListBox,LB_GETTEXT,edi,addr tempBuffer
invoke lstrcmpi,addr tempBuffer,addr me.szModule
.if !eax
invoke wsprintf ,addr buffer,addr templateModule,pe.th32ProcessID,me.modBaseAddr,addr pe.szExeFile
invoke SendMessage,hProcessShowList,LB_ADDSTRING,0,addr buffer
.break .if TRUE
.endif
.endif
invoke Module32Next,hModuleSnapshot,addr me
mov tempModule,eax
.endw
invoke Process32Next,hProcessSnapshot,addr pe
mov tempProcess,eax
.endw
ret
ModuleNameList endp
pshproc proc hwndsheet:dword ,uMsg:dword,lParam:dword
.if uMsg==PSCB_INITIALIZED
invoke GetWindow,hwndsheet,GW_CHILD
push eax
invoke ShowWindow,eax,SW_HIDE
pop eax
invoke GetWindow,eax,GW_HWNDNEXT
push eax
invoke ShowWindow,eax,SW_HIDE
pop eax
invoke GetWindow,eax,GW_HWNDNEXT
mov hFresh, eax
invoke EnableWindow,eax,TRUE
invoke SetWindowText,hFresh,addr Fresh
.else
mov eax,TRUE
ret
.endif
xor eax,eax
ret
pshproc endp
EnumProc proc hWnd:DWORD,Value :DWORD
invoke GetClassName,hWnd,addr ClassNameBuf,sizeof ClassNameBuf
invoke GetWindowText,hWnd,addr WndTextBuf,sizeof WndTextBuf
invoke wsprintf,addr buffer ,addr template,hWnd,addr ClassNameBuf,addr WndTextBuf
invoke SendMessage,hClassListBox,LB_ADDSTRING,0,addr buffer
mov eax, hWnd
ret
EnumProc endp
end start
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -