📄 getlatenproc.asm

📁 GetLatenProc example using GetModuleFileNameEx to detect hiden processs, easy to study

💻 ASM

字号:

.386
.model flat, stdcall  ;32 bit memory model
option casemap :none  ;case sensitive

include GetLatenProc.inc
include psapi.inc
includelib psapi.lib
.data
hex db "%d",0
Hiden db "Hide Process",0
.data?
pid dd ?
buffer db 200 dup(?)
File db 512 dup(?)

.code

start:

	invoke GetModuleHandle,NULL
	mov		hInstance,eax

    invoke InitCommonControls
	invoke DialogBoxParam,hInstance,IDD_DIALOG1,NULL,addr DlgProc,NULL
	invoke ExitProcess,0

;########################################################################

DlgProc proc hWin:HWND,uMsg:UINT,wParam:WPARAM,lParam:LPARAM

	mov		eax,uMsg
	.if eax==WM_INITDIALOG
		invoke SetTimer,hWin,0,0,0
	.elseif eax==WM_TIMER
		invoke GetForegroundWindow
		invoke GetWindowThreadProcessId,eax,addr pid
		invoke OpenProcess,PROCESS_VM_READ+ PROCESS_QUERY_INFORMATION,0,pid
		.if (eax!=0)
		mov edi,eax
		invoke GetModuleFileNameEx,eax,0,addr File,sizeof File
		mov eax,pid
		invoke wsprintf,addr buffer,addr hex,eax
		invoke SetDlgItemText,hWin,1001,addr buffer
		invoke SetDlgItemText,hWin,1002,addr File
		invoke CloseHandle,edi
		.else
				mov eax,pid
		invoke wsprintf,addr buffer,addr hex,eax
		invoke SetDlgItemText,hWin,1001,addr buffer
		invoke SetDlgItemText,hWin,1002,addr Hiden
		.endif
	.elseif eax==WM_COMMAND

	.elseif eax==WM_CLOSE
		invoke EndDialog,hWin,0
	.else
		mov		eax,FALSE
		ret
	.endif
	mov		eax,TRUE
	ret

DlgProc endp

end start

💿 文件大小 6 K

👤 上传用户 haorenkv3

📂 所属分类汇编语言

🏷️ 相关标签

#GetModuleFileNameEx #GetLatenProc #processs #example

⌨️ 快捷键说明

复制代码 Ctrl + C

搜索代码 Ctrl + F

全屏模式 F11

切换主题 Ctrl + Shift + D

显示快捷键 ?

增大字号 Ctrl + =

减小字号 Ctrl + -