DLL 进程枚举及进程路径~
程序代码:;练习:进程遍历 CreateToolhelp32Snapshot
;by onepc 153785587
; ml /c /coff Process.asm
; Link /subsystem:windows /Dll /Def:Process.def Process.obj
.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
include psapi.inc
includelib user32.lib
includelib kernel32.lib
includelib psapi.lib
.data
szTitle db '进程枚举',0
szFmat db '进程ID:%u,进程名称:%s,进程路径:%s',0
.data?
hSanp dd ? ;快照句柄
stSanp PROCESSENTRY32 <?> ;快照的结构
szBuffer db 1024 dup (?)
szExePath db MAX_PATH dup (?) ;exe进程路径
.code
DLLEntry proc _hInstance,_dwReason,_dwReserved ;_hInstance动态链接库的实例句柄
mov eax,TRUE ;
ret
DLLEntry endp
;内部使用
_GetExePath proc _ProcessId
local @hProcess,@hModule,@dwsize
invoke OpenProcess,PROCESS_QUERY_INFORMATION or PROCESS_VM_READ, FALSE,_ProcessId
.if eax
mov @hProcess,eax
invoke EnumProcessModules,@hProcess,addr @hModule,Sizeof @hModule,@dwsize
invoke GetModuleFileNameEx,@hProcess,@hModule,addr szExePath,Sizeof szExePath
.endif
ret
_GetExePath endp
;导出函数
_ProcessList proc
mov stSanp.dwSize,sizeof stSanp ;使用结构之前,要先设置大小
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,NULL ;得到当前的系统进程快照
mov hSanp,eax ;快照句柄传给hSanp Process32First
invoke Process32First,hSanp,addr stSanp ;首次从快照得到一个进程信息
.while eax
invoke _GetExePath,stSanp.th32ProcessID
invoke wsprintf,addr szBuffer,addr szFmat,stSanp.th32ProcessID,addr stSanp.szExeFile,addr szExePath
invoke MessageBox,NULL,addr szBuffer,addr szTitle,0
invoke Process32Next,hSanp,addr stSanp ;用Process32Next循环从快照取得进程信息,直到取完进程,然后返回flase 从而退出
.endw
invoke CloseHandle,hSanp ;关闭快照句柄
ret
_ProcessList endp
End DLLEntryProcess.def
EXPORTS _ProcessList
Process.inc
_ProcessList proto
调用
程序代码:.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
include Process.inc
includelib process.lib
include macro.asm ;ctxt("")
.data
.data?
hInstance dd ?
.code
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke _ProcessList
invoke ExitProcess,NULL
end start动态调用
程序代码:.386
.model flat,stdcall
option casemap:none
include windows.inc
include user32.inc
include kernel32.inc
includelib user32.lib
includelib kernel32.lib
include macro.asm ;ctxt("")
_ProceDll typedef proto
ProceDll typedef ptr _ProceDll
.data
szDllName db 'Process.dll',0
szProName db '_ProcessList',0
.data?
hInstance dd ?
hDllInstance dd ?
lpprocesslist ProceDll ? ;返回函数地址
.code
start:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke LoadLibrary,addr szDllName ;把dll文件映射到调用的进程的地址空间 这里即是把dll文件映射到dll.exe进程的地址空间中
.if eax
mov hDllInstance,eax ;成功返回模块句柄
invoke GetProcAddress,hDllInstance,addr szProName ;这个是取模块里的函数的地址,要知道dll里的函数名
.if eax
mov lpprocesslist,eax
invoke lpprocesslist ;这里的函数地址,用它就像用dll里的函数的用法一样
.else
invoke MessageBox,NULL,CTXT("取函数地址时出错"),CTXT("ERROR"),0
.endif
.else
invoke MessageBox,NULL,CTXT("加载DLL文件出错"),CTXT("ERROR"),0
.endif
.if hDllInstance
invoke FreeLibrary,hDllInstance
.endif
invoke ExitProcess,NULL
end start[ 本帖最后由 onepc 于 2009-10-6 15:47 编辑 ]
没有,孤零零的一条鱼(没有鱼的表情,只好用‘猪头’了
)
