Jump to content
Nytro

[MASM] Native Enum Processes

By Nytro, in Programare

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[MASM] Native Enum Processes

Author: steve10120

; steve10120@ic0de.org

; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
    include \masm32\include\masm32rt.inc
    include \masm32\include\ntdll.inc

    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\kernel32.lib
    includelib \masm32\lib\ntdll.lib
; ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

CLIENT_ID STRUCT
    UniqueProcess               dd    ?
    UniqueThread                dd    ?
CLIENT_ID ENDS

SYSTEM_THREADS struct
    KernelTime                  LARGE_INTEGER   <>
    UserTime                    LARGE_INTEGER   <>
    CreateTime                  LARGE_INTEGER   <>
    WaitTime                    dd  ?           
    StartAddress                dd  ?
    ClientId                    CLIENT_ID       <>
    Priority                    SDWORD   ?
    BasePriority                SDWORD   ?
    ContextSwitchCount          dd  ?
    State                       dd  ?
    WaitReason                  dd  ?
SYSTEM_THREADS  ends

UNICODE_STRING STRUCT
    Len WORD ?
    MaximumLength WORD ?
    Buffer PWSTR ?
UNICODE_STRING ends

VM_COUNTERS STRUCT
    PeakVirtualSize                DWORD    ?    ; SIZE_T
    VirtualSize                    DWORD    ?    ; SIZE_T
    PageFaultCount                DWORD    ?
    PeakWorkingSetSize            DWORD    ?    ; SIZE_T
    WorkingSetSize                DWORD    ?    ; SIZE_T
    QuotaPeakPagedPoolUsage        DWORD    ?    ; SIZE_T
    QuotaPagedPoolUsage            DWORD    ?    ; SIZE_T
    QuotaPeakNonPagedPoolUsage    DWORD    ?    ; SIZE_T
    QuotaNonPagedPoolUsage        DWORD    ?    ; SIZE_T
    PagefileUsage                DWORD    ?    ; SIZE_T
    PeakPagefileUsage            DWORD    ?    ; SIZE_T
VM_COUNTERS ENDS

SYSTEM_PROCESS_INFORMATION struct
    NextEntryDelta              dd  ?
    ThreadCount                 dd  ?
    Reserved1                   dd  6 dup (?)
    CreateTime                  LARGE_INTEGER  <>
    UserTime                    LARGE_INTEGER  <>
    KernelTime                  LARGE_INTEGER  <>
    ProcessName                 UNICODE_STRING  <>
    BasePriority                SDWORD   ? 
    ProcessId                   dd  ?
    InheritedFromProcessId      dd  ?
    HandleCount                 dd  ?
    Reserved2                   dd  2 dup (?)
    VmCounters                  VM_COUNTERS <>
;IO_COUNTERS IoCounters; // Windows 2000 only
    Threads                     SYSTEM_THREADS  <>
SYSTEM_PROCESS_INFORMATION ends

.data
    szBuffer db 256 dup(0)

.data?
    dwReturnLength dd ?
.code

WideToAnsi proc szData:DWORD
    invoke WideCharToMultiByte, CP_ACP, WC_COMPOSITECHECK, szData, INVALID_HANDLE_VALUE, ADDR szBuffer, 256, NULL, NULL
    LEAVE
    RETN 4
WideToAnsi endp

start:

    invoke NtQuerySystemInformation, 5, NULL, 0, ADDR dwReturnLength
    invoke VirtualAlloc, NULL, dwReturnLength, MEM_COMMIT, PAGE_READWRITE
    TEST EAX, EAX
    JE EndMain
    MOV EDI, EAX
    invoke NtQuerySystemInformation, 5, EDI, dwReturnLength, ADDR dwReturnLength
    TEST EAX, EAX
    JNE FreeMem
    ASSUME EDI:PTR SYSTEM_PROCESS_INFORMATION
ProcessLoop:
    MOV EAX, [EDI].ProcessName.Buffer
    TEST EAX, EAX
    JE NextItem
    invoke WideToAnsi, EAX
    print OFFSET szBuffer, 13, 10

NextItem:
    CMP [EDI].NextEntryDelta, 0
    JE FreeMem
    ADD EDI, [EDI].NextEntryDelta
    JMP ProcessLoop
FreeMem:
    invoke VirtualFree, EDI, 0, MEM_RELEASE
EndMain:
    inkey
    RETN

end start

Sursa: ic0de.org

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...