; #################################### .386 .model flat, stdcall option casemap :none ; case sensitive ; #################################### include \masm32\include\windows.inc include \masm32\include\user32.inc include \masm32\include\kernel32.inc include \masm32\include\masm32.inc include \masm32\include\Psapi.inc includelib \masm32\lib\user32.lib includelib \masm32\lib\kernel32.lib includelib \masm32\lib\masm32.lib includelib \masm32\lib\Psapi.lib ; ##################################### .data pgmheader db "Handle Alternative",0DH,0AH, 0 newline db " ",0DH,0AH, 0 separator db "%%%%%%%%%%%%%",0DH,0AH, 0 .data? hWnd dd ? lpcbNeeded dd ? lphModule dd 256 DUP(?) pProcessIds dd 256 DUP(?) lpFileName db 256 DUP (?) count dd ? pBytesReturned dd ? .code start: invoke StdOut, ADDR pgmheader invoke EnumProcesses, OFFSET pProcessIds, SIZEOF pProcessIds, OFFSET pBytesReturned mov edi, OFFSET pProcessIds add edi, DWORD _outerloop: cmp DWORD PTR [edi], NULL jz _Exit invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, [edi] mov hWnd, eax cmp hWnd, NULL jz _interloop invoke StdOut, ADDR separator invoke EnumProcessModules, hWnd , OFFSET lphModule, SIZEOF lphModule, OFFSET lpcbNeeded mov esi, OFFSET lphModule _innerloop: cmp DWORD PTR [esi], NULL jz _interloop invoke GetModuleFileNameEx, hWnd, [esi], ADDR lpFileName, SIZEOF lpFileName invoke StdOut, ADDR lpFileName invoke StdOut, ADDR newline add esi, DWORD jmp _innerloop _interloop: invoke RtlZeroMemory, OFFSET lphModule, SIZEOF lphModule add edi, DWORD jmp _outerloop _Exit: invoke ExitProcess, NULL end start |
Let me know how this goes... Link them like,
link /SUBSYTEM:CONSOLE programname.obj
PS:There is absolutely no error checking that I have included in the code. This post is just to give an overview of how modules can be obtained for all the running processes (exceptions are those for which I wasn't able to get an handle)
binaryhax0r
No comments:
Post a Comment