1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
| GetProcess proc
LOCAL privilege:TOKEN_PRIVILEGES
LOCAL luid:LUID
LOCAL handle1:DWORD
LOCAL handle2:DWORD
LOCAL hProcess:DWORD
LOCAL id:DWORD
LOCAL pid:DWORD
LOCAL dwBytes:DWORD
invoke GetCurrentProcessId
mov id,eax
invoke OpenProcess,PROCESS_ALL_ACCESS,FALSE,addr id
mov handle1,eax
invoke OpenProcessToken,addr handle1,TOKEN_ALL_ACCESS,addr handle2
invoke LookupPrivilegeValue,0,offset str__SE_DEBUG_NAME,addr luid
mov privilege.PrivilegeCount,1
mov privilege.Privileges[0].Attributes,SE_PRIVILEGE_ENABLED
lea eax,privilege
invoke AdjustTokenPrivileges,addr handle2,FALSE,eax,sizeof TOKEN_PRIVILEGES,NULL,NULL
invoke CloseHandle,handle1
invoke CloseHandle,handle2
mov LVI.iItem,0
mov LVI.imask,LVIF_TEXT
mov LVI.iSubItem,0
mov pid,0
.While(pid<1000000)
invoke OpenProcess,PROCESS_ALL_ACCESS,0,addr pid
mov hProcess,eax
.If hProcess != NULL
invoke EnumProcessModules,addr hProcess,addr hModule,sizeof hModule,addr dwBytes
.if eax != NULL
invoke GetModuleBaseName,addr hProcess,addr hModule,addr szName,sizeof szName
mov LVI.pszText,offset hModule
invoke SendMessage,hList,LVM_INSERTITEM,NULL,addr LVI
inc LVI.iItem
inc pid
.endif
.endif
.endw
Ret
GetProcess endp |
Partager