;>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;此程序应该命名为22222222.exe
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
DLG_MAIN equ 1
.data
szFileName db '111111111.exe',0 ;定义要守护的进程名
.data?
Pid dd ?
hSnapShot dd ?
stProcess PROCESSENTRY32 <?>
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
hInstance dd ?
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;获取快照
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Snapshot proc
@@:
invoke RtlZeroMemory,addr stProcess,sizeof stProcess;有必要清空,不然进程会重复
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess;开始获取快照
mov hSnapShot,eax ;保存到句柄
invoke Process32First,hSnapShot,addr stProcess;列举进程
.while eax
invoke lstrcmp,addr szFileName,addr stProcess.szExeFile;对比是否有111111111.exe
.if eax == NULL ;有则返回
ret
.endif
invoke Process32Next,hSnapShot,addr stProcess ;继续列举
.endw
call _Process ;如果没发现111111111.exe进程,就执行程序创建
loop @B
ret
_Snapshot endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Process proc
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,addr szFileName,NULL,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo
ret
_Process endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE ;关闭窗口的消息列队
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG ;初始化各个消息
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
call _Snapshot
.elseif eax == WM_COMMAND
mov eax,wParam
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
@@:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
loop @B
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start
[Copy to clipboard]
CODE:
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>
;此程序应该命名为111111111.exe
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>
.386
.model flat, stdcall
option casemap:none
include windows.inc
include kernel32.inc
include user32.inc
includelib kernel32.lib
includelib user32.lib
DLG_MAIN equ 1
.data
szFileName db '22222222.exe',0
.data?
Pid dd ?
hSnapShot dd ?
stProcess PROCESSENTRY32 <?>
stStartUp STARTUPINFO <?>
stProcInfo PROCESS_INFORMATION <?>
hInstance dd ?
.code
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Snapshot proc
@@:
invoke RtlZeroMemory,addr stProcess,sizeof stProcess
mov stProcess.dwSize,sizeof stProcess
invoke CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess
mov hSnapShot,eax
invoke Process32First,hSnapShot,addr stProcess
.while eax
invoke lstrcmp,addr szFileName,addr stProcess.szExeFile;对比是否有22222222.exe
.if eax == NULL ;有则返回
ret
.endif
invoke Process32Next,hSnapShot,addr stProcess
.endw
call _Process ;如果没有,就执行程序创建
loop @B
ret
_Snapshot endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_Process proc
invoke GetStartupInfo,addr stStartUp
invoke CreateProcess,addr szFileName,NULL,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInfo
ret
_Process endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
_ProcDlgMain proc uses ebx edi esi hWnd,wMsg,wParam,lParam
mov eax,wMsg
.if eax == WM_CLOSE
invoke EndDialog,hWnd,NULL
.elseif eax == WM_INITDIALOG
invoke SendMessage,hWnd,WM_SETICON,ICON_BIG,eax
call _Snapshot
.elseif eax == WM_COMMAND
mov eax,wParam
.else
mov eax,FALSE
ret
.endif
mov eax,TRUE
ret
_ProcDlgMain endp
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
start:
@@:
invoke GetModuleHandle,NULL
mov hInstance,eax
invoke DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL
ret
loop @B
;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
end start |
;QQ联络:1360095750。