i tried to gather all procs running on my system.
format pe console
section '.code' code readable executable
push 184000 ;1000 procs
mov ebx, eax
push 5; SystemProcessInformation
push dword [ebx+68+edi]
add esp, 8
section '.data' data readable writeable
f db '%i',13,10,0
section '.idata' import data readable
dd 0,0,0,RVA msvcrt_name,RVA msvcrt_table
dd 0,0,0,RVA ntdll_name,RVA ntdll_table
dd 5 dup 0
printf dd RVA _printf
malloc dd RVA _malloc
NtQuerySystemInformation dd RVA _NtQuerySystemInformation
msvcrt_name db 'msvcrt.dll',0
ntdll_name db 'ntdll.dll',0
_printf db 0,0,'printf',0
_malloc db 0,0,'malloc',0
_NtQuerySystemInformation db 0,0,'NtQuerySystemInformation',0
It-semi-worked, buy not at all.
I dont understand why it output that. all my procs are at the end, and if i loop it less times, i have only crap and 0.
What im doing wrong, how to use this?
Why don't you post the C-code instead?
It's much easier to read that way.
At the very least, use symbolic names such as "SystemProcessInformation" instead of magic number of 5.
Although not strictly necessary, your code doesn't return 0 or free the malloc'd block of memory.
You don't check the return value from NtQuerySystemInformation, so there's no way to tell if the processing worked or not.
0, if error i would post it.
You don't check the return value from NtQuerySystemInformation,
_YOUR CODE_ does not check the return value from the query function (nor do you check for out of memory on malloc() - but that would show a failure by crashing the app). So should the query function NOT return 0 at any given point in the future, it may well go undetected.
But I think the real problem is that your printout is essentially doing this:
I don't think that's quite what you wanted.
void printinfo(int *buffer)
int *p = buffer;
for(i = 0; i < 1000; i++)