Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Tuesday, October 16 2018 @ 08:56 PM CEST
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Get Current Process Exe File Name

 
Post new topic   Reply to topic    www.reversing.be Forum Index -> Coding Corner
View previous topic :: View next topic  
Author Message
Devoney
Regular
Regular


Joined: 12 Sep 2005
Posts: 110
Location: The Netherlands

PostPosted: Fri Sep 28, 2007 12:32 pm    Post subject: Get Current Process Exe File Name Reply with quote

Hi there,

I want to get the exefile name of the process itself. So the app checks it own name. how can I do that? I did something like make a list of all processes with CreateToolhelp32Snapshot and going through all the processes comparing the ID of them with the CurrentProcessId and when I have a match I want to

MOV EBX, proc32.szExeFile

But this does not work.
Anyway, I guess there must be a faster way to get the name of the file itself without making that snapshot of all processes.

Thanks in Advance,
Devoney
Back to top
View user's profile Send private message Visit poster's website
Knight
Regular
Regular


Joined: 21 Aug 2005
Posts: 122

PostPosted: Thu Oct 04, 2007 11:32 am    Post subject: Reply with quote

GetModuleFileName should help...

Regards,
Knight
Back to top
View user's profile Send private message
Devoney
Regular
Regular


Joined: 12 Sep 2005
Posts: 110
Location: The Netherlands

PostPosted: Thu Oct 04, 2007 5:22 pm    Post subject: Reply with quote

Yes this should help indeed. Thank you. I did not test it yet, but I get the full path? like C:\testprogramming\test.exe ?
I am not that could at assembly/masm32.
With what functions can I strip a string to get the only test.exe instead of the whole path.
Could you give me some hints on how to "process" text?

Thanks for the reply,
Devoney
Back to top
View user's profile Send private message Visit poster's website
Ksbunker
Occasional Poster
Occasional Poster


Joined: 15 Jul 2005
Posts: 24

PostPosted: Fri Oct 05, 2007 10:40 am    Post subject: re: Reply with quote

I have absolutely no doubt, this can be improved, even completely revamped by better coders. But I believe for your purposes, it is what you are after.

Code:
.386
.model flat, stdcall
option casemap :none

include \masm32\include\windows.inc
include \masm32\include\kernel32.inc
include \masm32\include\user32.inc
   
includelib \masm32\lib\user32.lib
includelib \masm32\lib\kernel32.lib

.data

 _ExitThread dd 0
 pszPath db "C:\WINDOWS\file.exe", 0
 
.code
start:

 pop _ExitThread

 Invoke lstrlen, ADDR pszPath
 
 mov ecx, offset pszPath
 add ecx, eax
 
@@:
 cmp ecx, offset pszPath
 je @exit
 cmp byte ptr [ecx], "\"
 je @msg
 dec ecx
JMP @B

@msg:

 inc ecx

 push 0
 push 0
 push ecx
 push 0
 call MessageBoxA

@exit:

 call _ExitThread

end start
Back to top
View user's profile Send private message
Devoney
Regular
Regular


Joined: 12 Sep 2005
Posts: 110
Location: The Netherlands

PostPosted: Mon Oct 15, 2007 5:28 pm    Post subject: Reply with quote

Thanks for posting Ksbunker but that only helps if you know the path of the file in the application itself. Like in the example code you provide the path of the file is hardcoded in the sourcecode...

I have created code to get your the filename of the executable itself

Code:
; ллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллл

    .486                                ; create 32 bit code
    .model flat, stdcall                ; 32 bit memory model
    option casemap :none                ; case sensitive
 
    include \masm32\include\windows.inc
    include \masm32\include\masm32.inc
    include \masm32\include\gdi32.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\Comctl32.inc
    include \masm32\include\comdlg32.inc
    include \masm32\include\shell32.inc
    include \masm32\include\oleaut32.inc
    include \masm32\include\msvcrt.inc

    includelib \masm32\lib\masm32.lib
    includelib \masm32\lib\gdi32.lib
    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\kernel32.lib
    includelib \masm32\lib\Comctl32.lib
    includelib \masm32\lib\comdlg32.lib
    includelib \masm32\lib\shell32.lib
    includelib \masm32\lib\oleaut32.lib
    includelib \masm32\lib\msvcrt.lib

    .data?

    FilePath db ?
    FileName db ?
    .data
    Caption db "The name of this file is:",0
    Extension db ".exe",0

    .code

start:
 
; ллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллл
;
   
    PUSH 50h                    ;Length of variable to catch the output
    PUSH offset FilePath        ;pointer to variable to catch the output
    PUSH NULL                   ;Handle to the module to find filename for
    Call GetModuleFileName      ;Call the function to get the path of this file

    CMP EAX, 0                  ;if the function fails the returned value is 0
    JE Die                      ;if the function failed goto Die

    PUSH 50h                    ;The length of FileName
    PUSH offset FileName        ;pointer to variable to catch the output
    PUSH offset FilePath        ;pointer to the path of the filename to get the filename from
    Call GetFileTitle           ;Call the fuction to get the filename of path provided with FilePath

    PUSH offset Extension       ;pointer to a variable holding ".exe"
    PUSH offset FileName        ;pointer to the filename just received
    Call lstrcat                ;paste Extenstion after Filename: <filename>.exe since this is an executable

    PUSH 0                      ;PUSH style of messagebox
    PUSH offset Caption         ;pointer to predefined caption text for the messagebox
    PUSH offset FileName        ;pointer to complete filename created on runtime
    PUSH 0                      ;PUSH owner of this MessageBox, NULL means no owner
    Call MessageBoxA            ;Call the function to create the MessageBox

    Die:
    PUSH 0                      ;PUSH 0
    Call ExitProcess            ;Call function to texit application in a nice way.

;
; ллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллл

end start
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    www.reversing.be Forum Index -> Coding Corner All times are GMT + 1 Hour
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
 Copyright © 2018 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.06 seconds