0

I am trying to practice the inline ASM in C++ :) Maybe outdated, but it is interesting, to know how CPU is executing the code.

So, what I am trying to do here, is to loop through processes and get a handle of needed one :) I am using for that already created methods from tlhelp32

I have this code:

        HANDLE RetHandle = nullptr, snap;
        int SizeOfPE = sizeof(PROCESSENTRY32), pid; PROCESSENTRY32 pe;
        int PA = PROCESS_ALL_ACCESS;
        const char* Pname = "explorer.exe";
        __asm
        {
            mov eax, pe
            mov ebx, this
            mov ecx, [ebx]pe.dwSize
            mov ecx, SizeOfPE
            mov[ebx]pe.dwSize, ecx

            mov eax, PA
            mov ebx,0
            call CreateToolhelp32Snapshot
            mov eax,snap

            label1:
            mov eax, snap
            mov ebx, [pe]
            call Process32First
            cmp eax,1
            jne exitLabel

            Process32NextLoop:
            mov eax, snap
            mov ebx, [pe]
            call Process32Next
            cmp eax, 1
            jne Process32NextLoop

            mov edx, pe
            mov ecx, [edx].szExeFile
            cmp ecx, Pname
            je ExitLoop
            jne Process32NextLoop

            ExitLoop:
            mov eax, [ebx].th32ProcessID
            mov pid, eax

            ExitLabel:
            ret
        }

Apparently, it is throwing error in th32ProcessID as well, however, it is just regular int.

Have been searching, but haven't found the equivalent for movl in C++

Peter Cordes
  • 328,167
  • 45
  • 605
  • 847
Raitis
  • 115
  • 1
  • 10
  • Looking at compiler-generated asm is usually a good idea for learning how C++ corresponds to asm. See [How to remove "noise" from GCC/clang assembly output?](https://stackoverflow.com/q/38552116) - much of the advice works for MSVC as well, in terms of what kinds of functions to construct, and using https://godbolt.org/. Note that this is MSVC inline asm, using Intel syntax. `movl` is AT&T syntax for `mov` with a `dword ptr` operand-size. – Peter Cordes Aug 20 '20 at 19:15
  • Not really familiar with intel syntax :D Know a bit of MASM, but it does not seem to like that in inline asm. – Raitis Aug 20 '20 at 19:18
  • MSVC inline asm is pretty much the same instruction syntax as MASM. (Of course you can't use directives and so on, and you can use C++ identifiers and the compiler fills in the addressing mode for the memory operand). MASM is one flavour of Intel syntax. See https://stackoverflow.com/tags/intel-syntax/info. AT&T syntax (for a `movl` mnemonic) is a totally different family of x86 asm, see https://stackoverflow.com/tags/att/info – Peter Cordes Aug 20 '20 at 19:21

0 Answers0