;>>>>>>>>>>>>>>>>>>>>>>>>>>>>;此程序应该命名为22222222.exe;>>>>>>>>>>>>>>>>>>>>>>>>>>>>.386.model flat, stdcalloption casemap:noneinclude windows.incinclude kernel32.incinclude user32.incincludelib kernel32.libincludelib user32.libDLG_MAIN   equ     1.dataszFileName db '111111111.exe',0　;定义要守护的进程名.data?Pid dd ?hSnapShot dd ?stProcess PROCESSENTRY32 <?>stStartUp   STARTUPINFO     <?>stProcInfo   PROCESS_INFORMATION   <?>hInstance   dd     ?.code;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>;获取快照;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>_Snapshot proc@@:invoke   RtlZeroMemory,addr stProcess,sizeof stProcess;有必要清空，不然进程会重复mov   stProcess.dwSize,sizeof stProcessinvoke   CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcess;开始获取快照mov   hSnapShot,eax　;保存到句柄invoke   Process32First,hSnapShot,addr stProcess;列举进程  .while   eaxinvoke   lstrcmp,addr szFileName,addr stProcess.szExeFile;对比是否有111111111.exe    .if eax == NULL ;有则返回ret    .endif    invoke   Process32Next,hSnapShot,addr stProcess　;继续列举  .endwcall _Process ;如果没发现111111111.exe进程，就执行程序创建loop @Bret_Snapshot endp;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>_Process proc    invoke   GetStartupInfo,addr stStartUp    invoke   CreateProcess,addr szFileName,NULL,NULL,NULL,NULL,\        NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInforet_Process endp;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>_ProcDlgMain   proc   uses ebx edi esi hWnd,wMsg,wParam,lParam    mov   eax,wMsg    .if   eax == WM_CLOSE　;关闭窗口的消息列队        invoke   EndDialog,hWnd,NULL    .elseif   eax == WM_INITDIALOG　;初始化各个消息        invoke   SendMessage,hWnd,WM_SETICON,ICON_BIG,eax        call _Snapshot    .elseif   eax == WM_COMMAND        mov   eax,wParam    .else        mov   eax,FALSE        ret    .endif    mov   eax,TRUE    ret_ProcDlgMain   endp;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>start:  @@:    invoke   GetModuleHandle,NULL    mov   hInstance,eax    invoke   DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL  loop @B;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>end start [Copy to clipboard]CODE:;>>>>>>>>>>>>>>>>>>>>>>>>>>>>;此程序应该命名为111111111.exe;>>>>>>>>>>>>>>>>>>>>>>>>>>>>.386.model flat, stdcalloption casemap:noneinclude windows.incinclude kernel32.incinclude user32.incincludelib kernel32.libincludelib user32.libDLG_MAIN   equ     1.dataszFileName db '22222222.exe',0.data?Pid dd ?hSnapShot dd ?stProcess PROCESSENTRY32 <?>stStartUp   STARTUPINFO     <?>stProcInfo   PROCESS_INFORMATION   <?>hInstance   dd     ?.code;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>_Snapshot proc@@:invoke   RtlZeroMemory,addr stProcess,sizeof stProcessmov   stProcess.dwSize,sizeof stProcessinvoke   CreateToolhelp32Snapshot,TH32CS_SNAPPROCESS,addr stProcessmov   hSnapShot,eaxinvoke   Process32First,hSnapShot,addr stProcess  .while   eaxinvoke   lstrcmp,addr szFileName,addr stProcess.szExeFile;对比是否有22222222.exe    .if eax == NULL　;有则返回    ret    .endif    invoke   Process32Next,hSnapShot,addr stProcess  .endwcall _Process ;如果没有,就执行程序创建loop @Bret_Snapshot endp;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>_Process proc    invoke   GetStartupInfo,addr stStartUp    invoke   CreateProcess,addr szFileName,NULL,NULL,NULL,NULL,\        NORMAL_PRIORITY_CLASS,NULL,NULL,addr stStartUp,addr stProcInforet_Process endp;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>_ProcDlgMain   proc   uses ebx edi esi hWnd,wMsg,wParam,lParam    mov   eax,wMsg    .if   eax == WM_CLOSE        invoke   EndDialog,hWnd,NULL    .elseif   eax == WM_INITDIALOG        invoke   SendMessage,hWnd,WM_SETICON,ICON_BIG,eax        call _Snapshot    .elseif   eax == WM_COMMAND        mov   eax,wParam    .else        mov   eax,FALSE        ret    .endif    mov   eax,TRUE    ret_ProcDlgMain   endp;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>start:  @@:    invoke   GetModuleHandle,NULL    mov   hInstance,eax    invoke   DialogBoxParam,hInstance,DLG_MAIN,NULL,offset _ProcDlgMain,NULL    ret  loop @B   ;>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>end start