Jump to content

File Read, Only cature specified text


kpu
 Share

Recommended Posts

I'm trying to come up with a solution to read the output from the tasklist.exe command and build a gui so you can then kill the task on a remote system if so desired.

For instance, the text output looks like so:

Image Name                 PID Session Name  Session#   Mem Usage
========================= ====== ================ ======== ============
System Idle Process         0 Console                0       16 K
System                             4 Console                 0      212 K
smss.exe                         548 Console                 0      464 K
csrss.exe                        612 Console                 0    3,256 K
winlogon.exe                    636 Console              0   13,100 K

Sorry, the formating doesn't stay.

How would I capture all "*.exe" text listed and then put it in a Dropdown menu?

Any help would greatly be appreciated!

Link to comment
Share on other sites

I'm trying to come up with a solution to read the output from the tasklist.exe command and build a gui so you can then kill the task on a remote system if so desired.

For instance, the text output looks like so:

Image Name                              PID     Session Name            Session#   Mem Usage
========================= ====== ================ ======== ============
System Idle Process                  0         Console                   0             16 K
System                                      4          Console                   0             212 K
smss.exe                                     548        Console                 0              464 K
csrss.exe                                    612        Console                 0              3,256 K
winlogon.exe                                636     Console                 0              13,100 K

Sorry, the formating doesn't stay.

How would I capture all "*.exe" text listed and then put it in a Dropdown menu?

Any help would greatly be appreciated!

Use PsTools from Sysinternals--specifically, pslist.exe which is contained within the PsTools. This will give you the list of taks on a remote machine. You can then output this information to a text file and use some String functions to extract what information you want out of the file.

Link to comment
Share on other sites

How would I capture all "*.exe" text listed and then put it in a Dropdown menu?

Hi,

to capture all Strings which match *.exe you could use something like this:

$inputline = "winlogon.exe 636 Console 0 13,100 K"

$info = StringRegExp ( $inputline, "(.*\.exe)" ,1)

GUICtrlSetData ( controlID, info[0])

... for errorhandling and further Information read a helpfile (of a Betaversion) ;)

Link to comment
Share on other sites

Use PsTools from Sysinternals--specifically, pslist.exe which is contained within the PsTools. This will give you the list of taks on a remote machine. You can then output this information to a text file and use some String functions to extract what information you want out of the file.

I've already scripted somthing very similar. Pstools works great, but XP has it's own built in tools "tasklist.exe" and "taskkill.exe". Second, my company has those tools listed as no-no's in McAffe so I can't use them on our network.

Hi,

to capture all Strings which match *.exe you could use something like this:

$inputline = "winlogon.exe 636 Console 0 13,100 K"

$info = StringRegExp ( $inputline, "(.*\.exe)" ,1)

GUICtrlSetData ( controlID, info[0])

... for errorhandling and further Information read a helpfile (of a Betaversion)

Thanks, I'll look into this.

In your Run() statement, pipe tasklist into Find

When you use the "find" command, it will list the text from the entire line.

Thanks for all the input so far! ;)

Link to comment
Share on other sites

  • 2 weeks later...

From the FM:

; List just *.exe processes
$list = ProcessList("*.exe")
for $i = 1 to $list[0][0]
  msgbox(0, $list[$i][0], $list[$i][1])
next
Edited by jefhal
...by the way, it's pronounced: "JIF"... Bob Berry --- inventor of the GIF format
Link to comment
Share on other sites

with beta, set the $strComputer variable to the machine name, you'll get the process list from the remote machine if it is NT/2000/XP/2003 OS

CODE

#include <GUIConstants.au3>

#include <GuiListView.au3>

$MAIN_WINDOW = GUICreate("Process Info", 500, 500)

$lv_pid = GUICtrlCreateListView("PID|Name|Path", 5, 10, 490, 440, $LVS_SHOWSELALWAYS)

GUICtrlSendMsg($lv_pid, $LVM_SETEXTENDEDLISTVIEWSTYLE, $LVS_EX_FULLROWSELECT, $LVS_EX_FULLROWSELECT)

_GUICtrlListViewSetColumnWidth ($lv_pid, 0, 50)

_GUICtrlListViewSetColumnWidth ($lv_pid, 1, 10)

_GUICtrlListViewSetColumnWidth ($lv_pid, 2, 320)

If @OSTYPE = "WIN32_NT" Then

$wbemFlagReturnImmediately = 0x10

$wbemFlagForwardOnly = 0x20

$colItems = ""

$strComputer = @ComputerName

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

$colItems = $objWMIService.ExecQuery ("SELECT * FROM Win32_Process", "WQL", _

$wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) Then

For $objItem In $colItems

If $objItem.ExecutablePath Then

GUICtrlCreateListViewItem(Int($objItem.ProcessId) & "|" & $objItem.Caption & "|" & $objItem.ExecutablePath, $lv_pid)

Else

GUICtrlCreateListViewItem(Int($objItem.ProcessId) & "|" & $objItem.Caption & "| ", $lv_pid)

EndIf

Next

EndIf

Else

$a_pids = ProcessList()

$pid_path = ""

For $n = 1 To $a_pids[0][0]

$pid_path = GetProcessName95($a_pids[$n][1])

If $pid_path <> 1 Then

GUICtrlCreateListViewItem($a_pids[$n][1] & "|" & $a_pids[$n][0] & "|" & $pid_path, $lv_pid)

Else

GUICtrlCreateListViewItem($a_pids[$n][1] & "|" & $a_pids[$n][0] & "| ", $lv_pid)

EndIf

Next

EndIf

GUISetState(@SW_SHOW)

Dim $B_DESCENDING[_GUICtrlListViewGetSubItemsCount ($lv_pid) ]

_GUICtrlListViewSort ($lv_pid, $B_DESCENDING, 0)

While 1

$msg = GUIGetMsg()

Select

Case $msg = $GUI_EVENT_CLOSE

ExitLoop

Case $msg = $lv_pid

; sort the list by the column header clicked on

_GUICtrlListViewSort ($lv_pid, $B_DESCENDING, GUICtrlGetState($lv_pid))

EndSelect

WEnd

Func GetProcessName95(ByRef $PID)

Const $TH32CS_SNAPPROCESS = 0x00000002

Const $INVALID_HANDLE_VALUE = -1

Local $ToolHandle, $Process, $nRet

$ToolHandle = DllCall("kernel32.dll", "hwnd", "CreateToolhelp32Snapshot", "int", $TH32CS_SNAPPROCESS, "int", 0)

If $ToolHandle[0] = $INVALID_HANDLE_VALUE Then Return ("" & SetError(1))

$Process = DllStructCreate("int;int;int;uint;int;int;int;int;int;char[260]")

DllStructSetData($Process, 1, DllStructGetSize($Process))

$nRet = DllCall("kernel32.dll", "int", "Process32First", "hwnd", $ToolHandle[0], "ptr", DllStructGetPtr($Process))

If $nRet[0] Then

Do

If DllStructGetData($Process, 3) = $PID Then

$nRet = DllStructGetData($Process, 10)

DllStructDelete($Process)

Return $nRet

EndIf

$nRet = DllCall("kernel32.dll", "int", "Process32Next", "hwnd", $ToolHandle[0], "ptr", DllStructGetPtr($Process))

Until Not $nRet[0]

EndIf

DllStructDelete($Process)

DllCall("kernel32.dll", "int", $ToolHandle[0])

SetError(1)

Return

EndFunc ;==>GetProcessName95

SciTE for AutoItDirections for Submitting Standard UDFs

 

Don't argue with an idiot; people watching may not be able to tell the difference.

 

Link to comment
Share on other sites

ive never seen an other extention then .exe

could you give us an example ?

Most commonly, a screen saver has the extension .scr and its occasionally possible to see it running if your PC is extremely busy and the process is still running but isn't obscuring the display. Alternatively, you could also log all running processes to a file while the screen saver is running and you will see it.

Its also possible to make an executable file "run itself".

  • Take the below AutoIt script:

    MsgBox(4096, "", "Test")
  • Compile the script.
  • Rename the compiled script to "Test.extension".
  • Right-click -> Open With -> Choose Program on the "Test.extension".
  • In the Open With dialog, select Browse.
  • Select "Test.extension" as the program to use to run the file. This may require directory navigation.
  • While the message box "Test" is displayed (signifying that what we did just worked), look at Task Manager and you will see "Test.extension" listed.
A practical application that will have a process running without the .exe extension is Kazaa Lite K++. It has a process running called "KazaaLite.kpp".

So, contrary to popular misconception, the file extension .exe is not significant to Windows to determine executable files. What is important is how the registry entry is set up for a .exe file when the shell encounters it. The magic of double clicking an executable file comes from the registry (Just like every other file type registered) and not from the format of the file. The file extension is irrelevant; all that matters is if the file is a valid Windows binary. If it is, then it can be run regardless of its extension. It just may not be as "convenient" as double clicking it (Though it is possible to set that up as well).

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...