drlynch

Hello everyone. I return to the forum to ask a technical question. An example: I have three functions created in AutoIT: a process that creates a restore point, another process that creates a copy of the registry, and another process that looks for a directory to perform a certain action. The question is simple: Does AutoIT perform the execution of processes one by one? That is, until the process of creating the restore point is finished, will it not begin to copy the registry? Is the best option and only option to know if the function finished successfully, is to use @error flag? I've used GUICtrlCreateLabel, so I guess all I would have to do to inform the user that a process is running is right at the end of the process, update the label. Thank you so much.

Hello, TheXman. Sorry for not responding as fast as I should, but I was trying to perform some tests that finally didn't work. I've tried _PathSplit, along with ProcessList, ProcessExists and _WinAPI_GetProcessFileName. I was trying to get the ID with ProcessList, and then from that ID get the path of the running processes. But in tests I've done, they didn't work. The IDs of the Processes showed me perfectly, together with the name of the process, but some processes did not show any path, and other processes did show the path correctly. I've been looking for a reason why this might be happening, but couldn't find it. In any case, your code is completely different from what I had done. I am surprised by your code. It's great. I have to study all those lines of code, because as you tell me, there are many that I don't know. I have no words to thank you for that code. You are a master. I wish there were more people like you in other communities, to help beginners like me. If I can't find information about some lines of your code, and I have some doubts, I'll let you know. And don't worry, I'm not going to publish any tool without doing a lot of testing first. In the end I am taking this as a way of learning, because I am really at the base of learning AutoIT. I'll keep you informed. Greetings and thousands of thanks.

Hello, TheXman You are very kind to me. Thank you for your words, because this makes me feel at home. Helping beginners is somewhat difficult, because we want to do things too fast, without even knowing the documentation. Serious mistake. I will briefly respond to some of your comments. I use tools like Farbar to help users remove all kinds of malware, as well as anti-malware like MalwareBytes, AdwCleaner, etc. The problem is that the malware that I am trying to eradicate is only affecting a certain country or countries (I understand that there is some illegal software download website that is distributing this malware). I have reported to Google (VirusTotal) and sent a sample of the file to Microsoft. But it doesn't appear that they have taken action against the malware. I have yet to report MalwareBytes for example, but in any case there are already reversing technical docs of some of the variants of this malware. I guess some reversing experts will have already done it. Of course, my intention is not to create a definitive removal tool, because I would have to use later a more effective study with Farbar for example, but to at least try to eliminate the most vital processes of the malware. The best thing would be to check the signature of the files, the hashes, etc.; but I would do this in a later step if I got a breakthrough in this first phase of development. The first option that occurred to me was to use C# or Python, but AutoIT seemed like a quick option. This is more of a way of learning. If the tool, once tested on various own computers, works, it could help some users. Sorry, I thought @TempDir would remove temporary files, but of course, it makes sense that @TempDir simply contains the value of the TEMP environment variable. Honestly, I didn't even check the folder that AutoIT creates when it installs. I directly went to the code editor. From now on, I'm going to go much slower with all of this, because I don't want to make any more mistakes. I don't want to bother you We all have many things to do on a daily basis, and your answers have helped me understand that the answers I am looking for, I will not find directly in a search in the forum. At least, code that may be out of date. Thank you for your answers so elaborate, and with so much good information. You have been very helpful. I will try to test and test, before I ask again. All the best.

Thanks for your help Nine and TheXman. You are awesome I am beginner in AutoIT. So I'm making serious mistakes. I'm sorry for that. I am now reviewing the updated documentation, and not looking at older information. I am trying to develop a tool to remove a malware, at least the processes, files and registry entries, that this malware creates in all the cases that I am collecting. So, I reply to TheXman: 1) Wow!!!, Excellent. Fixed that GetUser() function, using only the @UserName instruction. 2) Yes indeed I could just delete all temporary files. And this would be a solution. But now comes my doubt. The malware creates files that remain running all the time. One of those processes appears in the temporary path that I indicated above, and I want to close that process, and then remove the file. I don't know if, when using the @TempDir macro to delete temporary files, this macro would be able to close the process that is active. The file that the malware creates in this directory has a random name, so I can't stop it directly without knowing its name. Logically, this would run the risk of the user having some other temporary file of their own running, so the tool should prompt the user to close all programs he is using. I understand anyway, that if I delete the temporary files, the same problem could occur, if the macro is actually able to stop the running files. 3) It has all the logic, what you tell me. Then I'm going to do some tests and see if I get any progress. 4) Thank you very much for the detailed explanation that you offer me. I definitely have to practice with arrays and ubound(), to get the data I need. 5) I fully understand what you are telling me. Sure, my code is a mess, but by testing and testing and not having success with anything, I eventually end up creating totally inconsistent code. Trying to solve this in the quickest and shortest way is a bad idea of course. 6) You are also absolutely right. Actually, now I'm reviewing information about @error in some forum posts. 7) A few hours ago, I checked that according to the documentation, I should probably use WinAPI_GetProcessFileName(). By the way, one question, is there any way to check the content of the .au3 files, which we import from the #include.? I just don't really have that Process.au3 file. Maybe I copied the code from a post, and a user had created that file for private use. Thanks a million for your help. It's not common to find people helping novice users. I will try to advance in the code, and if I have any additional questions, I will ask you again if it is not too much trouble.

Hello everyone: I return to the forum to see if any crack/teacher can offer me help for a code that doesn't work for me because it doesn't seem to do anything I require. I would like to kill any processes running in Task Manager, that are running from the location C:\Users\UserName\AppData\Temp I have this code: Func GetUsername() Local $sUserName = @UserName Return $sUserName EndFunc ;==>GetUsername Func StopProcessesInTempFolder() ; Get the username of the system. Local $sUserName = GetUsername() ; Get the path of the Temp folder for the current user. Local $sTempFolder = "C:\Users\" & $sUserName & "\AppData\Local\Temp\" ; Get the list of processes running in the Task Manager. Local $aProcesses = ProcessList() ; Create an array to store the names of the stopped files. Local $aStoppedFiles[1] ; Loop through the list of processes. For $i = 1 To $aProcesses ; Get the path of the executable file for the current process. Local $sProcessPath = ProcessGetPath($aProcesses[$i][1]) ; Check if the executable file is located in the Temp folder. If StringLeft($sProcessPath, StringLen($sTempFolder)) = $sTempFolder Then ; Stop the current process. ProcessClose($aProcesses[$i][1]) ; Add the name of the stopped file to the array. Local $sStoppedFile = StringTrimLeft($sProcessPath, StringLen($sTempFolder)) _ArrayAdd($aStoppedFiles, $sStoppedFile) EndIf Next ; Add a line of text to the beginning of the informe.txt file. Local $hFile = FileOpen("report.txt", 2) FileWriteLine($hFile, "CLOSED PROCESSES") ; Create an external report file that lists the names of the stopped files. ;Global Const $FO_OVERWRITE = 2 ;$hFile = FileOpen("report.txt", $FO_OVERWRITE) For $i = 1 To UBound($aStoppedFiles) - 1 FileWriteLine($hFile, $aStoppedFiles[$i]) Next FileClose($hFile) ; Set the value of the @error macro to indicate success. SetError(0) Return True EndFunc ;==>StopProcessesInTempFolder I have some lines commented out in the StopProcessInTempFolder() function, because it gave me a double constant declaration error. Also the ProcessGetPath() function, is flagged as error, but I guess it's because when compiling is when the compiler takes : #include <Process.au3> and #include <Array.au3> But anyway, I have two problems: - The code does not close any process that I have running in the directory C:\Users\" & $sUserName & "\AppData\Local\Temp\ - The code does not write me in the txt file, which closes any process, although it does write me the text line: CLOSED PROCESSES If anyone can think of what could be failing, or some code to close the processes of a certain folder, I would be grateful. Greetings and thank you.

Pardon by the phrase: "In Windows 11 you would have to try it.", I meant "In Windows 11 I would have to try it", it was a translator error. I can't seem to edit or delete posts so sorry for the mistake.

Wooow!!!, Perfect!!! Great!!! In Windows 10 the test that I have done seems to have worked correctly. In Windows 11 you would have to try it. I don't know if being in an Insider Canary version, perhaps the System creates Updates and Restore Points quite regularly, perhaps it is limited by that registry key that seems to not allow creating restore points in less than 24 hours. Thank you very much for everything ioa747. You are a master I will update with information to serve other users.

Hello everyone and thanks for reading the message. I'm trying to create a simple program, but I would first need to create a System Restore Point. For example, I would like to have a simple button in a window, which when clicked on it, creates the restore point and tells me if it could be done or not. The problem I find is that the code provided by Chimaera and Venom007 does not work for me on Windows 10/11. I have read that you have to make a modification in the registry to create Restore Points in less than 24 hours, or that the Restore Point can only be created by rebooting the System, but I am not clear in the end what is really the solution that I have to use. If anyone knows some code or can give me some information on what I would have to do to make Windows allow me to create that Restore Point, I would be grateful. Thank you so much.