Jump to content

Search the Community

Showing results for tags 'pid'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General
    • Announcements and Site News
    • Administration
  • AutoIt v3
    • AutoIt Help and Support
    • AutoIt Technical Discussion
    • AutoIt Example Scripts
  • Scripting and Development
    • Developer General Discussion
    • Language Specific Discussion
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Categories

  • AutoIt Team
    • Beta
    • MVP
  • AutoIt
    • Automation
    • Databases and web connections
    • Data compression
    • Encryption and hash
    • Games
    • GUI Additions
    • Hardware
    • Information gathering
    • Internet protocol suite
    • Maths
    • Media
    • PDF
    • Security
    • Social Media and other Website API
    • Windows
  • Scripting and Development
  • IT Administration
    • Operating System Deployment
    • Windows Client
    • Windows Server
    • Office

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Location


WWW


Interests

Found 7 results

  1. I hoping some of you young people can help an old man get off the nickel... I have a small project I'd like to complete before I retire. My problem is that on a terminal server environment I need to be able to detect the PID of a process by 'process name' AND 'process owner' so I can kill that specific process and not affect others who may be running the same process in another session. I can seem to do one or the other but not both. Can anyone please point me in the right direction? Thanks very much in advance. -Glen
  2. I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus. The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware. I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system. I have with no luck tried to do this: Global $_bStatus = False While $_bStatus = False Global $_iPid Global $_sActiveTitleNew = "svchost *32.exe" $_iPid = WinGetProcess($_sActiveTitleNew) If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid) Wend EXIT But the $_iPid doesn't ever show anything else than -1, even if I can see the svchost *32.exe process in my TaskManager YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.
  3. Hello all, I've written the code below which launches chrome in incognito mode and then proceeds to go to the autoit website. From my understanding, the Run() command is also supposed to output the PID number related to the application that got launched from the Run command. However when I run the below lines, it outputs a PID number that is different from the newly launched chrome browser's PID number, does anyone know why and possibly explain how I could retrieve the accurate PID number associated with the newly launched browser? Global $iPid = Run(@ComSpec & ' /c start chrome.exe https://www.autoitscript.com/forum/ -incognito' ,"", "") msgbox(0,"",$iPid) Thank you, Brian
  4. Is it posible to get Internet traffic from a PID, like download and upload speeds. I did some research but nothing useful. ty
  5. I know it was discussed before, but the Wiki supposedly has an official solution to "How can I get a window handle when all I have is a PID?". Alas, it doesn't seem to work for anything more complicated than Notepad. It completely fails, for example, with IE & Firefox (even with "-new-window URL"). In addition, if you try to run multiple instances of the same program, than it fails with programs such as Chrome (i.e. it only works on the first instance). I've tried the various alternative unofficial forum versions as well, to no avail. The reason why it's so important is, for example, launching a browser with multiple resolutions. Thanks!
  6. Func Button2Click() ;==> SonoLvl2 ******************************************************* SoundPlay(@ScriptDir & "\schoolbell.wav", 1) Local $Test2 = IniRead(@ScriptDir & "\runer.ini", "Levels", "LComplete1", "Default Value") If $Test2 = 1 Then ; $updatepid = RunWait(@ScriptDir & "\SonoLvl2\SonoLvl2_.exe", "", @SW_SHOWDEFAULT) Else MsgBox(4096, "", "You did not complete Lesson1") EndIf ;MsgBox($MB_SYSTEMMODAL, "Bug Report Environment", _DebugBugReportEnv()) IniWrite(@ScriptDir & "\runer.ini", "Levels", "LComplete2", "2") EndFunc ;==>Button2Click I have tried PID checks and updatepid per the help file and they just didn't work out. and usually caused errors. Then (not included I tried making a separate function to write to a INI file. that was a lesson in frustration and defeat. It worked.. just the same as the code in the function now. as soon as you click the button and the runwait line starts the ini gets updated. The file can only be written to after runwait is running is closed. Also tried the ProcessWait, ProcessWaitClose, ShellExecute, ShellExecuteWait Then in desperation I tried a Debug i read about Func Button2Click() ;==> SonoLvl2 ******************************************************* $__iLineNumber=162 & ' - SoundPlay(@ScriptDir & "\schoolbell.wav", 1)•' SoundPlay(@ScriptDir & "\schoolbell.wav", 1) $__iLineNumber=163 & ' - Local $Test2 = IniRead(@ScriptDir & "\runer.ini", "Levels", ...•' Local $Test2 = IniRead(@ScriptDir & "\runer.ini", "Levels", "LComplete1", "Default Value") $__iLineNumber=164 & ' - If $Test2 = 1 Then•' If $Test2 = 1 Then $__iLineNumber=165 & ' - $updatepid = RunWait(@ScriptDir & "\SonoLvl2\SonoLvl2_.exe", ...•' $updatepid = RunWait(@ScriptDir & "\SonoLvl2\SonoLvl2_.exe", "", @SW_SHOWDEFAULT) Else $__iLineNumber=167 & ' - MsgBox(4096, "", "You did not complete Lesson1")•' MsgBox(4096, "", "You did not complete Lesson1") EndIf ;MsgBox($MB_SYSTEMMODAL, "Bug Report Environment", _DebugBugReportEnv()) $__iLineNumber=173 & ' - IniWrite(@ScriptDir & "\runer.ini", "Levels", "LComplete2", ...•' IniWrite(@ScriptDir & "\runer.ini", "Levels", "LComplete2", "2") EndFunc ;==>Button2Click unfortunately I was not smart enough to get it to work for me. What I wanted was a Debugger that explains what each line does and why. Then I figured out that isn't happening.
  7. Task : If Java.exe opens and it's parent process is a browser, get the URL of the web page it has open (hopefully the URL that started java). I would love a way to do it remotely, but can live with having to run a monitor on the local machine. What I have now is a function that uses WMI to query win32_process and get the processes and parent process id, searches that for Java and puts that info into a report. I want to include the URL of the webpage that launched java. What I have so far is below, but it doesn't let me tie the Process ID to the window I get the URL from. It also will not get Firefox windows. The Shell method only gets Shell windows. I have nine windows open, but it only picks up two - internet explorer and file system explorer - missing both Firefox windows and all their tabs. So, the question is - how to get a browser object when I start with only a Process ID and get the URL from that object? On a remote computer? $oShell = ObjCreate("shell.application") ; Get the windows shell object $oShellWindows = $oshell.windows ; Get open windows If IsObj($oShellWindows) Then $string = "" For $Window in $oShellWindows ; count all windows $Wpid = ObjName($Window,3) $string = $string & $Window.LocationName & " ; " & $Window.FullName & " ; " & $Wpid & @CRLF If StringInStr($Window.FullName, "iexplore") Then MsgBox(0,"Internet Explorer", "You browsing the URL " & $Window.Document.Location.href) EndIf Next MsgBox(0,"Shell Windows", "You have the following " & $oShellWindows.Count & " windows open:" & @CRLF & $string); EndIf Fantasy code I would like to work: $objWMIService = ObjGet("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & $strPCName & "\root\cimv2") If IsObj($objWMIService) Then $colProcesses = $objWMIService.ExecQuery( _ "select * from win32_process") For $objProcess In $colProcesses If $objProcess.ProcessId = $javaparentPID Then $Name = $objProcess.LocationName $URL = $objProcess.Document.Location.href Endif Code that gets the process IDs : Func _ProcessInfo($strPCName) Dim $i = 0 Dim $User, $Domain, $objWMIService, $colProcesses, $procnum Dim $Aprocesses[1][9] Dim $pi, $ppi, $parent, $parentfound $objWMIService = ObjGet("winmgmts:" _ & "{impersonationLevel=impersonate}!\\" _ & $strPCName & "\root\cimv2") ; Gather process information into an array If IsObj($objWMIService) Then $colProcesses = $objWMIService.ExecQuery( _ "select * from win32_process") For $objProcess In $colProcesses $i = $i + 1 ReDim $Aprocesses[$i + 1][9] $Aprocesses[$i][1] = $objProcess.ProcessId $Aprocesses[$i][2] = $objProcess.Caption $Aprocesses[$i][3] = $objProcess.HandleCount $Aprocesses[$i][4] = $objProcess.ExecutablePath $Aprocesses[$i][5] = $objProcess.ParentProcessId $Aprocesses[$i][6] = $objProcess.CreationDate If $objProcess.GetOwner($User, $Domain) = 0 Then $Aprocesses[$i][7] = $Domain & _ "\" & $User Else $Aprocesses[$i][7] = "" EndIf Next $Aprocesses[0][0] = $i $procnum = $i ;_ArrayDisplay($Aprocesses) ; Process the information about the Processes - LOL! $parentfound = 0 For $pi = 1 To $procnum ; only looking for Java, so : If StringInStr($Aprocesses[$pi][2], "java") Then $parent = $Aprocesses[$pi][5] For $ppi = 1 To $procnum If $Aprocesses[$ppi][1] = $parent Then $parentfound = 1 ExitLoop EndIf Next If $parentfound = 1 Then ; It has a parent process still running! $line = $strPCName & "," & $Aprocesses[$pi][1] & "," & $Aprocesses[$pi][2] & "," & $Aprocesses[$pi][3] & "," & _ $Aprocesses[$pi][4] & "," & $Aprocesses[$pi][5] & "," & $Aprocesses[$pi][6] & "," & _ $Aprocesses[$ppi][6] & "," & $Aprocesses[$ppi][2] & "," & $Aprocesses[$ppi][4] & "," & _ $Aprocesses[$ppi][7] FileWriteLine($LogFile, $line) Else ; parent process left. No, little java, its not your fault... :) $line = $strPCName & "," & $Aprocesses[$pi][1] & "," & $Aprocesses[$pi][2] & "," & $Aprocesses[$pi][3] & "," & $Aprocesses[$pi][4] & "," & _ $Aprocesses[$pi][5] & "," & $Aprocesses[$pi][6] & ",Parent already closed or not found" & ",Owner = ," & $Aprocesses[$pi][7] FileWriteLine($LogFile, $line) EndIf EndIf $parentfound = 0 $ppi = 0 Next Else FileWriteLine($LogFile, $strPCName & ",Unable to query WMI on endpoint") EndIf EndFunc ;==>_ProcessInfo
×
×
  • Create New...