Sign in to follow this  
Followers 0
nlgma

Process Control

2 posts in this topic

I've been kicking around this script for a few weeks. It's not much but it kind of gives you and Idea of what I'm trying to do. I keep running in to little issues here and there. I would like to know if it's wroth the time to script or should I just download something ?

To list a few things I want it to do:

1. List all running Processes

2. Go to a site an scrape data about the Processes (processlibrary.com)

3. Create a white list of allowed Processes

4. Create a black list of blocked Processes

5. Warning for all other Processes

#include <GuiConstantsEx.au3>
#include <GuiListView.au3>
#include <GuiImageList.au3>
#include <Array.au3>

_Main()

Func _Main()

    GUICreate("List Process and PID", 400, 400)
    Global $hListView = GUICtrlCreateListView("", 2, 2, 394, 180)
    _GUICtrlListView_SetExtendedListViewStyle($hListView, BitOR($LVS_EX_FULLROWSELECT, $LVS_EX_CHECKBOXES))

    Global $hListKill = GUICtrlCreateListView("", 2, 222, 394, 140)
    _GUICtrlListView_SetExtendedListViewStyle($hListKill, BitOR($LVS_EX_FULLROWSELECT, $LVS_EX_CHECKBOXES))

    Global $Add_White = GUICtrlCreateButton("Add to White list", 5, 375, 100, 20)
    Global $Add_Black = GUICtrlCreateButton("Add to Black list", 125, 375, 100, 20)
    Global $Kill = GUICtrlCreateButton("Kill", 250, 375, 50, 20)
    GUISetState()

    ; Add columns
    _GUICtrlListView_AddColumn($hListView, "Process", 100)
    _GUICtrlListView_AddColumn($hListView, "PID", 100)
    _GUICtrlListView_SetColumnWidth($hListView, 1, 50)
    _GUICtrlListView_AddColumn($hListView, "Executable Path", 100)
    _GUICtrlListView_SetColumnWidth($hListView, 2, 250)

    ; Add columns
    _GUICtrlListView_AddColumn($hListKill, "Process", 100)
    _GUICtrlListView_AddColumn($hListKill, "PID", 100)
    _GUICtrlListView_SetColumnWidth($hListKill, 1, 50)
    _GUICtrlListView_AddColumn($hListKill, "Executable Path", 100)
    _GUICtrlListView_SetColumnWidth($hListKill, 2, 250)

    SplashTextOn("Process List Properties...", "Please wait ...", 200, 50)
    Global $avRET = _ProcessListProperties()
    $hImage = _GUIImageList_Create(16, 16, 5, $avRET[0][0])

    Global $o = 0
    For $i = 1 To $avRET[0][0]
        _GUICtrlListView_AddItem($hListView, $avRET[$i][0], $o)
        _GUICtrlListView_AddSubItem($hListView, $o, $avRET[$i][1], 1)
        _GUICtrlListView_AddSubItem($hListView, $o, $avRET[$i][5], 2)
        $o = $o + 1
    Next
    SplashOff()
EndFunc   ;==>_Main
Global $o = 0
While 1
    $msg = GUIGetMsg()
    Select
        Case $msg = $GUI_EVENT_CLOSE
            Exit
        Case $msg = $Add_White
            For $i = 1 To $avRET[0][0]
                If _GUICtrlListView_GetItemChecked($hListView, $i) = True Then
                    MsgBox(0, _GUICtrlListView_GetItemText($hListView, $i), _GUICtrlListView_GetItemChecked($hListView, $i))
                    ;Add Selected Items to White List
                EndIf
            Next
        Case $msg = $Add_Black
            For $i = 1 To $avRET[0][0]
                If _GUICtrlListView_GetItemChecked($hListView, $i) = True Then
                    $aItem = _GUICtrlListView_GetItemTextArray($hListView, $i)
                    _GUICtrlListView_BeginUpdate($hListKill)
                    _GUICtrlListView_AddItem($hListKill, $aItem[1], 0)
                    _GUICtrlListView_AddSubItem($hListKill, $o, $aItem[2], 1)
                    _GUICtrlListView_AddSubItem($hListKill, $o, $aItem[3], 2)
                    _GUICtrlListView_SetItemChecked($hListView, $i, False)
                    _GUICtrlListView_EndUpdate($hListKill)
                    $o = $o + 1
                EndIf
            Next
        Case $msg = $Kill
            For $i = 1 To $avRET[0][0]
                If _GUICtrlListView_GetItemChecked($hListKill, $i) = True Then
                    SplashTextOn("Process Killing...", "Please wait ...", 200, 50)
                    $aItem = _GUICtrlListView_GetItemTextArray($hListKill, $i)
                    If ProcessExists($aItem[1]) Then
                        ;Do
                        ;   ProcessClose($aItem[1])
                        ;Until ProcessExists($aItem[1]) = 0
                        SplashOff()
                    EndIf

                EndIf
            Next
    EndSelect
WEnd

    ;===============================================================================
    ; Function Name:    _ProcessListProperties()
    ; Description:   Get various properties of a process, or all processes
    ; Call With:       _ProcessListProperties( [$Process [, $sComputer]] )
    ; Parameter(s):  (optional) $Process - PID or name of a process, default is "" (all)
    ;          (optional) $sComputer - remote computer to get list from, default is local
    ; Requirement(s):   AutoIt v3.2.4.9+
    ; Return Value(s):  On Success - Returns a 2D array of processes, as in ProcessList()
    ;            with additional columns added:
    ;            [0][0] - Number of processes listed (can be 0 if no matches found)
    ;            [1][0] - 1st process name
    ;            [1][1] - 1st process PID
    ;            [1][2] - 1st process Parent PID
    ;            [1][3] - 1st process owner
    ;            [1][4] - 1st process priority (0 = low, 31 = high)
    ;            [1][5] - 1st process executable path
    ;            [1][6] - 1st process CPU usage
    ;            [1][7] - 1st process memory usage
    ;            [1][8] - 1st process creation date/time = "MM/DD/YYY hh:mm:ss" (hh = 00 to 23)
    ;            [1][9] - 1st process command line string
    ;            ...
    ;            [n][0] thru [n][9] - last process properties
    ; On Failure:      Returns array with [0][0] = 0 and sets @Error to non-zero (see code below)
    ; Author(s):        PsaltyDS at http://www.autoitscript.com/forum
    ; Date/Version:   12/01/2009  --  v2.0.4
    ; Notes:            If an integer PID or string process name is provided and no match is found,
    ;            then [0][0] = 0 and @error = 0 (not treated as an error, same as ProcessList)
    ;          This function requires admin permissions to the target computer.
    ;          All properties come from the Win32_Process class in WMI.
    ;            To get time-base properties (CPU and Memory usage), a 100ms SWbemRefresher is used.
    ;===============================================================================

Func _ProcessListProperties($Process = "", $sComputer = ".")
    Local $sUserName, $sMsg, $sUserDomain, $avProcs, $dtmDate
    Local $avProcs[1][2] = [[0, ""]], $n = 1

    ; Convert PID if passed as string
    If StringIsInt($Process) Then $Process = Int($Process)

    ; Connect to WMI and get process objects
    $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy, (Debug)}!\\" & $sComputer & "\root\cimv2")
    If IsObj($oWMI) Then
        ; Get collection processes from Win32_Process
        If $Process == "" Then
            ; Get all
            $colProcs = $oWMI.ExecQuery("select * from win32_Process")
        ElseIf IsInt($Process) Then
            ; Get by PID
            $colProcs = $oWMI.ExecQuery("select * from win32_Process where ProcessId = " & $Process)
        Else
            ; Get by Name
            $colProcs = $oWMI.ExecQuery("select * from win32_Process where Name = '" & $Process & "'")
        EndIf

        If IsObj($colProcs) Then
            ; Return for no matches
            If $colProcs.count = 0 Then Return $avProcs

            ; Size the array
            ReDim $avProcs[$colProcs.count + 1][10]
            $avProcs[0][0] = UBound($avProcs) - 1

            ; For each process...
            For $oProc In $colProcs
                ; [n][0] = process name
                $avProcs[$n][0] = $oProc.name
                ; [n][1] = process PID
                $avProcs[$n][1] = $oProc.ProcessId
                ; [n][2] = Parent PID
                $avProcs[$n][2] = $oProc.ParentProcessId
                ; [n][3] = Owner
                If $oProc.GetOwner($sUserName, $sUserDomain) = 0 Then $avProcs[$n][3] = $sUserDomain & "\" & $sUserName
                ; [n][4] = Priority
                $avProcs[$n][4] = $oProc.Priority
                ; [n][5] = Executable path
                $avProcs[$n][5] = $oProc.ExecutablePath
                ; [n][8] = Creation date/time
                $dtmDate = $oProc.CreationDate
                If $dtmDate <> "" Then
                    ; Back referencing RegExp pattern from weaponx
                    Local $sRegExpPatt = "\A(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(?:.*)"
                    $dtmDate = StringRegExpReplace($dtmDate, $sRegExpPatt, "$2/$3/$1 $4:$5:$6")
                EndIf
                $avProcs[$n][8] = $dtmDate
                ; [n][9] = Command line string
                $avProcs[$n][9] = $oProc.CommandLine

                ; increment index
                $n += 1
            Next
        Else
            SetError(2); Error getting process collection from WMI
        EndIf
        ; release the collection object
        $colProcs = 0

        ; Get collection of all processes from Win32_PerfFormattedData_PerfProc_Process
        ; Have to use an SWbemRefresher to pull the collection, or all Perf data will be zeros
        Local $oRefresher = ObjCreate("WbemScripting.SWbemRefresher")
        $colProcs = $oRefresher.AddEnum($oWMI, "Win32_PerfFormattedData_PerfProc_Process" ).objectSet
        $oRefresher.Refresh

        ; Time delay before calling refresher
        Local $iTime = TimerInit()
        Do
            Sleep(50)
        Until TimerDiff($iTime) >= 100
        $oRefresher.Refresh

        ; Get PerfProc data
        For $oProc In $colProcs
            ; Find it in the array
            For $n = 1 To $avProcs[0][0]
                If $avProcs[$n][1] = $oProc.IDProcess Then
                    ; [n][6] = CPU usage
                    $avProcs[$n][6] = $oProc.PercentProcessorTime
                    ; [n][7] = memory usage
                    $avProcs[$n][7] = $oProc.WorkingSet
                    ExitLoop
                EndIf
            Next
        Next
    Else
        SetError(1); Error connecting to WMI
    EndIf

    ; Return array
    Return $avProcs
EndFunc   ;==>_ProcessListProperties

Share this post


Link to post
Share on other sites



I like the idea of the white/black lists. You're welcome to check out my process manager for ideas. It is not designed for the direction you're going with your project, but it will certainly give you some useful tidbits to build off of. You can get the source here: http://www.pulsarsoftware.net/Download/Source/PM_1.0_Source.zip

Search the forums for the CompInfo.au3 UDF.

I'd keep at it, its always worth pushing through all those little issues to get to a nice working script.


[u]You can download my projects at:[/u] Pulsar Software

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0