JoMeKa Posted March 23, 2012 Share Posted March 23, 2012 Hi! well first i make thes simple script #include <GUIConstantsEx.au3> #include <GUIListBox.au3> #include <WindowsConstants.au3> #Region ### START Koda GUI section ### Form= $Form1_1 = GUICreate("Process", 318, 399, 192, 124) $List1 = GUICtrlCreateList("", 0, 0, 313, 396) $list = ProcessList() for $i = 1 to $list[0][0] GUICtrlSetData(-1, $list[$i][0]) next $List1context = GUICtrlCreateContextMenu($List1) $MenuItem3 = GUICtrlCreateMenuItem("Close", $List1context) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit EndSwitch WEnd i want icon of process show with the process if thes Possible and i want to make order to the process like close the process how i can do that i wish you understand my Request and sooory for my bad English Link to comment Share on other sites More sharing options...
Skitty Posted March 23, 2012 Share Posted March 23, 2012 (edited) there are several ways, in this I use a function that checks if a file has Icon resources using modified code taken from a user named trancexx, which will enumerate a PE files resource types, if the PE file has resource type 14 RT_GROUP_ICON then it most likely has an icon, a faster method would be to use a dll that manko created, google prodller if you don't like using this method in pure autoit. expandcollapse popup#AutoIt3Wrapper_AU3Check_Parameters=-d -w 2 -w 4 -w 6 #include <GUIConstantsEx.au3> #include <GUIListBox.au3> #include <WindowsConstants.au3> #include <Array.au3> Global $TLV = False;True Global $ARRAY_MODULE_STRUCTURE[1] Global $global_types_count Global $iPopulateArray Global Const $tag_SYSTEM_THREADS = "double KernelTime;" & _ "double UserTime;" & _ "double CreateTime;" & _ "ulong WaitTime;" & _ "ptr StartAddress;" & _ "dword UniqueProcess;" & _ "dword UniqueThread;" & _ "long Priority;" & _ "long BasePriority;" & _ "ulong ContextSwitchCount;" & _ "long State;" & _ "long WaitReason" Global Const $tag_SYSTEM_PROCESSES = "ulong NextEntryDelta;" & _ "ulong Threadcount;" & _ "ulong[6];" & _ ; Reserved... "double CreateTime;" & _ "double UserTime;" & _ "double KernelTime;" & _ "ushort Length;" & _ ; unicode string length "ushort MaximumLength;" & _ ; also for unicode string "ptr ProcessName;" & _ ; ptr to mentioned unicode string - name of process "long BasePriority;" & _ "ulong ProcessId;" & _ "ulong InheritedFromProcessId;" & _ "ulong HandleCount;" & _ "ulong[2];" & _ ;Reserved... "uint PeakVirtualSize;" & _ "uint VirtualSize;" & _ "ulong PageFaultCount;" & _ "uint PeakWorkingSetSize;" & _ "uint WorkingSetSize;" & _ "uint QuotaPeakPagedPoolUsage;" & _ "uint QuotaPagedPoolUsage;" & _ "uint QuotaPeakNonPagedPoolUsage;" & _ "uint QuotaNonPagedPoolUsage;" & _ "uint PagefileUsage;" & _ "uint PeakPagefileUsage;" & _ "uint64 ReadOperationCount;" & _ "uint64 WriteOperationCount;" & _ "uint64 OtherOperationCount;" & _ "uint64 ReadTransferCount;" & _ "uint64 WriteTransferCount;" & _ "uint64 OtherTransferCount" Global $hwnd Global $Datum Global Const $hPSAPI = DllOpen("psapi.dll") Global Const $hNTDLL = DllOpen("ntdll.dll") Global Const $hUSER32 = DllOpen("user32.dll") Global Const $hADVAPI32 = DllOpen("advapi32.dll") Global Const $hWTSAPI32 = DllOpen("wtsapi32.dll") Global Const $hKERNEL32 = DllOpen("kernel32.dll") DllCall($hNTDLL, "int", "RtlAdjustPrivilege", "int", 20, "int", 1, "int", 0, "int*", 0) Global Const $sSystemModule = _CV_SystemModuleInformation(); Trancexxs Connections viewer code _Init() Func _Init() Local $nMsg #Region ### START Koda GUI section ### Form= Local $Form1_1 = GUICreate("Process", 318, 399, -1, -1, BitOR(BitOR($WS_MINIMIZEBOX, $WS_CAPTION, $WS_POPUP, $WS_SYSMENU),$WS_MAXIMIZEBOX,$WS_SIZEBOX,$WS_THICKFRAME,$WS_TABSTOP)) Local $List1 = GUICtrlCreateListView("Process Name|PID|User|Path", 0, 0, 313, 396) DllCall($hUSER32, "lresult", "SendMessageW", "hwnd", GUICtrlGetHandle($List1), "uint", 0x1000 + 30, "wparam", 0, "lparam", 100) DllCall($hUSER32, "lresult", "SendMessageW", "hwnd", GUICtrlGetHandle($List1), "uint", 0x1000 + 30, "wparam", 3, "lparam", 500) Local $list = _WinAPI_ThreadnProcess() ;_ArrayDisplay($List) ;Exit for $i = 1 to UBound($List) - 1 $hwnd = GUICtrlCreateListViewItem('',$List1) GUICtrlSetData($hwnd,$list[$i][0]&"|"&$list[$i][1]&"|"&$list[$i][2]&"|"&$list[$i][3]) If $list[$i][2] == @UserName Then GUICtrlSetBkColor($hwnd, 0xD0D0FF) ElseIf StringInStr($list[$i][2],"Service",2) Then GUICtrlSetBkColor($hwnd, 0xFFD0D0) EndIf If $list[$i][6] Then GUICtrlSetBkColor($hwnd,0x808080) _ResEnum($list[$i][3], $hwnd) next Local $List1context = GUICtrlCreateContextMenu($List1) Local $MenuItem3 = GUICtrlCreateMenuItem("Terminate", $List1context) Local $Suspend = GUICtrlCreateMenuItem("Suspend", $List1context) Local $Resume = GUICtrlCreateMenuItem("Resume", $List1context) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $MenuItem3 $Datum = FetchListViewEntry($List1, 2) If Not ProcessExists($Datum[0]) Then GUICtrlDelete($Datum[0]) ContinueLoop EndIf If ProcessClose($Datum[0]) Then GUICtrlDelete($Datum[1]) Case $Resume $Datum = FetchListViewEntry($List1, 2) If Not ProcessExists($Datum[0]) Then GUICtrlDelete($Datum[0]) ContinueLoop EndIf If _ProcessResume($Datum[0]) Then $Datum = FetchListViewEntry($List1, 3) _Colorize($Datum[1],$Datum[0]) EndIf Case $Suspend $Datum = FetchListViewEntry($List1, 2) If Not ProcessExists($Datum[0]) Then GUICtrlDelete($Datum[0]) ContinueLoop EndIf If _ProcessSuspend($Datum[0]) Then GUICtrlSetBkColor($Datum[1],0x808080) EndSwitch WEnd EndFunc Func _Colorize($hwnd,$src) If $src == @UserName Then GUICtrlSetBkColor($hwnd, 0xD0D0FF) ElseIf StringInStr($src,"Service",2) Then GUICtrlSetBkColor($hwnd, 0xFFD0D0) Else GUICtrlSetBkColor($hwnd, 0xFFFFFF) EndIf EndFunc Func FetchListViewEntry($Hndl, $Item) If Not IsNumber($Item) Then Return SetError(1, 0, 0) $Item = $Item - 1 Local $String = GUICtrlRead(GUICtrlRead($Hndl)) Local $M = StringSplit($String, "|", 2) If @error Then Return SetError(2, 0, 0) Local $Ret[2] = [$M[$Item], GUICtrlRead($Hndl)] Return $Ret EndFunc ;==>FetchListViewEntry Func _WinAPI_ThreadnProcess() ;Function taken from a post by manko ;I'm using this due to its ability to ;detect suspended applications. Local $Ret = DllCall($hNTDLL, "int", "ZwQuerySystemInformation", "int", 5, "int*", 0, "int", 0, "int*", 0) Local $Mem = DllStructCreate("byte[" & $Ret[4] & "]") $Ret = DllCall($hNTDLL, "int", "ZwQuerySystemInformation", "int", 5, "ptr", DllStructGetPtr($Mem), "int", DllStructGetSize($Mem), "int*", 0) Local $aCall = DllCall($hWTSAPI32, "bool", "WTSEnumerateProcessesW", "handle", 0, "dword", 0, "dword", 1, "ptr*", 0, "dword*", 0) Local $SysProc = DllStructCreate($tag_SYSTEM_PROCESSES, $Ret[2]) Local $SysProc_ptr = $Ret[2] Local $SysProc_Size = DllStructGetSize($SysProc) Local $SysThread = DllStructCreate($tag_SYSTEM_THREADS) Local $SysThread_Size = DllStructGetSize($SysThread) Local $tWTS_PROCESS_INFO Local $buffer, $I, $M = 0, $NextEntryDelta, $k, $temp, $space Local $avArray[10000][8] While 1 $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _ "dword ProcessId;" & _ "ptr ProcessName;" & _ "ptr UserSid", _ $aCall[4] + $M * DllStructGetSize($tWTS_PROCESS_INFO)) ; looping thru structures $buffer = DllStructCreate("char[" & DllStructGetData($SysProc, "Length") & "]", DllStructGetData($SysProc, "ProcessName")) For $I = 0 To DllStructGetData($SysProc, "Length") - 1 Step 2 $avArray[$M][0] &= DllStructGetData($buffer, 1, $I + 1) Next If $avArray[$M][0] = "System" Then $avArray[$M][0] = $sSystemModule ; & " (System)" ; $avArray[$m][1] = DllStructGetData($SysProc, "ProcessId") ; $avArray[$m][2] = DllStructGetData($SysProc, "InheritedFromProcessId") ; $avArray[$m][3] = DllStructGetData($SysProc, "WorkingSetSize")/(1024) & " kB" ; $avArray[$m][4] = 1 ; We assume suspended. When we check the threads we change it. ; $avArray[$m][5] = _CV_AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid")) ; $avArray[$m][6] = DllStructGetData($SysProc, "ProcessId") $avArray[$M][1] = DllStructGetData($SysProc, "ProcessId") $avArray[$M][2] = _CV_AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid")) $avArray[$M][3] = _ProcessGetPath(DllStructGetData($SysProc, "ProcessId")) $avArray[$M][4] = DllStructGetData($SysProc, "InheritedFromProcessId") $avArray[$M][5] = DllStructGetData($SysProc, "CreateTime") $avArray[$M][6] = 1; We assume suspended. When we check the threads we change it. For $I = 0 To DllStructGetData($SysProc, "Threadcount") - 1 $SysThread = DllStructCreate($tag_SYSTEM_THREADS, $SysProc_ptr + $SysProc_Size + $I * $SysThread_Size) If DllStructGetData($SysThread, "WaitReason") <> 5 Then $avArray[$M][6] = 0; the process is not suspended! ExitLoop EndIf Next $NextEntryDelta = DllStructGetData($SysProc, "NextEntryDelta") If Not $NextEntryDelta Then ExitLoop $SysProc_ptr += $NextEntryDelta $SysProc = DllStructCreate($tag_SYSTEM_PROCESSES, $SysProc_ptr) $M += 1 WEnd ReDim $avArray[$M + 1][8] If $TLV Then $temp = $avArray $space = "" For $I = 1 To UBound($temp, 1) - 1 For $M = 0 To UBound($temp, 1) - 1 For $k = 1 To UBound($temp, 1) - 1 If $temp[$k][0] Then If ($I - $M) < 1 Then $space = "" $avArray[$I][0] = $temp[$k][0] $avArray[$I][1] = $temp[$k][1] $avArray[$I][2] = $temp[$k][2] $avArray[$I][3] = $temp[$k][3] $avArray[$I][4] = $temp[$k][4] $avArray[$I][5] = $temp[$k][5] $avArray[$I][6] = $temp[$k][6] $temp[$k][0] = 0 ContinueLoop 3 Else If $temp[$k][4] = $avArray[($I - $M - 1)][1] Then ;While 1; I have no idea what was going on here, but on certain machines, this would never exit. ; If $avArray[($I - $M - 1)][1] < 5 Then ExitLoop ; If $temp[$k][2] > $avArray[($I - $M - 1)][2] Then ExitLoop ;WEnd $space = "" For $l = 1 To $avArray[($I - $M - 1)][7] + 1 $space &= " " Next $avArray[$I][0] = $space & $temp[$k][0] $avArray[$I][1] = $temp[$k][1] $avArray[$I][2] = $temp[$k][2] $avArray[$I][3] = $temp[$k][3] $avArray[$I][4] = $temp[$k][4] $avArray[$I][5] = $temp[$k][5] $avArray[$I][6] = $temp[$k][6] $avArray[$I][7] = $avArray[($I - $M - 1)][7] + 1 $temp[$k][0] = 0 ContinueLoop 3 EndIf EndIf EndIf Next Next Next $temp = 0 EndIf For $I = 0 To UBound($avArray, 1) - 1 $avArray[$I][5] = '' Next ReDim $avArray[UBound($avArray, 1)][7] Return $avArray EndFunc ;==>_WinAPI_ThreadnProcess Func _ProcessSuspend($Process) Local $processid = ProcessExists($Process) If $processid Then Local $ai_Handle = DllCall($hKERNEL32, 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $processid) Local $i_sucess = DllCall($hNTDLL, "int", "NtSuspendProcess", "int", $ai_Handle[0]) DllCall($hKERNEL32, 'ptr', 'CloseHandle', 'ptr', $ai_Handle[0]) If IsArray($i_sucess) Then Return SetError(0,0,True) Else Return SetError(1,0,False) EndIf Else Return SetError(2,0,False) EndIf EndFunc ;==>_ProcessSuspend Func _ProcessResume($Process) Local $processid = ProcessExists($Process) Local $ai_Handle, $i_sucess If $processid Then $ai_Handle = DllCall($hKERNEL32, 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $processid) $i_sucess = DllCall($hNTDLL, "int", "NtResumeProcess", "int", $ai_Handle[0]) DllCall($hKERNEL32, 'ptr', 'CloseHandle', 'ptr', $ai_Handle[0]) If IsArray($i_sucess) Then Return SetError(0,0,True) Else Return SetError(1,0,False) EndIf Else Return SetError(2,0,False) EndIf EndFunc ;==>_ProcessResume Func _CV_SystemModuleInformation() Local $aCall = DllCall($hNTDLL, "long", "NtQuerySystemInformation", _ "dword", 11, _ ; SystemModuleInformation "ptr", 0, _ "dword", 0, _ "dword*", 0) If @error Then Return SetError(1, 0, "") Local $iSize = $aCall[4] Local $tBufferRaw = DllStructCreate("byte[" & $iSize & "]") Local $pBuffer = DllStructGetPtr($tBufferRaw) $aCall = DllCall($hNTDLL, "long", "NtQuerySystemInformation", _ "dword", 11, _ ; SystemModuleInformation "ptr", $pBuffer, _ "dword", $iSize, _ "dword*", 0) If @error Then Return SetError(2, 0, "") Local $pPointer = $pBuffer Local $tSYSTEM_MODULE_Modified = DllStructCreate("dword_ptr ModulesCount;" & _ "dword_ptr Reserved[2];" & _ "ptr ImageBaseAddress;" & _ "dword ImageSize;" & _ "dword Flags;" & _ "word Index;" & _ "word Unknown;" & _ "word LoadCount;" & _ "word ModuleNameOffset;" & _ "char ImageName[256]", _ $pPointer) Local $iNameOffset = DllStructGetData($tSYSTEM_MODULE_Modified, "ModuleNameOffset") Local $sImageName = DllStructGetData($tSYSTEM_MODULE_Modified, "ImageName") Return StringTrimLeft($sImageName, $iNameOffset) EndFunc ;==>_CV_SystemModuleInformation Func _CV_AccountName($pSID) Local $aCall = DllCall($hADVAPI32, "bool", "LookupAccountSidW", _ "ptr", 0, _ "ptr", $pSID, _ "wstr", "", _ "dword*", 1024, _ "wstr", "", _ "dword*", 1024, _ "ptr*", 0) If @error Or Not $aCall[0] Then Return SetError(1, 0, "") Return $aCall[3] EndFunc ;==>_CV_AccountName Func _ProcessGetPath($vProcess) Local $i_PID, $aProcessHandle, $tDLLStruct, $iError, $sProcessPath $i_PID = ProcessExists($vProcess) If Not $i_PID Then Return SetError(1, 0, "");process doesn't exist? $aProcessHandle = DllCall($hKERNEL32, "int", "OpenProcess", "int", 0x0400 + 0x0010, "int", 0, "int", $i_PID) $iError = @error If $iError Or $aProcessHandle[0] = 0 Then Return SetError(2, $iError, "");openprocess failed EndIf $tDLLStruct = DllStructCreate("char[1000]") DllCall($hPSAPI, "long", "GetModuleFileNameEx", "int", $aProcessHandle[0], "int", 0, "ptr", DllStructGetPtr($tDLLStruct), "long", DllStructGetSize($tDLLStruct)) $iError = @error DllCall($hKERNEL32, "int", "CloseHandle", "int", $aProcessHandle[0]) If $iError Then $tDLLStruct = 0 Return SetError(4, $iError, "");getmodulefilenamex failed EndIf $sProcessPath = DllStructGetData($tDLLStruct, 1) $tDLLStruct = 0;format the output If StringLen($sProcessPath) < 2 Then Return SetError(5, 0, "");is empty or non readable If StringLeft($sProcessPath, 4) = "??" Then $sProcessPath = StringReplace($sProcessPath, "??", "") If StringLeft($sProcessPath, 20) = "SystemRootSystem32" Then $sProcessPath = StringReplace($sProcessPath, "SystemRootSystem32", @SystemDir) Return SetError(0, 0, $sProcessPath) EndFunc ;==>_ProcessGetPath Func _ResEnum($Host, $CTRL) If Not FileExists($Host) Then GUICtrlSetImage($CTRL, "shell32.dll", 3, 0);for ntoskrnl If Not _ResInfo($Host) Then Return 0 For $f = 0 To UBound($ARRAY_MODULE_STRUCTURE, 1) - 1 If $ARRAY_MODULE_STRUCTURE[$f] = 14 Then ; we only want acces to GROUPICON resources ;Has icon group GUICtrlSetImage($CTRL, $Host, 0, 0) Return 1 EndIf Next ;does not have icon group GUICtrlSetImage($CTRL, "shell32.dll", 3, 0);assign app icon Return 1 EndFunc ;==>_ResEnum Func _ResourceEnumerate(ByRef $sModule) DllCall($hKERNEL32, "dword", "SetErrorMode", "dword", 1) ; SEM_FAILCRITICALERRORS Local $iLoaded Local $a_hCall = DllCall($hKERNEL32, "hwnd", "GetModuleHandleW", "wstr", $sModule) If @error Then Return SetError(2, 0, "") EndIf If Not $a_hCall[0] Then $a_hCall = DllCall($hKERNEL32, "hwnd", "LoadLibraryExW", "wstr", $sModule, "hwnd", 0, "int", 34) ; LOAD_LIBRARY_AS_IMAGE_RESOURCE|LOAD_LIBRARY_AS_DATAFILE If @error Or Not $a_hCall[0] Then Return SetError(3, 0, "") EndIf $iLoaded = 1 EndIf Local $hModule = $a_hCall[0] $ARRAY_MODULE_STRUCTURE[0] = "" $global_types_count = 1 Local $h_CB = DllCallbackRegister("_CallbackEnumResTypeProc", "int", "hwnd;ptr;ptr") If Not $h_CB Then Return SetError(4, 0, "") Local $a_iCall = DllCall($hKERNEL32, "int", "EnumResourceTypesW", _ "hwnd", $hModule, _ "ptr", DllCallbackGetPtr($h_CB), _ "ptr", 0) ; 0 If @error Then DllCallbackFree($h_CB) If $iLoaded Then $a_iCall = DllCall($hKERNEL32, "int", "FreeLibrary", "hwnd", $hModule) If @error Or Not $a_iCall[0] Then Return SetError(6, 0, "") EndIf EndIf Return SetError(5, 0, "") EndIf DllCallbackFree($h_CB) If $iLoaded Then $a_iCall = DllCall($hKERNEL32, "int", "FreeLibrary", "hwnd", $hModule) If @error Or Not $a_iCall[0] Then Return SetError(6, 0, "") EndIf EndIf Return SetError(0, 0, 1) EndFunc ;==>_ResourceEnumerate Func _CallbackEnumResTypeProc($hModule, $pType, $LPARAM) $global_types_count += 1 If $iPopulateArray Then Local $a_iCall = DllCall($hKERNEL32, "int", "lstrlenW", "ptr", $pType) If $a_iCall[0] Then Local $tType = DllStructCreate("wchar[" & $a_iCall[0] + 1 & "]", $pType) $ARRAY_MODULE_STRUCTURE[$global_types_count - 1] = DllStructGetData($tType, 1) Else $ARRAY_MODULE_STRUCTURE[$global_types_count - 1] = BitOR($pType, 0) EndIf EndIf Return 1 EndFunc ;==>_CallbackEnumResTypeProc Func _ResInfo($sFile) If $sFile Then Local $hFile = FileOpen($sFile, 16) If $hFile = -1 Then ;MessagBox(48, "Error 0x001", "Error opening a file for handling in resource info section.") Return 0 EndIf Local $bFile = FileRead($hFile,2) FileClose($hFile) If Not (BinaryToString(BinaryMid($bFile, 1, 2)) == "MZ") Then ;MessagBox(48, "Error 0x002", "Invalid file type! Choose another.") Return 0 EndIf $iPopulateArray = 0 ReDim $ARRAY_MODULE_STRUCTURE[1] _ResourceEnumerate($sFile) ; to determine $ARRAY_MODULE_STRUCTURE size Switch @error Case 2, 4, 6 ;MessagBox(48, "Error 0x003", "Inernal error") Return 0 Case 3 ;MessagBox(48, "Error 0x004", "Unable to load " & FileGetLongName($sFile)) Return 0 Case 5 ;MessagBox(48, "Error 0x005", "Error enumerating") Return 0 EndSwitch $iPopulateArray = 1 ReDim $ARRAY_MODULE_STRUCTURE[$global_types_count] _ResourceEnumerate($sFile) Switch @error Case 2, 4, 6 ;MessagBox(48, "Error 0x006", "Inernal error") Return 0 Case 3 ;MessagBox(48, "Error 0x007", "Unable to load " & FileGetLongName($sFile)) Return 0 Case 5 ;MessagBox(48, "Error 0x008", "Error enumerating") Return 0 EndSwitch Else Return 0 EndIf Return 1 EndFunc ;==>_ResInfo Edited March 23, 2012 by THAT1ANONYMOUSEDUDE Link to comment Share on other sites More sharing options...
JoMeKa Posted March 23, 2012 Author Share Posted March 23, 2012 there are several ways, in this I use a function that checks if a file has Icon resources using modified code taken from a user named trancexx, which will enumerate a PE files resource types, if the PE file has resource type 14 RT_GROUP_ICON then it most likely has an icon, a faster method would be to use a dll that manko created, google prodller if you don't like using this method in pure autoit. expandcollapse popup#AutoIt3Wrapper_AU3Check_Parameters=-d -w 2 -w 4 -w 6 #include <GUIConstantsEx.au3> #include <GUIListBox.au3> #include <WindowsConstants.au3> #include <Array.au3> Global $TLV = False;True Global $ARRAY_MODULE_STRUCTURE[1] Global $global_types_count Global $iPopulateArray Global Const $tag_SYSTEM_THREADS = "double KernelTime;" & _ "double UserTime;" & _ "double CreateTime;" & _ "ulong WaitTime;" & _ "ptr StartAddress;" & _ "dword UniqueProcess;" & _ "dword UniqueThread;" & _ "long Priority;" & _ "long BasePriority;" & _ "ulong ContextSwitchCount;" & _ "long State;" & _ "long WaitReason" Global Const $tag_SYSTEM_PROCESSES = "ulong NextEntryDelta;" & _ "ulong Threadcount;" & _ "ulong[6];" & _ ; Reserved... "double CreateTime;" & _ "double UserTime;" & _ "double KernelTime;" & _ "ushort Length;" & _ ; unicode string length "ushort MaximumLength;" & _ ; also for unicode string "ptr ProcessName;" & _ ; ptr to mentioned unicode string - name of process "long BasePriority;" & _ "ulong ProcessId;" & _ "ulong InheritedFromProcessId;" & _ "ulong HandleCount;" & _ "ulong[2];" & _ ;Reserved... "uint PeakVirtualSize;" & _ "uint VirtualSize;" & _ "ulong PageFaultCount;" & _ "uint PeakWorkingSetSize;" & _ "uint WorkingSetSize;" & _ "uint QuotaPeakPagedPoolUsage;" & _ "uint QuotaPagedPoolUsage;" & _ "uint QuotaPeakNonPagedPoolUsage;" & _ "uint QuotaNonPagedPoolUsage;" & _ "uint PagefileUsage;" & _ "uint PeakPagefileUsage;" & _ "uint64 ReadOperationCount;" & _ "uint64 WriteOperationCount;" & _ "uint64 OtherOperationCount;" & _ "uint64 ReadTransferCount;" & _ "uint64 WriteTransferCount;" & _ "uint64 OtherTransferCount" Global $hwnd Global $Datum Global Const $hPSAPI = DllOpen("psapi.dll") Global Const $hNTDLL = DllOpen("ntdll.dll") Global Const $hUSER32 = DllOpen("user32.dll") Global Const $hADVAPI32 = DllOpen("advapi32.dll") Global Const $hWTSAPI32 = DllOpen("wtsapi32.dll") Global Const $hKERNEL32 = DllOpen("kernel32.dll") DllCall($hNTDLL, "int", "RtlAdjustPrivilege", "int", 20, "int", 1, "int", 0, "int*", 0) Global Const $sSystemModule = _CV_SystemModuleInformation(); Trancexxs Connections viewer code _Init() Func _Init() Local $nMsg #Region ### START Koda GUI section ### Form= Local $Form1_1 = GUICreate("Process", 318, 399, -1, -1, BitOR(BitOR($WS_MINIMIZEBOX, $WS_CAPTION, $WS_POPUP, $WS_SYSMENU),$WS_MAXIMIZEBOX,$WS_SIZEBOX,$WS_THICKFRAME,$WS_TABSTOP)) Local $List1 = GUICtrlCreateListView("Process Name|PID|User|Path", 0, 0, 313, 396) DllCall($hUSER32, "lresult", "SendMessageW", "hwnd", GUICtrlGetHandle($List1), "uint", 0x1000 + 30, "wparam", 0, "lparam", 100) DllCall($hUSER32, "lresult", "SendMessageW", "hwnd", GUICtrlGetHandle($List1), "uint", 0x1000 + 30, "wparam", 3, "lparam", 500) Local $list = _WinAPI_ThreadnProcess() ;_ArrayDisplay($List) ;Exit for $i = 1 to UBound($List) - 1 $hwnd = GUICtrlCreateListViewItem('',$List1) GUICtrlSetData($hwnd,$list[$i][0]&"|"&$list[$i][1]&"|"&$list[$i][2]&"|"&$list[$i][3]) If $list[$i][2] == @UserName Then GUICtrlSetBkColor($hwnd, 0xD0D0FF) ElseIf StringInStr($list[$i][2],"Service",2) Then GUICtrlSetBkColor($hwnd, 0xFFD0D0) EndIf If $list[$i][6] Then GUICtrlSetBkColor($hwnd,0x808080) _ResEnum($list[$i][3], $hwnd) next Local $List1context = GUICtrlCreateContextMenu($List1) Local $MenuItem3 = GUICtrlCreateMenuItem("Terminate", $List1context) Local $Suspend = GUICtrlCreateMenuItem("Suspend", $List1context) Local $Resume = GUICtrlCreateMenuItem("Resume", $List1context) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $MenuItem3 $Datum = FetchListViewEntry($List1, 2) If Not ProcessExists($Datum[0]) Then GUICtrlDelete($Datum[0]) ContinueLoop EndIf If ProcessClose($Datum[0]) Then GUICtrlDelete($Datum[1]) Case $Resume $Datum = FetchListViewEntry($List1, 2) If Not ProcessExists($Datum[0]) Then GUICtrlDelete($Datum[0]) ContinueLoop EndIf If _ProcessResume($Datum[0]) Then $Datum = FetchListViewEntry($List1, 3) _Colorize($Datum[1],$Datum[0]) EndIf Case $Suspend $Datum = FetchListViewEntry($List1, 2) If Not ProcessExists($Datum[0]) Then GUICtrlDelete($Datum[0]) ContinueLoop EndIf If _ProcessSuspend($Datum[0]) Then GUICtrlSetBkColor($Datum[1],0x808080) EndSwitch WEnd EndFunc Func _Colorize($hwnd,$src) If $src == @UserName Then GUICtrlSetBkColor($hwnd, 0xD0D0FF) ElseIf StringInStr($src,"Service",2) Then GUICtrlSetBkColor($hwnd, 0xFFD0D0) Else GUICtrlSetBkColor($hwnd, 0xFFFFFF) EndIf EndFunc Func FetchListViewEntry($Hndl, $Item) If Not IsNumber($Item) Then Return SetError(1, 0, 0) $Item = $Item - 1 Local $String = GUICtrlRead(GUICtrlRead($Hndl)) Local $M = StringSplit($String, "|", 2) If @error Then Return SetError(2, 0, 0) Local $Ret[2] = [$M[$Item], GUICtrlRead($Hndl)] Return $Ret EndFunc ;==>FetchListViewEntry Func _WinAPI_ThreadnProcess() ;Function taken from a post by manko ;I'm using this due to its ability to ;detect suspended applications. Local $Ret = DllCall($hNTDLL, "int", "ZwQuerySystemInformation", "int", 5, "int*", 0, "int", 0, "int*", 0) Local $Mem = DllStructCreate("byte[" & $Ret[4] & "]") $Ret = DllCall($hNTDLL, "int", "ZwQuerySystemInformation", "int", 5, "ptr", DllStructGetPtr($Mem), "int", DllStructGetSize($Mem), "int*", 0) Local $aCall = DllCall($hWTSAPI32, "bool", "WTSEnumerateProcessesW", "handle", 0, "dword", 0, "dword", 1, "ptr*", 0, "dword*", 0) Local $SysProc = DllStructCreate($tag_SYSTEM_PROCESSES, $Ret[2]) Local $SysProc_ptr = $Ret[2] Local $SysProc_Size = DllStructGetSize($SysProc) Local $SysThread = DllStructCreate($tag_SYSTEM_THREADS) Local $SysThread_Size = DllStructGetSize($SysThread) Local $tWTS_PROCESS_INFO Local $buffer, $I, $M = 0, $NextEntryDelta, $k, $temp, $space Local $avArray[10000][8] While 1 $tWTS_PROCESS_INFO = DllStructCreate("dword SessionId;" & _ "dword ProcessId;" & _ "ptr ProcessName;" & _ "ptr UserSid", _ $aCall[4] + $M * DllStructGetSize($tWTS_PROCESS_INFO)) ; looping thru structures $buffer = DllStructCreate("char[" & DllStructGetData($SysProc, "Length") & "]", DllStructGetData($SysProc, "ProcessName")) For $I = 0 To DllStructGetData($SysProc, "Length") - 1 Step 2 $avArray[$M][0] &= DllStructGetData($buffer, 1, $I + 1) Next If $avArray[$M][0] = "System" Then $avArray[$M][0] = $sSystemModule ; & " (System)" ; $avArray[$m][1] = DllStructGetData($SysProc, "ProcessId") ; $avArray[$m][2] = DllStructGetData($SysProc, "InheritedFromProcessId") ; $avArray[$m][3] = DllStructGetData($SysProc, "WorkingSetSize")/(1024) & " kB" ; $avArray[$m][4] = 1 ; We assume suspended. When we check the threads we change it. ; $avArray[$m][5] = _CV_AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid")) ; $avArray[$m][6] = DllStructGetData($SysProc, "ProcessId") $avArray[$M][1] = DllStructGetData($SysProc, "ProcessId") $avArray[$M][2] = _CV_AccountName(DllStructGetData($tWTS_PROCESS_INFO, "UserSid")) $avArray[$M][3] = _ProcessGetPath(DllStructGetData($SysProc, "ProcessId")) $avArray[$M][4] = DllStructGetData($SysProc, "InheritedFromProcessId") $avArray[$M][5] = DllStructGetData($SysProc, "CreateTime") $avArray[$M][6] = 1; We assume suspended. When we check the threads we change it. For $I = 0 To DllStructGetData($SysProc, "Threadcount") - 1 $SysThread = DllStructCreate($tag_SYSTEM_THREADS, $SysProc_ptr + $SysProc_Size + $I * $SysThread_Size) If DllStructGetData($SysThread, "WaitReason") <> 5 Then $avArray[$M][6] = 0; the process is not suspended! ExitLoop EndIf Next $NextEntryDelta = DllStructGetData($SysProc, "NextEntryDelta") If Not $NextEntryDelta Then ExitLoop $SysProc_ptr += $NextEntryDelta $SysProc = DllStructCreate($tag_SYSTEM_PROCESSES, $SysProc_ptr) $M += 1 WEnd ReDim $avArray[$M + 1][8] If $TLV Then $temp = $avArray $space = "" For $I = 1 To UBound($temp, 1) - 1 For $M = 0 To UBound($temp, 1) - 1 For $k = 1 To UBound($temp, 1) - 1 If $temp[$k][0] Then If ($I - $M) < 1 Then $space = "" $avArray[$I][0] = $temp[$k][0] $avArray[$I][1] = $temp[$k][1] $avArray[$I][2] = $temp[$k][2] $avArray[$I][3] = $temp[$k][3] $avArray[$I][4] = $temp[$k][4] $avArray[$I][5] = $temp[$k][5] $avArray[$I][6] = $temp[$k][6] $temp[$k][0] = 0 ContinueLoop 3 Else If $temp[$k][4] = $avArray[($I - $M - 1)][1] Then ;While 1; I have no idea what was going on here, but on certain machines, this would never exit. ; If $avArray[($I - $M - 1)][1] < 5 Then ExitLoop ; If $temp[$k][2] > $avArray[($I - $M - 1)][2] Then ExitLoop ;WEnd $space = "" For $l = 1 To $avArray[($I - $M - 1)][7] + 1 $space &= " " Next $avArray[$I][0] = $space & $temp[$k][0] $avArray[$I][1] = $temp[$k][1] $avArray[$I][2] = $temp[$k][2] $avArray[$I][3] = $temp[$k][3] $avArray[$I][4] = $temp[$k][4] $avArray[$I][5] = $temp[$k][5] $avArray[$I][6] = $temp[$k][6] $avArray[$I][7] = $avArray[($I - $M - 1)][7] + 1 $temp[$k][0] = 0 ContinueLoop 3 EndIf EndIf EndIf Next Next Next $temp = 0 EndIf For $I = 0 To UBound($avArray, 1) - 1 $avArray[$I][5] = '' Next ReDim $avArray[UBound($avArray, 1)][7] Return $avArray EndFunc ;==>_WinAPI_ThreadnProcess Func _ProcessSuspend($Process) Local $processid = ProcessExists($Process) If $processid Then Local $ai_Handle = DllCall($hKERNEL32, 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $processid) Local $i_sucess = DllCall($hNTDLL, "int", "NtSuspendProcess", "int", $ai_Handle[0]) DllCall($hKERNEL32, 'ptr', 'CloseHandle', 'ptr', $ai_Handle[0]) If IsArray($i_sucess) Then Return SetError(0,0,True) Else Return SetError(1,0,False) EndIf Else Return SetError(2,0,False) EndIf EndFunc ;==>_ProcessSuspend Func _ProcessResume($Process) Local $processid = ProcessExists($Process) Local $ai_Handle, $i_sucess If $processid Then $ai_Handle = DllCall($hKERNEL32, 'int', 'OpenProcess', 'int', 0x1f0fff, 'int', False, 'int', $processid) $i_sucess = DllCall($hNTDLL, "int", "NtResumeProcess", "int", $ai_Handle[0]) DllCall($hKERNEL32, 'ptr', 'CloseHandle', 'ptr', $ai_Handle[0]) If IsArray($i_sucess) Then Return SetError(0,0,True) Else Return SetError(1,0,False) EndIf Else Return SetError(2,0,False) EndIf EndFunc ;==>_ProcessResume Func _CV_SystemModuleInformation() Local $aCall = DllCall($hNTDLL, "long", "NtQuerySystemInformation", _ "dword", 11, _ ; SystemModuleInformation "ptr", 0, _ "dword", 0, _ "dword*", 0) If @error Then Return SetError(1, 0, "") Local $iSize = $aCall[4] Local $tBufferRaw = DllStructCreate("byte[" & $iSize & "]") Local $pBuffer = DllStructGetPtr($tBufferRaw) $aCall = DllCall($hNTDLL, "long", "NtQuerySystemInformation", _ "dword", 11, _ ; SystemModuleInformation "ptr", $pBuffer, _ "dword", $iSize, _ "dword*", 0) If @error Then Return SetError(2, 0, "") Local $pPointer = $pBuffer Local $tSYSTEM_MODULE_Modified = DllStructCreate("dword_ptr ModulesCount;" & _ "dword_ptr Reserved[2];" & _ "ptr ImageBaseAddress;" & _ "dword ImageSize;" & _ "dword Flags;" & _ "word Index;" & _ "word Unknown;" & _ "word LoadCount;" & _ "word ModuleNameOffset;" & _ "char ImageName[256]", _ $pPointer) Local $iNameOffset = DllStructGetData($tSYSTEM_MODULE_Modified, "ModuleNameOffset") Local $sImageName = DllStructGetData($tSYSTEM_MODULE_Modified, "ImageName") Return StringTrimLeft($sImageName, $iNameOffset) EndFunc ;==>_CV_SystemModuleInformation Func _CV_AccountName($pSID) Local $aCall = DllCall($hADVAPI32, "bool", "LookupAccountSidW", _ "ptr", 0, _ "ptr", $pSID, _ "wstr", "", _ "dword*", 1024, _ "wstr", "", _ "dword*", 1024, _ "ptr*", 0) If @error Or Not $aCall[0] Then Return SetError(1, 0, "") Return $aCall[3] EndFunc ;==>_CV_AccountName Func _ProcessGetPath($vProcess) Local $i_PID, $aProcessHandle, $tDLLStruct, $iError, $sProcessPath $i_PID = ProcessExists($vProcess) If Not $i_PID Then Return SetError(1, 0, "");process doesn't exist? $aProcessHandle = DllCall($hKERNEL32, "int", "OpenProcess", "int", 0x0400 + 0x0010, "int", 0, "int", $i_PID) $iError = @error If $iError Or $aProcessHandle[0] = 0 Then Return SetError(2, $iError, "");openprocess failed EndIf $tDLLStruct = DllStructCreate("char[1000]") DllCall($hPSAPI, "long", "GetModuleFileNameEx", "int", $aProcessHandle[0], "int", 0, "ptr", DllStructGetPtr($tDLLStruct), "long", DllStructGetSize($tDLLStruct)) $iError = @error DllCall($hKERNEL32, "int", "CloseHandle", "int", $aProcessHandle[0]) If $iError Then $tDLLStruct = 0 Return SetError(4, $iError, "");getmodulefilenamex failed EndIf $sProcessPath = DllStructGetData($tDLLStruct, 1) $tDLLStruct = 0;format the output If StringLen($sProcessPath) < 2 Then Return SetError(5, 0, "");is empty or non readable If StringLeft($sProcessPath, 4) = "??" Then $sProcessPath = StringReplace($sProcessPath, "??", "") If StringLeft($sProcessPath, 20) = "SystemRootSystem32" Then $sProcessPath = StringReplace($sProcessPath, "SystemRootSystem32", @SystemDir) Return SetError(0, 0, $sProcessPath) EndFunc ;==>_ProcessGetPath Func _ResEnum($Host, $CTRL) If Not FileExists($Host) Then GUICtrlSetImage($CTRL, "shell32.dll", 3, 0);for ntoskrnl If Not _ResInfo($Host) Then Return 0 For $f = 0 To UBound($ARRAY_MODULE_STRUCTURE, 1) - 1 If $ARRAY_MODULE_STRUCTURE[$f] = 14 Then ; we only want acces to GROUPICON resources ;Has icon group GUICtrlSetImage($CTRL, $Host, 0, 0) Return 1 EndIf Next ;does not have icon group GUICtrlSetImage($CTRL, "shell32.dll", 3, 0);assign app icon Return 1 EndFunc ;==>_ResEnum Func _ResourceEnumerate(ByRef $sModule) DllCall($hKERNEL32, "dword", "SetErrorMode", "dword", 1) ; SEM_FAILCRITICALERRORS Local $iLoaded Local $a_hCall = DllCall($hKERNEL32, "hwnd", "GetModuleHandleW", "wstr", $sModule) If @error Then Return SetError(2, 0, "") EndIf If Not $a_hCall[0] Then $a_hCall = DllCall($hKERNEL32, "hwnd", "LoadLibraryExW", "wstr", $sModule, "hwnd", 0, "int", 34) ; LOAD_LIBRARY_AS_IMAGE_RESOURCE|LOAD_LIBRARY_AS_DATAFILE If @error Or Not $a_hCall[0] Then Return SetError(3, 0, "") EndIf $iLoaded = 1 EndIf Local $hModule = $a_hCall[0] $ARRAY_MODULE_STRUCTURE[0] = "" $global_types_count = 1 Local $h_CB = DllCallbackRegister("_CallbackEnumResTypeProc", "int", "hwnd;ptr;ptr") If Not $h_CB Then Return SetError(4, 0, "") Local $a_iCall = DllCall($hKERNEL32, "int", "EnumResourceTypesW", _ "hwnd", $hModule, _ "ptr", DllCallbackGetPtr($h_CB), _ "ptr", 0) ; 0 If @error Then DllCallbackFree($h_CB) If $iLoaded Then $a_iCall = DllCall($hKERNEL32, "int", "FreeLibrary", "hwnd", $hModule) If @error Or Not $a_iCall[0] Then Return SetError(6, 0, "") EndIf EndIf Return SetError(5, 0, "") EndIf DllCallbackFree($h_CB) If $iLoaded Then $a_iCall = DllCall($hKERNEL32, "int", "FreeLibrary", "hwnd", $hModule) If @error Or Not $a_iCall[0] Then Return SetError(6, 0, "") EndIf EndIf Return SetError(0, 0, 1) EndFunc ;==>_ResourceEnumerate Func _CallbackEnumResTypeProc($hModule, $pType, $LPARAM) $global_types_count += 1 If $iPopulateArray Then Local $a_iCall = DllCall($hKERNEL32, "int", "lstrlenW", "ptr", $pType) If $a_iCall[0] Then Local $tType = DllStructCreate("wchar[" & $a_iCall[0] + 1 & "]", $pType) $ARRAY_MODULE_STRUCTURE[$global_types_count - 1] = DllStructGetData($tType, 1) Else $ARRAY_MODULE_STRUCTURE[$global_types_count - 1] = BitOR($pType, 0) EndIf EndIf Return 1 EndFunc ;==>_CallbackEnumResTypeProc Func _ResInfo($sFile) If $sFile Then Local $hFile = FileOpen($sFile, 16) If $hFile = -1 Then ;MessagBox(48, "Error 0x001", "Error opening a file for handling in resource info section.") Return 0 EndIf Local $bFile = FileRead($hFile,2) FileClose($hFile) If Not (BinaryToString(BinaryMid($bFile, 1, 2)) == "MZ") Then ;MessagBox(48, "Error 0x002", "Invalid file type! Choose another.") Return 0 EndIf $iPopulateArray = 0 ReDim $ARRAY_MODULE_STRUCTURE[1] _ResourceEnumerate($sFile) ; to determine $ARRAY_MODULE_STRUCTURE size Switch @error Case 2, 4, 6 ;MessagBox(48, "Error 0x003", "Inernal error") Return 0 Case 3 ;MessagBox(48, "Error 0x004", "Unable to load " & FileGetLongName($sFile)) Return 0 Case 5 ;MessagBox(48, "Error 0x005", "Error enumerating") Return 0 EndSwitch $iPopulateArray = 1 ReDim $ARRAY_MODULE_STRUCTURE[$global_types_count] _ResourceEnumerate($sFile) Switch @error Case 2, 4, 6 ;MessagBox(48, "Error 0x006", "Inernal error") Return 0 Case 3 ;MessagBox(48, "Error 0x007", "Unable to load " & FileGetLongName($sFile)) Return 0 Case 5 ;MessagBox(48, "Error 0x008", "Error enumerating") Return 0 EndSwitch Else Return 0 EndIf Return 1 EndFunc ;==>_ResInfo Thanx this is greeet one thing still can i Order the process under what it blow like firefox and skype and .... under explorer and svhost smss under servics like thes ?! Link to comment Share on other sites More sharing options...
Skitty Posted March 23, 2012 Share Posted March 23, 2012 Ah, I knew you were gonna ask that, that's why I added that variable at the top of the script called $TLV, change its value from false to true and you'll see what happens.. Link to comment Share on other sites More sharing options...
JoMeKa Posted March 24, 2012 Author Share Posted March 24, 2012 Ah, I knew you were gonna ask that, that's why I added that variable at the top of the script called $TLV, change its value from false to true and you'll see what happens..oh yes its work thnxone more thinkcan i only show explorer process ?! Link to comment Share on other sites More sharing options...
Skitty Posted March 24, 2012 Share Posted March 24, 2012 (edited) oh yes its work thnxone more thinkcan i only show explorer process ?!Yeah, but if you wana do that then do it yourself.It's a little harder than the copy / pasting I did with the script I posted prior, but anyway, here's a modified version of your script, just be careful with the big bad red button and research what a coldboot/hardreboot means and don't get scared if you're using windows vista/7 and you get a blue screen telling you windows is dumping its memory after you pressed it because once you press it, there is no turning back and windows will be set to crash hard within 3 seconds of pressing it.Removed attachment as I'm not sure if mods will get jumpy for posting this method for insta-bsod-ing a machine... After a little research I noticed no one here has posted a script that uses this api, might be for a reason... Edited March 25, 2012 by ApudAngelorum Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now