Sign in to follow this  
Followers 0
Danyfirex

Kill all Process except system processes?

12 posts in this topic

Hi mates. i looking for a way to kill all processes excluding those necessary for the system.

Maybe comparing a list of necessaries procsses but I don't find the way.

I'm may mind I thing something like this:

Local $list = ProcessList()
For $i = 1 To $list[0][0]
if  $list[$i][0] <> ;how put here my processes list to be exclude.
else
exit loop
endif
Next

 

venezuela.png Would you like to say thank to Danyfirex using a warmy way?  offer me a cup of coffee... coffee.png

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

Share this post


Link to post
Share on other sites



Why would you want to do this? How do you plan on determining which processes are necessary and which aren't? This doesn't seem like a well thought out plan at this stage. If you do this, here's a partial list of things that could happen

  • you completely corrupt some file that is being written to by the process you just killed,
  • you trash the registry,
  • the computer blue screens/reboots/shuts down,
  • you make the system unbootable afterwards because of one of the above
Are you really sure you want to do this?

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

I am developing an application to remove malware, and I need to kill all processes to eliminate the virus more efficiently. I have the list of processes needed for the system but I can not do that function.


 

venezuela.png Would you like to say thank to Danyfirex using a warmy way?  offer me a cup of coffee... coffee.png

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

Share this post


Link to post
Share on other sites

Reboot in safe mode, it's is far and away a lot easier.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Yes I know. But sometimes malwares does not let us start on safe mode. for that I need this funtion to be able to run the code even on normal mode killing all processes to prevent crash the system and the script work correctly

Sorry for my bad english.

I make this script, but I'm not sure if is the best way.

local $p[4]; list of system processes necesary "Example"
$p[0] = "chrome.exe"
$p[1] = "svchost.exe"
$p[2] ="csrss.exe"
$p[3] ="system.exe"


Local $list = ProcessList()
For $i = 1 To $list[0][0]
for $a = 0 to 3
If $list[$i][0] <> $p[$a] Then
;here script to kill
Else
MsgBox(0, $list[$i][0], "Igual")
EndIf
Next
next
Edited by Danyfirex

 

venezuela.png Would you like to say thank to Danyfirex using a warmy way?  offer me a cup of coffee... coffee.png

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

thank you BrewManNH

thank you AZJIO for the script I'll look it.

Edited by Danyfirex

 

venezuela.png Would you like to say thank to Danyfirex using a warmy way?  offer me a cup of coffee... coffee.png

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

Share this post


Link to post
Share on other sites

Just throwing this out there.

Here's an array I used in my unlocker script in my signature.

I had the need to avoid duping handles in system critical processes (which was not necessary).

I initially attempted to determine what processes had the "system Critical" attribute (I.E., processes that have made a call to SetProcessIsCritical) set but dropped it in favor of a simpler and more accurate array of known process names.

Global Const $Critical[13] = [ _; things to ignore
        'winlogon.exe', _
        'services.exe', _
        'csrss.exe', _
        'smss.exe', _
        'lsass.exe', _
        'alg.exe', _
        'svchost.exe', _
        'spoolsv.exe', _
        'wdfmgr.exe', _
        'dwm.exe', _
        'logonui.exe', _
        'wininit.exe', _
        'lsm.exe' _
        ]

Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites

thank you ApudAngelorum


 

venezuela.png Would you like to say thank to Danyfirex using a warmy way?  offer me a cup of coffee... coffee.png

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

Share this post


Link to post
Share on other sites

Just throwing this out there.

Here's an array I used in my unlocker script in my signature.

I had the need to avoid duping handles in system critical processes (which was not necessary).

I initially attempted to determine what processes had the "system Critical" attribute (I.E., processes that have made a call to SetProcessIsCritical) set but dropped it in favor of a simpler and more accurate array of known process names.

Global Const $Critical[13] = [ _; things to ignore
'winlogon.exe', _
'services.exe', _
'csrss.exe', _
'smss.exe', _
'lsass.exe', _
'alg.exe', _
'svchost.exe', _
'spoolsv.exe', _
'wdfmgr.exe', _
'dwm.exe', _
'logonui.exe', _
'wininit.exe', _
'lsm.exe' _
]

. I have been removing malware manualy for quite some time.I always kill all local and network events of svchost.exe

and then kill all non critical system events of svchost, which is normally but not always identifiable by size there is only 1 critical system event of svchost.exe instance that should not be killed, the one with the largest memory usage.This svchost normally identifies first allocation of services which always goes to microsoft o/s. svchost services are triggered by processes that are running on the host machine. it does not reveal which process has triggered it off.There are many viruses that use svchost as a mask.svchost is only a generic name for many services that run from the dll libraries and it is common to have many instances of it running ,hence the elimination process.. If any one writes a script specifically to deal with svchost I'd love to have a copy!!

Share this post


Link to post
Share on other sites
good point Boss007 for that my script has some code to compare and now if is legitimate of windows.

 

venezuela.png Would you like to say thank to Danyfirex using a warmy way?  offer me a cup of coffee... coffee.png

autoit_scripter_blue_userbar.png

       AutoIt...

 

 

Share this post


Link to post
Share on other sites

. I have been removing malware manualy for quite some time.I always kill all local and network events of svchost.exe

and then kill all non critical system events of svchost, which is normally but not always identifiable by size there is only 1 critical system event of svchost.exe instance that should not be killed, the one with the largest memory usage.This svchost normally identifies first allocation of services which always goes to microsoft o/s. svchost services are triggered by processes that are running on the host machine. it does not reveal which process has triggered it off.There are many viruses that use svchost as a mask.svchost is only a generic name for many services that run from the dll libraries and it is common to have many instances of it running ,hence the elimination process.. If any one writes a script specifically to deal with svchost I'd love to have a copy!!

Why not just make a list of active services, disable most of them and inspect things from there?

Anyway, when I suspect I have something, I just re-install windows to avoid going through all that.

I don't like using AVs for some reason, might be a bad decision but then again, Common Sense 2012 is one hell of an AV.


Things that I've done..

Icon Resource Editor: icon resource editor 

AutoIt Piano: a piano

AutoIt Unlocker: unlocks files when you want to delete them

Colorful tooltips: a wrapper for the tool tips UDF

Rouge GoogleBot: a full screen animation

ASciTE text editor: a text editor written in autoit

Warning: Posts by this user are subject to change or may disappear without notice.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0