Sign in to follow this  
Followers 0
Cravin

Process Killer

8 posts in this topic

Good Afternoon,

I'm looking for someone that could possibly answer a few questions for me related to the remote process killer I've been working on. The reason for the process killer is because I work in a corporate level domain and there are some instances where we have machines locked down to the point that we disallow the usage of Task Manager, but we have software that occassionally needs to be killed. With that said, the current, entire script is below, and is mostly functional, but I have a few questions.

1) The line beginning with "ElseIf $ProcessToKill" seems to not allow any process to be killed, rather than only those listed in the Or statements. How can I rewrite this line so that it actually functions as intended?

2) If I click the remove button on the script when nothing is selected, the script will pick the first item and remove it. Is there any way to set the focus of the listview so that nothing is selected when the script first starts? I attempted to do so with "_GUICtrlListView_SetItemFocused($CompListView, -1)" but that didn't appear to work.

3) Finally, I need to figure out a way to remove duplicate items from the ListView, or at least ignore them and list only one of the duplicates. I was thinking the best way to do this may be to use FileReadToArray and have that populate the ListView rather than reading the file directly into the ListView itself. So any pointers on getting me down that path would be beneficial.

Additional Files required for the script: Computers.txt and Processes.txt (First contains a list of pc's, second a list of processes to populate the combobox with)

#include <GUIConstantsEx.au3>
#include <GuiComboBox.au3>
#include <GuiListView.au3>
#include <WindowsConstants.au3>
#include <file.au3>
Global $Add, $Form1, $Form2, $EndProcess, $ProcessToKill, $Process, $SelectedComp, $CompListView, $ipAddress, $index, $aRecords, $Remove, $OK, $CompName, $file, $CompNameInput, $Text, $i3, $CountFile3, $hFile
Opt("GUIOnEventMode", 1)
Main()
  Func Main()
    Local $hFile = FileOpen("Computers.txt")
    $Form1 = GUICreate("Computers", 331, 251, 192, 124)
 GUISetOnEvent($GUI_EVENT_CLOSE, "On_Close")
    GUISetState(@SW_SHOW)
 $Process = GUICtrlCreateCombo("", 200, 48, 121, 25, BitOR($CBS_DROPDOWN, $CBS_AUTOHSCROLL))
    $CompListView = GUICtrlCreateListView("Computers", 8, 48, 169, 162)
 GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 0, 165)
    $Add = GUICtrlCreateButton("Add", 8, 216, 81, 25)
    GUICtrlSetOnEvent(-1, "On_Button")
    $Remove = GUICtrlCreateButton("Remove", 96, 216, 81, 25)
    GUICtrlSetOnEvent(-1, "On_Button")
    $EndProcess = GUICtrlCreateButton("End Process", 200, 80, 121, 25)
    GUICtrlSetOnEvent(-1, "On_Button")
    popComboBox()
 While 1
        $Text = FileReadLine($hFile)
        If @error = -1 Then Exitloop
        GUICtrlCreateListViewItem($Text, $CompListView)
    WEnd

  While 1
   Sleep(1000)
  WEnd
  EndFunc   ;==>Main
  Func addComputer()
   $Form2 = GUICreate("Add", 194, 88, 190, 255)
   GUISetOnEvent($GUI_EVENT_CLOSE, "On_Close")
   $CompName = GUICtrlCreateInput("", 8, 32, 169, 21)
   $LabelComp = GUICtrlCreateLabel("Computer Name:", 8, 8, 83, 17)
   $OK = GUICtrlCreateButton("OK", 104, 56, 73, 25)
   GUICtrlSetOnEvent(-1, "On_Button")
   GUISetState(@SW_SHOW)
  EndFunc ; Func addComputer()
Func On_Button()
   Switch @GUI_CTRLID ; See which button sent the message
   Case $Add
   addComputer()
  
   Case $EndProcess
   TCPStartup()
   $ProcessToKill = GUICtrlRead($Process)
   Local $index = Int(_GUICtrlListView_GetSelectedIndices($CompListview))
   $SelectedComp = _GUICtrlListView_GetItemTextString($CompListView, $index)
   $ipAddress = TCPNameToIP($SelectedComp)
   If @error Then
   MsgBox(4112, "Error", "An unknown error has occurred.  Please try again.")
   Return
   ElseIf $ipAddress = "" Then
   MsgBox(4112, "Error", "Couldn't Resolve IP Address.  Please check that the computer is on and has network connectivity.")
   Return
   ElseIf $ProcessToKill = "explorer.exe" Or "svchost.exe" Or "winlogon.exe" Or "crss.exe" Or "services.exe" Or "lsass.exe" Or "dllhost.exe" Or "spoolsv.exe" Or "regsvc.exe" Or "smss.exe" Or "alg.exe" Or "wscntfy.exe" Or "dwm.exe" Or "wininit.exe" Or "msascui.exe" Or "slsvc.exe" Or "taskhost.exe" Or "lsm.exe" Or "sppsvc.exe" Then
   ConsoleWrite($ProcessToKill)
   MsgBox(4112, "Error", "That is a protected process which may not be terminated.")
   Return
   Else
   EndProc()
   MsgBox(48, "Success", "The selected process has been terminated.")
   TCPShutdown()
   EndIf
   Case $Remove
         delSelected()
   Case $OK
      addToFile()
   EndSwitch
EndFunc ;On_Button()
Func On_Close()
   Switch @GUI_WINHANDLE ; See which GUI sent the CLOSE message
   Case $Form1
      Exit ; If it was this GUI - we exit <<<<<<<<<<<<<<<
   Case $Form2
      GUIDelete($Form2) ; If it was this GUI - we just delete the GUI <<<<<<<<<<<<<<<
      GUICtrlSetState($Add, $GUI_ENABLE)
   EndSwitch
EndFunc ; Func On_Close()
Func popComboBox()
   $Countfile2= _FileCountLines("processes.txt")
   $file2 = "processes.txt"
   For $i2 = 1 To $CountFile2
   $var2= FileReadLine($file2, $i2)
   Global $text2 = $var2
   _GUICtrlComboBox_AddString($Process, $text2)
   Next
EndFunc
Func EndProc()
 $oWMIService = ObjGet("winmgmts:\\" & $ipAddress & "\root\CIMV2")
 If Not IsObj($oWMIService) Then
  MsgBox(48, "ERROR", "Couldn't locate the computer. Please make sure you've selected the correct computer and try again.")
  Return
 EndIf
 Dim $handle, $colProc
 $cProc = $oWMIService.ExecQuery('SELECT * FROM Win32_Process WHERE Name = "' & $ProcessToKill & '"')
  For $oProc In $cProc
  $oProc.Terminate()
   Next
 If $handle Then
  Return $handle
 Else
  Return 0
 EndIf
 EndFunc ; Func EndProc()
Func delSelected()
   Dim $aRecords
      _FileReadToArray("computers.txt",$aRecords)
   Local $index = Int(_GUICtrlListView_GetSelectedIndices($CompListview))
   $SelectedComp = _GUICtrlListView_GetItemTextString($CompListView, $index)
   For $x = 1 to $aRecords[0]
   If stringinstr($aRecords[$x], $SelectedComp) then _FileWriteToLine("computers.txt", $x, "", 1)
   _GUICtrlListView_DeleteAllItems($CompListView)
   Local $hFile = FileOpen("Computers.txt")
   While 1
        $Text = FileReadLine($hFile)
        If @error = -1 Then Exitloop
     GUICtrlCreateListViewItem($Text, $CompListView)
      WEnd
     _GUICtrlListView_SetItemFocused($CompListView, -1)
   Next
EndFunc ; delSelected()
Func addToFile()
   FileWriteLine("Computers.txt", GUICtrlRead($CompName))
   GUIDelete($Form2) ; If it was this GUI - we just delete the GUI <<<<<<<<<<<<<<<
   GUICtrlSetState($Add, $GUI_ENABLE)
       _GUICtrlListView_DeleteAllItems($CompListView)
   Local $hFile = FileOpen("Computers.txt")
   While 1
        $Text = FileReadLine($hFile)
        If @error = -1 Then Exitloop
        GUICtrlCreateListViewItem($Text, $CompListView)
      WEnd
     _GUICtrlListView_SetItemFocused($CompListView, -1)
EndFunc ; addToFile()

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Your ElseIf line is written wrong, you'd have to use something like this

$ProcessToKill = "explorer.exe" Or $ProcessToKill ="svchost.exe" Or $ProcessToKill ="winlogon.exe"

You can't string the Or statements together the way you have it. You'd be better off using a Switch statement and replace the ElseIf with Else. Something like this might work better.

If @error Then
    MsgBox(4112, "Error", "An unknown error has occurred.  Please try again.")
    Return
ElseIf $ipAddress = "" Then
    MsgBox(4112, "Error", "Couldn't Resolve IP Address.  Please check that the computer is on and has network connectivity.")
    Return
Else
    Switch $ProcessToKill
        Case "explorer.exe", "svchost.exe", "winlogon.exe", "crss.exe", "services.exe", "lsass.exe", "dllhost.exe", "spoolsv.exe", "regsvc.exe", "smss.exe", "alg.exe", "wscntfy.exe", "dwm.exe", "wininit.exe", "msascui.exe", "slsvc.exe", "taskhost.exe", "lsm.exe", "sppsvc.exe"
            ConsoleWrite($ProcessToKill)
            MsgBox(4112, "Error", "That is a protected process which may not be terminated.")
            Return
        Case Else
            EndProc()
            MsgBox(48, "Success", "The selected process has been terminated.")
            TCPShutdown()
    EndSwitch
EndIf
Edited by BrewManNH

If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

That worked great and has answered question #1, thank you! Any thoughts on 2 and 3?

Share this post


Link to post
Share on other sites

To answer #2 it's because for some reason you used an Int function on the return of _GUICtrlListView_GetSelectedIndices, which by default returns an array. This turns the return value into a 0 if nothing is selected, because if nothing is selected the return is an empty string which is converted to 0 by the Int.

As to #3, check the lines before adding them to the LV to see if it's a duplicate, that's the easiest way to do it.


If I posted any code, assume that code was written using the latest release version unless stated otherwise. Also, if it doesn't work on XP I can't help with that because I don't have access to XP, and I'm not going to.
Give a programmer the correct code and he can do his work for a day. Teach a programmer to debug and he can do his work for a lifetime - by Chirag Gude
How to ask questions the smart way!

I hereby grant any person the right to use any code I post, that I am the original author of, on the autoitscript.com forums, unless I've specifically stated otherwise in the code or the thread post. If you do use my code all I ask, as a courtesy, is to make note of where you got it from.

Back up and restore Windows user files _Array.au3 - Modified array functions that include support for 2D arrays.  -  ColorChooser - An add-on for SciTE that pops up a color dialog so you can select and paste a color code into a script.  -  Customizable Splashscreen GUI w/Progress Bar - Create a custom "splash screen" GUI with a progress bar and custom label.  -  _FileGetProperty - Retrieve the properties of a file  -  SciTE Toolbar - A toolbar demo for use with the SciTE editor  -  GUIRegisterMsg demo - Demo script to show how to use the Windows messages to interact with controls and your GUI.  -   Latin Square password generator

Share this post


Link to post
Share on other sites

Awesome, got it all figured out I think. Thanks man.

Share this post


Link to post
Share on other sites

Wanted to tack on another question here... The code to end a process is in place, but I need to figure out how to add a check to see if the process I want to kill is running first.. how could I acheive this? Everything I've tried at this point has not worked.

Func EndProc()
 $oWMIService = ObjGet("winmgmts:" & $ipAddress & "rootCIMV2")
 If Not IsObj($oWMIService) Then
  MsgBox(48, "ERROR", "Couldn't locate the computer. Please make sure you've selected the correct computer and try again.")
  Return
 EndIf
 Dim $handle, $colProc, $cProc
 $cProc = $oWMIService.ExecQuery('SELECT * FROM Win32_Process WHERE Name = "' & $ProcessToKill & '"')
For $oProc In $cProc
  $oProc.Terminate()
  Next
    If $handle Then
  Return $handle
 Else
  Return 0
 EndIf
 EndFunc ; Func EndProc()

Share this post


Link to post
Share on other sites

ProcessExists() will only work on the local machine - I need a remote solution.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0