Sign in to follow this  
Followers 0
Unc3nZureD

Monitor newly started processes

24 posts in this topic

As the title says, I'd like to get informed when a new process starts. Here's my current code, but I've got no idea why it isn't working. Theoritically it should work.

#include <Array.au3>

$base = ProcessList()
$open = FileOpen(@ScriptDir & "\ProcLog.log", 1)
$Size = UBound($base) - 1
$new = 0

While 1
    $proc = ProcessList()
    $procS = UBound($base) - 1

    For $i = 1 To UBound($procS) - 1
        _ArraySearch($base, $proc[$i][1])
        If @error Then
            FileWrite($open, ">>> New process: " & $proc[$i][0]  & @crlf)
            MsgBox(0,"", "new process!", 1)
            $new += 1
        EndIf

        If $i = UBound($procS) - 1 & $new > 0 Then
            $base = ProcessList()
            $Size = UBound($base) - 1
            $new = 0
        EndIf
    Next
WEnd

Share this post


Link to post
Share on other sites



Search the Forum for $HSHELL_APPCOMMAND and use GUIRegisterMsg.

Note: You will need WinAPIEx to hand.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Well, I can't really understand you...

msdn says:

 

The user completed an input event (for example, pressed an application command button on the mouse or an application command key on the keyboard), and the application did not handle the WM_APPCOMMANDmessage generated by that input.

If the Shell procedure handles the WM_COMMAND message, it should not call CallNextHookEx. See the Return Value section for more information.

 

GUIRegisterMsg? Well, I've really got no idea what you're thinking of :D

I tried the following one:

'?do=embed' frameborder='0' data-embedContent>>

Which hooks the following one:

Case $HSHELL_APPCOMMAND
            MsgPrint("HSHELL_APPCOMMAND: " & $lParam)

But, it did nothing when I opened a new process (except of notifying me about it's newly created window, but not about the process).

Share this post


Link to post
Share on other sites

I will provide an example later on then.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

#include <GUIConstantsEx.au3>
#include <WinAPIEx.au3>

Example()

Func Example()
    Local $hGUI = GUICreate('An(other) example by guinness - 2013', Default, Default) ; Create a GUI.
    GUISetState(@SW_SHOW, $hGUI)

    GUIRegisterMsg(_WinAPI_RegisterWindowMessage('SHELLHOOK'), 'WM_SHELLHOOK') ; Define a window message and assign to the WM_SHELLHOOK function.
    _WinAPI_RegisterShellHookWindow($hGUI) ; Register the shell hook message to our GUI.

    While 1
        Switch GUIGetMsg()
            Case $GUI_EVENT_CLOSE
                ExitLoop
        EndSwitch
    WEnd

    _WinAPI_DeregisterShellHookWindow($hGUI)
    GUIDelete($hGUI)
EndFunc   ;==>Example

Func WM_SHELLHOOK($hWnd, $iMsg, $wParam, $lParam)
    #forceref $iMsg
    Switch $wParam
        Case $HSHELL_REDRAW
            ConsoleWrite('Redrawn: ' & @CRLF & _
                    @TAB & 'PID: ' & WinGetProcess($lParam) & @CRLF & _ ; This is the PID.
                    @TAB & 'Filename: ' & _WinAPI_GetWindowFileName($lParam) & @CRLF & _ ; This is the filepath of the window.
                    @TAB & 'hWnd: ' & $lParam & @CRLF) ; This will be the handle of the window closed.

        Case $HSHELL_WINDOWCREATED
            ConsoleWrite('Created: ' & @CRLF & _
                    @TAB & 'PID: ' & WinGetProcess($lParam) & @CRLF & _ ; This is the PID.
                    @TAB & 'Filename: ' & _WinAPI_GetWindowFileName($lParam) & @CRLF & _ ; This is the filepath of the window.
                    @TAB & 'hWnd: ' & $lParam & @CRLF) ; This will be the handle of the window closed.

        Case $HSHELL_WINDOWDESTROYED
            ConsoleWrite('Destroyed: ' & @CRLF & _
                    @TAB & 'PID: ' & WinGetProcess($lParam) & @CRLF & _ ; This will be -1.
                    @TAB & 'Filename: ' & _WinAPI_GetWindowFileName($lParam) & @CRLF & _ ; This will be empty.
                    @TAB & 'hWnd: ' & $lParam & @CRLF) ; This will be the handle of the window closed.

    EndSwitch
EndFunc   ;==>WM_SHELLHOOK
This should give you an idea. Use GUICtrlSendToDummy so as not to stay too long in WM_SHELLHOOK.

Edited by guinness
1 person likes this

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

As I thought :)

This one is only working when the process has a window. What if the process has no window, it's just running in the background? If I'm right, and since I tried, I can say that it does nothing.

Share this post


Link to post
Share on other sites

You're welcome.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

Hi,

WMI way:

#include <Constants.au3>

Local $oWMIService = ObjGet("winmgmts:\\.\root\CIMV2")
If @error Then
    MsgBox($MB_ICONHAND, Default, "Could not initialize WMI object !")
    Exit 1
EndIf

Local $oSink = ObjCreate("WbemScripting.SWbemSink")
ObjEvent($oSink, "SINK_")

Local $oContext = ObjCreate("WbemScripting.SWbemNamedValueSet")
$oContext.Add("hostname", ".")

$oWMIService.ExecNotificationQueryAsync($oSink, _
        "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'", _
        Default, Default, Default, $oContext)

While 1
    Sleep(10)
WEnd

Func SINK_OnObjectReady($objLatestEvent, $objAsyncContext)
    Local $aObjData[3] = [ _
            $objLatestEvent.TargetInstance.ProcessId, _ ;pid
            $objLatestEvent.TargetInstance.Properties_.item("Name").value, _ ;pname
            $objLatestEvent.TargetInstance.ExecutablePath] ;ppath

    MsgBox($MB_SYSTEMMODAL, Default, "New process:" & @CrLf & _
            "pid: " & $aObjData[0] & @CrLf & _
            "name: " & $aObjData[1] & @CrLf & _
            "path: " & $aObjData[2])
EndFunc   ;==>SINK_OnObjectReady
Edit: Added indents.

Br, FireFox.

Edited by FireFox

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites

Lol, okay - sorry, I didn't want to be rude, just wrote a feedback :) Yes, it's a good solution, but not for my problem :) I should re-think my script again... Theoratically good, however I missed something...

It should make 2 different process list. An older and a current. If they are not the same, then write the difference, and update the old one.

Share this post


Link to post
Share on other sites

Unc3nZureD,

This is something I wrote long ago to monitor what is starting and stopping on my system.  There is also a "watchlist" to define a process to monitor and an action to take when the process being monitored starts and/or ends. 

This was designed to start with my system so I do NOT provide a way to terminate the script.

The sampling is timed (1 sec as I run it) so it is entirely possible to miss something that starts and ends within that interval.  I choose 1 sec because it fit my needs.

I see that Frefox posted a WMI solution as I was typing this.  That was going to be my second suggestion.

Anyway FWIW

#RequireAdmin
#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_Icon=..\Icons\Syslog.ico
#AutoIt3Wrapper_Outfile_x64=..\EXE\syslog.exe
#AutoIt3Wrapper_UseUpx=n
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****

#include <array.au3>
#include <date.au3>
#include <string.au3>
#include <process.au3>
#Include <APIConstants.au3>
#Include <WinAPIEx.au3>
#Include <guiconstantsEx.au3>

;HotKeySet("{ESC}", "fini")

Global $oMyError = ObjEvent("AutoIt.Error","MyErrFunc"), $f_COMError = False

init()

#cs
    watchlist structure
    n,0 = process to watch for
    n,1 = program to run
    n,2 = program to run parm #1
    n,3 = this slot intentionally left blank
    n,4 = run program when process starts
    n,5 = run program when process ends
#ce

local $a_watchlist[20][6]

$a_watchlist[0][0] = "iexplore.exe"
$a_watchlist[0][1] = "c:\program files\ccleaner\ccleaner64.exe"
$a_watchlist[0][2] = "/auto"
$a_watchlist[0][3] = ""
$a_watchlist[0][4] = false
$a_watchlist[0][5] = true
$a_watchlist[1][0] = "wlmail.exe"
$a_watchlist[1][1] = "c:\program files\ccleaner\ccleaner64.exe"
$a_watchlist[1][2] = "/auto"
$a_watchlist[1][3] = ""
$a_watchlist[1][4] = false
$a_watchlist[1][5] = true
$a_watchlist[2][0] = "outlook.exe"
$a_watchlist[2][1] = "c:\program files\ccleaner\ccleaner64.exe"
$a_watchlist[2][2] = "/auto"
$a_watchlist[2][3] = ""
$a_watchlist[2][4] = false
$a_watchlist[2][5] = true

local $a_curractive, $a_prevactive = processlist()

while 1

    $a_curractive = processlist()
    checkstarts()
    checkends()
    $a_prevactive = $a_curractive

    sleep(1000)

wend

func checkstarts()

    local $hit
    for $i = 1 to $a_curractive[0][0]
        $hit = false
        for $j = 1 to $a_prevactive[0][0]
            if $a_curractive[$i][0] = $a_prevactive[$j][0] and $a_curractive[$i][1] = $a_prevactive[$j][1] then
                $hit = True
                exitloop
            endif
        next
        if $hit = false then
            ; got something new, log it and check to see if we are watching for it
            lf(' ' & @computername & stringformat("[%-10.10s]",getuser($a_curractive[$i][1])) & ' ' & $a_curractive[$i][0] & ' / ' & $a_curractive[$i][1] & ' Started')
            for $k = 0 to ubound($a_watchlist,1) - 1
                if $a_curractive[$i][0] = $a_watchlist[$k][0] then
                    ;yes, we are watching for it, now what to do???
                    if $a_watchlist[$k][4] then
                        shellexecute($a_watchlist[$k][1],$a_watchlist[$k][2])
                        lf(" Event: " & @username & @tab & $a_watchlist[$k][1] & $a_watchlist[$k][2] & " initiated by program start [" & $a_curractive[$i][0] & ']')
                    endif
                EndIf
            next
        endif
    next

endfunc

func checkends()

    local $hit
    for $i = 1 to $a_prevactive[0][0]
        $hit = false
        for $j = 1 to $a_curractive[0][0]
            if $a_prevactive[$i][0] = $a_curractive[$j][0] and $a_prevactive[$i][1] = $a_curractive[$j][1] then
                $hit = True
                exitloop
            endif
        next
        if $hit = false then
            ; something ended, log it and see if we are watching for it
            lf(' ' & @computername & stringformat("[%-10.10s]",getuser($a_prevactive[$i][1])) & ' ' & $a_prevactive[$i][0] & ' / ' & $a_prevactive[$i][1] & ' Ended')
            for $k = 0 to ubound($a_watchlist,1) - 1
                if $a_prevactive[$i][0] = $a_watchlist[$k][0] then
                    ;yes, we are watching for it, now what to do???
                    if $a_watchlist[$k][5] then
                        shellexecute($a_watchlist[$k][1],$a_watchlist[$k][2])
                        lf(" Event: " & @username & @tab & $a_watchlist[$k][1] & $a_watchlist[$k][2] & " initiated by program stop [" & $a_prevactive[$i][0] & ']')
                    endif
                EndIf
            next
        endif
    next

endfunc

Func lf($le)
    Local $file
    $file = FileOpen(@scriptdir & '\syslog', 1)
    If $file = -1 Then
        MsgBox(0,"Watcher Error", "Error Unable to open log file")
        exit
    EndIf
    FileWriteLine($file,        @year  & '-' & _
            stringformat("%02s",@MON)  & '-' & _
            stringformat("%02s",@mday) & ' ' & _
            stringformat("%02s",@hour) & ':' & _
            stringformat("%02s",@min)  & ':' & _
            stringformat("%02s",@sec)  &       _
            $le)
    FileClose($file)
EndFunc

func init()

    lf(_stringrepeat('==*==',20))
    lf(' ')
    lf('                                       Starting SYSLOG')
    lf(' ')
    lf(_stringrepeat('==*==',20))
    lf(' ')
    lf(' Options: ')
    lf(' ')
    lf(' Syslog started on ' & @computername & ' at ' & _Now() & ' by ' & @username)
    lf(' ')
    lf(' Currently Running Processes:')
    lf(' ')
    lf(' ' &    stringformat("%-15s",'Computer Name')  & ' ' & _
                stringformat("%-15s",'User Name')      & ' ' & _
                stringformat("%-25s",'Process Name')   & ' ' & _
                stringformat("%-7s",'PID')             & ' ' & _
                stringformat("%-25s",'Start Date')     & ' ' & _
                stringformat("%-25s",'Parent Name')    & ' ' & _
                stringformat("%-10s",'Parent PID'))
    lf(' ' &    _stringrepeat("-",15)                   & ' ' & _
                _stringrepeat("-",15)                   & ' ' & _
                _stringrepeat("-",25)                   & ' ' & _
                _stringrepeat("-",7)                    & ' ' & _
                _stringrepeat("-",25)                   & ' ' & _
                _stringrepeat("-",25)                   & ' ' & _
                _stringrepeat("-",10))

    local $tasks = _pl()

    for $i = 0 to ubound($tasks) - 1
        lf(' ' &    stringformat("%-15s",@computername) & ' ' & _
                    stringformat("%-15s",$tasks[$i][5]) &  ' ' & _
                    stringformat("%-25.25s",$tasks[$i][1]) &  ' ' & _
                    stringformat("%-7s",$tasks[$i][2]) &  ' ' & _
                    stringformat("%-25.25s",$tasks[$i][0]) & ' ' & _
                    stringformat("%-25.25s",$tasks[$i][4]) &  ' ' & _
                    stringformat("%-10s",$tasks[$i][3]))
    next

    lf(' ')

endfunc

func _PL()

    local $wbemFlagReturnImmediately = 0x10
    local $wbemFlagForwardOnly = 0x20
    local $colItems = ""
    local $strComputer = "localhost"

    local $list[1000][45], $i = 1, $x

    $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process") ;, "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    if isobj($colItems) then redim $list[$colitems.count + 1][6]

    If IsObj($colItems) then
       For $objItem In $colItems

            $list[$i][0] =  WMIDateStringToDate($objItem.CreationDate)
            $list[$i][1] =  $objItem.Name
            $list[$i][2] =  $objItem.ProcessId
            $list[$i][3] =  $objItem.ParentProcessId
            $list[$i][4] =  _processgetname($list[$i][3])
            $list[$i][5] =  getuser($list[$i][2])

            $i += 1

        Next
    Else
       Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_Process" )
    Endif

    return $list

endfunc

Func WMIDateStringToDate($dtmDate)

    Return (StringMid($dtmDate, 5, 2) & "/" & _
    StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _
    & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))
EndFunc

Func MyErrFunc()
    Local $HexNumber=hex($oMyError.number,8)
    Msgbox(0,"","We intercepted a COM Error !" & @CRLF & _
                "Number is: " & $HexNumber & @CRLF & _
                "WinDescription is: " & $oMyError.windescription & @CRLF & _
                "Source is: " & $oMyError.source & @CRLF & _
                "ScriptLine is: " & $oMyError.scriptline)
   $f_COMError = True;
Endfunc

func getuser($pid)

    ; big "up" to ptrex for this routine !!!

    local $hToken, $Data, $aAdjust

    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

    ; Retrieve user names for all processes the system
    If Not (@error Or @extended) Then
        $Data = _WinAPI_GetProcessUser($pid)
        If IsArray($Data) Then
            return $Data[0]
        Else
            return ''
        EndIf
    EndIf

    ; Enable SeDebugPrivilege privilege by default
    _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
    _WinAPI_CloseHandle($hToken)

endfunc

func fini()
    Exit
endfunc

func dbg()
    lf(' *** Debugging *** ' & @crlf)
    lf('     Curractive ubound = ' & ubound($a_curractive) & @crlf)
    lf('     Prevactive ubound = ' & ubound($a_prevactive) & @crlf)
    for $i = 0 to ubound($a_curractive) - 1
        lf('     ' & $i & ' - ' & $a_curractive[$i][0] & $a_curractive[$i][1] & @crlf)
    next
    for $i = 0 to ubound($a_prevactive) - 1
        lf('     ' & $i & ' - ' & $a_prevactive[$i][0] & $a_prevactive[$i][1] & @crlf)
    next
endfunc

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites

Lol, okay - sorry, I didn't want to be rude, just wrote a feedback :) Yes, it's a good solution, but not for my problem :) I should re-think my script again... Theoratically good, however I missed something...

It should make 2 different process list. An older and a current. If they are not the same, then write the difference, and update the old one.

Well what is the purposes of what you want to do?


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Thanks for both script's, they both work well :)

Well what is the purposes of what you want to do?

 

I just want to check if one of my program (I mean not mine, but one which I downloaded) starts any "invisible, background" process(es). I just don't trust AV's, it's too easy to hide anything from them.

Share this post


Link to post
Share on other sites

So use what's wrong with this?

Local $fStarted = UBound(ProcessList("myProg.exe")) > 0

_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

Thanks for both script's, they both work well :)

 

I just want to check if one of my program (I mean not mine, but one which I downloaded) starts any "invisible, background" process(es). I just don't trust AV's, it's too easy to hide anything from them.

 

Pretty much what started me writing the script I posted.  Added the "watchlist" crap later...


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites

Hi,

WMI way:

#include <Constants.au3>

Local $oWMIService = ObjGet("winmgmts:\\.\root\CIMV2")
If @error Then
    MsgBox($MB_ICONHAND, Default, "Could not initialize WMI object !")
    Exit 1
EndIf

Local $oSink = ObjCreate("WbemScripting.SWbemSink")
ObjEvent($oSink, "SINK_")

Local $oContext = ObjCreate("WbemScripting.SWbemNamedValueSet")
$oContext.Add("hostname", ".")

$oWMIService.ExecNotificationQueryAsync($oSink, _
        "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process'", _
        Default, Default, Default, $oContext)

While 1
    Sleep(10)
WEnd

Func SINK_OnObjectReady($objLatestEvent, $objAsyncContext)
    Local $aObjData[3] = [ _
            $objLatestEvent.TargetInstance.ProcessId, _ ;pid
            $objLatestEvent.TargetInstance.Properties_.item("Name").value, _ ;pname
            $objLatestEvent.TargetInstance.ExecutablePath] ;ppath

    MsgBox($MB_SYSTEMMODAL, Default, "New process:" & @CrLf & _
            "pid: " & $aObjData[0] & @CrLf & _
            "name: " & $aObjData[1] & @CrLf & _
            "path: " & $aObjData[2])
EndFunc   ;==>SINK_OnObjectReady
Edit: Added indents.

Br, FireFox.

 

I used the x86 version of AutoIt and it only displayed a message box once. It also stopped me opening explorer windows for some reason.


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

#16 ·  Posted (edited)

 

So use what's wrong with this?

Local $fStarted = UBound(ProcessList("myProg.exe")) > 0

 

It only watches one of the processes, isn't it? An exe can easily spawn an "svchost", which is probably "invisible", however it's suspicious when it exactly starts after a specific process (not to mention that svchost shoudl start with windows, not in the middle of it)

 

I used the x86 version of AutoIt and it only displayed a message box once. It also stopped me opening explorer windows for some reason.

 

x86 at me too, and it works well for me. Are you using the Stable or beta Autoit?

Edited by Unc3nZureD

Share this post


Link to post
Share on other sites

another flavor of WMI way...

;
;
;

#include <date.au3>
#include <misc.au3>

HotKeySet("{ESC}","ESC")

local $oerror = ObjEvent("AutoIt.Error", "_DeBug")

Local $Obj  = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & @ComputerName & "\root\cimv2")
Local $hObj = ObjCreate("WbemScripting.SWbemSink")

If IsObj($Obj) And IsObj($hObj) Then
    ObjEvent($hObj, "SINK_")
    $Obj.ExecNotificationQueryAsync($hObj, "SELECT * FROM __InstanceCreationEvent WITHIN 0.1 WHERE TargetInstance ISA 'Win32_Process'")
    $Obj.ExecNotificationQueryAsync($hObj, "SELECT * FROM __InstanceDeletionEvent WITHIN 0.1 WHERE TargetInstance ISA 'Win32_Process'")
EndIf

Sleep(9999999999)

Func SINK_OnObjectReady($OB)
    local $str,$owner,$ret
    Switch $OB.Path_.Class
        Case "__InstanceCreationEvent"
            $str &= $OB.TargetInstance.ProcessID & "-"
            $str &= $ob.targetinstance.name & "-"
            $str &= $ob.targetinstance.csname & "-"
            $ret = $ob.targetinstance.getowner($owner)
            $str &= $ob.targetinstance.creationdate & "-"
            $str &= $ob.targetinstance.parentprocessid & "-"
            $str &= $ob.targetinstance.executablepath & @cr
            consolewrite("!->> Started  " & $str)
            $str = ""
        Case "__InstanceDeletionEvent"
            $str &= $OB.TargetInstance.ProcessID & "-"
            $str &= $ob.targetinstance.name & "-"
            $str &= _now() & "`"
            $str &= ($ob.targetinstance.kernelmodetime + $ob.targetinstance.usermodetime) / 10000000 & @cr
            consolewrite("+->> Ended  " & $str)
            $str = ""
    EndSwitch
    Return 1
EndFunc

Func _Debug($oError)
    ConsoleWrite( _
            "! ##################### AUTOIT OBJECT ERROR ######################################" & @CRLF & _
            "!                err.number is        : " & @TAB & hex($oError.number,8) & @CRLF & _
            "!                err.scriptline is    : " & @TAB & $oError.scriptline & @CRLF & _
            "!                err.windesc is       : " & @TAB & $oError.windescription & @CRLF & _
            "!                err.desc is          : " & @TAB & $oError.description & @CRLF & _
            "!                err.source is        : " & @TAB & $oError.source & @CRLF & _
            "!                err.retcode is       : " & @TAB & hex($oError.retcode,8) & @CRLF & _
            "! ################################################################################" & @CRLF _
            )
    Return 0
EndFunc

Func ESC()
    Exit(0)
EndFunc
1 person likes this

Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites

It also stopped me opening explorer windows for some reason.

It might be something to deal with the Default parameters of the function ExecNotificationQueryAsync or the fact that the event function is blocking with the MsgBox.

 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites

I had to restart my system as explorer just stopped responding. Not your fault!


_AdapterConnections()_AlwaysRun()_AppMon()_AppMonEx()_BinaryBin()_CheckMsgBox()_CmdLineRaw()_ContextMenu()_ConvertLHWebColor()/_ConvertSHWebColor()_DesktopDimensions()_DisplayPassword()_DotNet_Load()/_DotNet_Unload()_Fibonacci()_FileCompare()_FileCompareContents()_FileNameByHandle()_FilePrefix/SRE()_FindInFile()_GetBackgroundColor()/_SetBackgroundColor()_GetConrolID()_GetCtrlClass()_GetDirectoryFormat()_GetDriveMediaType()_GetFilename()/_GetFilenameExt()_GetHardwareID()_GetIP()_GetIP_Country()_GetOSLanguage()_GetSavedSource()_GetStringSize()_GetSystemPaths()_GetURLImage()_GIFImage()_GoogleWeather()_GUICtrlCreateGroup()_GUICtrlListBox_CreateArray()_GUICtrlListView_CreateArray()_GUICtrlListView_SaveCSV()_GUICtrlListView_SaveHTML()_GUICtrlListView_SaveTxt()_GUICtrlListView_SaveXML()_GUICtrlMenu_Recent()_GUICtrlMenu_SetItemImage()_GUICtrlTreeView_CreateArray()_GUIDisable()_GUIImageList_SetIconFromHandle()_GUIRegisterMsg()_GUISetIcon()_Icon_Clear()/_Icon_Set()_IdleTime()_InetGet()_InetGetGUI()_InetGetProgress()_IPDetails()_IsFileOlder()_IsGUID()_IsHex()_IsPalindrome()_IsRegKey()_IsStringRegExp()_IsSystemDrive()_IsUPX()_IsValidType()_IsWebColor()_Language()_Log()_MicrosoftInternetConnectivity()_MSDNDataType()_PathFull/GetRelative/Split()_PathSplitEx()_PrintFromArray()_ProgressSetMarquee()_ReDim()_RockPaperScissors()/_RockPaperScissorsLizardSpock()_ScrollingCredits_SelfDelete()_SelfRename()_SelfUpdate()_SendTo()_ShellAll()_ShellFile()_ShellFolder()_SingletonHWID()_SingletonPID()_Startup()_StringCompact()_StringIsValid()_StringRegExpMetaCharacters()_StringReplaceWholeWord()_StringStripChars()_Temperature()_TrialPeriod()_UKToUSDate()/_USToUKDate()_WinAPI_Create_CTL_CODE()_WinAPI_CreateGUID()_WMIDateStringToDate()/_DateToWMIDateString()Au3 script parsingAutoIt SearchAutoIt3 PortableAutoIt3WrapperToPragmaAutoItWinGetTitle()/AutoItWinSetTitle()CodingDirToHTML5FileInstallrFileReadLastChars()GeoIP databaseGUI - Only Close ButtonGUI ExamplesGUICtrlDeleteImage()GUICtrlGetBkColor()GUICtrlGetStyle()GUIEventsGUIGetBkColor()Int_Parse() & Int_TryParse()IsISBN()LockFile()Mapping CtrlIDsOOP in AutoItParseHeadersToSciTE()PasswordValidPasteBinPosts Per DayPreExpandProtect GlobalsQueue()Resource UpdateResourcesExSciTE JumpSettings INISHELLHOOKShunting-YardSignature CreatorStack()Stopwatch()StringAddLF()/StringStripLF()StringEOLToCRLF()VSCROLLWM_COPYDATAMore Examples...

Updated: 04/09/2015

Share this post


Link to post
Share on other sites

I had to restart my system as explorer just stopped responding.

:lol:


 

OS : Win XP SP2 (32 bits) / Win 7 SP1 (64 bits) / Win 8 (64 bits) | Autoit version: latest stable / beta.
Hardware : Intel(R) Core(TM) i5-2400 CPU @ 3.10Ghz / 8 GiB RAM DDR3.

My UDFs : Skype UDF | TrayIconEx UDF | GUI Panel UDF | Excel XML UDF | Is_Pressed_UDF

My Projects : YouTube Multi-downloader | FTP Easy-UP | Lock'n | WinKill | AVICapture | Skype TM | Tap Maker | ShellNew | Scriptner | Const Replacer | FT_Pocket | Chrome theme maker

My Examples : Capture toolIP Camera | Crosshair | Draw Captured Region | Picture Screensaver | Jscreenfix | Drivetemp | Picture viewer

My Snippets : Basic TCP | Systray_GetIconIndex | Intercept End task | Winpcap various | Advanced HotKeySet | Transparent Edit control

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0