tunaym

Processexisits for each individual user?

9 posts in this topic

#1 ·  Posted (edited)

Running my script on 2012 r2. I need to use Processexists for a specific user. I have a script that runs in the background that detects if a process has been closed. Processexists looks at all the users running that process. Is there anyway of looking at a users process instead? 
Regards

Edited by tunaym

Share this post


Link to post
Share on other sites



WMI style

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"
$Output=""


$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

If IsObj($colItems) then
   For $objItem In $colItems

    local $name
    $objItem.GetOwner($name)

        If $name = @UserName Then

        $Output = $Output & "ProcessName: " & $objItem.Name & @CRLF
        $Output = $Output & "Owner: " & $name & @CRLF
        If Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
        $Output=""
        EndIf

    Next

Else
   Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_Process" )
Endif

,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

tunaym,

Look i the Help file for _WinAPI_GetProcessUser (as Bill said).  There is a ready made example, including setting security.

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites

Thanks for your help guys. 

This is what i needed, just need to figure out how it works and implement it into my script. :)

Share this post


Link to post
Share on other sites

tunaym,

You could turn it into a function that returns an array...

#RequireAdmin

#include <Array.au3>
#include <WinAPI.au3>
#include <WinAPIProc.au3>

;_arraydisplay(  _GetProcess_Users('admin010|nancy') )
;_arraydisplay(  _GetProcess_Users('nancy') )
_arraydisplay(  _GetProcess_Users() )

func _GetProcess_Users($Users = '*', $sDelimiter = '|')

    $aUsers = stringsplit($Users, $sDelimiter, 3)

    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another process
    ; old priviledge settings are stored in $aAdjust to restore when finished
    Local $aAdjust, $aList = 0
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))
    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)
    If @error Or @extended Then exit msgbox(0,'Error','Error adjusting priviledges')

    ; Retrieve user names for all processes of the system
    ; filter return array by Users
    $aList = ProcessList()
    Local $aData

    For $i = $aList[0][0] to 1 step -1
        $aData = _WinAPI_GetProcessUser($aList[$i][1])
        If not IsArray($aData) Then
            _arraydelete($aList, $i)
            ContinueLoop
        endif
        if $aUsers[0] = '*' then
            $aList[$i][1] = 'All'
            ContinueLoop
        endif
        for $j = 0 to UBound($aUsers) - 1
            if $aData[0] = $aUsers[$j] then
                $aList[$i][1] = $aUsers[$j]
            EndIf
        next
        if stringisdigit($aList[$i][1]) then _arraydelete($aList, $i)
    Next

    ; Restore old priviledge settings
    _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
    _WinAPI_CloseHandle($hToken)

    _arraydelete($aList, 0)
    return $aList

endfunc

This is just an example.  You may want to strengthen the error checking.

kylomas


Forum Rules         Procedure for posting code

"I like pigs.  Dogs look up to us.  Cats look down on us.  Pigs treat us as equals."

- Sir Winston Churchill

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Hi

þヨⓡᅷ∈℃⊥

Thanks for all your replys.

þヨⓡᅷ∈℃⊥ thats what im looking for. Just one question. I cant figure out how to limit the search for only one process. I.E ("taskmgr.exe").

Once i have figured that then i can change the output to call a function if it can't find the process running on that user.

Regards

Edited by tunaym

Share this post


Link to post
Share on other sites

;---  set process and username to look for
;~ $sProcess = "smss.exe"
$sProcess = "notepad.exe"
$User = @UserName
;---------------------


$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"
$Output=""

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Name = " & '"' & $sProcess & '"', "WQL", _
                                          $wbemFlagReturnImmediately + $wbemFlagForwardOnly)    ;Where Name = " & $sProcess

If IsObj($colItems) then
   For $objItem In $colItems

    local $username
    $objItem.GetOwner($username)
        If $User = $username Then
            $Output = $Output & "ProcessName: " & $objItem.Name & @CRLF
            $Output = $Output & "Owner: " & $username & @CRLF
                If Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
            $Output=""
        Else
            $Output = $Output & "Process was found, but it is has a different owner"
                If Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop
            $Output=""
        EndIf

    Next

Else
   Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_Process" )
Endif


,-. .--. ________ .-. .-. ,---. ,-. .-. .-. .-.
|(| / /\ \ |\ /| |__ __||| | | || .-' | |/ / \ \_/ )/
(_) / /__\ \ |(\ / | )| | | `-' | | `-. | | / __ \ (_)
| | | __ | (_)\/ | (_) | | .-. | | .-' | | \ |__| ) (
| | | | |)| | \ / | | | | | |)| | `--. | |) \ | |
`-' |_| (_) | |\/| | `-' /( (_)/( __.' |((_)-' /(_|
'-' '-' (__) (__) (_) (__)

Share this post


Link to post
Share on other sites

That is excatly what i'm looking for. Thank you much appricated. :thumbsup:

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now