VaultGuy Posted April 13, 2015 Share Posted April 13, 2015 Hi guys, I'm trying to run procmon ( https://technet.microsoft.com/en-gb/sysinternals/bb896645.aspx ) hidden, so I tried the following: Run("procmon.exe /Nofilter /accepteula /Quiet /Minimized /BackingFile ProcmonTrace.PML", "", @SW_HIDE) @SW_HIDE doesn't work and procmon always runs in a minimized window. Procmon in general doesn't seem to respond to "hide" commands. I just started procmon and then this code to test it: $ProcMonWindowHandle = WinWait("[CLASS:PROCMON_WINDOW_CLASS]","",3) If $ProcMonWindowHandle = 0 Then MsgBox(1, "Error", "Error") WinActivate ($ProcMonWindowHandle) Sleep (2000) WinSetState ( $ProcMonWindowHandle, "", @SW_HIDE ) WinActivate works, but WinSetState not. WinClose and WinKill also don't work. Has anyone experienced this before and maybe has a solution for it ? Link to comment Share on other sites More sharing options...
JohnOne Posted April 13, 2015 Share Posted April 13, 2015 Does this "procmon" ask for admin? AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Blue_Drache Posted April 13, 2015 Share Posted April 13, 2015 Here's a thought. Since procmon.exe is a high-value target for virus coders, perhaps the operating system is preventing what you wish? Lofting the cyberwinds on teknoleather wings, I am...The Blue Drache Link to comment Share on other sites More sharing options...
VaultGuy Posted April 13, 2015 Author Share Posted April 13, 2015 Hi JohnOne, thanks for your reply. Procmon indeed asks for admin. In this small example #RequireAdmin fixed the issue: #RequireAdmin $ProcMonWindowHandle = WinWait("[CLASS:PROCMON_WINDOW_CLASS]","",3) If $ProcMonWindowHandle = 0 Then MsgBox(1, "Error", "Error") WinActivate ($ProcMonWindowHandle) Sleep (1000) WinSetState ( $ProcMonWindowHandle, "", @SW_HIDE ) Sleep (2000) WinSetState ( $ProcMonWindowHandle, "", @SW_SHOW ) My initial script which runs procmon had the following wrapper directive: #AutoIt3Wrapper_Res_requestedExecutionLevel=requireAdministrator I thought this was enough to carry the permission level to the procmon child process. When I add #RequireAdmin, I'm able to use WinSetState correctly. But the initial @SW_HIDE command still doesn't work: Run("procmon.exe /Nofilter /accepteula /Quiet /Minimized /BackingFile ProcmonTrace.PML", "", @SW_HIDE) Link to comment Share on other sites More sharing options...
JohnOne Posted April 13, 2015 Share Posted April 13, 2015 Yes, some windows are simply like that, and refuse to start hidden, firefox or chrome is another I think. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
VaultGuy Posted April 13, 2015 Author Share Posted April 13, 2015 JohnOne thanks for your feedback. It helped much to get me on the right track Yes, some windows are simply like that, and refuse to start hidden, firefox or chrome is another I think. I kind of worked around it: Opt('WinWaitDelay', 10) Run("procmon.exe /Nofilter /accepteula /Quiet /Minimized /BackingFile ProcmonTrace.PML", "", @SW_HIDE) $ProcMonWindowHandle = WinWait("[CLASS:PROCMON_WINDOW_CLASS]") WinSetState ( $ProcMonWindowHandle, "", @SW_HIDE ) @SW_HIDE from the run command doesn't work, but "Opt('WinWaitDelay', 10)" hides the window immediately. There's only a minimal flicker of the script in the task bar and that's it. Good enough for me ... Thanks for the help. Link to comment Share on other sites More sharing options...
Solution jguinch Posted April 13, 2015 Solution Share Posted April 13, 2015 It works for me, with just removing the /Minimized parameter : #RequireAdmin Run("procmon.exe /Nofilter /accepteula /Quiet /BackingFile ProcmonTrace.PML", "", @SW_HIDE) Spoiler Network configuration UDF, _DirGetSizeByExtension, _UninstallList Firefox ConfigurationArray multi-dimensions, Printer Management UDF Link to comment Share on other sites More sharing options...
VaultGuy Posted April 13, 2015 Author Share Posted April 13, 2015 It works for me, with just removing the /Minimized parameter : #RequireAdmin Run("procmon.exe /Nofilter /accepteula /Quiet /BackingFile ProcmonTrace.PML", "", @SW_HIDE) Hey thanks, works for me, too Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now