hani-dev

serach memory via process description !!

16 posts in this topic

#1 ·  Posted (edited)

hey all

i need help with search via process description ,, is there any way to search for some process in memory by using it's description

example : the description for google chrome is (Google Inc.)

i want loop inside process and if my script find this description then do another think

i used this for loop inside memory and get all process names :

#include <MsgBoxConstants.au3>

$qa = "FileDescription"
$a = ProcessList()

$list = FileGetVersion($qa) & $a[0][0]

For $i = 1 To $a[0][0]
    $list &= 'Process: ' & $a[$i][0] & ' (' & $a[$i][1] & ')' & @CRLF
Next

MsgBox(0, '', $list)

but i need to get process description not names

i hope u got the idea

have a nice day all

Edited by hani-dev

Share this post


Link to post
Share on other sites



Welcome to AutoIt and the forum!
Maybe the WinAPI or WinAPIEx UDF provide a function?


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

@hani-dev,

your use of FileGetVersion() is completely wrong. i'll let you figure this one out for yourself, with the help of the help file.

however, as you may have noticed, the property you are looking for is called "FileDescription", not "ProcessDescription". i.e. it is a property of the file, not of the process. you need to determine the full path to the process executable, than apply FileGetVersion (correctly!) on that.

B.T.W. water is correct. since it's obviously one of your first steps into scripting, let's take it easy - search the help file for _WinAPI_GetProcessFileName.

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

21 minutes ago, orbs said:

@hani-dev,

your use of FileGetVersion() is completely wrong. i'll let you figure this one out for yourself, with the help of the help file.

however, as you may have noticed, the property you are looking for is called "FileDescription", not "ProcessDescription". i.e. it is a property of the file, not of the process. you need to determine the full path to the process executable, than apply FileGetVersion (correctly!) on that.

B.T.W. water is correct. since it's obviously one of your first steps into scripting, let's take it easy - search the help file for _WinAPI_GetProcessFileName.

thanx man for ur replay >>>

i can do it for specific process by using this script :

$f = "FileDescription"
$p = "C:\Users\qan\Desktop\chrome.exe"

$dev = FileGetVersion($p , $f )
msgbox(0, "" , $dev)

my problem is : i want to write a script for searching in all processes by using loop using FileDescription,, why !! because if some one change the process name the script will not work thats my point 

Edited by hani-dev

Share this post


Link to post
Share on other sites
9 minutes ago, hani-dev said:

... some one change the process name the script will not work ...

how and why would someone change the process name, and why will your script not work if they do?

11 minutes ago, hani-dev said:

my problem is : i want to write a script for searching in all processes by using loop using FileDescription ...

that much we understand, and now you have all the leads you need to do so. let's spell it out: you know how to get the process ID; use _WinAPI_GetProcessFileName() on that to... well... get the process file name; then use FileGetVersion() on the file name.

Share this post


Link to post
Share on other sites
5 hours ago, orbs said:

how and why would someone change the process name, and why will your script not work if they do?

that much we understand, and now you have all the leads you need to do so. let's spell it out: you know how to get the process ID; use _WinAPI_GetProcessFileName() on that to... well... get the process file name; then use FileGetVersion() on the file name.

if some one change the name for the program it's also changed in the prcoess so my scripts will not work ...
why some one change the name !! i dont know but i want my script work without error

look at this pic's : i do a smiple test on putty tool using this code
 

$f = "FileDescription"
$p = "C:\Users\qan\Desktop\putty.exe"

$dev = FileGetVersion($p , $f )
msgbox(0, "" , $dev)

http://s32.postimg.org/98qoil6np/aut1.png

at this case the secript will work fine ,,,,

but if i change the program name it will not work ...

http://s32.postimg.org/mz0u23to5/aut2.png

:D

that's why i need need my code loop inside process and search by using process description ....

i mean if SSH, Telnet and Relogin client  Simon taham Regardless of the name of the process then msgbox(0, "", "the process is there")

i hope u get my point and my sorry for my bad english

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

I am seriously lost why this would be needed at all!
So try again to explain why this is so important and logica to check and please don't hyperbole but simply explain a real life scenario this would be needed?

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

 

27 minutes ago, Jos said:

I am seriously lost why this would be needed at all!
So try again to explain why this is so important and logica to check and please don't hyperbole but simply explain a real life scenario this would be needed?

Jos

it's just an idea for making something more prof.

we used to get the file description by using simple code

$f = "FileDescription"
$p = "C:\Users\qan\Desktop\putty.exe"

$dev = FileGetVersion($p , $f )
msgbox(0, "" , $dev)

today i just decided to use file description to get the process name belong to this description ...

u got it ?

Share this post


Link to post
Share on other sites
Just now, hani-dev said:

u got it ?

No, You are not giving any explanation as making it professional doesn't mean anything in this context.
So explain why would this ever be needed?

Jos


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#10 ·  Posted (edited)

On ٨‏/٨‏/١٤٣٧ هـ at 7:41 PM, Jos said:

No, You are not giving any explanation as making it professional doesn't mean anything in this context.
So explain why would this ever be needed?

Jos

sorry for late replay ...

im trying to develop script that kil process based on provided Description by me ....

example ()

SSH, Telnet and Relogin client  Simon taham  <===== putty.exe file description

Windows Calculator <== calc.exe file description

 

im working in Information Security Company and all others gays here are pro ,,, they can the name and the class names for programs so if i coded script based on (ProcessExists) at my case it wouldn't work !! why !!! becuse the users already change the name for the process and they also change the class name (window title)

thats my story man

Conclusion :

i want coded something loop in process list and searching for process Description if that Description found then kill the process that's all

so can u help me im still trying for days without success

Edited by hani-dev

Share this post


Link to post
Share on other sites

So what are you trying to do when you find a renamed program/process and determine by finding the description it is a known program?
In other words: What is the real goal here?

18 minutes ago, hani-dev said:

im working in Information Security Company and all others gays here are pro ,,, they can the name and the class names for programs

What is stopping them from changing the PE header and altering the Description in the Version block?

Jos
 


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

1 hour ago, Jos said:

So what are you trying to do when you find a renamed program/process and determine by finding the description it is a known program?
In other words: What is the real goal here?

What is stopping them from changing the PE header and altering the Description in the Version block?

Jos
 

i dont know why u refused to help or u dont have answer i dont know really !!!

i told u i want to close program in process by it's own Description every one of us have diffrat goals and this is my goal so that's why im here and requst for help

Edited by hani-dev

Share this post


Link to post
Share on other sites
1 hour ago, hani-dev said:

im working in Information Security Company and all others gays here are pro ,,, they can the name and the class names for programs so if i coded script based on (ProcessExists) at my case it wouldn't work !!

i think best suggestion is: ask the pro's of your Information Security Company.

Share this post


Link to post
Share on other sites
Just now, AutoBert said:

i think best suggestion is: ask the pro's of your Information Security Company.

thank's for ur suggestion ;)

Share this post


Link to post
Share on other sites
10 hours ago, hani-dev said:

i dont know why u refused to help or u dont have answer i dont know really !!!

Probably because I am telling you there is always a way around your logic so it simply doesn't make sense.

Jos 

 


Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites
1 minute ago, Jos said:

Probably because I am telling you there is always a way around your logic so it simply doesn't make sense.

Jos 

 

i do it with powershell and autoit but i need it in pure autoit :(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now