serach memory via process description !!

hani-dev · May 15, 2016

hey all

i need help with search via process description ,, is there any way to search for some process in memory by using it's description

example : the description for google chrome is (Google Inc.)

i want loop inside process and if my script find this description then do another think

i used this for loop inside memory and get all process names :

#include <MsgBoxConstants.au3>

$qa = "FileDescription"
$a = ProcessList()

$list = FileGetVersion($qa) & $a[0][0]

For $i = 1 To $a[0][0]
    $list &= 'Process: ' & $a[$i][0] & ' (' & $a[$i][1] & ')' & @CRLF
Next

MsgBox(0, '', $list)

but i need to get process description not names

i hope u got the idea

have a nice day all

Edited May 15, 2016 by hani-dev

water · May 15, 2016

Welcome to AutoIt and the forum!
Maybe the WinAPI or WinAPIEx UDF provide a function?

orbs · May 15, 2016

@hani-dev,

your use of FileGetVersion() is completely wrong. i'll let you figure this one out for yourself, with the help of the help file.

however, as you may have noticed, the property you are looking for is called "FileDescription", not "ProcessDescription". i.e. it is a property of the file, not of the process. you need to determine the full path to the process executable, than apply FileGetVersion (correctly!) on that.

B.T.W. water is correct. since it's obviously one of your first steps into scripting, let's take it easy - search the help file for _WinAPI_GetProcessFileName.

hani-dev · May 15, 2016

21 minutes ago, orbs said:

@hani-dev,

your use of FileGetVersion() is completely wrong. i'll let you figure this one out for yourself, with the help of the help file.

however, as you may have noticed, the property you are looking for is called "FileDescription", not "ProcessDescription". i.e. it is a property of the file, not of the process. you need to determine the full path to the process executable, than apply FileGetVersion (correctly!) on that.

B.T.W. water is correct. since it's obviously one of your first steps into scripting, let's take it easy - search the help file for _WinAPI_GetProcessFileName.

thanx man for ur replay >>>

i can do it for specific process by using this script :

$f = "FileDescription"
$p = "C:\Users\qan\Desktop\chrome.exe"

$dev = FileGetVersion($p , $f )
msgbox(0, "" , $dev)

my problem is : i want to write a script for searching in all processes by using loop using FileDescription,, why !! because if some one change the process name the script will not work thats my point

Edited May 15, 2016 by hani-dev

orbs · May 15, 2016

9 minutes ago, hani-dev said:

... some one change the process name the script will not work ...

how and why would someone change the process name, and why will your script not work if they do?

11 minutes ago, hani-dev said:

my problem is : i want to write a script for searching in all processes by using loop using FileDescription ...

that much we understand, and now you have all the leads you need to do so. let's spell it out: you know how to get the process ID; use _WinAPI_GetProcessFileName() on that to... well... get the process file name; then use FileGetVersion() on the file name.

hani-dev · May 15, 2016

5 hours ago, orbs said:

how and why would someone change the process name, and why will your script not work if they do?

that much we understand, and now you have all the leads you need to do so. let's spell it out: you know how to get the process ID; use _WinAPI_GetProcessFileName() on that to... well... get the process file name; then use FileGetVersion() on the file name.

if some one change the name for the program it's also changed in the prcoess so my scripts will not work ...
why some one change the name !! i dont know but i want my script work without error

look at this pic's : i do a smiple test on putty tool using this code

$f = "FileDescription"
$p = "C:\Users\qan\Desktop\putty.exe"

$dev = FileGetVersion($p , $f )
msgbox(0, "" , $dev)

at this case the secript will work fine ,,,,

but if i change the program name it will not work ...

that's why i need need my code loop inside process and search by using process description ....

i mean if SSH, Telnet and Relogin client Simon taham Regardless of the name of the process then msgbox(0, "", "the process is there")

i hope u get my point and my sorry for my bad english

Jos · May 15, 2016

I am seriously lost why this would be needed at all!
So try again to explain why this is so important and logica to check and please don't hyperbole but simply explain a real life scenario this would be needed?

Jos

Edited May 15, 2016 by Jos

hani-dev · May 15, 2016

27 minutes ago, Jos said:

I am seriously lost why this would be needed at all!
So try again to explain why this is so important and logica to check and please don't hyperbole but simply explain a real life scenario this would be needed?

Jos

it's just an idea for making something more prof.

we used to get the file description by using simple code

$f = "FileDescription"
$p = "C:\Users\qan\Desktop\putty.exe"

$dev = FileGetVersion($p , $f )
msgbox(0, "" , $dev)

today i just decided to use file description to get the process name belong to this description ...

u got it ?

Jos · May 15, 2016

Just now, hani-dev said:

u got it ?

No, You are not giving any explanation as making it professional doesn't mean anything in this context.
So explain why would this ever be needed?

Jos

hani-dev · May 18, 2016

On ٨‏/٨‏/١٤٣٧ هـ at 7:41 PM, Jos said:

No, You are not giving any explanation as making it professional doesn't mean anything in this context.
So explain why would this ever be needed?

Jos

sorry for late replay ...

im trying to develop script that kil process based on provided Description by me ....

example ()

SSH, Telnet and Relogin client Simon taham <===== putty.exe file description

Windows Calculator <== calc.exe file description

im working in Information Security Company and all others gays here are pro ,,, they can the name and the class names for programs so if i coded script based on (ProcessExists) at my case it wouldn't work !! why !!! becuse the users already change the name for the process and they also change the class name (window title)

thats my story man

Conclusion :

i want coded something loop in process list and searching for process Description if that Description found then kill the process that's all

so can u help me im still trying for days without success

Edited May 18, 2016 by hani-dev

Jos · May 18, 2016

So what are you trying to do when you find a renamed program/process and determine by finding the description it is a known program?
In other words: What is the real goal here?

18 minutes ago, hani-dev said:

im working in Information Security Company and all others gays here are pro ,,, they can the name and the class names for programs

What is stopping them from changing the PE header and altering the Description in the Version block?

Jos

hani-dev · May 18, 2016

1 hour ago, Jos said:

So what are you trying to do when you find a renamed program/process and determine by finding the description it is a known program?
In other words: What is the real goal here?

What is stopping them from changing the PE header and altering the Description in the Version block?

Jos

i dont know why u refused to help or u dont have answer i dont know really !!!

i told u i want to close program in process by it's own Description every one of us have diffrat goals and this is my goal so that's why im here and requst for help

Edited May 18, 2016 by hani-dev

AutoBert · May 18, 2016

1 hour ago, hani-dev said:

im working in Information Security Company and all others gays here are pro ,,, they can the name and the class names for programs so if i coded script based on (ProcessExists) at my case it wouldn't work !!

i think best suggestion is: ask the pro's of your Information Security Company.

hani-dev · May 18, 2016

Just now, AutoBert said:

i think best suggestion is: ask the pro's of your Information Security Company.

thank's for ur suggestion

Jos · May 19, 2016

10 hours ago, hani-dev said:

i dont know why u refused to help or u dont have answer i dont know really !!!

Probably because I am telling you there is always a way around your logic so it simply doesn't make sense.

Jos

hani-dev · May 19, 2016

1 minute ago, Jos said:

Probably because I am telling you there is always a way around your logic so it simply doesn't make sense.

Jos

i do it with powershell and autoit but i need it in pure autoit

serach memory via process description !!

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Create an account or sign in to comment

Create an account

Sign in

Recently Browsing 0 members