[Solved] Get Full Path of process - both x86 & x64.
By
iXX, in AutoIt General Help and Support
-
Similar Content
-
By TryWare90Days
I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus.
The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware.
I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system.
I have with no luck tried to do this:
Global $_bStatus = False
While $_bStatus = False
Global $_iPid
Global $_sActiveTitleNew = "svchost *32.exe"
$_iPid = WinGetProcess($_sActiveTitleNew)
If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid)
Wend
EXIT
But the $_iPid doesn't ever show anything else than -1, even if I can see the svchost *32.exe process in my TaskManager
YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.
-
By nacerbaaziz
Hello my friends
I have an inquiry after your permission
I found a function to get the special line commands for any operation
It requires the name of the process to be searched
I want to use it to know the process
Is this possible with this function
Here is the code
Func commandLineGet($proc, $strComputer=".")
dim $array[1]
local $ArrayNumber
local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
local $oProcessColl = $oWMI.ExecQuery("Select * from Win32_Process where Name= " & '"'& $Proc & '"')
local $Process
For $Process In $oProcessColl
$Process = $Process.Commandline
ReDim $Array[UBound($Array)+1]
$ArrayNumber = UBound($Array)-1
$array[$ArrayNumber] = $Process
Next
$ArrayNumber = UBound($Array)-1
$array[0] = $ArrayNumber
return $array
EndFunc
-
By simy8891
Hi guys,
It's been a while since I wrote my last message here and a while since I used AutoIt. I'm currently sort of desperate and I'm trying to find some help in regards of getting the network usage per process!
I'm not interested in the total network usage of the NIC, but only on a specific PID's network utilization. They idea is to collect the amount of traffic uploaded and downloaded by a list of specific processes. So far Process Hacker and Process Explorer are capable of getting what I need, but I need to use these numbers in another script so they're sort of useless to me. I can't seem to find a way around it.
Any idea, help is greatly appreciated.
Thanks
-
By ur
with the below code, I am keeping waiting for a particular file and waiting in the background.
While $i <> 10 Sleep(60000) If FileExists(@ScriptDir&"\Binaries.ini") then --some processing-- $i = 10 endif WEnd I thought keeping the Sleep will freeze the process from resources but the CPU being uilized.But it is taking 47%.
How to free this CPU usage also.?
-
By RTFC
Please answer me these questions three, ere the other side you see:
Are you running a 64-bit machine with a 64-bit Windows operating system? Can your AutoIt scripts cope with having directive #AutoIt3Wrapper_UseX64=Y, and thus @AutoItX64=True? Are you sick and tired of seeing this error message?
If you (like me) answered "YES" to all three questions, then the _HighMem library may ease your pain (the name commemorates a useful utility from the days when CPUs were still steam-powered). Forget about pathetic boot switches /3GB and /userva; in a full-fledged 64-bit environment, _HighMem can pre-allocate all available physical/virtual RAM you've got (or any smaller size you need), and manage individual allocations therein with four simple functions:
_HighMem_StartUp( $nSize, $sUnit="GB" ) ; parse size of total region to pre-allocate, e.g. (10,"GB") _HighMem_Allocate( $nSize, $sUnit="B" ) ; returns $pOffset (new allocation's base address) _HighMem_Release( $pOffset ) ; existing allocations are identified by their offset (base address) _HighMem_CleanUp() ; close handles, release all pre-allocated memory Of course, existing AutoIt limitations remain in force (e.g., DllstructCreate() is still limited to 2 GB per call), but the maximum of 2-4 GB of virtual memory per Windows process can (under the right circumstances, in the proper environment) be circumvented. However, this is the first beta release, so glitches are likely, and performance may vary. In fact, it may not work at all for you (if you're running 32-bit, for example). And since this involves your own hardware, it's unlikely I would be able to reproduce your issues in my own work environment. Nevertheless, if you find obvious bugs or mistakes in the code, please do post. And if it works for you, that's also good to hear. My own motivation for developing it was to supercharge my matrix computing environment (Eigen4AutoIt), so it can handle matrices of any size that fit in machine RAM.
The attached zip contains the library itself (HighMem.au3) and two test examples. HighMem_Test1 performs a dry run stress test of the allocation management system; it does not actually do any memory I/O. By contrast, HighMem_Test2 pre-allocates a 6 GB space, stores 3 x 2GB structs there, performs some basic I/O, and releases the allocations one by one. Obviously, for this to work you'll need at least that much free RAM to begin with (check with Task Manager -> Performance -> Memory if you're unsure). My own test environment has 16 GB of physical RAM, and runs W10Pro/64.
EDIT: minor edits added to improve user experience (many more status messages if $_HighMem_Verbose=True)
HighMem.v0.85.7z
EDIT: from beta version 0.9, HighMem supports shared memory, including mutex negotiation.
HighMem.v0.91.7z
-