ur

How to get remote process list

7 posts in this topic

With  ProcessList ( ["name"] )  we are able to get the running process list from the local machine.

 

Is there anyway to get the list from Remote machine, more precisely to get to know the status whether a particular application is running or not on remote machine using AutoIT?

 

We can implement through PSList.exe, but again we need to parse the text of it to read the output.

Is there any direct UDF in AutoIT?

Share this post


Link to post
Share on other sites

a way by using WMI.

#include <array.au3>

_ArrayDisplay(_GetTaskList()) ; Pass the target computer name for remote clients

Func _GetTaskList($strComputer = @ComputerName)

    If Not Ping($strComputer) Then Return SetError(1, 0, "")
    Local $usr = "", $pass = ""; set this only if different from current user

    ; https://msdn.microsoft.com/en-us/library/aa394372(v=vs.85).aspx
    Local $objWMILocator = ObjCreate("WbemScripting.SWbemLocator")
    Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", "&H80")

    Local $colProcesses = $objWMIService.ExecQuery("SELECT * FROM Win32_Process")
    If Not IsObj($colProcesses) Then Return SetError(2, 0, "")

    Local $aProcesses[$colProcesses.count + 1][2] = [[$colProcesses.count, 0]]
    Local $i = 0

    For $objProces In $colProcesses
        $i += 1
        $aProcesses[$i][0] = $objProces.name
        $aProcesses[$i][1] = $objProces.ProcessID
    Next

    Return SetError(0, 0, $aProcesses)
EndFunc   ;==>_GetTaskList

 


small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt....

Share this post


Link to post
Share on other sites

@jguinch, seems that  WMI is happy with the VB hex notation "&H80", while if you want to use the AutoIt hex notation 0x80 then pass it without quotes. If you use the decimal number 128 it's always ok with or without quotes.

Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", 0x80)

or

Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", "128")

or

Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", 128)

 


small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt....

Share this post


Link to post
Share on other sites

with PSTools we are able to get the details.
pslist.exe

 

Usage: C:\Users\uday-\Desktop\pslist64.exe [-d][-m][-x][-t][-s [n] [-r n] [\\computer [-u username][-p password][name|pid]
   -d          Show thread detail.
   -m          Show memory detail.
   -x          Show processes, memory information and threads.
   -t          Show process tree.
   -s [n]      Run in task-manager mode, for optional seconds specified.
               Press Escape to abort.
   -r n        Task-manager mode refresh rate in seconds (default is 1).
   \\computer  Specifies remote computer.
   -u          Optional user name for remote login.
   -p          Optional password for remote login. If you don't present
               on the command line pslist will prompt you for it if necessary.
   name        Show information about processes that begin with the name
               specified.
   -e          Exact match the process name.
   -nobanner   Do not display the startup banner and copyright message.
   pid         Show information about specified process.

All memory values are displayed in KB.
Abbreviation key:
   Pri         Priority
   Thd         Number of Threads
   Hnd         Number of Handles
   VM          Virtual Memory
   WS          Working Set
   Priv        Private Virtual Memory
   Priv Pk     Private Virtual Memory Peak
   Faults      Page Faults
   NonP        Non-Paged Pool
   Page        Paged Pool
   Cswtch      Context Switches

 

Share this post


Link to post
Share on other sites

Correct: We are able to get the details using PSTools. But the question is: Do you need the details? If yes, which one?
You didn't mention this in your originial post.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

I just posted as one of the solutions to my question long back that I followed, so that if this approach is wrong, our members can correct me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Similar Content

    • ur
      By ur
      with the below code, I am keeping waiting for a particular file and waiting in the background.
      While $i <> 10 Sleep(60000) If FileExists(@ScriptDir&"\Binaries.ini") then --some processing-- $i = 10 endif WEnd I thought keeping the Sleep will freeze the process from resources but the CPU being uilized.But it is taking 47%.
      How to free this CPU usage also.?

    • Nareshm
      By Nareshm
      If Process exits then end process and ;Some code here {1}
       
      If Process does not exits then ; My {1} Code
    • ur
      By ur
      How to retrieve the target executable path from a process.
      My system is effected with IMG001.exe virus and I remove the folders created by it daily but still it is creating the folders everytime I login to my PC.
      My Antivirus is not detecting it.

       
      So I thought to create a process in AutoIT to check for the process name IMG001.exe and retrieve the process target exe to a log file, so that I can track where it is putting these files.
      With  ProcessExists ( "process" ) , i can get the process ID.
      But how to get the target location of the executable of the process.??
    • salah kai
      By salah kai
      Hey everyone
      i wanna close a process by  path like
      C:\Users\salah\AppData\Local\Temp\a.exe
      processclose(C:\Users\salah\AppData\Local\Temp\a.exe)
      i tried to split the path but i don't know how to know last loop
      and thanks 
       
    • iXX
      By iXX
      Hi!
      Looking for working code to  get full path of process  - both 32 & 64 bit.
      I tryed this bellow, but it works only for 32-bit processes, even if compiled for x64...
      Thanx for suggestions!
       
      Func _ProcessGetPath($vProcess) ;get the program path done by MrCreatoR Local $iPID = ProcessExists($vProcess) If NOT $iPID Then Return SetError(1, 0, -1) Local $aProc = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', BitOR(0x0400, 0x0010), 'int', 0, 'int', $iPID) If NOT IsArray($aProc) OR NOT $aProc[0] Then Return SetError(2, 0, -1) Local $vStruct = DllStructCreate('int[1024]') Local $hPsapi_Dll = DllOpen('Psapi.dll') If $hPsapi_Dll = -1 Then $hPsapi_Dll = DllOpen(@SystemDir & '\Psapi.dll') If $hPsapi_Dll = -1 Then $hPsapi_Dll = DllOpen(@WindowsDir & '\Psapi.dll') If $hPsapi_Dll = -1 Then Return SetError(3, 0, '') DllCall($hPsapi_Dll, 'int', 'EnumProcessModules', _ 'hwnd', $aProc[0], _ 'ptr', DllStructGetPtr($vStruct), _ 'int', DllStructGetSize($vStruct), _ 'int_ptr', 0) Local $aRet = DllCall($hPsapi_Dll, 'int', 'GetModuleFileNameEx', _ 'hwnd', $aProc[0], _ 'int', DllStructGetData($vStruct, 1), _ 'str', '', _ 'int', 2048) DllClose($hPsapi_Dll) If NOT IsArray($aRet) OR StringLen($aRet[3]) = 0 Then Return SetError(4, 0, '') Return $aRet[3] EndFunc