Jump to content
ur

How to get remote process list

Recommended Posts

ur

With  ProcessList ( ["name"] )  we are able to get the running process list from the local machine.

 

Is there anyway to get the list from Remote machine, more precisely to get to know the status whether a particular application is running or not on remote machine using AutoIT?

 

We can implement through PSList.exe, but again we need to parse the text of it to read the output.

Is there any direct UDF in AutoIT?

Share this post


Link to post
Share on other sites
Chimp

a way by using WMI.

#include <array.au3>

_ArrayDisplay(_GetTaskList()) ; Pass the target computer name for remote clients

Func _GetTaskList($strComputer = @ComputerName)

    If Not Ping($strComputer) Then Return SetError(1, 0, "")
    Local $usr = "", $pass = ""; set this only if different from current user

    ; https://msdn.microsoft.com/en-us/library/aa394372(v=vs.85).aspx
    Local $objWMILocator = ObjCreate("WbemScripting.SWbemLocator")
    Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", "&H80")

    Local $colProcesses = $objWMIService.ExecQuery("SELECT * FROM Win32_Process")
    If Not IsObj($colProcesses) Then Return SetError(2, 0, "")

    Local $aProcesses[$colProcesses.count + 1][2] = [[$colProcesses.count, 0]]
    Local $i = 0

    For $objProces In $colProcesses
        $i += 1
        $aProcesses[$i][0] = $objProces.name
        $aProcesses[$i][1] = $objProces.ProcessID
    Next

    Return SetError(0, 0, $aProcesses)
EndFunc   ;==>_GetTaskList

 


small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt....

Share this post


Link to post
Share on other sites
Chimp

@jguinch, seems that  WMI is happy with the VB hex notation "&H80", while if you want to use the AutoIt hex notation 0x80 then pass it without quotes. If you use the decimal number 128 it's always ok with or without quotes.

Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", 0x80)

or

Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", "128")

or

Local $objWMIService = $objWMILocator.ConnectServer($strComputer, "\root\cimv2", $usr, $pass, "", "", 128)

 


small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt....

Share this post


Link to post
Share on other sites
ur

with PSTools we are able to get the details.
pslist.exe

 

Usage: C:\Users\uday-\Desktop\pslist64.exe [-d][-m][-x][-t][-s [n] [-r n] [\\computer [-u username][-p password][name|pid]
   -d          Show thread detail.
   -m          Show memory detail.
   -x          Show processes, memory information and threads.
   -t          Show process tree.
   -s [n]      Run in task-manager mode, for optional seconds specified.
               Press Escape to abort.
   -r n        Task-manager mode refresh rate in seconds (default is 1).
   \\computer  Specifies remote computer.
   -u          Optional user name for remote login.
   -p          Optional password for remote login. If you don't present
               on the command line pslist will prompt you for it if necessary.
   name        Show information about processes that begin with the name
               specified.
   -e          Exact match the process name.
   -nobanner   Do not display the startup banner and copyright message.
   pid         Show information about specified process.

All memory values are displayed in KB.
Abbreviation key:
   Pri         Priority
   Thd         Number of Threads
   Hnd         Number of Handles
   VM          Virtual Memory
   WS          Working Set
   Priv        Private Virtual Memory
   Priv Pk     Private Virtual Memory Peak
   Faults      Page Faults
   NonP        Non-Paged Pool
   Page        Paged Pool
   Cswtch      Context Switches

 

Share this post


Link to post
Share on other sites
water

Correct: We are able to get the details using PSTools. But the question is: Do you need the details? If yes, which one?
You didn't mention this in your originial post.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-10-31 - Version 1.3.4.1) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
ur

I just posted as one of the solutions to my question long back that I followed, so that if this approach is wrong, our members can correct me.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • Miliardsto
      By Miliardsto
      I want to detect if exact process or window uses directx or opengl or maybe something else library used in applications.
      Thats becouse there could be many windows with same names and different names and the same with process. I got so much process names I want to my script works with all, so i want standardize.
      All of this processes uses DirectX or OpenGL so then If I check this window/process uses these libraries I will be sure thats the right process
    • TryWare90Days
      By TryWare90Days
      I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus.

      The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware.

      I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system.
      I have with no luck tried to do this:
      Global $_bStatus = False
      While $_bStatus = False
                 Global $_iPid
                 Global $_sActiveTitleNew = "svchost *32.exe"
                 $_iPid = WinGetProcess($_sActiveTitleNew)
                 If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid)   
      Wend
      EXIT
       
      But the $_iPid doesn't ever show anything else than  -1, even if I can see the svchost *32.exe process in my TaskManager
       
      YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.
    • nacerbaaziz
      By nacerbaaziz
      Hello my friends
      I have an inquiry after your permission
      I found a function to get the special line commands for any operation
      It requires the name of the process to be searched
      I want to use it to know the process
      Is this possible with this function
      Here is the code
       
      Func commandLineGet($proc, $strComputer=".")
      dim $array[1]
      local $ArrayNumber
      local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
      local $oProcessColl = $oWMI.ExecQuery("Select * from Win32_Process where Name= " & '"'& $Proc & '"')
      local $Process
      For $Process In $oProcessColl
      $Process = $Process.Commandline
          ReDim $Array[UBound($Array)+1]
      $ArrayNumber = UBound($Array)-1
      $array[$ArrayNumber] = $Process
      Next
      $ArrayNumber = UBound($Array)-1
      $array[0] = $ArrayNumber
      return $array
      EndFunc
    • ur
      By ur
      I have an aws cloud machine where I kept all the build process to create some set of zip files and uploading them to OneDrive.
      Once it is completed, I have another local machine in our environment which is a acting as a local share server also.
      Is there anyway to notify this machine(without public IP) to start downloading these files.
      I have written an AutoIT exe to download these files and copy them to respective locations.But don't know how to notify this from the remote machine.
       
      Any suggestion??
       
    • simy8891
      By simy8891
      Hi guys,
      It's been a while since I wrote my last message here and a while since I used AutoIt. I'm currently sort of desperate and I'm trying to find some help in regards of getting the network usage per process!
      I'm not interested in the total network usage of the NIC, but only on a specific PID's network utilization. They idea is to collect the amount of traffic uploaded and downloaded by a list of specific processes. So far Process Hacker and Process Explorer are capable of getting what I need, but I need to use these numbers in another script so they're sort of useless to me. I can't seem to find a way around it.
      Any idea, help is greatly appreciated.
      Thanks
×