rayane888 Posted December 21, 2017 Posted December 21, 2017 Hello i need to kill powershell spesifique file i have 2 proccess when i use kill proccess(powershell.exe) the 2 files executed closed & i need to spesified one not the tow file1.ps1 & file2.ps1 the porccess name is the same (powershell.exe) so i can't spesifi witch one i need to kill ... i need to kill file1.ps1 & not kill file2.ps1 i think the same idea about vbs & langue that use one proccess name .
careca Posted December 22, 2017 Posted December 22, 2017 (edited) Maybe you can get the titles, and turn then into PID's and then close said process. The window title is different from one another yes? Look at WinGetProcess. Edited December 22, 2017 by careca rayane888 1 Spoiler Renamer - Rename files and folders, remove portions of text from the filename etc. GPO Tool - Export/Import Group policy settings. MirrorDir - Synchronize/Backup/Mirror Folders BeatsPlayer - Music player. Params Tool - Right click an exe to see it's parameters or execute them. String Trigger - Triggers pasting text or applications or internet links on specific strings. Inconspicuous - Hide files in plain sight, not fully encrypted. Regedit Control - Registry browsing history, quickly jump into any saved key. Time4Shutdown - Write the time for shutdown in minutes. Power Profiles Tool - Set a profile as active, delete, duplicate, export and import. Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes. NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s. IUIAutomation - Topic with framework and examples Au3Record.exe
Earthshine Posted December 22, 2017 Posted December 22, 2017 (edited) Using process explorer, look at cmdline properties. It should be in the cmdline property I did this in python. Had to because sometimes there can be multiple setup installs at once and you need to know what your target is. I’ll post Code later This is in python, you will need to convert... expandcollapse popupfrom os import sys sys.path.append('C:\\Python34x86\\Lib\\site-packages') import psutil import logging import Const import inspect import datetime import time def findProcess(sProcName, sProcCmdLine, nIndex, nBit, delayTimeOut): Log.Message ('findProcess - Begin()') logArgValues(inspect.currentframe()) found = False millisec = int(datetime.datetime.now().strftime('%Y%m%d%H%M%S%f')) while not found: millisec2 = int(datetime.datetime.now().strftime('%Y%m%d%H%M%S%f')) millidiff = millisec2 - millisec if (millidiff >= delayTimeOut) and (delayTimeOut != 0) : Log.Message('Process, ' + sProcName + ', not found withing defined timeout') Log.Message ('findProcess - End()') return for proc in psutil.process_iter(): pinfo = proc.as_dict(attrs=['name', 'cmdline', 'username']) if pinfo.get('name') == sProcName: cmdline = ''.join(pinfo.get('cmdline')) if (cmdline.lower() == sProcCmdLine.lower()) or (cmdline.find(sProcCmdLine)) : if pinfo.get('username').find('root'): Log.Message (' Search Name = ' + sProcName) Log.Message (' Actual Name = ' + pinfo.get('name')) Log.Message (' Srch CMDLine = ' + sProcCmdLine) Log.Message (' Found CMDLine = ' + cmdline) found = True Log.Message ('findProcess - End()') return found Mind you, you won't be able to logargvalues because that uses reflection in python. god I love that language so much. you can get so much done with so little scripting. most if that is logging... lol because I am a logging freak. I am not sure how much the Process stuff correlates to psutil, but I am sure it's close found this! this will give you access to the command line string so you can search for the file2.ps1 Also, use _ProcessList to get an array of running process to search through. find name, then search cmdline! so you will convert the following For Loop to a similar loop using _ProcessList() and that other UDF listed above and convert the following: for proc in psutil.process_iter(): pinfo = proc.as_dict(attrs=['name', 'cmdline', 'username']) if pinfo.get('name') == sProcName: cmdline = ''.join(pinfo.get('cmdline')) if (cmdline.lower() == sProcCmdLine.lower()) or (cmdline.find(sProcCmdLine)) : if pinfo.get('username').find('root'): Log.Message (' Search Name = ' + sProcName) Log.Message (' Actual Name = ' + pinfo.get('name')) Log.Message (' Srch CMDLine = ' + sProcCmdLine) Log.Message (' Found CMDLine = ' + cmdline) found = True Edited December 22, 2017 by Earthshine rayane888 1 My resources are limited. You must ask the right questions
Earthshine Posted December 22, 2017 Posted December 22, 2017 (edited) don't make me write the AutoIT... , you know I will. but first, time for Office Christmas Party... sigh Edited December 22, 2017 by Earthshine My resources are limited. You must ask the right questions
rayane888 Posted December 22, 2017 Author Posted December 22, 2017 (edited) 20 hours ago, careca said: Maybe you can get the titles, and turn then into PID's and then close said process. The window title is different from one another yes? Look at WinGetProcess. I got this idea but i search more profetional becose this way you talk about not stable Edited December 22, 2017 by rayane888
rayane888 Posted December 22, 2017 Author Posted December 22, 2017 I think the best way is to detect win titrel than splite by \ then detect last name i mean the file and finally kill it
Earthshine Posted December 25, 2017 Posted December 25, 2017 (edited) I disagree because with the commandline you can see everything. Not to mention this technology work in test complete and C# both, ultra reliably So there’s that Edited December 25, 2017 by Earthshine My resources are limited. You must ask the right questions
rayane888 Posted December 29, 2017 Author Posted December 29, 2017 Finaly i resolve problem , i use this way $dds=Run('powershell.exe -executionpolicy bypass -File "C:\Users(\Desktop\Msgbox.ps1"',"'',@SW_HIDE) MsgBox(0,'',$dds) $dds IS PID proccess mean you can close it with Processclose(PID) even if you have multi proccess powershell or vbs you can know what PID you need to close just remmber them & select what you need to close
Moderators JLogan3o13 Posted December 29, 2017 Moderators Posted December 29, 2017 On 12/22/2017 at 3:55 PM, rayane888 said: I got this idea but i search more profetional becose this way you talk about not stable Professional way would be to properly ceases execution of the powershell scripts and return an exit code, what you are doing is no more stable or "profetional" "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Earthshine Posted January 17, 2018 Posted January 17, 2018 (edited) expandcollapse popup#include <Array.au3> #include <WinAPI.au3> #include <WinAPIProc.au3> #include "log4a.au3" #Region ;**** Logging **** ; Enable logging and don't write to stderr _log4a_SetEnable() ; Write to stderr, set min level to warn, customize message format _log4a_SetErrorStream() _log4a_SetMinLevel($LOG4A_LEVEL_INFO) ; If @compiled Then _log4a_SetMinLevel($LOG4A_LEVEL_WARN) ; Change the min level if the script is compiled _log4a_SetFormat("${date} | ${host} | ${level} | ${message}") #EndRegion ;**** Logging **** If findProc("chrome.exe","GoogleChromePortable\Data\profile") Then MsgBox($MB_OK, "", "Found") Else MsgBox($MB_OK, "", "Could not Find") EndIf Func findProc ($ProcName, $ProcCmdLine) Local $aAdjust, $aList = 0 Local $found = False ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY)) _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust) ; Retrieve command-line arguments for all processes the system While Not $found $aList = ProcessList() For $i = 1 To $aList[0][0] $aList[$i][1] = _WinAPI_GetProcessCommandLine($aList[$i][1]) _log4a_Info($aList[$i][0] & ' ' & $aList[$i][1]) If (StringInStr($aList[$i][1], $ProcCmdLine)) Then $found = True EndIf Next WEnd ; Enable SeDebugPrivilege privilege by default _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust) _WinAPI_CloseHandle($hToken) ;~ _ArrayDisplay($aList, '_WinAPI_GetProcessCommandLine') Return $found EndFunc They asked for it. This can locate the specified process based on a piece of command line text. You RegEx wizards could really make this have even better matching. Of course it needs more. Such as a timeout feature (trivial) and maybe a few more snappy features. Notice you can be as explicit as you want to be with search text, the more you provide the better it can match to your exact process. I run into problems with there being many setup.exe or vcdist.exe files all running at once and I needed a way to find the one I cared about. You could make this return a PID even or a windows handle which would be better. this is just an example after all. good luck Edited January 17, 2018 by Earthshine My resources are limited. You must ask the right questions
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now