Jump to content

Recommended Posts

Posted

Hello i need to kill  powershell spesifique file i have 2 proccess when i use kill proccess(powershell.exe)  the 2 files executed closed &  i need to spesified one not the tow

file1.ps1 & file2.ps1 the porccess name is the same (powershell.exe) so i can't spesifi witch one i need to kill ... i need to kill file1.ps1 & not kill file2.ps1

i think the same idea about vbs & langue that use one proccess name .

 

 

Posted (edited)

Maybe you can get the titles, and turn then into PID's and then close said process. The window title is different from one another yes?

Look at WinGetProcess.

Edited by careca
Spoiler

Renamer - Rename files and folders, remove portions of text from the filename etc.

GPO Tool - Export/Import Group policy settings.

MirrorDir - Synchronize/Backup/Mirror Folders

BeatsPlayer - Music player.

Params Tool - Right click an exe to see it's parameters or execute them.

String Trigger - Triggers pasting text or applications or internet links on specific strings.

Inconspicuous - Hide files in plain sight, not fully encrypted.

Regedit Control - Registry browsing history, quickly jump into any saved key.

Time4Shutdown - Write the time for shutdown in minutes.

Power Profiles Tool - Set a profile as active, delete, duplicate, export and import.

Finished Task Shutdown - Shuts down pc when specified window/Wndl/process closes.

NetworkSpeedShutdown - Shuts down pc if download speed goes under "X" Kb/s.

IUIAutomation - Topic with framework and examples

Au3Record.exe

Posted (edited)

 Using process explorer, look at cmdline properties. It should be in the cmdline property 

 

I did this in python.  Had to because sometimes there can be multiple setup installs at once and you need to know what your target is. I’ll post Code later

This is in python, you will need to convert...

from os import sys
sys.path.append('C:\\Python34x86\\Lib\\site-packages')
import psutil
import logging
import Const
import inspect
import datetime
import time

def findProcess(sProcName, sProcCmdLine, nIndex, nBit, delayTimeOut):
    Log.Message ('findProcess - Begin()')
    logArgValues(inspect.currentframe())
          
    found = False 
    millisec = int(datetime.datetime.now().strftime('%Y%m%d%H%M%S%f'))
      
    while not found:
      millisec2 = int(datetime.datetime.now().strftime('%Y%m%d%H%M%S%f'))
      millidiff = millisec2 - millisec
      if (millidiff >= delayTimeOut) and (delayTimeOut != 0) :
        Log.Message('Process, ' +  sProcName + ', not found withing defined timeout')
        Log.Message ('findProcess - End()')
        return      
  
      for proc in psutil.process_iter():
        pinfo = proc.as_dict(attrs=['name', 'cmdline', 'username'])
        if pinfo.get('name') == sProcName:
          cmdline = ''.join(pinfo.get('cmdline'))
          if (cmdline.lower() == sProcCmdLine.lower()) or (cmdline.find(sProcCmdLine)) :
            if pinfo.get('username').find('root'):
              Log.Message ('    Search Name = ' + sProcName)
              Log.Message ('    Actual Name = ' + pinfo.get('name'))
              Log.Message ('    Srch CMDLine = ' + sProcCmdLine)
              Log.Message ('    Found CMDLine = ' + cmdline)
              found = True
      Log.Message ('findProcess - End()')
 return found

Mind you, you won't be able to logargvalues because that uses reflection in python. god I love that language so much. you can get so much done with so little scripting. most if that is logging... lol because I am a logging freak.

I am not sure how much the Process stuff correlates to psutil, but I am sure it's close

 

found this! this will give you access to the command line string so you can search for the file2.ps1

Also, use _ProcessList to get an array of running process to search through. find name, then search cmdline!

 

so you will convert the following For Loop to a similar loop using _ProcessList() and that other UDF listed above and convert the following:

for proc in psutil.process_iter():
        pinfo = proc.as_dict(attrs=['name', 'cmdline', 'username'])
        if pinfo.get('name') == sProcName:
          cmdline = ''.join(pinfo.get('cmdline'))
          if (cmdline.lower() == sProcCmdLine.lower()) or (cmdline.find(sProcCmdLine)) :
            if pinfo.get('username').find('root'):
              Log.Message ('    Search Name = ' + sProcName)
              Log.Message ('    Actual Name = ' + pinfo.get('name'))
              Log.Message ('    Srch CMDLine = ' + sProcCmdLine)
              Log.Message ('    Found CMDLine = ' + cmdline)
              found = True

 

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Posted (edited)

don't make me write the AutoIT... :), you know I will. but first, time for Office Christmas Party... sigh

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Posted (edited)
20 hours ago, careca said:

Maybe you can get the titles, and turn then into PID's and then close said process. The window title is different from one another yes?

Look at WinGetProcess.

I got this idea but i search more profetional  becose this way you talk about not stable 

Edited by rayane888
Posted (edited)

I disagree because with the commandline you can see everything. Not to mention this technology work in test complete and C# both, ultra reliably So there’s that 

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Posted

Finaly i resolve problem , i use this way

$dds=Run('powershell.exe -executionpolicy bypass -File "C:\Users(\Desktop\Msgbox.ps1"',"'',@SW_HIDE)

MsgBox(0,'',$dds)

$dds  IS  PID proccess

mean you can close it with Processclose(PID)

even if you have multi proccess powershell or vbs you can know what PID you need to close just remmber them

& select what you need to close

 

  • Moderators
Posted
On 12/22/2017 at 3:55 PM, rayane888 said:

I got this idea but i search more profetional  becose this way you talk about not stable 

Professional way would be to properly ceases execution of the powershell scripts and return an exit code, what you are doing is no more stable or "profetional"

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

  • 3 weeks later...
Posted (edited)
#include <Array.au3>
#include <WinAPI.au3>
#include <WinAPIProc.au3>
#include "log4a.au3"

#Region ;**** Logging ****
; Enable logging and don't write to stderr
_log4a_SetEnable()
; Write to stderr, set min level to warn, customize message format
_log4a_SetErrorStream()
_log4a_SetMinLevel($LOG4A_LEVEL_INFO)
; If @compiled Then _log4a_SetMinLevel($LOG4A_LEVEL_WARN) ; Change the min level if the script is compiled
_log4a_SetFormat("${date} | ${host} | ${level} | ${message}")
#EndRegion ;**** Logging ****


If findProc("chrome.exe","GoogleChromePortable\Data\profile") Then
    MsgBox($MB_OK, "", "Found")
Else
    MsgBox($MB_OK, "", "Could not Find")
EndIf

Func findProc ($ProcName, $ProcCmdLine)

    Local $aAdjust, $aList = 0
    Local $found = False

    ; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
    Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))

    _WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

    ; Retrieve command-line arguments for all processes the system
    While Not $found
        $aList = ProcessList()
        For $i = 1 To $aList[0][0]
            $aList[$i][1] = _WinAPI_GetProcessCommandLine($aList[$i][1])
            _log4a_Info($aList[$i][0] & ' ' & $aList[$i][1])
            If (StringInStr($aList[$i][1], $ProcCmdLine)) Then
                $found = True
            EndIf
        Next
    WEnd

    ; Enable SeDebugPrivilege privilege by default
    _WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
    _WinAPI_CloseHandle($hToken)

;~  _ArrayDisplay($aList, '_WinAPI_GetProcessCommandLine')

    Return $found
EndFunc

They asked for it. This can locate the specified process based on a piece of command line text. You RegEx wizards could really make this have even better matching. Of course it needs more. Such as a timeout feature (trivial) and maybe a few more snappy features. Notice you can be as explicit as you want to be with search text, the more you provide the better it can match to your exact process. I run into problems with there being many setup.exe or vcdist.exe files all running at once and I needed a way to find the one I cared about. You could make this return a PID even or a windows handle which would be better. this is just an example after all. good luck

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...