Jump to content
Sign in to follow this  
nacerbaaziz

how to get the process comands line by process pid

Recommended Posts

nacerbaaziz
Posted (edited)

Hello my friends
I have an inquiry after your permission
I found a function to get the special line commands for any operation
It requires the name of the process to be searched
I want to use it to know the process
Is this possible with this function
Here is the code

 

Func commandLineGet($proc, $strComputer=".")
dim $array[1]
local $ArrayNumber
local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
local $oProcessColl = $oWMI.ExecQuery("Select * from Win32_Process where Name= " & '"'& $Proc & '"')
local $Process
For $Process In $oProcessColl
$Process = $Process.Commandline
    ReDim $Array[UBound($Array)+1]
$ArrayNumber = UBound($Array)-1
$array[$ArrayNumber] = $Process
Next
$ArrayNumber = UBound($Array)-1
$array[0] = $ArrayNumber
return $array
EndFunc

Edited by nacerbaaziz

Share this post


Link to post
Share on other sites
kosamja

_WinAPI_GetProcessCommandLine?

Share this post


Link to post
Share on other sites
nacerbaaziz

no
the _WinAPI_GetProcessCommandLine  Require the admin PRIVILEGES
if there is an other solition please give it to me
thank you

Share this post


Link to post
Share on other sites
nacerbaaziz

i reTryed this but it not give me the command line switches

#RequireAdmin

#include <Array.au3>
#include <WinAPI.au3>
#include <WinAPIProc.au3>

Local $aAdjust, $aList = 0

; Enable "SeDebugPrivilege" privilege for obtain full access rights to another processes
Local $hToken = _WinAPI_OpenProcessToken(BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY))

_WinAPI_AdjustTokenPrivileges($hToken, $SE_DEBUG_NAME, $SE_PRIVILEGE_ENABLED, $aAdjust)

; Retrieve command-line arguments for all processes the system
If Not (@error Or @extended) Then
msgBox(64, "command line", _WinAPI_GetProcessCommandLine(9408))
EndIf

; Enable SeDebugPrivilege privilege by default
_WinAPI_AdjustTokenPrivileges($hToken, $aAdjust, 0, $aAdjust)
_WinAPI_CloseHandle($hToken)

 

where is the error please

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • Miliardsto
      By Miliardsto
      I want to detect if exact process or window uses directx or opengl or maybe something else library used in applications.
      Thats becouse there could be many windows with same names and different names and the same with process. I got so much process names I want to my script works with all, so i want standardize.
      All of this processes uses DirectX or OpenGL so then If I check this window/process uses these libraries I will be sure thats the right process
    • TryWare90Days
      By TryWare90Days
      I'm trying to kill a malware process, that I can't remove with my www.sophus.com/hom antivirus.

      The malware is known as coinminer,config and my Sophus only creates popups of blocking the malware.

      I know that the malware is constantly launching a svchost *32.exe processes, where the svchost.exe processes are from my Windows 7 operating system.
      I have with no luck tried to do this:
      Global $_bStatus = False
      While $_bStatus = False
                 Global $_iPid
                 Global $_sActiveTitleNew = "svchost *32.exe"
                 $_iPid = WinGetProcess($_sActiveTitleNew)
                 If $_iPid <> -1 Then $_bStatus = ProcessClose($_iPid)   
      Wend
      EXIT
       
      But the $_iPid doesn't ever show anything else than  -1, even if I can see the svchost *32.exe process in my TaskManager
       
      YES - I know I shouldn't EXIT after killing the first malware detection, but it is easier to explain the above for you, so I can get a solution.
    • Fortitude
      By Fortitude
      Hello!
      I have made a program, that opens a folder, and then store the path ("C:\programFiles\etc") in a variable.
      Then i need to open the command panel as administrator, and write  in the stored path, and some other text.

      Can i somehow instantly copypaste the text i needed, instead of writing in the command panel with the Send commands?
       
      #RequireAdmin #include <MsgBoxConstants.au3> Global Const $sMessage = "Select a folder" ; Display an open dialog to select a file. Global $sFileSelectFolder = FileSelectFolder($sMessage, "") If @error Then MsgBox($MB_SYSTEMMODAL, "", "Nem választottál ki mappát!") Exit EndIf Global $Tiff_path = $sFileSelectFolder & "\TiffChecker_2_32" FileCopy( "C:\TiffChecker_2_32.exe" , $sFileSelectFolder) $CMD = $Tiff_path & " " & $sFileSelectFolder & " /s/d" Run("C:\WINDOWS\system32\cmd.exe") WinWaitActive("C:\WINDOWS\system32\cmd.exe") Send($CMD) Sleep(1000) Send("{ENTER}") sleep(1000) MsgBox(0,"Press OK", "Press OK to continue") FileCopy("C:\Tiffchecker.txt", $sFileSelectFolder) Also, how do i close the command panel, when the program is finished? (usually its under 1 second, so after the send i just put a Sleep function there)
    • nacerbaaziz
      By nacerbaaziz
      Hello
      I have an inquiry from you
      I have a file path  with commands line
      Is there a way to separate the path from the commands line?
      I want the result in an array
      for example
      $path = '"c:\NVDA\NVDA slav Portable 1\NVDA.exe" -r -m -path="d:\NVDA Path\Portable"'
      there are any method to separate this text?
      i want the result to be as that
      $array[1] = "c:\NVDA\NVDA slav Portable 1\NVDA.exe"
      $array[2] = '-r -m -path="d:\NVDA Path\Portable"'
      Thanks in advance
      am Waiting for your answers
    • ur
      By ur
      In the autoit file, if we add multiple libraries (both internal and custom created one)
       
      When we compile the code and run the exe, some time we are getting runtime errors.
      But the line number of error is not showing the exact line number, might be it is including the line number count of libraries also.
      Can you please suggest how to get the exact error line number.
      So, it will be useful for debugging.
×