Jump to content
taylansan

Finding process name or pid shown in windows

Recommended Posts

Hello All, 

If you're interested in the story, read below. Otherwise, just jump to the end of the post. 

Story: 

Sometimes my computer goes crazy with Windows update. I tried to turn it off with "services.msc", but couldn't close the it. So, I did some research online that it's triggered by Update Orchestration and Task Scheduler and Windows Update. I also checked that all three processes are triggered by svchost.exe.

2042019124_ProcessList.thumb.png.b28273c537295a4af117a03a13fe28f7.png

So, I tried to make a script to close this process. I found some useful functions ProcessList and _ProcessGetName using the help documents and coded something as below: 

#include <MsgBoxConstants.au3>
#include <Process.au3>

Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    $iPid = $aProcessList[$i][1]
    $sName = _ProcessGetName($iPid)
    MsgBox($MB_SYSTEMMODAL, "The process", "PID: " & $iPid & @CRLF & "NAME: " & $sName)
    If $sName = "svchost.exe" Then
        ;ProcessClose($iPid) ;I don't know if this is the process I want to close
    EndIf
Next

But the problem is; there are so many svchost.exe exists in the process list. I can't close all of them, some of them are essential to run Windows (well, accidentally I terminated some of them and ended up with a blue screen :( 

---------------

Well, how can I know the process name like "Service Host: Update Orchestration" (not the scvhost)?

It's not only with the .exe file, just to the name shown in Windows. 


TY.

Share this post


Link to post
Share on other sites

Use WMI approach with Win32_Service.  There is a method to stop or even delete the service.  Search the AutoIt site, there is multiple examples of using WMI programmatically.

 

Share this post


Link to post
Share on other sites

I modified as below: 

#include <WinAPIProc.au3>
$iPid = 9584
$sName = _WinAPI_GetProcessName($iPid)
ConsoleWrite($sName & @CRLF)

;But this returns me only --> svchost.exe

I also used "sc query" in cmd to find the list of processes. 

How can I obtain PID from Service Name or Display Name? 

Or How can I obtain Service Name or Display Name from PID? 

image.png.ae1ac65d0257edcf55806758e639a0ec.png


TY.

Share this post


Link to post
Share on other sites

I did not test it, but running WMI on caption of "Windows Update" service, got the following description :

Quote

Active la détection, le téléchargement et l’installation des mises à jour de Windows et d’autres programmes. Si ce service est désactivé, les utilisateurs de cet ordinateur ne pourront pas utiliser Windows Update ou sa fonctionnalité de mise à jour automatique, et les programmes ne pourront pas utiliser l’API de l’Agent de mise à jour automatique Windows Update (WUA).

Seems to me that it is possible to deactivate that service.

Share this post


Link to post
Share on other sites

Only on Enterprise version of windows. You try till your hearts content to disable that service and let me know how that works out for you

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post


Link to post
Share on other sites

Because so many disable it in Win7 (which is a horrible idea) is why MS decided enough is enough. EVERYONE must receive regular updates to stay as secure as possible

Windows Enterprise and Windows server always allow you to manually turn off and completely disable auto updating. Windows 10 education might also let you? Not sure. But we don't own the software, it's provided as a SERVICE by MS to us thru licensing. We must live with their final decisions in the end and adapt.

I do not condone the practice, even with Win7 of disabling the updates. It's a horrible idea considering all the dangers you face online out there. Even Linux distros are always updated and now have auto update available (though I think they should enforce it as well)

 

Windows 10 installs so fast off a USB anyway, even on my Craptop computer (A6 powered AMD, lol) it takes only about 8 minutes to install! So if an update hoses you (you should always have your data backed up) you can format and reinstall in under 10 minutes. All my data is in MS cloud so i never lose anything. I just had to install latest windows after Malwarebytes screwed me (my A6 just can't handle that program, too cpu intensive and this a 200 notebook, lol)

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post


Link to post
Share on other sites

to the Original Poster (OP) of this thread

1. how old is the install of windows?

2. can you post a screenshot of your installed programs?

 

if all else fails to get your PC under control try the following:

  1. You should back up your data to a HDD and cloud, then create an Win10 boot USB from 
  2. MS Windows 10 Creation tool
  3. create a bootable USB or DVD and boot to it
  4. Choose Custom Install and delete all your partitions on the main drive
  5. install fresh and clean and then be careful not to install junkware or other things that can slow you down.
  6.  let it update normally
  7. don't tweak anything, Win10 knows all the proper drivers and everything you need (win10 knows the proper drivers for just about everything out there)
  8. you MAY have to install graphics drivers from your video card manufacturer depending on what card you have

BTW, i just installed latest Win10 yesterday and now my anemic notebook is a little screamer again. malwarebytes somehow corrupted my profile, lol

my last install lasted for years now, but i had to go install malwarebytes (only to find nothing, lol) and ruin my profile.

 

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post


Link to post
Share on other sites

Hi, this is the computer information: 

image.png.e469c5b0aa34d7f475ae521ee92c6be9.png

About the installed programs, there are many, can't screenshot all of them one by one. Also cannot make a fresh Windows install. 

------------------------

I think computer specs is not the problem here. If I run "sc query" as I wrote in the above post, I can get SERVICE_NAME and DISPLAY_NAME values. Using these, how can I know the PID for each of them? Look at my below (just copied from help files and modified a little bit).

#include <MsgBoxConstants.au3>
#include <Process.au3>

Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    $iPid = $aProcessList[$i][1]
    $sName = _ProcessGetName($iPid)
    MsgBox($MB_SYSTEMMODAL, "The process", "PID: " & $iPid & @CRLF & "NAME: " & $sName)
    If $sName = "svchost.exe" Then
        ;ProcessClose($iPid)
        ;I don't know if this is the process I want to close
        ;Because there are so many scvhost running
        ;How can I be sure that this PID for scvhost is related to Update Orchestration?
    EndIf
Next

Using this script, I can get the list of scvhosts. But there are so many running in the system, I can't terminate all of them. I just want to terminate specific one (that is update orchestration). 

Again: Please don't focus on the windows update case. The question is: I have list of services and display names. How can I know the PID for these? It's just like; okay there is an application running (which I can see in the task manager) then right click on it and "Go to details", then I can find the PID. How can I find the PID from service name (or finding service name from PID)? @Nine asked me to check some WMI, but I couldn't manage to get PID and service / display name mapping... 

 

image.png.ea24d5006a3c1bc4ba16530a136f3af5.png

 


TY.

Share this post


Link to post
Share on other sites

Here your Christmas gift early ;)

#include <Constants.au3>
#include <Array.au3>

Opt("MustDeclareVars", 1)

_CheckService()

Func _CheckService()
  Local $objWMIService = ObjGet("winmgmts:\\" & @ComputerName & "\root\CIMV2")
  Local $colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_Service WHERE State = "Running"')
  If Not IsObj($colItems) Then Exit MsgBox(0, "", "Not an object")
  If Not $colItems.count Then Exit MsgBox(0, "", "Service not found")
  Local $aService[$colItems.count][4], $i = 0
  For $sItem In $colItems
    $aService[$i][0] = $sItem.Caption
    $aService[$i][1] = $sItem.PathName
    $aService[$i][2] = $sItem.ProcessId
    $aService[$i][3] = $sItem.Name
    $i += 1
  Next
  _ArrayDisplay ($aService)
EndFunc   ;==>_CheckService

HoHoHo !

Edited by Nine

Share this post


Link to post
Share on other sites

@Earthshine  Finally was able to stop Windows update service programmatically with WMI.  I needed to use #RequireAdmin. :brr:

 

Edited by Nine

Share this post


Link to post
Share on other sites
1 hour ago, Nine said:

@Earthshine  Finally was able to stop Windows update service programmatically with WMI.  I needed to use #RequireAdmin:brr:

 

That's awesome, really appreciate that and thank you. :)

Would you also post your other code using #RequireAdmin? Just for learning things


TY.

Share this post


Link to post
Share on other sites

I could but you already got your early gift.  How about you try to use my example, and provide some code from yourself. Maybe Santa will help you after ?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Similar Content

    • By Jahar
      Hi All,
      Please help me on how to fetch date/time of last windows 10 system restore point using autoit? Basically its about querying the last restore point.
    • By kingjacob90
      Hi
      So I am trying to click the green button, this button is not always in the same place. So fare I am trying to click it by finding the color but there is also something else with the same color on the screen (circled in yellow) that is causing issues. Is there a way to use the Title and Class of the window (can't be just the window as there are more than one with the same name).
      How does AutoIt Info get this information?

    • By Skysnake
      Hi guys
      AutoIt content - Microsoft thinks any AutoIt content is unwanted.
      What it does is simply delete any EXEs. No option of do you want to continue...
      The March 2020 updated has substantially changed the Defender Virus Protection logic and layout.
      I found three pages relevant to the help, and lots of outdated content. Is there a quick and easy way to set folder exclusions? Any help is appreciated and simply using google is not good enough, as this is a new problem, caused by the update.
      Any ideas please?
      ____________________________
      ANSWER
      Found it.
      Accessing the menu through the Control Panel does not work
      Click the Defender shield in the icon tray.
      Scroll down to Virus & threat protection settings click Manage Settings Scroll down to Exclusions click Add or remove exclusions then click the + for Add an exclusion, and select File / Folder / File type / Process 
      Select Folder and browse to select. 😥
       
      Skysnake
    • By jantograaf
      Hi all,
      I'm trying to automate the install of a specific networking device. All goes well, I can install the driver on both Windows 7 & 10, rescan for hardware, set the IP-settings and all, but there's one issue. In Windows 10, I can disable all connection protocols using Powershell, but Windows 7 does not offer this Powershell-Cmdlet. So I programmed a way (two years ago) to let AutoIt open the network-adapter properties and then deselect all checkboxes except for the TCP/IP-V4. I recovered this snippet somewhere in my old files and tried to reintegrate this into my latest script, but it doesn't seem to work. On Windows 10 I get a blank screen for a few seconds and that's it, on Windows 7 it makes explorer crash. 
      I think it's quite safe to test this on your own system as long as you're not using IPv6 to connect to the internet and as long as you return to check all the boxes again (so you don't break your connectivity).
      If  anyone has any idea, I'd be glad to hear from you!
      Thanks in advance and stay safe in these Corona-ridden times 🙂
      Kind regards,
      Jan
       

      There are three functions involved:
      DisableAllProtocols($AdapterName)
      This one is the main function that 'should' uncheck all the checkboxes in the adapter's Properties-window.
      Func DisableAllProtocols($AdapterName) OpenNetConnToAdapter($AdapterName) ;Find the IDs of all relevant controls Local $Handle_Window_Properties = WinWaitActive($Adaptername & " Properties","") Local $Handle_Listview_Protocols = ControlGetHandle($Adaptername & " Properties","","[CLASSNN:SysListView321]") Local $Handle_OK_Button = ControlGetHandle($Adaptername & " Properties","","[CLASSNN:Button6]") Local $List_CMN_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Client for Microsoft Networks") Local $List_FPSMN_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","File and Printer Sharing for Microsoft Networks") Local $List_QOS_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","QoS Packet Scheduler") Local $List_MNAMP_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Microsoft Network Adapter Multiplexor Protocol") Local $List_MLLDPPD_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Microsoft LLDP Protocol Driver") Local $List_IPV6_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Internet Protocol Version 6 (TCP/IPv6)") Local $List_LLTDR_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Link-Layer Topology Discovery Responder") Local $List_LLTDMIOD_ID = ControlListView($Adaptername & " Properties","","[CLASSNN:SysListView321]","FindItem","Link-Layer Topology Discovery Mapper I/O Driver") ; Disable All Protocols Except IPV4 SetCheckboxState($Handle_Listview_Protocols,$List_CMN_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_FPSMN_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_QOS_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_MNAMP_ID,3) SetCheckBoxState($Handle_Listview_Protocols,$List_MLLDPPD_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_IPV6_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_LLTDR_ID,3) SetCheckboxState($Handle_Listview_Protocols,$List_LLTDMIOD_ID,3) ;Click OK ControlClick($Handle_Window_Properties,"","Button6") Sleep(50) WinClose("Network Connections") EndFunc OpenNetConnToAdapter($AdapterName)
      This function opens the network adapter's Properties-page
      Func OpenNetConnToAdapter($AdapterName) ShellExecute("control.exe","ncpa.cpl",@WindowsDir,"",@SW_SHOW) WinWait("Network Connections","") WinActivate("Network Connections","") Local $Handle_Window_NetworkConnections = WinWaitActive("Network Connections","") Send("{F5}") Sleep(250) Local $AdapterNameArray = StringSplit($AdapterName,"") For $i = 1 To $AdapterNameArray[0] Step 1 Send($AdapterNameArray[$i]) Sleep(10) Next Sleep(50) Send("{APPSKEY}") Sleep(50) Send("{R}") Sleep(500) Return EndFunc SetCheckboxState($Handle,$checkbox_id,$wantedstate)
      This function changes the state of a checkbox
      Func SetCheckboxState($handle,$checkbox_id,$wantedstate) ;$handle : SysListView32-handle ;$checkbox_id : The ID of the checkbox you want to control ;$wantedstate : The wanted status (2 for checked, 3 for unchecked) Local $currentstate = _GUICtrlListView_GetItemStateImage($handle,$checkbox_id) If $currentstate = $wantedstate Then Return Else _GUICtrlListView_SetItemSelected($handle,$checkbox_id,True,True) Send("{Space}") Sleep(50) Return EndIf EndFunc  
    • By rdaneelol
      I have a strange behavior in an Autoit program.  
      The program works perfectly in the original environment I created the program for - for Windows 7 and Office  2010.
      My workplace is migrating to Windows 10 with Office 2016.  When I run this program in that new environment,  the code actually executes without any errors, however, the excel process which was opened to read a spreadsheet/workbook does not close while the program is running.  If you exit the program, the excel process ends at that point...
      I could ignore this behavior - one little excel process hanging out there is not going to kill anything, however - it just bugs me !
      While troubleshooting the issue, I placed a number of error checks after the excel close - and the close actually reports that it is successful. 
      I tried a few varieties of closing the excel process, and none of the methods tried seemed to actually work as well at the one in my code - the only downside being that it has to wait until the program finishes to actually close.
      Any ideas on why an excel close would hang until program exit ?
       
      Local $oExcel = _Excel_Open(False, False, False, False, True) If @error Then Exit MsgBox($MB_SYSTEMMODAL, "Excel UDF", "Error creating the Excel application object." & @CRLF & "@error = " & @error & ", @extended = " & @extended) Local $oWorkbook = _Excel_BookOpen($oExcel, $sUserRoleMenuXLS, False, true ) If @error Then     MsgBox($MB_SYSTEMMODAL, "Excel UDF", "Error opening workbook '" & $sUserRoleMenuXLS & @CRLF & "@error = " & @error & ", @extended = " & @extended)     _Excel_Close($oExcel, False, False)  Exit EndIf ;  this section will find the user id in the first 3 columns of the user/menu spreadsheet, and if it finds it - returns the value stored in the cell 2 locations to the right... With $oExcel.ActiveSheet.Range("A:C").Find (@UserName)     $Match = .Find (@UserName)     If (Not IsObj($Match)) or (stringlen($Match.Offset(0, 2).value) = 0)    Then         MsgBox($MB_SYSTEMMODAL, 'UIPLauncher Error', 'No Menu assigned for user - Contact Support.') ; Display a warning if the script isn't compiled or the file doesn't exist.         ;_Excel_BookClose($oWorkbook, False)         _Excel_Close($oExcel, false, false)         Exit     Else         Local  $cResult = $Match.Offset(0, 2).value     EndIf EndWith $oWorkbook.Saved = True _Excel_BookClose($oWorkbook, False) _Excel_Close($oExcel, false, false) ;close does not seem to work on windows 10 and office 2016  
×
×
  • Create New...