Jump to content
taylansan

Finding process name or pid shown in windows

Recommended Posts

Hello All, 

If you're interested in the story, read below. Otherwise, just jump to the end of the post. 

Story: 

Sometimes my computer goes crazy with Windows update. I tried to turn it off with "services.msc", but couldn't close the it. So, I did some research online that it's triggered by Update Orchestration and Task Scheduler and Windows Update. I also checked that all three processes are triggered by svchost.exe.

2042019124_ProcessList.thumb.png.b28273c537295a4af117a03a13fe28f7.png

So, I tried to make a script to close this process. I found some useful functions ProcessList and _ProcessGetName using the help documents and coded something as below: 

#include <MsgBoxConstants.au3>
#include <Process.au3>

Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    $iPid = $aProcessList[$i][1]
    $sName = _ProcessGetName($iPid)
    MsgBox($MB_SYSTEMMODAL, "The process", "PID: " & $iPid & @CRLF & "NAME: " & $sName)
    If $sName = "svchost.exe" Then
        ;ProcessClose($iPid) ;I don't know if this is the process I want to close
    EndIf
Next

But the problem is; there are so many svchost.exe exists in the process list. I can't close all of them, some of them are essential to run Windows (well, accidentally I terminated some of them and ended up with a blue screen :( 

---------------

Well, how can I know the process name like "Service Host: Update Orchestration" (not the scvhost)?

It's not only with the .exe file, just to the name shown in Windows. 

Share this post


Link to post
Share on other sites

I modified as below: 

#include <WinAPIProc.au3>
$iPid = 9584
$sName = _WinAPI_GetProcessName($iPid)
ConsoleWrite($sName & @CRLF)

;But this returns me only --> svchost.exe

I also used "sc query" in cmd to find the list of processes. 

How can I obtain PID from Service Name or Display Name? 

Or How can I obtain Service Name or Display Name from PID? 

image.png.ae1ac65d0257edcf55806758e639a0ec.png

Share this post


Link to post
Share on other sites

I did not test it, but running WMI on caption of "Windows Update" service, got the following description :

Quote

Active la détection, le téléchargement et l’installation des mises à jour de Windows et d’autres programmes. Si ce service est désactivé, les utilisateurs de cet ordinateur ne pourront pas utiliser Windows Update ou sa fonctionnalité de mise à jour automatique, et les programmes ne pourront pas utiliser l’API de l’Agent de mise à jour automatique Windows Update (WUA).

Seems to me that it is possible to deactivate that service.

Share this post


Link to post
Share on other sites

Because so many disable it in Win7 (which is a horrible idea) is why MS decided enough is enough. EVERYONE must receive regular updates to stay as secure as possible

Windows Enterprise and Windows server always allow you to manually turn off and completely disable auto updating. Windows 10 education might also let you? Not sure. But we don't own the software, it's provided as a SERVICE by MS to us thru licensing. We must live with their final decisions in the end and adapt.

I do not condone the practice, even with Win7 of disabling the updates. It's a horrible idea considering all the dangers you face online out there. Even Linux distros are always updated and now have auto update available (though I think they should enforce it as well)

 

Windows 10 installs so fast off a USB anyway, even on my Craptop computer (A6 powered AMD, lol) it takes only about 8 minutes to install! So if an update hoses you (you should always have your data backed up) you can format and reinstall in under 10 minutes. All my data is in MS cloud so i never lose anything. I just had to install latest windows after Malwarebytes screwed me (my A6 just can't handle that program, too cpu intensive and this a 200 notebook, lol)

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post


Link to post
Share on other sites

to the Original Poster (OP) of this thread

1. how old is the install of windows?

2. can you post a screenshot of your installed programs?

 

if all else fails to get your PC under control try the following:

  1. You should back up your data to a HDD and cloud, then create an Win10 boot USB from 
  2. MS Windows 10 Creation tool
  3. create a bootable USB or DVD and boot to it
  4. Choose Custom Install and delete all your partitions on the main drive
  5. install fresh and clean and then be careful not to install junkware or other things that can slow you down.
  6.  let it update normally
  7. don't tweak anything, Win10 knows all the proper drivers and everything you need (win10 knows the proper drivers for just about everything out there)
  8. you MAY have to install graphics drivers from your video card manufacturer depending on what card you have

BTW, i just installed latest Win10 yesterday and now my anemic notebook is a little screamer again. malwarebytes somehow corrupted my profile, lol

my last install lasted for years now, but i had to go install malwarebytes (only to find nothing, lol) and ruin my profile.

 

Edited by Earthshine

My resources are limited. You must ask the right questions

 

Share this post


Link to post
Share on other sites

Hi, this is the computer information: 

image.png.e469c5b0aa34d7f475ae521ee92c6be9.png

About the installed programs, there are many, can't screenshot all of them one by one. Also cannot make a fresh Windows install. 

------------------------

I think computer specs is not the problem here. If I run "sc query" as I wrote in the above post, I can get SERVICE_NAME and DISPLAY_NAME values. Using these, how can I know the PID for each of them? Look at my below (just copied from help files and modified a little bit).

#include <MsgBoxConstants.au3>
#include <Process.au3>

Local $aProcessList = ProcessList()
For $i = 1 To $aProcessList[0][0]
    $iPid = $aProcessList[$i][1]
    $sName = _ProcessGetName($iPid)
    MsgBox($MB_SYSTEMMODAL, "The process", "PID: " & $iPid & @CRLF & "NAME: " & $sName)
    If $sName = "svchost.exe" Then
        ;ProcessClose($iPid)
        ;I don't know if this is the process I want to close
        ;Because there are so many scvhost running
        ;How can I be sure that this PID for scvhost is related to Update Orchestration?
    EndIf
Next

Using this script, I can get the list of scvhosts. But there are so many running in the system, I can't terminate all of them. I just want to terminate specific one (that is update orchestration). 

Again: Please don't focus on the windows update case. The question is: I have list of services and display names. How can I know the PID for these? It's just like; okay there is an application running (which I can see in the task manager) then right click on it and "Go to details", then I can find the PID. How can I find the PID from service name (or finding service name from PID)? @Nine asked me to check some WMI, but I couldn't manage to get PID and service / display name mapping... 

 

image.png.ea24d5006a3c1bc4ba16530a136f3af5.png

 

Share this post


Link to post
Share on other sites

Here your Christmas gift early ;)

#include <Constants.au3>
#include <Array.au3>

Opt("MustDeclareVars", 1)

_CheckService()

Func _CheckService()
  Local $objWMIService = ObjGet("winmgmts:\\" & @ComputerName & "\root\CIMV2")
  Local $colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_Service WHERE State = "Running"')
  If Not IsObj($colItems) Then Exit MsgBox(0, "", "Not an object")
  If Not $colItems.count Then Exit MsgBox(0, "", "Service not found")
  Local $aService[$colItems.count][4], $i = 0
  For $sItem In $colItems
    $aService[$i][0] = $sItem.Caption
    $aService[$i][1] = $sItem.PathName
    $aService[$i][2] = $sItem.ProcessId
    $aService[$i][3] = $sItem.Name
    $i += 1
  Next
  _ArrayDisplay ($aService)
EndFunc   ;==>_CheckService

HoHoHo !

Edited by Nine

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Similar Content

    • By Yodavish
      My AutoIt script works fine, for the most part, however, if it goes idle for roughly 30 minutes, it will won't be able to send data to a 3rd party application window titled, "Case #". 
      The problem lies within the function "SendFusion", it's able to see the handle for the "WinActivate" and "WinWaitActivate" (I've also tried putting in 10 seconds in the WinWaitActivate as well, doesn't work). However, if we have been idle, it will always fail to send data afterward. On what I've tried so far:
      "Send" function with the data and a {ENTER} i.e. Send($CaseTxt & "{ENTER}"), this won't even hit the enter key  ControlSetText, tried passing the handle from WinActivate, using the title "Case #" that was copied directly from the Autoit Window Info, hard coding the title, Using CLASS:WindowsForms10... always returns a 0 ControlCommand (same as above) always returns a 0 ControlGetFocus always returns a 0 ControlFocus, always returns a 0 Creating a new and simple Au3 script that just sends data to "Case #", also fails NOTE: If I close the Au3 script and just scan the data directly into the "Case #" or even type it, it works fine with no issues. I'm confused as to why it would not work after a long idle period?
      Below are the essential parts of the script, I can provide the entire thing if needed. Any suggestions would be greatly appreciated!
      #include <AutoItConstants.au3> #include <GUIConstantsEx.au3> #include <MsgBoxConstants.au3> #include <Process.au3> #include <Misc.au3> #include <IE.au3> ;--------------------------------------------------------------- ; Only one instance can run ;--------------------------------------------------------------- If _Singleton("gross.exe", 1) = 0 Then MsgBox($MB_SYSTEMMODAL, "Warning", "Gross.exe is already running. Please exit the existing version first (check the icons in the lower right corner of your screen) before running it again.") Exit EndIf ;--------------------------------------------------------------- ; AutoIt Options ;--------------------------------------------------------------- Opt("GUIOnEventMode", 1) ; Change to OnEvent mode Opt("WinWaitDelay", 0) ; Alters how long a script should briefly pause after a successful window-related operation. Time in milliseconds to pause (default=250). Opt("WinTextMatchMode", 1) ; Alters the method that is used to match window text during search operations. 2 = Quick mode Opt("SendKeyDelay", 0) ; Alters the length of the brief pause in between sent keystrokes. A value of 0 removes the delay completely. Time in milliseconds to pause (default=5). if ($fusionWindowTitle="NONE" or $fusionCaseNumWinTitle="NONE" or $appWindowTitle="NONE" or $winActivateTimeout="NONE" or $winCloseTimeout="NONE" or $winWaitTimeout="NONE" or $pdfViewerWidth="NONE" or $pdfViewerHeight="NONE" or $pdfViewerLeft="NONE" or $pdfViewerWindowName="NONE" or $pdfViewerExeName="NONE" or $pdfUrl="NONE" or $pdfDownloadCommand="NONE") Then Msgbox(0,"ERROR", "gross.ini is missing or does not contain all settings. Please contact Help Desk with this information") Exit -1 EndIf ;--------------------------------------------------------------- ; application settings/constants ;--------------------------------------------------------------- Global Const $[VARIABLE] = IniRead("gross.ini", "default", "[TitleOfVariable]", "NONE") Global Const $[VARIABLE] = IniRead("gross.ini", "default", "[TitleOfVariable]", "NONE") Global Const $[VARIABLE] = IniRead("gross.ini", "default", "[TitleOfVariable]", "NONE") Global Const $[VARIABLE] = IniRead("gross.ini", "default", "[TitleOfVariable]", "NONE") ;--------------------------------------------------------------- ; create the main window ;--------------------------------------------------------------- Local $mainWindow = GUICreate($appWindowTitle, 380, 190) ; create the main GUI window GUISetOnEvent($GUI_EVENT_CLOSE, "handleCloseClick") ; when the click the windows close button call handleCloseClick() WinSetOnTop($appWindowTitle, '', 1) ; Sets main GUI always on top ;--------------------------------------------------------------- ; create the controls on the main window ;--------------------------------------------------------------- Local $okButton = GUICtrlCreateButton("OK", 160, 160, 54,24) ; create OK button GUICtrlSetOnEvent($okButton, "validateInput") ; when they click ok, call handleInputProcessRequest() GUICtrlCreateLabel("Scan Input", 10, 10) ; create a label Global $inputScan = GUICtrlCreateInput("", 10,134,358) ; create the input scan box GUICtrlSetOnEvent($inputScan, "validateInput") ; when they press enter in the scan input box, call handleInputProcessRequest() GUICtrlSetState($inputScan,$GUI_FOCUS) ; automatically sets focus on the input field GUISetState(@SW_SHOW) ; main GUI loop that runs at all times ;--------------------------------------------------------------- While 1 ;---------------------------------------------------------- ; If sumatraPDF active, resets focus back to GUI ;---------------------------------------------------------- If WinActive($pdfViewerWindowName) Then consoleWrite('While Loop sumatraPDF was active' & @CRLF) setMainWindow() ;---------------------------------------------------------- ; After data sent to ProTracker, check for mismatch ; save button to trigger the event handler when clicked ;---------------------------------------------------------- ElseIf WinActive($proTrackerWindowTitle) Then $ie = _IEAttach("ProTracker") $mismatchButton = _IEGetObjByName($ie, $proTrackerMisMatchButtonId) $oEvent = ObjEvent($mismatchButton, "mismatchButton_") If @error Then setMainWindow() ;--------------------------------------------------------------------- ; If Fusion is prompting for the case #, focus back to main GUI input ; If second GUI 'Unknown' detect do nothing ;--------------------------------------------------------------------- ElseIf WinExists($fusionWindowTitle) and WinExists($fusionCaseNumWinTitle) and Not WinActive($mainWindow) and Not WinExists('Unknown Input') Then setMainWindow() EndIF ;--------------------------------------------------------------------- ; Checks if $processFlag = Done, if so, shows PDF viewer and clears ; processFlag for next iteration ;--------------------------------------------------------------------- IF WinExists($pdfViewerWindowName) and $processFlag == 'Done' Then WinSetState ($pdfViewerWindowName, '', @SW_SHOW) $processFlag = '' setMainWindow() EndIF Sleep(100) ; Sleep to reduce CPU usage WEnd Func handleInputProcessRequest($input) $processFlag = True Local $hTimer = TimerInit() consoleWrite('> handleInputProcessRequest: ' & @CRLF) Local $idInput = identifyInput($input) ; Select a proccess to run based on id input Select Case $idInput = "container" ; regex that captures only the case number $caseTxt = StringUpper(StringRegExpReplace($strippedInputData, '\??(\w*\d*-\d*|\d*).*$','$1')) If WinExists($fusionWindowTitle) and WinExists($fusionCaseNumWinTitle) Then sendProTracker(StringUpper($strippedInputData)) sendFusion($caseTxt) ; gets pdf for sumatraPDF in seperate script, since that function is the slowest Run("viewPDF.exe " & $caseTxt) ;getSumatraPDF($caseTxt) $lastCaseNum = $caseTxt Else ; Checks to make sure the previous "Container" case num is the same ; to the current Container case num, before sending to ProTracker If($lastCaseNum <> $caseTxt) Then ; If not the same case number send alert sound SoundPlay("error.wav") Else sendProTracker($strippedInputData) EndIf EndIf Case $idInput = "user" sendProTracker($strippedInputData) Case $idInput = "cassette" sendProTracker(StringUpper($strippedInputData)) Case $idInput = "unknown" selectUnknown() EndSelect Local $fDiff = TimerDiff($hTimer) $processFlag = 'Done' consoleWrite('> handleInputProcessRequest Completed Total time: ' & $fDiff & ' ' &@CRLF&@CRLF&@CRLF) EndFunc Func sendFusion($caseTxt)     Local $hTimer = TimerInit()     consoleWrite('+ sendFusion initiated: ' & $caseTxt & @CRLF)     If $caseTxt = "" Then         MsgBox(0, "Error", "Not a valid case number")     Else         ;$fusionCaseNumWinTitle = "Case #"         $retVal1 = WinActivate($fusionCaseNumWinTitle, "")         consoleWrite("ReturnValue WinActivate " & $retVal1 & @CRLF)         $retVal2 = WinWaitActive($fusionCaseNumWinTitle,"",$winActivateTimeout)         consoleWrite("ReturnValue WinWaitActive: " & $retVal2 & @CRLF)         $retVal3 = ControlSetText($fusionCaseNumWinTitle, "", "", $caseTxt)         ;$retVal3 = ControlCommand($fusionCaseNumWinTitle, "", "", "EditPaste", $caseTxt)         consoleWrite("ReturnValue ControlSetText: " & $retVal3 & @CRLF)         ;Send($caseTxt & "{ENTER}")         WinWaitClose($fusionCaseNumWinTitle, "", $winCloseTimeout)         consoleWrite('+ sendFusion WinWaitClose: ' & @CRLF)     EndIf     Local $fDiff = TimerDiff($hTimer)     ConsoleWrite('+ sendFusion Completed Total time:' & $fDiff & ' ' & @CRLF) EndFunc
      Console logs from the SciTLE
      Window (x86) Info matches the correct handle for the WinActivate and WinWaitActivate

      Window Control (x86) Info, I've tried the CLASS, the ID, also I just noticed that the "handle" in "Control" and "Window" appear to be different as well.

       
      So far the only work-around is to close down the 3rd party application and the AutoIt script, re-open them and it works all completely fine. But this is a pain for the end-user since it's all touch screen and it slows down their workflow, which they can be extremely sensitive about.
       
    • By antonioj84
      I am not able to use the $GUI_READ_EXTENDED with the  Metro UDF,  any work around ?
      Local $aPos[2] = [$Radio1, $Radio2] For $Radio In $aPos If GUICtrlRead($Radio) = $GUI_UNCHECKED Then ContinueLoop IniWrite($sGUIstate_IniFile, "Data", "POS", GUICtrlRead($Radio, $GUI_READ_EXTENDED)) ;; return the text of the menu item ExitLoop Next  
    • By Yodavish
      I have this AutoIt script that works on Windows 7. However, when I test it on Windows 10, the objEvent will not execute the function it's supposed to call. So I have a webpage the script will check if it is active, then it will search if a popup button exist (elementId), if so, assign it to the event handler so that when that button is clicked, then handler function will move the focus back to the main GUI again.
      If WinActive("Website Title - Internet Explorer") Then    $ie = _IEAttach("Website Title")    $objElement= _IEGetObjById ($ie, "elementId")    local $oEvent = ObjEvent($objElement, "_MY_EVENT_HANDLER_") EndIf Func _MY_EVENT_HANDLER_onclick($oEvtObj)     msgbox(0,"Alert Window", "Button Clicked!") setMainWindow() ; sets focus back to main GUI EndFunc  
      I've verified, on Windows 10, that it does see the object element. But it will not trigger the event. Could it be related to some timing issues due to Windows 10 Internet Explorer over Windows 7 Internet Explorer? 
      Windows 7 IE version 11.0.9600.19507
      Windows 10 IE version 11.418.18362.0
      AutoIt v 3.3
       
    • By somebadhat
      Restore blank Windows 10 start menu icons.
      ; RESTORE BLANK WINDOWS 10 START MENU ICONS. ; TOGGLE SETTINGS-START-"USE START FULL SCREEN" TWICE ; THIS WILL RESTORE SOME OF THE BLANK ICONS ; FOR THOSE THAT IT DOES NOT REDO "CHANGE ICON" FROM THE PROPERTIES DIALOG BOX FOR EACH MISSING ICON. ; "C:\Program Files (x86)\AutoIt3\AutoIt3_x64.exe" "F:\MYAPPS\WINDOWS\StartMenu1.au3" ; windows 10 and autoit3 ; begin restore blank icons on start menu Run(@ComSpec & " /c start ms-settings:personalization-start", "", @SW_SHOWMINIMIZED) Sleep(500) WinWaitActive("Settings") Sleep(1000) ; WinWaitActive ("[CLASS:ApplicationFrameInputSinkWindow]", "") ; ; BEGIN https://www.autoitscript.com/forum/topic/1353-check-if-a-computer-is-online/ $Computer = "8.8.8.8" AutoItSetOption ("SendKeyDelay" , "125") ;was 55, 500 If RunWait("ping.exe -n 1 " & $Computer, "", @SW_HIDE) == 0 Then WinActivate("Settings") send("{tab}{down 5}{tab 6}") sleep(500) send("{space}{tab 10}") ; if online. Move to "use start full screen", toggle it and (improves reliability) return cursor to "find a setting" search box. Else WinActivate("Settings") send("{tab}{down 5}{tab 6}") sleep(500) send("{space}{tab 6}") ; if offline. Move to "use start full screen", toggle it and (improves reliability) return cursor to "find a setting" search box. EndIf ; END https://www.autoitscript.com/forum/topic/1353-check-if-a-computer-is-online/ ; ; MouseClick("left", 379, 490, 1, 0) ; Toggle "use start full screen". Autoitv3 Window Info MouseClick Coords are 23px north. If y=467 use y=490 Sleep(500) ; Msgbox(0,"Operation halted","Continue?") ; PAUSE FOR DEBUG ; WinClose("[CLASS:ApplicationFrameWindow]", "") ; Send("{LWIN 2}") ; OPEN AND CLOSE THE START MENU Send("{LWIN}") ; OPEN START MENU sleep(500) Send("{LWIN}") ; CLOSE START MENU Sleep(1000) ; Run(@ComSpec & " /c start ms-settings:personalization-start", "", @SW_SHOWMINIMIZED) ; Sleep(500) ; WinWaitActive ("Settings") ; WinWaitActive ("[CLASS:ApplicationFrameInputSinkWindow]", "") ; ; BEGIN https://www.autoitscript.com/forum/topic/1353-check-if-a-computer-is-online/ $Computer = "8.8.8.8" AutoItSetOption ("SendKeyDelay" , "125") ;was 125, 55, 500 If RunWait("ping.exe -n 1 " & $Computer, "", @SW_HIDE) == 0 Then WinActivate("Settings") sleep(500) send("{tab 7}") ; if online. Move to "use start full screen", sleep(500) send("{space}{tab 10}") ; if online. Toggle "use start full screen" and (improves reliability) return cursor to "find a setting" search box. Else WinActivate("Settings") sleep(500) send("{tab 7}") ; if offline. Move to "use start full screen", sleep(500) send("{space}{tab 6}") ; if offline. Toggle "use start full screen" and (improves reliability) return cursor to "find a setting" search box. EndIf ; END https://www.autoitscript.com/forum/topic/1353-check-if-a-computer-is-online/ ; ; MouseClick("left", 379, 490, 1, 0) ; Toggle "use start full screen". Autoitv3 Window Info MouseClick Coords are 23px north. If y=467 use y=490 Sleep(500) ; Msgbox(0,"Operation halted","Continue?") ; PAUSE FOR DEBUG WinClose("[CLASS:ApplicationFrameWindow]", "") ; end restore blank icons on start menu Exit
    • By DavidFromLafayette
      My company is moving from WIN7 to WIN10, I have had a script that runs in the middle of the night, when the computer is locked, to open an Excel spreadsheet, read a few cells, and generate an email.  This has worked fine under WIN7, when I try to run under WIN10 it freezes when it gets to a line to handle an array.  When I run without the computer locked the script runs as expected.  After doing a lot of investigating, it looks like the following line reads a "0" from the Excel file instead of a text string, only when the computer is locked.
      Any ideas?
      $Driver1 = _Excel_RangeRead($oWorkbook, "Template", "H12")
      This is how I am opening the Excel file:
      Local $oExcel = _Excel_Open(False)
      Sleep(10000)
      $oWorkbook = _Excel_BookOpen($oExcel, $sFilePath, True, False)
×
×
  • Create New...