Sign in to follow this  
Followers 0
t0ddie

detect unknown process? (process name random)

35 posts in this topic

heres my problem.

I want to be able to detect whether the game Diablo II is open or not.

Different users may have other window names (Diablo II, New Diablo II, D2Loader etc)

and also the actual executable may have a different name. making the processexists command not reliable.

i noticed no matter what the name of the .exe or what the window title is the class is always Diablo II

>>>>>>>>>>>> Window Details <<<<<<<<<<<<<
Title:  D2Loader v1.11b - Build On Sep 22 2005
Class:  Diablo II
Size:   X: 0    Y: 0    W: 800  H: 600

I tried a few things to be able to read the class from all existing windows but im stuck.

$text = WinGetClassList("")
MsgBox(0, "Text read was:", $text)

this did not list the class Diablo II yet the window existed.

$text = WinGetClassList(WinExists(""))
MsgBox(0, "Text read was:", $text)

this was an empty string.

i pretty much want to check all available processes (or windows) to determine whether Diablo II is running or not.

any suggestions?


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites



heres my problem.

I want to be able to detect whether the game Diablo II is open or not.

Different users may have other window names (Diablo II, New Diablo II, D2Loader etc)

and also the actual executable may have a different name. making the processexists command not reliable.

i noticed no matter what the name of the .exe or what the window title is the class is always Diablo II

>>>>>>>>>>>> Window Details <<<<<<<<<<<<<
Title:  D2Loader v1.11b - Build On Sep 22 2005
Class:  Diablo II
Size:   X: 0    Y: 0    W: 800  H: 600

I tried a few things to be able to read the class from all existing windows but im stuck.

$text = WinGetClassList("")
MsgBox(0, "Text read was:", $text)

this did not list the class Diablo II yet the window existed.

$text = WinGetClassList(WinExists(""))
MsgBox(0, "Text read was:", $text)

this was an empty string.

i pretty much want to check all available processes (or windows) to determine whether Diablo II is running or not.

any suggestions?

try this... untested, but should get a handle for any active D2 window...

$list = WinList()
for $x = 1 to $list[0][0]
    If StringInStr(WinGetClassList($list[$x][0]),"Diablo II") Then 
        $D2WinHandle = $list[$x][1]
        ExitLoop
    EndIf
Next

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

are you trying to do this as a way around Warden?

just a slight query cuz if you are then i would also be interested in such a code

Share this post


Link to post
Share on other sites

are you trying to do this as a way around Warden?

just a slight query cuz if you are then i would also be interested in such a code

have you tried the code i put up?

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

hold on

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

have you tried the code i put up?

yes it did not work.

did you try the code i put up?

$text = WinGetClassList("")
MsgBox(0, "Text read was:", $text)

here is the output i get.

WorkerW
ReBarWindow32
ComboBoxEx32
ToolbarWindow32
ComboBox
Edit
WorkerW
ToolbarWindow32
ToolbarWindow32
WorkerW
msctls_statusbar32
SHELLDLL_DefView
DUIViewWndClassName
DirectUIHWND
CtrlNotifySink
SysListView32
SysHeader32

and i only have 2 windows open.

Title:  AutoIt Forums -> Replying in detect unknown process? (process name random) - Mozilla Firefox
Class:  MozillaWindowClass
Size:   X: -4   Y: -4   W: 1032 H: 746

Title:  D2Loader v1.11b - Build On Sep 22 2005
Class:  Diablo II
Size:   X: 0    Y: 0    W: 800  H: 600

but that list of shit there contains neither.


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

$list = WinList()
for $x = 1 to $list[0][0]
            MsgBox(0,"test",$list[$x][1])
    If StringInStr(WinGetClassList($list[$x][0]),"Diablo II") Then
        $D2WinHandle = $list[$x][1]
        ExitLoop
    EndIf
Next

as you can see its not returning window names, only some hexidecimals

$list = WinList()
for $x = 1 to $list[0][0]
            MsgBox(0,"test",$list[$x][0])
    If StringInStr(WinGetClassList($list[$x][0]),"Diablo II") Then
        $D2WinHandle = $list[$x][1]
        ExitLoop
    EndIf
Next

this dont work either

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

$text = WinGetClassList(WinExists(""))

MsgBox(0, "Text read was:", $text)

I'm no expert... but with WinExists('') there wouldn't it just be the same as

WinGetClassList(1)
Considering that WinExists('') returns '1' as a value if the window exists?

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

nope still same hex crap


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

nope still same hex crap

You missed my point... no big deal...

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

#11 ·  Posted (edited)

no we are just replying too fast.

i changed "" to 1 still same results as when it was ""

empty string

none of the examples have worked

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

no we are just replying too fast.

i changed "" to 1 still same results as when it was ""

empty string

none of the examples have worked

Nope still missing the point... it was an FYI, changing it to 1 it would still be leaving it as WinExists('')... I was merely pointing out that there was no sense to use WinExists(''). I don't play the game diablo, so there is nothing to test it on... so I'm not participating in the "nope it didn't work" game.

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

what about if you did something using:

if processexists("d2loader.exe") then

;do some crap

endif

Edited by Sarc

Share this post


Link to post
Share on other sites

no you are missing the point.

i commented on that... i understand what you are saying.

it does the same thing.... right. its not a fix, just another way of doing things.

i was not commenting "nope it didnt work" to your comment

thats why i said we were replying to fast. i was commenting on the post before that one.

ANYWAYS... direct from the help file

$var = WinList()

For $i = 1 to $var[0][0]
 ; Only display visble windows that have a title
  If $var[$i][0] <> "" AND IsVisible($var[$i][1]) Then
    MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1])
  EndIf
Next

Func IsVisible($handle)
  If BitAnd( WinGetState($handle), 2 ) Then 
    Return 1
  Else
    Return 0
  EndIf

EndFunc

this will actually return the goddamn window name (finally)

but see the class is in hex can it be changed to plain english? or will the handle 0x0012022A be the same for all diablo ii windows.


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

were you hiding the d2 window, and wanting to be able to detect it?

Edited by Sarc

Share this post


Link to post
Share on other sites

what about if you did something using:

if processexists("d2loader.exe") then

;do some crap

endif

missing the point sarc.

what if the executable is d2loader.exe, what if its D2Loader.exe what if its Diablo II.exe what if its fedglohdfgolifedglkeujghpithg3wprgyh45rfg98or4hgyujk;gyhut;leshgydufo;ghudfgh.exe

you cant possibly know what someone might change their .exe name to

also this is not a bypass for warden.. i just want a detection method to determine whether Diablo II is running or not


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

that may or may not work smoke

i dont know if the handle would change depending on the .exe

some people use the actual diablo ii.exe

some people use a loader.

there might be different handles for those but i dont know

im not even sure how handles are determined.


Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

missing the point sarc.

what if the executable is d2loader.exe, what if its D2Loader.exe what if its Diablo II.exe what if its fedglohdfgolifedglkeujghpithg3wprgyh45rfg98or4hgyujk;gyhut;leshgydufo;ghudfgh.exe

you cant possibly know what someone might change their .exe name to

also this is not a bypass for warden.. i just want a detection method to determine whether Diablo II is running or not

I think I might have a solution but I have to know does the "Window", does it have a 'Class' under the Title?

[center]Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.[/center]

Share this post


Link to post
Share on other sites

missing the point sarc.

what if the executable is d2loader.exe, what if its D2Loader.exe what if its Diablo II.exe what if its fedglohdfgolifedglkeujghpithg3wprgyh45rfg98or4hgyujk;gyhut;leshgydufo;ghudfgh.exe

you cant possibly know what someone might change their .exe name to

also this is not a bypass for warden.. i just want a detection method to determine whether Diablo II is running or not

well if you only want to be able to detect it for your own computer then you just do the following

if

processexists("diablo ii.exe") or

processexists("game.exe") or

processexists("d2loader.exe") then#

;do your stuff

endif

for its only going to matter with what things that you have called d2, so you'll know its name. havuing someone call their d2 erfbufbrfbuerfberybfukrbfkqurfblqflrf.exe or w/e wont matter, because your only scanning your computer?

or have i messed up again, and your actually trying to scan sumwhere else for a d2?

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

were you hiding the d2 window, and wanting to be able to detect it?

the window is not hidden

also its going to be for other users where i dont know what their window name or executable name may be

Edited by t0ddie

Valik Note Added 19 October 2006 - 08:38 AMAdded to warn level I just plain don't like you.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0