detect unknown process? (process name random)

[t0ddie]

I think I might have a solution but I have to know does the "Window", does it have a 'Class' under the Title?

YES!

from my very first post....

no matter what the executable name is, or what the window title is. in the autoit window info the CLASS is always Diablo II

Press CTRL-ALT-F to pause the display.

>>>>>>>>>>>> Window Details <<<<<<<<<<<<<
Title:  D2Loader v1.11b - Build On Sep 22 2005
Class:  Diablo II
Size:   X: 0    Y: 0    W: 800  H: 600

>>>>>>>>>>> Mouse Details <<<<<<<<<<<
Screen: X: 175  Y: 599
Cursor ID:  2

>>>>>>>>>>> Pixel Color Under Mouse <<<<<<<<<<<
RGB:    Hex: 0x000000   Dec: 0

>>>>>>>>>>> Control Under Mouse <<<<<<<<<<<
Size:
Control ID:
ClassNameNN:
Text:

>>>>>>>>>>> Status Bar Text <<<<<<<<<<<


>>>>>>>>>>> Visible Window Text <<<<<<<<<<<

>>>>>>>>>>> Hidden Window Text <<<<<<<<<<<

Edited February 22, 2006 by t0ddie

[Sarc]

the window is not hidden

also its going to be for other users where i dont know what their window name or executable name may be

ok right now i know what you mean

in that case, what you COULD do, is this... slightly crude but who cares? it works

dim $d2name

$d2name = inputbox('','','Give the name of your diablo 2 executable file');if this is wrongly coded forgive me i havent used inputs in like ages

then, you use

if processexists($d2name) then
;do stuff
endif

maybe this is more what you're looking for?

[t0ddie]

well sarc, not to be rude.. but i could have done that myself.

i am looking for a method with no user intervention.

and i already figured it out before i started this thread, but i cant figure out HOW to do it

i just need a way to detect the class name as its always Diablo II

i just cant seem to get it from a list of windows.

[Sarc]

what about then, in that case, if you scanned for the d2 directory, then scanned that folder for files called xxxxxxxx.exe and check if they exist.

bnupdate.exe will never exist.. without user intervention, so if anything exists you know its d2?

what about that? maybe my ideas are primative but if ideas can get bounced around then problems can get fixed :/

[t0ddie]

that would be a good idea for a workaround if i cant get this to work.

it narrows down errors but is still not 100% reliable like my solution would be.

because of hacks someone might have installed in that folder, there may be more than one .exe

i myself have several .exe in that folder. and if one was running but diablo wasnt.. i would get an innaccurate result.

[Sarc]

ok granted. well let me have a think and i'll throw up some more ideas

couldnt you do that, search the dir and so on, then if it finds one of those exe's active, check its window size, and its its 800/600 or so like the d2 window, then your more likely to have a diablo 2 open, rather than a hack?

just another thought

Edited February 22, 2006 by Sarc

[SmOke_N]

Ok why this wouldn't work then is beyond me:

Opt('WinTitleMatchMode', 4)
If WinExists('classname=Diablo II') Then; do something

But I did this just for fun anyway:

$exe = FindEXE('Diablo II', 1)
If $exe <> '' Then MsgBox(0, 'test', $exe)

Func FindEXE($cCLASS, $sReturnValue = 0)
    Local $PROCESS_NAME = ''
    Local $WINLIST = WinList()
    For $i = 0 To $WINLIST[0][0]
        $GET_CLASS = FINDCLASSNAME($WINLIST[$i][1])
        If $GET_CLASS = $cCLASS Then
        ;IF YOUR TRYING TO GET THE PROCESS NAME
            Local $OPT = Opt('WinTitleMatchMode', 4)
            $PROCESS_NAME = WinGetProcess('classname=' & $cCLASS)
            Opt('WinTitleMatchMode', $OPT)
            ExitLoop
        EndIf
    Next
    If $PROCESS_NAME <> '' And $sReturnValue = 1 Then
        Local $PROCESS_LIST = ProcessList()
        For $x = 1 To UBound($PROCESS_LIST) - 1
            If $PROCESS_LIST[$x][1] = $PROCESS_NAME Then Return $PROCESS_LIST[$x][0]
        Next
    Else
        Return $PROCESS_NAME
    EndIf
EndFunc

Func FINDCLASSNAME($hwnd)
    Local $RETURNCLASS = DllCall("user32.dll", "int", "GetClassName", "hwnd", $hwnd, "str", "", "int", 32768)
    If Not @error Then Return $RETURNCLASS[2]
EndFunc

This was to cover a few bases, like if you wanted to know what the actual .exe name was you could change the Return to $PROCESS_NAME or whatever... this should just about cover it all.

Edit:

Added an optional parameter that if you want to return the .exe name you can by using 1 as the parameter, otherwise it returns the PID or if not found returns ''.

Edited February 22, 2006 by SmOke_N

[t0ddie]

interesting code...

may be very useful in the future.. but i really need somehting only basic.

i am going to try this

Opt('WinTitleMatchMode', 4)
If WinExists('classname=Diablo II') Then; do something

i never new you could add that type of parameter to the winexists command. im sure it will work just fine!

thanks smoke

btw im going to be sending you a script in the near future that im having many problems when i try to obfuscate with encode it. maybe it will help you to improve your script

later!

P.S. after this whole long thread... that simple solution worked.

lmfao!

thank you so much

Edited February 22, 2006 by t0ddie

[t0ddie]

WinClose('classname=Diablo II')

quick question... how? this isnt working. yes wintitlematchmode is 4

[SmOke_N]

Well, my suggestion would be honestly to give the a title:

$Opt = Opt('WinTitleMatchMode', 4)
$DiabloTitle = WinGetTitle('classname=Diablo II')
If WinExists($DiabloTitle) Then WinClose($DiabloTitle)
Opt('WinTitleMatchMode', $Opt)

[t0ddie]

excellent.

i would have figured it out eventually.

but thanks for the support!

[seandisanti]

excellent.

i would have figured it out eventually.

but thanks for the support!

[Valik]

Wow, what a shock. Yet again t0ddie manages to drag out a simple concept into a 30+ post support thread before somebody finally figures out what he wants and writes the code for him. I would be amused if it wasn't the five-thousandth time I've seen this pattern exhibited.

[Dirk Diggler]

i think, best solution will be implementation of regexps in all match operations like ProcessExists(),FileExists(),FileFindFirstFile() and many others.

[SmOke_N]

btw im going to be sending you a script in the near future that im having many problems when i try to obfuscate with encode it. maybe it will help you to improve your script

More than likely, the error with EnCodeIt and your script is because you used one or more of these options: IsDeclared(), Assign(), Eval() or Call().

At this time, I don't have the time nor desire that it deserves, to figure out how to incorporate all 4 of those properly, so it is suggested in the first post of that thread to just change those within your script.