GEOSoft Posted December 5, 2006 Posted December 5, 2006 (edited) expandcollapse popup#cs This AutoIt script file was generated by Project Express v3.9.0.24 Dec 05 / 2006 Compiler Version: 3.2.1.13 Language: English (US) Platform(s): All Author: GEOSoft ; Project Name: Win Trap Project Description: Determine the process of a "Suspicious " window and then kill it and create before and after lists To Do List: Notes: Pressing Shift + Pause will get the process of the currently active window in case an unexpected window appears ; (Credit to herewasplato for the idea) ; #ce Opt ("WinTitleMatchMode", 2) Opt ("TrayIconDebug", 1) $OutFile = @DesktopDir & '\Proc_List.txt' HotKeySet("+{Pause}", "Report") Global $hTtl $Ttl = InputBox("Window Trap", "Enter any portion of the window title you want to trap."& @CRLF & 'To trap any other window press "Shift + Pause".' & _ @CRLF & @CRLF & '*** NOTE: Case Sensitive', '', '', 300, -1) If @Error = 1 Then Exit $P1 = ProcessList() While WinActive($Ttl) = 0 Sleep (1000) WEnd $hTtl = WinGetTitle($Ttl) WinClose($Ttl) Report() Exit Func Report() $File = FileOpen ($OutFile,2) If NOT $hTtl Then $hTtl = WinGetTitle('') $Pid = WinGetProcess($hTtl) $P2 = ProcessList() For $I = 1 To $P1[0][0] FileWriteLine($File,$P1[$I][0]) Next FileWriteLine($File,@CRLF & @CRLF & '[Window Title '& Chr(34) & $hTtl & Chr(34) & ']') For $I = 1 To $P2[0][0] If StringInStr($P2[$I][1],$Pid) Then FileWriteLine($File,'********************') FileWriteLine($File,$P2[$I][0]) If StringInStr($P2[$I][1],$Pid) Then FileWriteLine($File,'********************') Next FileClose($File) MsgBox ( 262160, 'Finished', 'The process list has been created on the desktop as Proc_List.txt') ShellExecute($OutFile) EndFunc ;;============= End of Script ============For an explanation of why I put this together see Post # 3 inWinWaitActiveIt just traps the process of a suspicious (or any) window and creates a before and after process list as a file.Please not that Window Titles are case sensitive so spyware Removal is not the same as Spyware Removal. However pyware Removal will get the right window because WintitleMatchMode = 2.If someone wants to take the time to do it then it's been suggested that setting WinTitleMatchMode to 4 and using Regular Expressions may solve the case sensitivity issue. It did what I needed so I'm finished with the script and you can do what you want with it. Edited December 5, 2006 by GEOSoft George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!"
herewasplato Posted December 5, 2006 Posted December 5, 2006 (edited) I'm going to guess that you wanted Chr(34) where Chr(43) is in this line: FileWriteLine($File,@CRLF & @CRLF & '[Window Title '& Chr(43) & $hTtl & Chr(34) & ']')oÝ÷ Ù8^±Êâ¦×(®·¶¢uéíøvØ^{«`zw«j×*®¢ÑZàZt iªê-Â)Ý£!zr)ë,yÛazÈb~Ö§v®±èh¶G²r¡»ºÈ§Ø^znµº1¶¥ªí¡ûazßzwbb¶WªºEjGªºmêÞ¦íëÞ®Zqçmꮢڮ¢Ø§~§¶azÇ¢wij»h~Ø^êh®Ö欶)æÊ׬¶Äèµë-r©WªºEjGiÐ)¥ì^ªê-~º&¶¬jëh×6;fake-bad-app For $i = 5 To 1 Step - 1 TrayTip("Fake Bad App", "This will pop-up a window like some bad apps do in " & $i, 1) Sleep(1000) Next TrayTip("", "", 1) MsgBox(0, "Fake Bad App", "Do not hit OK.") Sleep(999999)and start it. Compile and run your code. Once the window pops up from the Fake-Bad-App, type in: Fake ...and click OK Your code will close the MsgBox from my Fake-Bad-App - but it will not end the app. So, the exe named Fake-Bad-App shows in both "before" and "after" process lists with no highlighting via "********************". Maybe I don't fully understand what you are expecting to happen under the "input box senario". ...hope this helps... Edited December 6, 2006 by herewasplato [size="1"][font="Arial"].[u].[/u][/font][/size]
GEOSoft Posted December 5, 2006 Author Posted December 5, 2006 (edited) I'm going to guess that you wanted Chr(34) where Chr(43) is in this line: FileWriteLine($File,@CRLF & @CRLF & '[Window Title '& Chr(43) & $hTtl & Chr(34) & ']') The script correctly identified the exe that generated my "Fake Bad App" window when I pressed the shift and pause hotkey combo... but using the input box to ID part of the offending title "Fake" - the report never placed the "********************" info into the second part of the report.... at least in my tests: To test - compile "Fake-Bad-App.exe" from this:[autoit];fake-bad-app For $i = 5 To 1 Step - 1 TrayTip("Fake Bad App", "This will pop-up a window like some bad apps do in " & $i, 1) Sleep(1000) Next TrayTip("", "", 1) MsgBox(0, "Fake Bad App", "Do not hit OK.") Sleep(999999)[autoit]and start it. Compile and run your code. Once the window pops up from the Fake-Bad-App, type in: Fake ..and click OK Your code will close the MsgBox from my Fake-Bad-App - but it will not end the app. So, the exe named Fake-Bad-App shows in both "before" and "after" process lists with no highlighting via "********************". Maybe I don't fully understand what you are expecting to happen under the "input box senario". ...hope this helps...There's no such a thing as bad user input and you're correct, it should be Chr(34. I'll take a look at the rest it when I stop for a coffee which will be in about half an hour. Maybe I broke something after I used it. Probably during one of my infamous cleanup treatments. Edited December 5, 2006 by GEOSoft George Question about decompiling code? Read the decompiling FAQ and don't bother posting the question in the forums.Be sure to read and follow the forum rules. -AKA the AutoIt Reading and Comprehension Skills test.*** The PCRE (Regular Expression) ToolKit for AutoIT - (Updated Oct 20, 2011 ver:3.0.1.13) - Please update your current version before filing any bug reports. The installer now includes both 32 and 64 bit versions. No change in version number. Visit my Blog .. currently not active but it will soon be resplendent with news and views. Also please remove any links you may have to my website. it is soon to be closed and replaced with something else. "Old age and treachery will always overcome youth and skill!"
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now