Jump to content
Sign in to follow this  
X-sploiT

check if its a system process?

Recommended Posts

X-sploiT

well ok im making a thing where i have a list off .exes to kill from a text file but what if a cant kill it i msgbox will keep popin up,i wanna check fior system proccesses,is there anyway than making a list and also getting the proccess path would be kool

#include <File.au3>
Global $Line[256]
HotKeySet("{INS}","Scan")
while 1
    sleep(1)
wend    
Func Scan()
$path=@ScriptDir & '\test.txt'
$file = FileOpen($path, 0)
$count=_FileCountLines($path)
If $file = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf
while 1
for $i=1 to $count
$line[$i] = FileReadline($file,$i)
if ProcessExists($line[$i]) Then
    ProcessClose($line[$i])
    MsgBox(0, $line[$i], "Malicious Proccess Found And Killed")
    EndIf
next
WEnd
FileClose($file)
EndFunc
Edited by X-sploiT

Share this post


Link to post
Share on other sites
X-sploiT

anyone

Share this post


Link to post
Share on other sites
smashly

Hi,

Sorry I'm not sure how to check if a process is a system process but

there's a couple of functions ppl on the forum have written for finding the path of the process exe..

I use Larry's function mostly.

$pid = Run('notepad.exe')
Sleep(500)
MsgBox(0, '', _ProcessGetLocation($pid))

Func _ProcessGetLocation($iPID)
    Local $aProc = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', BitOR(0x0400, 0x0010), 'int', 0, 'int', $iPID)
    If $aProc[0] = 0 Then Return SetError(1, 0, '')
    Local $vStruct = DllStructCreate('int[1024]')
    DllCall('psapi.dll', 'int', 'EnumProcessModules', 'hwnd', $aProc[0], 'ptr', DllStructGetPtr($vStruct), 'int', DllStructGetSize($vStruct), 'int_ptr', 0)
    Local $aReturn = DllCall('psapi.dll', 'int', 'GetModuleFileNameEx', 'hwnd', $aProc[0], 'int', DllStructGetData($vStruct, 1), 'str', '', 'int', 2048)
    If StringLen($aReturn[3]) = 0 Then Return SetError(2, 0, '')
    Return $aReturn[3]
EndFuncoÝ÷ Ù8^­íý±©l¡©è¶«¢w®²)àÂhºÒ¢}ý¶·¦zfÞ¯hº-z+l¢ºò¶ay«­ÚºÚ"µÍÚ[ÛYH   Ð^K]LÉÝÂÛØ[   ÌÍÝØ[QYÔ][[YYX][HHLÈÑÈÕÒSÑB  ÌÍÝØ[QYÑÜØÛHHÑÈÕÒSÑBØØ[  ÌÍØÛÛ][Ë  ÌÍÛØÓRTÙXÙK  ÌÍÛØ][BØØ[    ÌÍÙ^]H   ][ÝÉ][ÝÂÌÍÛØÓRTÙXÙHHØÙ]
    ][ÝÝÚ[YÛ]ÎÌLÉÌLÉ][ÝÈ [ÈÛÛ][YH [È ][ÝÉÌLÜÛÝ ÌLÐÒSU][ÝÊBÌÍØÛÛ][ÈH ÌÍÛØÓRTÙXÙK^XÔ]YH
    ][ÝÔÑSPÕ
ÓHÚ[ÌÔØÙÜÉ][ÝË    ][ÝÕÔS   ][ÝË  ÌÍÝØ[QYÔ][[YYX][H
È  ÌÍÝØ[QYÑÜØÛJB[H ÌÍÙ^]ÌWBYÓØ   ÌÍØÛÛ][ÊH[Ü  ÌÍÛØ][H[    ÌÍØÛÛ][ÂQ[H   ÌÍÙ^]ÕPÝ[
    ÌÍÙ^]
JÌWB   ÌÍÙ^]ÕPÝ[
    ÌÍÙ^]
KLWHH   ÌÍÛØ][K^XÝ]XT]^[YÐ^QÜ^J  ÌÍÙ^]    ][ÝÑ^XÝ]XH]É][ÝÊ

Cheers

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×