Sign in to follow this  
Followers 0
X-sploiT

check if its a system process?

3 posts in this topic

#1 ·  Posted (edited)

well ok im making a thing where i have a list off .exes to kill from a text file but what if a cant kill it i msgbox will keep popin up,i wanna check fior system proccesses,is there anyway than making a list and also getting the proccess path would be kool

#include <File.au3>
Global $Line[256]
HotKeySet("{INS}","Scan")
while 1
    sleep(1)
wend    
Func Scan()
$path=@ScriptDir & '\test.txt'
$file = FileOpen($path, 0)
$count=_FileCountLines($path)
If $file = -1 Then
    MsgBox(0, "Error", "Unable to open file.")
    Exit
EndIf
while 1
for $i=1 to $count
$line[$i] = FileReadline($file,$i)
if ProcessExists($line[$i]) Then
    ProcessClose($line[$i])
    MsgBox(0, $line[$i], "Malicious Proccess Found And Killed")
    EndIf
next
WEnd
FileClose($file)
EndFunc
Edited by X-sploiT

Share this post


Link to post
Share on other sites



anyone

Share this post


Link to post
Share on other sites

Hi,

Sorry I'm not sure how to check if a process is a system process but

there's a couple of functions ppl on the forum have written for finding the path of the process exe..

I use Larry's function mostly.

$pid = Run('notepad.exe')
Sleep(500)
MsgBox(0, '', _ProcessGetLocation($pid))

Func _ProcessGetLocation($iPID)
    Local $aProc = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', BitOR(0x0400, 0x0010), 'int', 0, 'int', $iPID)
    If $aProc[0] = 0 Then Return SetError(1, 0, '')
    Local $vStruct = DllStructCreate('int[1024]')
    DllCall('psapi.dll', 'int', 'EnumProcessModules', 'hwnd', $aProc[0], 'ptr', DllStructGetPtr($vStruct), 'int', DllStructGetSize($vStruct), 'int_ptr', 0)
    Local $aReturn = DllCall('psapi.dll', 'int', 'GetModuleFileNameEx', 'hwnd', $aProc[0], 'int', DllStructGetData($vStruct, 1), 'str', '', 'int', 2048)
    If StringLen($aReturn[3]) = 0 Then Return SetError(2, 0, '')
    Return $aReturn[3]
EndFuncoÝ÷ Ù8^­íý±©l¡©è¶«¢w®²)àÂhºÒ¢}ý¶·¦zfÞ¯hº-z+l¢ºò¶ay«­ÚºÚ"µÍÚ[ÛYH   Ð^K]LÉÝÂÛØ[   ÌÍÝØ[QYÔ][[YYX][HHLÈÑÈÕÒSÑB  ÌÍÝØ[QYÑÜØÛHHÑÈÕÒSÑBØØ[  ÌÍØÛÛ][Ë  ÌÍÛØÓRTÙXÙK  ÌÍÛØ][BØØ[    ÌÍÙ^]H   ][ÝÉ][ÝÂÌÍÛØÓRTÙXÙHHØÙ]
    ][ÝÝÚ[YÛ]ÎÌLÉÌLÉ][ÝÈ [ÈÛÛ][YH [È ][ÝÉÌLÜÛÝ ÌLÐÒSU][ÝÊBÌÍØÛÛ][ÈH ÌÍÛØÓRTÙXÙK^XÔ]YH
    ][ÝÔÑSPÕ
ÓHÚ[ÌÔØÙÜÉ][ÝË    ][ÝÕÔS   ][ÝË  ÌÍÝØ[QYÔ][[YYX][H
È  ÌÍÝØ[QYÑÜØÛJB[H ÌÍÙ^]ÌWBYÓØ   ÌÍØÛÛ][ÊH[Ü  ÌÍÛØ][H[    ÌÍØÛÛ][ÂQ[H   ÌÍÙ^]ÕPÝ[
    ÌÍÙ^]
JÌWB   ÌÍÙ^]ÕPÝ[
    ÌÍÙ^]
KLWHH   ÌÍÛØ][K^XÝ]XT]^[YÐ^QÜ^J  ÌÍÙ^]    ][ÝÑ^XÝ]XH]É][ÝÊ

Cheers

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0