X-sploiT Posted May 30, 2007 Share Posted May 30, 2007 (edited) well ok im making a thing where i have a list off .exes to kill from a text file but what if a cant kill it i msgbox will keep popin up,i wanna check fior system proccesses,is there anyway than making a list and also getting the proccess path would be kool #include <File.au3> Global $Line[256] HotKeySet("{INS}","Scan") while 1 sleep(1) wend Func Scan() $path=@ScriptDir & '\test.txt' $file = FileOpen($path, 0) $count=_FileCountLines($path) If $file = -1 Then MsgBox(0, "Error", "Unable to open file.") Exit EndIf while 1 for $i=1 to $count $line[$i] = FileReadline($file,$i) if ProcessExists($line[$i]) Then ProcessClose($line[$i]) MsgBox(0, $line[$i], "Malicious Proccess Found And Killed") EndIf next WEnd FileClose($file) EndFunc Edited May 30, 2007 by X-sploiT Link to comment Share on other sites More sharing options...
X-sploiT Posted May 30, 2007 Author Share Posted May 30, 2007 anyone Link to comment Share on other sites More sharing options...
smashly Posted May 30, 2007 Share Posted May 30, 2007 Hi, Sorry I'm not sure how to check if a process is a system process but there's a couple of functions ppl on the forum have written for finding the path of the process exe.. I use Larry's function mostly.$pid = Run('notepad.exe') Sleep(500) MsgBox(0, '', _ProcessGetLocation($pid)) Func _ProcessGetLocation($iPID) Local $aProc = DllCall('kernel32.dll', 'hwnd', 'OpenProcess', 'int', BitOR(0x0400, 0x0010), 'int', 0, 'int', $iPID) If $aProc[0] = 0 Then Return SetError(1, 0, '') Local $vStruct = DllStructCreate('int[1024]') DllCall('psapi.dll', 'int', 'EnumProcessModules', 'hwnd', $aProc[0], 'ptr', DllStructGetPtr($vStruct), 'int', DllStructGetSize($vStruct), 'int_ptr', 0) Local $aReturn = DllCall('psapi.dll', 'int', 'GetModuleFileNameEx', 'hwnd', $aProc[0], 'int', DllStructGetData($vStruct, 1), 'str', '', 'int', 2048) If StringLen($aReturn[3]) = 0 Then Return SetError(2, 0, '') Return $aReturn[3] EndFuncoÝ÷ Ù8^íý±©l¡©è¶«¢w®²)àÂhºÒ¢}ý¶·¦zfÞ¯hº-z+l¢ºò¶ay«ÚºÚ"µÍÚ[ÛYH Ð^K]LÉÝÂÛØ[ ÌÍÝØ[QYÔ][[YYX][HHLÈÑÈÕÒSÑB ÌÍÝØ[QYÑÜØÛHHÑÈÕÒSÑBØØ[ ÌÍØÛÛ][Ë ÌÍÛØÓRTÙXÙK ÌÍÛØ][BØØ[ ÌÍÙ^]H ][ÝÉ][ÝÂÌÍÛØÓRTÙXÙHHØÙ] ][ÝÝÚ[YÛ]ÎÌLÉÌLÉ][ÝÈ [ÈÛÛ][YH [È ][ÝÉÌLÜÛÝ ÌLÐÒSU][ÝÊBÌÍØÛÛ][ÈH ÌÍÛØÓRTÙXÙK^XÔ]YH ][ÝÔÑSPÕ ÓHÚ[ÌÔØÙÜÉ][ÝË ][ÝÕÔS ][ÝË ÌÍÝØ[QYÔ][[YYX][H È ÌÍÝØ[QYÑÜØÛJB[H ÌÍÙ^]ÌWBYÓØ ÌÍØÛÛ][ÊH[Ü ÌÍÛØ][H[ ÌÍØÛÛ][ÂQ[H ÌÍÙ^]ÕPÝ[ ÌÍÙ^] JÌWB ÌÍÙ^]ÕPÝ[ ÌÍÙ^] KLWHH ÌÍÛØ][K^XÝ]XT]^[YÐ^QÜ^J ÌÍÙ^] ][ÝÑ^XÝ]XH]É][ÝÊ Cheers Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now