New process

[weaponx]

Run Tidy on your script. There are a bunch of errors that need to be addressed.

[Innovative]

tidy ? you mean au3check ? i cant run that.. it runs and close before 2 secs -.-

[Innovative]

Can you please tell me which part is wrong because i dont have the tidy program =) thank you so much!

[weaponx]

I'm not sure if you realize this but you are doing exactly what I posted back at #2:

#443501

You shouldn't be hiding windows if this script is designed to kill rogue processes. You should be closing the process.

You also shouldn't be declaring functions inside if / then / endif

Check this out, its a much simpler implementation:

expandcollapse popup

#include <process.au3>
#include <misc.au3>

Opt("GUIOnEventMode", 1)

While 1
    ;Store current processlist "state"
    ;[x][0]: Contains process name
    ;[x][1]: Contains process id
    Global $ListOne = ProcessList()
    
    While 1
        ;[x][0]: Contains process name
        ;[x][1]: Contains process id
        Global $ListTwo = ProcessList()

        ;Verify each process exists in original state
        For $X = 1 To $ListTwo[0][0]
            $found = False

            ;Comparing by PID
            For $Y = 1 To $ListOne[0][0]
                If $ListOne[$Y][1] = $ListTwo[$X][1] Then
                    $found = True
                    ExitLoop
                EndIf
            Next

            ;If no match is found in ListOne for current process in ListTwo
            If $found = False Then
                
                $processString = "Name: " & $ListTwo[$X][0] & @CRLF
                $processString &= "ID: " & $ListTwo[$X][1] & @CRLF
                
                ;Retrieve process path
                $processString &= "Path: " & _GetProcessPath($ListTwo[$X][1]) & @CRLF
                
                $processString &= @CRLF & "Allow process to remain active?"
                
                $result = MsgBox(4 + 48,"ProcessDefender has detected a new process", $processString)
                
                If $result = 6 Then
                    ;This will reset the first comparison state
                    ExitLoop 2
                Else
                    ProcessClose($ListTwo[$X][1])
                    ExitLoop
                EndIf
            EndIf
        Next

        ;Check every second
        Sleep(1000)
    WEnd
WEnd

Func _WinGetByPID($iPID, $nArray = 1);0 will return 1 base array; leaving it 1 will return the first visible window it finds
    If IsString($iPID) Then $iPID = ProcessExists($iPID)
    Local $aWList = WinList(), $sHold
    For $iCC = 1 To $aWList[0][0]
        If WinGetProcess($aWList[$iCC][1]) = $iPID And _
                BitAND(WinGetState($aWList[$iCC][1]), 2) Then
            If $nArray Then Return $aWList[$iCC][0]
            $sHold &= $aWList[$iCC][0] & Chr(1)
        EndIf
    Next
    If $sHold Then Return StringSplit(StringTrimRight($sHold, 1), Chr(1))
    Return SetError(1, 0, 0)
EndFunc   ;==>_WinGetByPID


Func _GetProcessPath($GPPpid)
    $colItems = ""
    $strComputer = "localhost"

    $objWMIService = ObjGet("winmgmts:\\localhost\root\CIMV2")
    $colItems = $objWMIService.ExecQuery('SELECT * FROM Win32_Process WHERE processid = ' & $GPPpid, "WQL", 0x10 + 0x20)

    If IsObj($colItems) then
        For $objItem In $colItems
            Return $objItem.ExecutablePath
        Next
    Else
       Return ""
    Endif
EndFunc

[therks]

I'm not sure if you realize this but you are doing exactly what I posted back at #2:

I admire your patience.

[Innovative]

weapon =) problem solve.. thanks you..

saunders i admire your dumbness too, you think this is a waste of time to post here but you still post ?

[weaponx]

Woah woah woah...no hostility please.