Sign in to follow this  
Followers 0
wolf9228

Func Examples (Win32_Process)

3 posts in this topic

#1 ·  Posted (edited)

Dim $Notepad = @SystemDir & '\Notepad.exe'

;http://msdn2.microsoft.com/en-us/library/aa394372.aspx
;The following VBScript code example shows how to obtain the owner of each process 
;on a local computer. You can use this script to obtain data from a remote computer
;, for example, to determine which users have processes running terminal server, 
;substitute the name of the remote computer for "." in the first line. You must also 
;be an administrator on the remote machine.

;Return Array
Func UserDomainProcessList($User = @UserName, $Domain = @LogonDomain)
Dim $List[1][3]
$List[0][0] = 0;Array Count
;$List[1 to END][0] = [Caption]
$List[0][1] = "[error]"
$List[0][2] = "[ProcessId]"
$strComputer = "." 
$objWMIService = ObjGet("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" _
    & $strComputer & "\root\cimv2")
$colProcesses = $objWMIService.ExecQuery( _
    "select * from win32_process" )
For $objProcess in $colProcesses
    If $objProcess.GetOwner ( $User, $Domain ) = 0 Then
ReDim $List[$List[0][0] + 2][3]
$List[$List[0][0] + 1][0] = $objProcess.Caption
$List[$List[0][0] + 1][1] = $objProcess.GetOwner ( $User, $Domain )
$List[$List[0][0] + 1][2] = $objProcess.ProcessId
$List[0][0] = $List[0][0] + 1
    Else
ReDim $List[$List[0][0] + 2][3]
$List[$List[0][0] + 1][0] = $objProcess.Caption
$List[$List[0][0] + 1][1] = $objProcess.GetOwner ( $User, $Domain )
$List[$List[0][0] + 1][2] = $objProcess.ProcessId
$List[0][0] = $List[0][0] + 1
    EndIf
Next

Return $List
EndFunc


;http://msdn2.microsoft.com/en-us/library/aa394372.aspx
;The following VBScript code example shows how to obtain the logon session associated 
;with a running process. A process must be running Notepad.exe before the script starts. 
;The example locates the instances of Win32_LogonSession associated with the Win32_Process 
;that represents Notepad.exe. Win32_SessionProcess is specified as the association class. 
;For more information, see ASSOCIATORS OF Statement.

;Return Array
Func obtainthelogonsessionProcesRun($appname = 'Notepad.exe')
Dim $Session[1][3] 
Dim $err[2]
$Session[0][0] = 0;Array Count
;$List[1 to END][0] = [LogonId]
$Session[0][1] = "[ProcessId]"
$Session[0][2] = "[ProcessName]"
$objWMIService = ObjGet("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" _
    & "." & "\root\cimv2")
$colProcesses = $objWMIService.ExecQuery( _
    "Select * from Win32_Process " _
    & "Where Name = '" & $appname & "'")
For $objProcess in $colProcesses
    $ProcessId = $objProcess.ProcessId
    $colLogonSessions = $objWMIService.ExecQuery _
       ("Associators of {Win32_Process='" _
          & $ProcessId & "'} Where" _
          & " Resultclass = Win32_LogonSession" _
          & " Assocclass = Win32_SessionProcess", "WQL", 48)
             If @error <> 0 Then
                 $err[1] = @error.number
                Return $err
             EndIf
   For $LogonSession in $colLogonSessions 
    ReDim $Session[$Session[0][0] + 2][3]
    $Session[$Session[0][0] + 1][0] = $LogonSession.LogonId
    $Session[$Session[0][0] + 1][1] = $objProcess.ProcessId
    $Session[$Session[0][0] + 1][2] = $objProcess.Name
    $Session[0][0] = $Session[0][0] + 1
    Next 
Next
Return $Session
EndFunc
;http://msdn2.microsoft.com/en-us/library/aa389388(VS.85).aspx
;The following VBScript code example creates a Notepad process on the local 
;computer. Win32_ProcessStartup is used to configure the process settings.
;$HIDEWindow = 0
;strCommand FullPath /CmdLine 
;Null = Default
;$appname = Notepad.exe

;Return NEW ProcessId or error
Func createsprocess($ShowWindow = 1 , $strCommand = $Notepad ,$appname = "Notepad.exe")
$intProcessID = 0
$strComputer = "."
$objWMIService = ObjGet("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" _
    & $strComputer & "\root\cimv2")


; Configure the Notepad process to show a window
$objStartup = $objWMIService.Get("Win32_ProcessStartup")
$objConfig = $objStartup.SpawnInstance_
$objConfig.ShowWindow = $ShowWindow

; Create Notepad process
$objProcess = $objWMIService.Get("Win32_Process")
$DAtX = intProcessID(1 ,$appname)
$intReturn = $objProcess.Create _
    ($strCommand, Default, $objConfig, $intProcessID)
$intProcessID = intProcessID(0 ,$appname ,$DAtX)
If $intReturn <> 0 Then
    Return $intReturn
Else
    Return $intProcessID
EndIf
EndFunc


;http://msdn2.microsoft.com/en-us/library/aa390460(VS.85).aspx
;The following VBScript code example obtains the owner for each running process

;Return Array
Func eachrunningprocess($strNameOfUser = @UserName)
Dim $processCHK[1][3] 
$processCHK[0][0] = 0;Array Count
;$List[1 to END][0] = [Name]
$processCHK[0][1] = "[error]"
$processCHK[0][2] = "[ProcessId]"
$strComputer = "."
$colProcesses = ObjGet("winmgmts:" & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
   $colProcesses = $colProcesses.ExecQuery("Select * from Win32_Process")
For $objProcess in $colProcesses
    $Return = $objProcess.GetOwner($strNameOfUser)
    If $Return <> 0 Then
    ReDim $processCHK[$processCHK[0][0] + 2][3]
    $processCHK[$processCHK[0][0] + 1][0] = $objProcess.Name
    $processCHK[$processCHK[0][0] + 1][1] = $Return
    $processCHK[$processCHK[0][0] + 1][2] = $objProcess.ProcessId
    $processCHK[0][0] = $processCHK[0][0] + 1
    Else 
    ReDim $processCHK[$processCHK[0][0] + 2][3]
    $processCHK[$processCHK[0][0] + 1][0] = $objProcess.Name
    $processCHK[$processCHK[0][0] + 1][1] = $Return
    $processCHK[$processCHK[0][0] + 1][2] = $objProcess.ProcessId
    $processCHK[0][0] = $processCHK[0][0] + 1
    EndIf
Next
Return $processCHK
EndFunc




;http://msdn2.microsoft.com/en-us/library/aa394373(VS.85).aspx
;For script code examples, see WMI Tasks for Scripts and Applications and the 
;TechNet ScriptCenter Script Repository.
;For C++ code examples, see WMI C++ Application Examples.
;The following VBScript code example shows how to use Win32_Processor to determine 
;the computer architecture.

;Return String
Func computerarchitecture()
$objProc = ObjGet("winmgmts:root\cimv2:Win32_Processor='cpu0'")
If $objProc.Architecture = 0 Then
    Return  "x86"
ElseIf $objProc.Architecture = 6 Then
    Return "IPF"
Else
    Return "Unknown"
EndIf
EndFunc

;http://msdn2.microsoft.com/en-us/library/aa394373(VS.85).aspx
;The following VBScript code example retrieves data about the operating system version and the 
;processor it is running on from Win32_Processor, Win32_ComputerSystem, and Win32_OperatingSystem. 
;This example requires Windows Vista or later.


;working in windows XP
;Return Array
Func dataoperatingsystemandprocessor()
Dim $Report =""
$strComputer = "."
$objWMIService = ObjGet("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colOSes = $objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For $objOS in $colOSes
  $Report &= @CRLF &  "Computer Name: " & $objOS.CSName
  $Report &= @CRLF &  "[Operating System]"
  $Report &= @CRLF &   "  Caption: " & $objOS.Caption & 'Name'
  $Report &= @CRLF &  "  Version: " & $objOS.Version & 'Version & build'
  $Report &= @CRLF &   "  BuildNumber: " & $objOS.BuildNumber & 'Build'
  $Report &= @CRLF &  "  BuildType: " & $objOS.BuildType
  $Report &= @CRLF &   "  OSType: " & $objOS.OSType
  $Report &= @CRLF &  "  OtherTypeDescription: (2003 Server R2 release only)" & $objOS.OtherTypeDescription
  $Report &= @CRLF &  "  ServicePackMajorVersion: " & $objOS.ServicePackMajorVersion & "." & _
   $objOS.ServicePackMinorVersion

Next

$Report &= @CRLF &  "[Processors]"

$colCompSys = $objWMIService.ExecQuery("Select * from Win32_ComputerSystem")
For $objCS in $colCompSys
  $Report &= @CRLF &  "  NumberOfProcessors: " & $objCS.NumberOfProcessors
Next

$colProcessors = $objWMIService.ExecQuery("Select * from Win32_Processor")
For $objProcessor in $colProcessors
  $Report &= @CRLF &  "  Manufacturer: " & $objProcessor.Manufacturer
  $Report &= @CRLF &  "  Name: " & $objProcessor.Name
  $Report &= @CRLF &  "  Description: " & $objProcessor.Description
  $Report &= @CRLF &  "  ProcessorID: " & $objProcessor.ProcessorID
  $Report &= @CRLF &  "  Architecture: " & $objProcessor.Architecture
  $Report &= @CRLF &  "  AddressWidth: " & $objProcessor.AddressWidth
  $Report &= @CRLF &  "  DataWidth: " & $objProcessor.DataWidth
  $Report &= @CRLF &  "  Family: " & $objProcessor.Family
  $Report &= @CRLF &  "  MaximumClockSpeed: " & $objProcessor.MaxClockSpeed
Next
$Report = StringSplit($Report, @CRLF)
Return $Report
EndFunc

;http://msdn2.microsoft.com/en-us/library/aa394376(VS.85).aspx
;The following VBScript code example creates a Notepad process on the local computer that 
;reports when the process stops. Run the script and close the Notepad window when the script 
;shows the "Waiting for process to stop..." message. 

Func example($intProcessID = 0)
Dim $SW_NORMAL = 1
$strComputer = "."
$strCommand = "Notepad.exe" 
$objWMIService = ObjGet("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" _
    & $strComputer & "\root\cimv2")

$objStartup = $objWMIService.Get("Win32_ProcessStartup")
$objConfig = $objStartup.SpawnInstance_
$objConfig.ShowWindow = $SW_NORMAL
$objProcess = $objWMIService.Get("Win32_Process")
$DAtX = intProcessID(1 ,"Notepad.exe")
$intReturn = $objProcess.Create _
    ($strCommand, Default, $objConfig, 0)
$intProcessID = intProcessID(0 ,"Notepad.exe" ,$DAtX )
If $intReturn <> 0 Then
    $message =  "Process could not be created." & _
        @CRLF & "Command line: " & $strCommand & _
        @CRLF & "Return value: " & $intReturn
    SplashTextOn("Process", $message, 400, 70, 0, 0, 4, "")
    sleep(2000)
    SplashOff ( )
Else
    $message = "Process created." & _
        @CRLF & "Command line: " & $strCommand & _
        @CRLF & "Process ID: " & $intProcessID 
     SplashTextOn("Process", $message, 400, 70, 0, 0, 4, "")
    sleep(2000)
    SplashOff ( )       
    $colProcessStopTrace = $objWMIService.ExecNotificationQuery _
        ("SELECT * FROM Win32_ProcessStopTrace")
        $message =  "Waiting for process to stop ..."
        SplashTextOn("Process", $message, 400, 70, 0, 0, 4, "")
        sleep(3000)
       SplashOff ( )
       $i = 0
    Do
        $objLatestEvent = $colProcessStopTrace.NextEvent
        If $objLatestEvent.ProcessId = $intProcessID Then
            $message = "StoppedProcess Name: " _
                & $objLatestEvent.ProcessName
           SplashTextOn("Process", $message, 400, 70, 0, 0, 4, "")
           sleep(4000)
            $message = "Process ID: " & $objLatestEvent.ProcessId
           SplashTextOn("Process", $message, 400, 70, 0, 0, 4, "")
           sleep(4000)
            SplashOff ( )
        $i = 1
    EndIf
Until $i = 1
exit 
EndIf
EndFunc

;Return Array
Func _ProcessListappname($appname = 'Notepad.exe')
Dim $List[1][3] 
$List[0][0] = 0;Array Count
;$List[1 to END][0] = [Caption]
$List[0][1] = "[ProcessId]"
$strComputer = "."
$objWMIService = ObjGet("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colProcesses = $objWMIService.ExecQuery _
 ("SELECT * FROM Win32_Process")
For $objProcess in $colProcesses
If $objProcess.Name = $appname then 
 ReDim $List[$List[0][0] + 2][3]
$List[$List[0][0] + 1][0] = $objProcess.Caption
$List[$List[0][0] + 1][1] = $objProcess.ProcessId
$List[0][0] = $List[0][0] + 1
EndIf
Next
Global $objWMIService = ""
Global $colProcesses = ""
Return $List
EndFunc

;Return Array
Func _ProcessList()
Dim $List[1][3]
$List[0][0] = 0;Array Count
;$List[1 to END][0] = [Caption]
$List[0][1] = "[ProcessId]"
$strComputer = "."
$objWMIService = ObjGet("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colProcesses = $objWMIService.ExecQuery _
 ("SELECT * FROM Win32_Process")
For $objProcess in $colProcesses
 ReDim $List[$List[0][0] + 2][3]
$List[$List[0][0] + 1][0] = $objProcess.Caption
$List[$List[0][0] + 1][1] = $objProcess.ProcessId
$List[0][0] = $List[0][0] + 1
Next
Return $List
EndFunc

;Return Array
Func _ThreadProcessListappname($appname = 'IEXPLORE.EXE')
Dim $List[1][4]
$List[0][0] = 0;Array Count
;$List[1 to END][0] = "[strProcessName]"
$List[0][1] = "[Handle]"
$List[0][2] = "[ThreadState]"
$List[0][3] = "[ProcessHandle]"
$objDictionary = ObjCreate("Scripting.Dictionary")
$strComputer = "."
$objWMIService = ObjGet("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colProcesses = $objWMIService.ExecQuery _
 ("SELECT * FROM Win32_Process")
For $objProcess in $colProcesses
 $objDictionary.Add ($objProcess.ProcessID, $objProcess.Name)
Next
$colThreads = $objWMIService.ExecQuery _
 ("SELECT * FROM Win32_Thread")
For $objThread in $colThreads
 $intProcessID = Int($objThread.ProcessHandle)
 $strProcessName = $objDictionary.Item($intProcessID)
 if $strProcessName = $appname then
  ReDim $List[$List[0][0] + 2][4]
$List[$List[0][0] + 1][0] = $strProcessName
$List[$List[0][0] + 1][1] = $objThread.Handle
$List[$List[0][0] + 1][2] = $objThread.ThreadState
$List[$List[0][0] + 1][3] = $objThread.ProcessHandle
$List[0][0] = $List[0][0] + 1
 EndIf
Next
Return $List
EndFunc


;Return Array
Func _ThreadProcessList()
Dim $List[1][4]
$List[0][0] = 0;Array Count
;$List[1 to END][0] = "[strProcessName]"
$List[0][1] = "[Handle]"
$List[0][2] = "[ThreadState]"
$List[0][3] = "[ProcessHandle]"
$objDictionary = ObjCreate("Scripting.Dictionary")
$strComputer = "."
$objWMIService = ObjGet("winmgmts:" _
 & "{impersonationLevel=impersonate}!\\" & $strComputer & "\root\cimv2")
$colProcesses = $objWMIService.ExecQuery _
 ("SELECT * FROM Win32_Process")
For $objProcess in $colProcesses
 $objDictionary.Add ($objProcess.ProcessID, $objProcess.Name)
Next
$colThreads = $objWMIService.ExecQuery _
 ("SELECT * FROM Win32_Thread")
For $objThread in $colThreads
 $intProcessID = Int($objThread.ProcessHandle)
 $strProcessName = $objDictionary.Item($intProcessID)
 ReDim $List[$List[0][0] + 2][4]
$List[$List[0][0] + 1][0] = $strProcessName
$List[$List[0][0] + 1][1] = $objThread.Handle
$List[$List[0][0] + 1][2] = $objThread.ThreadState
$List[$List[0][0] + 1][3] = $objThread.ProcessHandle
$List[0][0] = $List[0][0] + 1
Next
Return $List
EndFunc





;CHK intProcessID  Before / After  Create
;$MASK = 1 ==> Before 
;$MASK = 0 ==> After
Func intProcessID($MASK = 1 ,$appname = "" ,$DAtX = "")
$DAt = ""
$objWMIService = ObjGet("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" _
    & "." & "\root\cimv2")
$colProcesses = $objWMIService.ExecQuery( _
    "Select * from Win32_Process ")
if $MASK = 1 then 
For $objProcess in $colProcesses
    $ProcessId = $objProcess.ProcessId
    if $objProcess.Name = $appname then _
    $DAt &= $ProcessId & @CR
next 
Return $DAt
else 
For $objProcess in $colProcesses
    if $objProcess.Name = $appname then 
    if NOT StringInStr($DAtX ,$objProcess.ProcessId) then _
    Return $objProcess.ProcessId
    EndIf
next 
endif 
Return ""
EndFunc

Edited by wolf9228

صرح السماء كان هنا

 

Share this post


Link to post
Share on other sites



This would probably be easier if you attached the script rather than posting it like this.


David Nuttall
Nuttall Computer Consulting

An Aquarius born during the Age of Aquarius

AutoIt allows me to re-invent the wheel so much faster.

I'm off to write a wizard, a wonderful wizard of odd...

Share this post


Link to post
Share on other sites

ERROR: @error is not a COM object.

$err[1] = @error.number

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0