Sign in to follow this  
Followers 0
jftuga

ending a process

9 posts in this topic

Why does this not close notepad? Or, what would I need to do in order to get the PID from a WinList() provided handle so that I could end the process. I will be periodically checking WinList() to look for a list of banned programs on our network and I believe that process executable names are not sufficient because they can be easily renamed.

Thanks,

-John

$var = WinList()

For $i = 1 to $var[0][0]
  If $var[$i][0] <> "" AND IsVisible($var[$i][1]) Then
    if StringInStr($var[$i][0], "notepad") then
        MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1])
        ProcessClose($var[$i][0])
    endif
  EndIf
Next

Func IsVisible($handle)
  If BitAnd( WinGetState($handle), 2 ) Then 
    Return 1
  Else
    Return 0
  EndIf

EndFunc

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

ProcessClose is for PIDs, WinList() gets the handle. Not the PID.

Change ProcessClose($var[$i][0]) to WinKill($var[$i][0])

Edited by DarkMatter

[sub]Quantum mechanics: The dreams stuff is made of[/sub]

Share this post


Link to post
Share on other sites

You may want to hit this from every angle, using 3 seperate blacklist checks.

1. Process names

2. Window names

3. CRC checksums

Loop through each array, using ProcessClose(), WinClose(), and then ProcessList() + CRC compare + ProcessClose()

Share this post


Link to post
Share on other sites

Hi,

opt('WinTitleMatchMode', 4)
$var = WinList()

For $i = 1 To $var[0][0]
    If $var[$i][0] <> "" Then
        If WinGetTitle('classname=Notepad') == $var[$i][0] Then
            MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1])
            ProcessClose(WinGetProcess($var[$i][0]))
        EndIf
    EndIf
Next

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

Hi,

$Pfad = _ProcessGetPath("firefox.exe")

MsgBox(0, "", "Prozesspfad: " & $Pfad)

Func _ProcessGetPath($PID)
    If IsString($PID) Then $PID = ProcessExists($PID)
    $Path = DllStructCreate("char[1000]")
    $dll = DllOpen("Kernel32.dll")
    $handle = DllCall($dll, "int", "OpenProcess", "dword", 0x0400 + 0x0010, "int", 0, "dword", $PID)
    $ret = DllCall("Psapi.dll", "long", "GetModuleFileNameEx", "long", $handle[0], "int", 0, "ptr", DllStructGetPtr($Path), "long", DllStructGetSize($Path))
    $ret = DllCall($dll, "int", "CloseHandle", "hwnd", $handle[0])
    DllClose($dll)
    Return DllStructGetData($Path, 1)
EndFunc

Mega


Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Share this post


Link to post
Share on other sites

You would think we would have that integrated by now.

Share this post


Link to post
Share on other sites

#8 ·  Posted (edited)

The following has your code and the way to get the executable path:

$var = WinList()

For $i = 1 to $var[0][0]
  If $var[$i][0] <> "" AND IsVisible($var[$i][1]) Then
    if StringInStr($var[$i][0], "notepad") then
        MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1])
        $PID = WinGetProcess($var[$i][0])
        $EXEPath = GetCommandLine($PID)
        MsgBox(0, 0, $EXEPath)
        WinKill($var[$i][0])
    endif
  EndIf
Next

Func IsVisible($handle)
  If BitAnd(WinGetState($handle), 2 ) Then
    Return 1
  Else
    Return 0
  EndIf
EndFunc

Func GetCommandLine($PID)
    Local $colItems
    Local $output
    Local $objWMIService
    Local $objItem
    
    $colItems = ""
    $output=""
    $objWMIService = ObjGet("winmgmts:\\localhost\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE ProcessID='" & $PID & "'")

    If IsObj($colItems) Then
       For $objItem In $colItems
          Return String($objItem.ExecutablePath)
       Next
   EndIf
EndFunc
Edited by DarkMatter

[sub]Quantum mechanics: The dreams stuff is made of[/sub]

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0