jftuga Posted April 1, 2008 Posted April 1, 2008 Why does this not close notepad? Or, what would I need to do in order to get the PID from a WinList() provided handle so that I could end the process. I will be periodically checking WinList() to look for a list of banned programs on our network and I believe that process executable names are not sufficient because they can be easily renamed. Thanks, -John $var = WinList() For $i = 1 to $var[0][0] If $var[$i][0] <> "" AND IsVisible($var[$i][1]) Then if StringInStr($var[$i][0], "notepad") then MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1]) ProcessClose($var[$i][0]) endif EndIf Next Func IsVisible($handle) If BitAnd( WinGetState($handle), 2 ) Then Return 1 Else Return 0 EndIf EndFunc Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile
DarkMatter Posted April 1, 2008 Posted April 1, 2008 (edited) ProcessClose is for PIDs, WinList() gets the handle. Not the PID. Change ProcessClose($var[$i][0]) to WinKill($var[$i][0]) Edited April 1, 2008 by DarkMatter [sub]Quantum mechanics: The dreams stuff is made of[/sub]
weaponx Posted April 1, 2008 Posted April 1, 2008 You may want to hit this from every angle, using 3 seperate blacklist checks. 1. Process names 2. Window names 3. CRC checksums Loop through each array, using ProcessClose(), WinClose(), and then ProcessList() + CRC compare + ProcessClose()
jftuga Posted April 1, 2008 Author Posted April 1, 2008 DarkMatter, weaponx, These are both great suggestions. Is there a way to get the file path to a running executable? Thanks again, -John Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile
Xenobiologist Posted April 1, 2008 Posted April 1, 2008 Hi, opt('WinTitleMatchMode', 4) $var = WinList() For $i = 1 To $var[0][0] If $var[$i][0] <> "" Then If WinGetTitle('classname=Notepad') == $var[$i][0] Then MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1]) ProcessClose(WinGetProcess($var[$i][0])) EndIf EndIf Next Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times
Xenobiologist Posted April 1, 2008 Posted April 1, 2008 Hi, $Pfad = _ProcessGetPath("firefox.exe") MsgBox(0, "", "Prozesspfad: " & $Pfad) Func _ProcessGetPath($PID) If IsString($PID) Then $PID = ProcessExists($PID) $Path = DllStructCreate("char[1000]") $dll = DllOpen("Kernel32.dll") $handle = DllCall($dll, "int", "OpenProcess", "dword", 0x0400 + 0x0010, "int", 0, "dword", $PID) $ret = DllCall("Psapi.dll", "long", "GetModuleFileNameEx", "long", $handle[0], "int", 0, "ptr", DllStructGetPtr($Path), "long", DllStructGetSize($Path)) $ret = DllCall($dll, "int", "CloseHandle", "hwnd", $handle[0]) DllClose($dll) Return DllStructGetData($Path, 1) EndFunc Mega Scripts & functions Organize Includes Let Scite organize the include files Yahtzee The game "Yahtzee" (Kniffel, DiceLion) LoginWrapper Secure scripts by adding a query (authentication) _RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...) Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc. MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times
weaponx Posted April 1, 2008 Posted April 1, 2008 You would think we would have that integrated by now.
DarkMatter Posted April 1, 2008 Posted April 1, 2008 (edited) The following has your code and the way to get the executable path: expandcollapse popup$var = WinList() For $i = 1 to $var[0][0] If $var[$i][0] <> "" AND IsVisible($var[$i][1]) Then if StringInStr($var[$i][0], "notepad") then MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1]) $PID = WinGetProcess($var[$i][0]) $EXEPath = GetCommandLine($PID) MsgBox(0, 0, $EXEPath) WinKill($var[$i][0]) endif EndIf Next Func IsVisible($handle) If BitAnd(WinGetState($handle), 2 ) Then Return 1 Else Return 0 EndIf EndFunc Func GetCommandLine($PID) Local $colItems Local $output Local $objWMIService Local $objItem $colItems = "" $output="" $objWMIService = ObjGet("winmgmts:\\localhost\root\CIMV2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE ProcessID='" & $PID & "'") If IsObj($colItems) Then For $objItem In $colItems Return String($objItem.ExecutablePath) Next EndIf EndFunc Edited April 1, 2008 by DarkMatter [sub]Quantum mechanics: The dreams stuff is made of[/sub]
jftuga Posted April 1, 2008 Author Posted April 1, 2008 Thanks for everyone's input, I really do appreciate it. -John Admin_Popup, show computer info or launch shellRemote Manager, facilitates connecting to RDP / VNCProc_Watch, reprioritize cpu intensive processesUDF: _ini_to_dict, transforms ini file entries into variablesUDF: monitor_resolutions, returns resolutions of multiple monitorsReport Computer Problem, for your IT help deskProfile Fixer, fixes a 'missing' AD user profile
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now