Jump to content

ending a process


Recommended Posts

Why does this not close notepad? Or, what would I need to do in order to get the PID from a WinList() provided handle so that I could end the process. I will be periodically checking WinList() to look for a list of banned programs on our network and I believe that process executable names are not sufficient because they can be easily renamed.

Thanks,

-John

$var = WinList()

For $i = 1 to $var[0][0]
  If $var[$i][0] <> "" AND IsVisible($var[$i][1]) Then
    if StringInStr($var[$i][0], "notepad") then
        MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1])
        ProcessClose($var[$i][0])
    endif
  EndIf
Next

Func IsVisible($handle)
  If BitAnd( WinGetState($handle), 2 ) Then 
    Return 1
  Else
    Return 0
  EndIf

EndFunc
Link to comment
Share on other sites

You may want to hit this from every angle, using 3 seperate blacklist checks.

1. Process names

2. Window names

3. CRC checksums

Loop through each array, using ProcessClose(), WinClose(), and then ProcessList() + CRC compare + ProcessClose()

Link to comment
Share on other sites

Hi,

opt('WinTitleMatchMode', 4)
$var = WinList()

For $i = 1 To $var[0][0]
    If $var[$i][0] <> "" Then
        If WinGetTitle('classname=Notepad') == $var[$i][0] Then
            MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1])
            ProcessClose(WinGetProcess($var[$i][0]))
        EndIf
    EndIf
Next

Mega

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Link to comment
Share on other sites

Hi,

$Pfad = _ProcessGetPath("firefox.exe")

MsgBox(0, "", "Prozesspfad: " & $Pfad)

Func _ProcessGetPath($PID)
    If IsString($PID) Then $PID = ProcessExists($PID)
    $Path = DllStructCreate("char[1000]")
    $dll = DllOpen("Kernel32.dll")
    $handle = DllCall($dll, "int", "OpenProcess", "dword", 0x0400 + 0x0010, "int", 0, "dword", $PID)
    $ret = DllCall("Psapi.dll", "long", "GetModuleFileNameEx", "long", $handle[0], "int", 0, "ptr", DllStructGetPtr($Path), "long", DllStructGetSize($Path))
    $ret = DllCall($dll, "int", "CloseHandle", "hwnd", $handle[0])
    DllClose($dll)
    Return DllStructGetData($Path, 1)
EndFunc

Mega

Scripts & functions Organize Includes Let Scite organize the include files

Yahtzee The game "Yahtzee" (Kniffel, DiceLion)

LoginWrapper Secure scripts by adding a query (authentication)

_RunOnlyOnThis UDF Make sure that a script can only be executed on ... (Windows / HD / ...)

Internet-Café Server/Client Application Open CD, Start Browser, Lock remote client, etc.

MultipleFuncsWithOneHotkey Start different funcs by hitting one hotkey different times

Link to comment
Share on other sites

The following has your code and the way to get the executable path:

$var = WinList()

For $i = 1 to $var[0][0]
  If $var[$i][0] <> "" AND IsVisible($var[$i][1]) Then
    if StringInStr($var[$i][0], "notepad") then
        MsgBox(0, "Details", "Title=" & $var[$i][0] & @LF & "Handle=" & $var[$i][1])
        $PID = WinGetProcess($var[$i][0])
        $EXEPath = GetCommandLine($PID)
        MsgBox(0, 0, $EXEPath)
        WinKill($var[$i][0])
    endif
  EndIf
Next

Func IsVisible($handle)
  If BitAnd(WinGetState($handle), 2 ) Then
    Return 1
  Else
    Return 0
  EndIf
EndFunc

Func GetCommandLine($PID)
    Local $colItems
    Local $output
    Local $objWMIService
    Local $objItem
    
    $colItems = ""
    $output=""
    $objWMIService = ObjGet("winmgmts:\\localhost\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE ProcessID='" & $PID & "'")

    If IsObj($colItems) Then
       For $objItem In $colItems
          Return String($objItem.ExecutablePath)
       Next
   EndIf
EndFunc
Edited by DarkMatter

[sub]Quantum mechanics: The dreams stuff is made of[/sub]

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...