Digisoul Posted June 25, 2008 Share Posted June 25, 2008 Is it there any way to make difference between Processes and Servicees ??? e.g smss.exe is a name of Windows's Service. and some of viruses hav also same name. so how can i mange to close smss.exe(process) not service ? wen ever i tried to close the process "with processClose("smss.exe")" , its act on service ???? 73 108 111 118 101 65 117 116 111 105 116 Link to comment Share on other sites More sharing options...
PsaltyDS Posted June 25, 2008 Share Posted June 25, 2008 Is it there any way to make difference between Processes and Servicees ??? e.g smss.exe is a name of Windows's Service. and some of viruses hav also same name. so how can i mange to close smss.exe(process) not service ? wen ever i tried to close the process "with processClose("smss.exe")" , its act on service ????Use a good virus scanner. Only the cheesiest of viruses would be detectable that easily. The more dangerous ones will surely evade you. It is trivial, for example to make any executable run as a service. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Digisoul Posted June 26, 2008 Author Share Posted June 26, 2008 Use a good virus scanner. Only the cheesiest of viruses would be detectable that easily. The more dangerous ones will surely evade you. It is trivial, for example to make any executable run as a service. So we can say thats its impossible to recognize service with AutoIT .... ! 73 108 111 118 101 65 117 116 111 105 116 Link to comment Share on other sites More sharing options...
PsaltyDS Posted June 27, 2008 Share Posted June 27, 2008 So we can say thats its impossible to recognize service with AutoIT .... !The only difference between a regular process and a service process is that who started it. The service manager starts a service process and depending on settings kept in the registry, monitors it so it can be restarted if it stops, etc. If you run the demo script for my _ProcessListProperties() function, you will see the PID and PPID of each process. Find the PID of Services.exe, which is the service manager. All the processes that have a PPID that matches the PID of Services.exe are "services".Now how does that tell you anything about whether the executable has been replaced or infected by a trojan or virus? It doesn't. You can't write an effective, working virus scanner in AutoIt, or any other scripting language. Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now