Jump to content
Sign in to follow this  
sanhen

ProcessPath problems

Recommended Posts

sanhen

Func Processpath($Name)
$strComputer = "."
$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _
                                     $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

For $objItem In $colItems 
    
If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

Next
EndFunc

MsgBox(64,"test",Procespath("hh.exe"))

post-18420-1221616279_thumb.gif[

MsgBox(64,"test",Procespath("csrss.exe"))

MsgBox(64,"test",Procespath("wmiprvse.exe"))

post-18420-1221616287_thumb.gif

Why processPath is empty ?

Edited by sanhen

Share this post


Link to post
Share on other sites
BillLuvsU

Community on Patrol where art though?


[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Share this post


Link to post
Share on other sites
SmOke_N

In order for that to work, it has to be a running process.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
sanhen

"csrss.exe" is running,

But the process can not find the path

Share this post


Link to post
Share on other sites
Nahuel

I've had that problem too. Some processes return an empty string. Like csrss.exe, alg.exe and some instances of svchost.exe

Share this post


Link to post
Share on other sites
SmOke_N

The how to solve it?

You have to set your debug privileges when your exe/script runs.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
SmOke_N

#include <winapi.au3>
#Include <Security.au3>
#include <Constants.au3>

SetPrivilege("SeDebugPrivilege")

MsgBox(0, 0, Processpath("csrss.exe"))

Func Processpath($Name)
    $strComputer = "."
    $wbemFlagReturnImmediately = 0x10
    $wbemFlagForwardOnly = 0x20

    $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _
                                         $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    For $objItem In $colItems
       
    If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

    Next
EndFunc

Func __Security__SetPrivilege($hToken, $sPrivilege, $fEnable)
    Local $pRequired, $tRequired, $iLUID, $iAttributes, $iCurrState, $pCurrState, $tCurrState, $iPrevState, $pPrevState, $tPrevState

    $iLUID = _Security__LookupPrivilegeValue("", $sPrivilege)
    If $iLUID = 0 Then Return SetError(-1, 0, False)

    $tCurrState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )
    $pCurrState = DllStructGetPtr($tCurrState)
    $iCurrState = DllStructGetSize($tCurrState)
    $tPrevState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )
    $pPrevState = DllStructGetPtr($tPrevState)
    $iPrevState = DllStructGetSize($tPrevState)
    $tRequired = DllStructCreate("int Data")
    $pRequired = DllStructGetPtr($tRequired)
    ; Get current privilege setting
    DllStructSetData($tCurrState, "PrivilegeCount", 1)
    DllStructSetData($tCurrState, "LowPart0", $iLUID)
    If Not _Security__AdjustTokenPrivileges($hToken, False, $pCurrState, $iCurrState, $pPrevState, $pRequired) Then
        Return SetError(-2, @error, False)
    EndIf
    ; Set privilege based on prior setting
    DllStructSetData($tPrevState, "PrivilegeCount", 1)
    DllStructSetData($tPrevState, "LowPart0", $iLUID)
    $iAttributes = DllStructGetData($tPrevState, "Attributes0")
    If $fEnable Then
        $iAttributes = BitOR($iAttributes, $SE_PRIVILEGE_ENABLED)
    Else
        $iAttributes = BitAND($iAttributes, BitNOT($SE_PRIVILEGE_ENABLED))
    EndIf
    DllStructSetData($tPrevState, "Attributes0", $iAttributes)
    If Not _Security__AdjustTokenPrivileges($hToken, False, $pPrevState, $iPrevState, $pCurrState, $pRequired) Then
        Return SetError(-3, @error, False)
    EndIf
    Return SetError(0, 0, True)
EndFunc   ;==>_Security__SetPrivilege


; By engine
Func SetPrivilege($vPrivilege, $fEnable = True)
    If IsArray($vPrivilege) Then
        Local $avPriv = $vPrivilege
    Else
        Local $avPriv[1] = [$vPrivilege]
    EndIf
    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY) )
    For $i = 0 To UBound($avPriv) - 1
        __Security__SetPrivilege($hToken, $avPriv[$i], $fEnable)
    Next
    _WinAPI_CloseHandle($hToken)
EndFunc

Func _tagTOKEN_PRIVILEGES($iPrivilegeCount)
    If Not ( IsInt($iPrivilegeCount) And $iPrivilegeCount > 0 ) Then Return SetError(-1, 0, "")
    Local $tagTOKEN_PRIVILEGES = "dword PrivilegeCount;"
    For $i = 0 To $iPrivilegeCount - 1
        $tagTOKEN_PRIVILEGES &= "dword LowPart" & $i & ";long HighPart" & $i & ";dword Attributes" & $i & ";"
    Next
    Return StringTrimRight($tagTOKEN_PRIVILEGES, 1)
EndFunc

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
PsaltyDS

You have to set your debug privileges when your exe/script runs.

Ooooh, coolness. :)

MsgBox(64, "CSRSS.exe", "Path = " & Processpath("csrss.exe"))

Func Processpath($Name)
    $strComputer = "."
    $wbemFlagReturnImmediately = 0x10
    $wbemFlagForwardOnly = 0x20

    $objWMIService = ObjGet("winmgmts:{authenticationLevel=pktPrivacy, (Debug)}\\" & $strComputer & "\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '" & $Name & "'", "WQL", _
            $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    For $objItem In $colItems

        If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

    Next
EndFunc  ;==>Processpath

I like that so much, I added it to _ProcessListProperties(). Thanks Smokey!

>_<


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
PsaltyDS

CODE
#include <winapi.au3>

#Include <Security.au3>

#include <Constants.au3>

SetPrivilege("SeDebugPrivilege")

MsgBox(0, 0, Processpath("csrss.exe"))

Func Processpath($Name)

$strComputer = "."

$wbemFlagReturnImmediately = 0x10

$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _

$wbemFlagReturnImmediately + $wbemFlagForwardOnly)

For $objItem In $colItems

If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

Next

EndFunc

Func __Security__SetPrivilege($hToken, $sPrivilege, $fEnable)

Local $pRequired, $tRequired, $iLUID, $iAttributes, $iCurrState, $pCurrState, $tCurrState, $iPrevState, $pPrevState, $tPrevState

$iLUID = _Security__LookupPrivilegeValue("", $sPrivilege)

If $iLUID = 0 Then Return SetError(-1, 0, False)

$tCurrState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )

$pCurrState = DllStructGetPtr($tCurrState)

$iCurrState = DllStructGetSize($tCurrState)

$tPrevState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )

$pPrevState = DllStructGetPtr($tPrevState)

$iPrevState = DllStructGetSize($tPrevState)

$tRequired = DllStructCreate("int Data")

$pRequired = DllStructGetPtr($tRequired)

; Get current privilege setting

DllStructSetData($tCurrState, "PrivilegeCount", 1)

DllStructSetData($tCurrState, "LowPart0", $iLUID)

If Not _Security__AdjustTokenPrivileges($hToken, False, $pCurrState, $iCurrState, $pPrevState, $pRequired) Then

Return SetError(-2, @error, False)

EndIf

; Set privilege based on prior setting

DllStructSetData($tPrevState, "PrivilegeCount", 1)

DllStructSetData($tPrevState, "LowPart0", $iLUID)

$iAttributes = DllStructGetData($tPrevState, "Attributes0")

If $fEnable Then

$iAttributes = BitOR($iAttributes, $SE_PRIVILEGE_ENABLED)

Else

$iAttributes = BitAND($iAttributes, BitNOT($SE_PRIVILEGE_ENABLED))

EndIf

DllStructSetData($tPrevState, "Attributes0", $iAttributes)

If Not _Security__AdjustTokenPrivileges($hToken, False, $pPrevState, $iPrevState, $pCurrState, $pRequired) Then

Return SetError(-3, @error, False)

EndIf

Return SetError(0, 0, True)

EndFunc ;==>_Security__SetPrivilege

; By engine

Func SetPrivilege($vPrivilege, $fEnable = True)

If IsArray($vPrivilege) Then

Local $avPriv = $vPrivilege

Else

Local $avPriv[1] = [$vPrivilege]

EndIf

Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY) )

For $i = 0 To UBound($avPriv) - 1

__Security__SetPrivilege($hToken, $avPriv[$i], $fEnable)

Next

_WinAPI_CloseHandle($hToken)

EndFunc

Func _tagTOKEN_PRIVILEGES($iPrivilegeCount)

If Not ( IsInt($iPrivilegeCount) And $iPrivilegeCount > 0 ) Then Return SetError(-1, 0, "")

Local $tagTOKEN_PRIVILEGES = "dword PrivilegeCount;"

For $i = 0 To $iPrivilegeCount - 1

$tagTOKEN_PRIVILEGES &= "dword LowPart" & $i & ";long HighPart" & $i & ";dword Attributes" & $i & ";"

Next

Return StringTrimRight($tagTOKEN_PRIVILEGES, 1)

EndFunc

Sure, why use 11 lines of code when 70 or so will do...?

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
SmOke_N

Sure, why use 11 lines of code when 70 or so will do...?

:)

Did you notice the new tag format done by engine? The $tagTOKEN_PRIVELEGES structs are incorrect, I just provided his fix to it. By doing that I had to mod some other things.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites
PsaltyDS

Did you notice the new tag format done by engine? The $tagTOKEN_PRIVELEGES structs are incorrect, I just provided his fix to it. By doing that I had to mod some other things.

As usual, I completely missed that 'cause I was busy being a smart-ass. >_<

Just declaring (Debug) in the initial WMI call still looks a heck of a lot easier though.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
SmOke_N

As usual, I completely missed that 'cause I was busy being a smart-ass. >_<

Just declaring (Debug) in the initial WMI call still looks a heck of a lot easier though.

:)

I'm not aware of all the uses of WMI ... The "can's" and "can not's". To be honest, I stay away from WMI because it doesn't work for every PC if the permissions aren't preset or WMI isn't existent.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.