Sign in to follow this  
Followers 0
sanhen

ProcessPath problems

16 posts in this topic

#1 ·  Posted (edited)

Func Processpath($Name)
$strComputer = "."
$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _
                                     $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

For $objItem In $colItems 
    
If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

Next
EndFunc

MsgBox(64,"test",Procespath("hh.exe"))

post-18420-1221616279_thumb.gif[

MsgBox(64,"test",Procespath("csrss.exe"))

MsgBox(64,"test",Procespath("wmiprvse.exe"))

post-18420-1221616287_thumb.gif

Why processPath is empty ?

Edited by sanhen

Share this post


Link to post
Share on other sites



Community on Patrol where art though?


[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Share this post


Link to post
Share on other sites

In order for that to work, it has to be a running process.


Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

"csrss.exe" is running,

But the process can not find the path

Share this post


Link to post
Share on other sites

I've had that problem too. Some processes return an empty string. Like csrss.exe, alg.exe and some instances of svchost.exe

Share this post


Link to post
Share on other sites

The how to solve it?

Share this post


Link to post
Share on other sites

The how to solve it?

You have to set your debug privileges when your exe/script runs.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

How settings debug privileges ?

Share this post


Link to post
Share on other sites

#include <winapi.au3>
#Include <Security.au3>
#include <Constants.au3>

SetPrivilege("SeDebugPrivilege")

MsgBox(0, 0, Processpath("csrss.exe"))

Func Processpath($Name)
    $strComputer = "."
    $wbemFlagReturnImmediately = 0x10
    $wbemFlagForwardOnly = 0x20

    $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _
                                         $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    For $objItem In $colItems
       
    If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

    Next
EndFunc

Func __Security__SetPrivilege($hToken, $sPrivilege, $fEnable)
    Local $pRequired, $tRequired, $iLUID, $iAttributes, $iCurrState, $pCurrState, $tCurrState, $iPrevState, $pPrevState, $tPrevState

    $iLUID = _Security__LookupPrivilegeValue("", $sPrivilege)
    If $iLUID = 0 Then Return SetError(-1, 0, False)

    $tCurrState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )
    $pCurrState = DllStructGetPtr($tCurrState)
    $iCurrState = DllStructGetSize($tCurrState)
    $tPrevState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )
    $pPrevState = DllStructGetPtr($tPrevState)
    $iPrevState = DllStructGetSize($tPrevState)
    $tRequired = DllStructCreate("int Data")
    $pRequired = DllStructGetPtr($tRequired)
    ; Get current privilege setting
    DllStructSetData($tCurrState, "PrivilegeCount", 1)
    DllStructSetData($tCurrState, "LowPart0", $iLUID)
    If Not _Security__AdjustTokenPrivileges($hToken, False, $pCurrState, $iCurrState, $pPrevState, $pRequired) Then
        Return SetError(-2, @error, False)
    EndIf
    ; Set privilege based on prior setting
    DllStructSetData($tPrevState, "PrivilegeCount", 1)
    DllStructSetData($tPrevState, "LowPart0", $iLUID)
    $iAttributes = DllStructGetData($tPrevState, "Attributes0")
    If $fEnable Then
        $iAttributes = BitOR($iAttributes, $SE_PRIVILEGE_ENABLED)
    Else
        $iAttributes = BitAND($iAttributes, BitNOT($SE_PRIVILEGE_ENABLED))
    EndIf
    DllStructSetData($tPrevState, "Attributes0", $iAttributes)
    If Not _Security__AdjustTokenPrivileges($hToken, False, $pPrevState, $iPrevState, $pCurrState, $pRequired) Then
        Return SetError(-3, @error, False)
    EndIf
    Return SetError(0, 0, True)
EndFunc   ;==>_Security__SetPrivilege


; By engine
Func SetPrivilege($vPrivilege, $fEnable = True)
    If IsArray($vPrivilege) Then
        Local $avPriv = $vPrivilege
    Else
        Local $avPriv[1] = [$vPrivilege]
    EndIf
    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY) )
    For $i = 0 To UBound($avPriv) - 1
        __Security__SetPrivilege($hToken, $avPriv[$i], $fEnable)
    Next
    _WinAPI_CloseHandle($hToken)
EndFunc

Func _tagTOKEN_PRIVILEGES($iPrivilegeCount)
    If Not ( IsInt($iPrivilegeCount) And $iPrivilegeCount > 0 ) Then Return SetError(-1, 0, "")
    Local $tagTOKEN_PRIVILEGES = "dword PrivilegeCount;"
    For $i = 0 To $iPrivilegeCount - 1
        $tagTOKEN_PRIVILEGES &= "dword LowPart" & $i & ";long HighPart" & $i & ";dword Attributes" & $i & ";"
    Next
    Return StringTrimRight($tagTOKEN_PRIVILEGES, 1)
EndFunc

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

You have to set your debug privileges when your exe/script runs.

Ooooh, coolness. :)

MsgBox(64, "CSRSS.exe", "Path = " & Processpath("csrss.exe"))

Func Processpath($Name)
    $strComputer = "."
    $wbemFlagReturnImmediately = 0x10
    $wbemFlagForwardOnly = 0x20

    $objWMIService = ObjGet("winmgmts:{authenticationLevel=pktPrivacy, (Debug)}\\" & $strComputer & "\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '" & $Name & "'", "WQL", _
            $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    For $objItem In $colItems

        If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

    Next
EndFunc  ;==>Processpath

I like that so much, I added it to _ProcessListProperties(). Thanks Smokey!

>_<


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

CODE
#include <winapi.au3>

#Include <Security.au3>

#include <Constants.au3>

SetPrivilege("SeDebugPrivilege")

MsgBox(0, 0, Processpath("csrss.exe"))

Func Processpath($Name)

$strComputer = "."

$wbemFlagReturnImmediately = 0x10

$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _

$wbemFlagReturnImmediately + $wbemFlagForwardOnly)

For $objItem In $colItems

If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

Next

EndFunc

Func __Security__SetPrivilege($hToken, $sPrivilege, $fEnable)

Local $pRequired, $tRequired, $iLUID, $iAttributes, $iCurrState, $pCurrState, $tCurrState, $iPrevState, $pPrevState, $tPrevState

$iLUID = _Security__LookupPrivilegeValue("", $sPrivilege)

If $iLUID = 0 Then Return SetError(-1, 0, False)

$tCurrState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )

$pCurrState = DllStructGetPtr($tCurrState)

$iCurrState = DllStructGetSize($tCurrState)

$tPrevState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )

$pPrevState = DllStructGetPtr($tPrevState)

$iPrevState = DllStructGetSize($tPrevState)

$tRequired = DllStructCreate("int Data")

$pRequired = DllStructGetPtr($tRequired)

; Get current privilege setting

DllStructSetData($tCurrState, "PrivilegeCount", 1)

DllStructSetData($tCurrState, "LowPart0", $iLUID)

If Not _Security__AdjustTokenPrivileges($hToken, False, $pCurrState, $iCurrState, $pPrevState, $pRequired) Then

Return SetError(-2, @error, False)

EndIf

; Set privilege based on prior setting

DllStructSetData($tPrevState, "PrivilegeCount", 1)

DllStructSetData($tPrevState, "LowPart0", $iLUID)

$iAttributes = DllStructGetData($tPrevState, "Attributes0")

If $fEnable Then

$iAttributes = BitOR($iAttributes, $SE_PRIVILEGE_ENABLED)

Else

$iAttributes = BitAND($iAttributes, BitNOT($SE_PRIVILEGE_ENABLED))

EndIf

DllStructSetData($tPrevState, "Attributes0", $iAttributes)

If Not _Security__AdjustTokenPrivileges($hToken, False, $pPrevState, $iPrevState, $pCurrState, $pRequired) Then

Return SetError(-3, @error, False)

EndIf

Return SetError(0, 0, True)

EndFunc ;==>_Security__SetPrivilege

; By engine

Func SetPrivilege($vPrivilege, $fEnable = True)

If IsArray($vPrivilege) Then

Local $avPriv = $vPrivilege

Else

Local $avPriv[1] = [$vPrivilege]

EndIf

Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY) )

For $i = 0 To UBound($avPriv) - 1

__Security__SetPrivilege($hToken, $avPriv[$i], $fEnable)

Next

_WinAPI_CloseHandle($hToken)

EndFunc

Func _tagTOKEN_PRIVILEGES($iPrivilegeCount)

If Not ( IsInt($iPrivilegeCount) And $iPrivilegeCount > 0 ) Then Return SetError(-1, 0, "")

Local $tagTOKEN_PRIVILEGES = "dword PrivilegeCount;"

For $i = 0 To $iPrivilegeCount - 1

$tagTOKEN_PRIVILEGES &= "dword LowPart" & $i & ";long HighPart" & $i & ";dword Attributes" & $i & ";"

Next

Return StringTrimRight($tagTOKEN_PRIVILEGES, 1)

EndFunc

Sure, why use 11 lines of code when 70 or so will do...?

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

Sure, why use 11 lines of code when 70 or so will do...?

:)

Did you notice the new tag format done by engine? The $tagTOKEN_PRIVELEGES structs are incorrect, I just provided his fix to it. By doing that I had to mod some other things.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Did you notice the new tag format done by engine? The $tagTOKEN_PRIVELEGES structs are incorrect, I just provided his fix to it. By doing that I had to mod some other things.

As usual, I completely missed that 'cause I was busy being a smart-ass. >_<

Just declaring (Debug) in the initial WMI call still looks a heck of a lot easier though.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites

As usual, I completely missed that 'cause I was busy being a smart-ass. >_<

Just declaring (Debug) in the initial WMI call still looks a heck of a lot easier though.

:)

I'm not aware of all the uses of WMI ... The "can's" and "can not's". To be honest, I stay away from WMI because it doesn't work for every PC if the permissions aren't preset or WMI isn't existent.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Share this post


Link to post
Share on other sites

Test success. Thank SmOke_N

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0