Jump to content

ProcessPath problems

sanhen

By sanhen,
in AutoIt General Help and Support

 Share

Recommended Posts

sanhen Wayfarer

sanhen

Posted
Posted (edited) 

Func Processpath($Name)
$strComputer = "."
$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _
                                     $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

For $objItem In $colItems 
    
If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

Next
EndFunc

MsgBox(64,"test",Procespath("hh.exe"))

post-18420-1221616279_thumb.gif[

MsgBox(64,"test",Procespath("csrss.exe"))

MsgBox(64,"test",Procespath("wmiprvse.exe"))

post-18420-1221616287_thumb.gif

Why processPath is empty ?

Edited by sanhen
Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

In order for that to work, it has to be a running process.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

The how to solve it?

You have to set your debug privileges when your exe/script runs.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted 

#include <winapi.au3>
#Include <Security.au3>
#include <Constants.au3>

SetPrivilege("SeDebugPrivilege")

MsgBox(0, 0, Processpath("csrss.exe"))

Func Processpath($Name)
    $strComputer = "."
    $wbemFlagReturnImmediately = 0x10
    $wbemFlagForwardOnly = 0x20

    $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _
                                         $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    For $objItem In $colItems
       
    If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

    Next
EndFunc

Func __Security__SetPrivilege($hToken, $sPrivilege, $fEnable)
    Local $pRequired, $tRequired, $iLUID, $iAttributes, $iCurrState, $pCurrState, $tCurrState, $iPrevState, $pPrevState, $tPrevState

    $iLUID = _Security__LookupPrivilegeValue("", $sPrivilege)
    If $iLUID = 0 Then Return SetError(-1, 0, False)

    $tCurrState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )
    $pCurrState = DllStructGetPtr($tCurrState)
    $iCurrState = DllStructGetSize($tCurrState)
    $tPrevState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )
    $pPrevState = DllStructGetPtr($tPrevState)
    $iPrevState = DllStructGetSize($tPrevState)
    $tRequired = DllStructCreate("int Data")
    $pRequired = DllStructGetPtr($tRequired)
    ; Get current privilege setting
    DllStructSetData($tCurrState, "PrivilegeCount", 1)
    DllStructSetData($tCurrState, "LowPart0", $iLUID)
    If Not _Security__AdjustTokenPrivileges($hToken, False, $pCurrState, $iCurrState, $pPrevState, $pRequired) Then
        Return SetError(-2, @error, False)
    EndIf
    ; Set privilege based on prior setting
    DllStructSetData($tPrevState, "PrivilegeCount", 1)
    DllStructSetData($tPrevState, "LowPart0", $iLUID)
    $iAttributes = DllStructGetData($tPrevState, "Attributes0")
    If $fEnable Then
        $iAttributes = BitOR($iAttributes, $SE_PRIVILEGE_ENABLED)
    Else
        $iAttributes = BitAND($iAttributes, BitNOT($SE_PRIVILEGE_ENABLED))
    EndIf
    DllStructSetData($tPrevState, "Attributes0", $iAttributes)
    If Not _Security__AdjustTokenPrivileges($hToken, False, $pPrevState, $iPrevState, $pCurrState, $pRequired) Then
        Return SetError(-3, @error, False)
    EndIf
    Return SetError(0, 0, True)
EndFunc   ;==>_Security__SetPrivilege


; By engine
Func SetPrivilege($vPrivilege, $fEnable = True)
    If IsArray($vPrivilege) Then
        Local $avPriv = $vPrivilege
    Else
        Local $avPriv[1] = [$vPrivilege]
    EndIf
    Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY) )
    For $i = 0 To UBound($avPriv) - 1
        __Security__SetPrivilege($hToken, $avPriv[$i], $fEnable)
    Next
    _WinAPI_CloseHandle($hToken)
EndFunc

Func _tagTOKEN_PRIVILEGES($iPrivilegeCount)
    If Not ( IsInt($iPrivilegeCount) And $iPrivilegeCount > 0 ) Then Return SetError(-1, 0, "")
    Local $tagTOKEN_PRIVILEGES = "dword PrivilegeCount;"
    For $i = 0 To $iPrivilegeCount - 1
        $tagTOKEN_PRIVILEGES &= "dword LowPart" & $i & ";long HighPart" & $i & ";dword Attributes" & $i & ";"
    Next
    Return StringTrimRight($tagTOKEN_PRIVILEGES, 1)
EndFunc

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

You have to set your debug privileges when your exe/script runs.

Ooooh, coolness. :)

MsgBox(64, "CSRSS.exe", "Path = " & Processpath("csrss.exe"))

Func Processpath($Name)
    $strComputer = "."
    $wbemFlagReturnImmediately = 0x10
    $wbemFlagForwardOnly = 0x20

    $objWMIService = ObjGet("winmgmts:{authenticationLevel=pktPrivacy, (Debug)}\\" & $strComputer & "\root\CIMV2")
    $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '" & $Name & "'", "WQL", _
            $wbemFlagReturnImmediately + $wbemFlagForwardOnly)

    For $objItem In $colItems

        If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

    Next
EndFunc  ;==>Processpath

I like that so much, I added it to _ProcessListProperties(). Thanks Smokey!

>_<

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

CODE
#include <winapi.au3>

#Include <Security.au3>

#include <Constants.au3>

SetPrivilege("SeDebugPrivilege")

MsgBox(0, 0, Processpath("csrss.exe"))

Func Processpath($Name)

$strComputer = "."

$wbemFlagReturnImmediately = 0x10

$wbemFlagForwardOnly = 0x20

$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process WHERE Caption = '"&$Name&"'", "WQL", _

$wbemFlagReturnImmediately + $wbemFlagForwardOnly)

For $objItem In $colItems

If $objItem.ExecutablePath Then Return $objItem.ExecutablePath

Next

EndFunc

Func __Security__SetPrivilege($hToken, $sPrivilege, $fEnable)

Local $pRequired, $tRequired, $iLUID, $iAttributes, $iCurrState, $pCurrState, $tCurrState, $iPrevState, $pPrevState, $tPrevState

$iLUID = _Security__LookupPrivilegeValue("", $sPrivilege)

If $iLUID = 0 Then Return SetError(-1, 0, False)

$tCurrState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )

$pCurrState = DllStructGetPtr($tCurrState)

$iCurrState = DllStructGetSize($tCurrState)

$tPrevState = DllStructCreate( _tagTOKEN_PRIVILEGES(1) )

$pPrevState = DllStructGetPtr($tPrevState)

$iPrevState = DllStructGetSize($tPrevState)

$tRequired = DllStructCreate("int Data")

$pRequired = DllStructGetPtr($tRequired)

; Get current privilege setting

DllStructSetData($tCurrState, "PrivilegeCount", 1)

DllStructSetData($tCurrState, "LowPart0", $iLUID)

If Not _Security__AdjustTokenPrivileges($hToken, False, $pCurrState, $iCurrState, $pPrevState, $pRequired) Then

Return SetError(-2, @error, False)

EndIf

; Set privilege based on prior setting

DllStructSetData($tPrevState, "PrivilegeCount", 1)

DllStructSetData($tPrevState, "LowPart0", $iLUID)

$iAttributes = DllStructGetData($tPrevState, "Attributes0")

If $fEnable Then

$iAttributes = BitOR($iAttributes, $SE_PRIVILEGE_ENABLED)

Else

$iAttributes = BitAND($iAttributes, BitNOT($SE_PRIVILEGE_ENABLED))

EndIf

DllStructSetData($tPrevState, "Attributes0", $iAttributes)

If Not _Security__AdjustTokenPrivileges($hToken, False, $pPrevState, $iPrevState, $pCurrState, $pRequired) Then

Return SetError(-3, @error, False)

EndIf

Return SetError(0, 0, True)

EndFunc ;==>_Security__SetPrivilege

; By engine

Func SetPrivilege($vPrivilege, $fEnable = True)

If IsArray($vPrivilege) Then

Local $avPriv = $vPrivilege

Else

Local $avPriv[1] = [$vPrivilege]

EndIf

Local $hToken = _Security__OpenProcessToken( _WinAPI_GetCurrentProcess(), BitOR($TOKEN_ADJUST_PRIVILEGES, $TOKEN_QUERY) )

For $i = 0 To UBound($avPriv) - 1

__Security__SetPrivilege($hToken, $avPriv[$i], $fEnable)

Next

_WinAPI_CloseHandle($hToken)

EndFunc

Func _tagTOKEN_PRIVILEGES($iPrivilegeCount)

If Not ( IsInt($iPrivilegeCount) And $iPrivilegeCount > 0 ) Then Return SetError(-1, 0, "")

Local $tagTOKEN_PRIVILEGES = "dword PrivilegeCount;"

For $i = 0 To $iPrivilegeCount - 1

$tagTOKEN_PRIVILEGES &= "dword LowPart" & $i & ";long HighPart" & $i & ";dword Attributes" & $i & ";"

Next

Return StringTrimRight($tagTOKEN_PRIVILEGES, 1)

EndFunc

Sure, why use 11 lines of code when 70 or so will do...?

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

Sure, why use 11 lines of code when 70 or so will do...?

:)

Did you notice the new tag format done by engine? The $tagTOKEN_PRIVELEGES structs are incorrect, I just provided his fix to it. By doing that I had to mod some other things.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites
PsaltyDS Universalist

PsaltyDS

Posted
Posted

Did you notice the new tag format done by engine? The $tagTOKEN_PRIVELEGES structs are incorrect, I just provided his fix to it. By doing that I had to mod some other things.

As usual, I completely missed that 'cause I was busy being a smart-ass. >_<

Just declaring (Debug) in the initial WMI call still looks a heck of a lot easier though.

:)

Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law
Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

As usual, I completely missed that 'cause I was busy being a smart-ass. >_<

Just declaring (Debug) in the initial WMI call still looks a heck of a lot easier though.

:)

I'm not aware of all the uses of WMI ... The "can's" and "can not's". To be honest, I stay away from WMI because it doesn't work for every PC if the permissions aren't preset or WMI isn't existent.

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...