Jump to content
Sign in to follow this  
MasterX

Antivir process checker

Recommended Posts

MasterX

This script will check all running processes for viruses. It uses _ProcessGetPath made by mrRevoked and i thank him for that :mellow:

So it gets the antivir directory from the registry, you need antivir to be installed.

It detects all running processes then your current activated window, because the focus gets lost when opening antivir file walker. Btw i use avscan.exe with some parameters.

After 10 min it checks again. Have fun with this :(

$av=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Classic","Path")
$avscan=RegRead("HKEY_LOCAL_MACHINE\SOFTWARE\Avira\AntiVir PersonalEdition Classic","Path")&"avscan.exe /GUIMODE=2"
Func _ProcessGetPath($vProcess)
    Local $i_PID, $hKernel32, $hPsapi, $aProcessHandle, $tDLLStruct, $iError, $sProcessPath
    
    $i_PID = ProcessExists($vProcess)
    
    If Not $i_PID Then Return SetError(1, 0, "");process doesn't exist?
    
    $hKernel32 = DllOpen("Kernel32.dll")
    $iError = @error
    If $iError Then
        DllClose($hKernel32)
        Return SetError(2, $iError, ""); dllopen kernell32.dll failed
    EndIf
    
    $aProcessHandle = DllCall($hKernel32, "int", "OpenProcess", "int", 0x0400 + 0x0010, "int", 0, "int", $i_PID)
    $iError = @error
    If $iError Or $aProcessHandle[0] = 0 Then
        DllClose($hKernel32)
        Return SetError(2, $iError, "");openprocess failed
    EndIf
    
    $hPsapi = DllOpen("Psapi.dll")
    $iError = @error
    If $iError Then
        DllClose($hKernel32)
        DllClose($hPsapi)
        Return SetError(3, $iError, ""); dllopen psapi.dll failed
    EndIf
    
    $tDLLStruct = DllStructCreate("char[1000]")
    
    DllCall($hPsapi, "long", "GetModuleFileNameEx", "int", $aProcessHandle[0], "int", 0, "ptr", DllStructGetPtr($tDLLStruct), "long", DllStructGetSize($tDLLStruct))
    $iError = @error

    DllCall($hKernel32, "int", "CloseHandle", "int", $aProcessHandle[0])
    DllClose($hKernel32)
    DllClose($hPsapi)
    
    If $iError Then
        $tDLLStruct = 0
        Return SetError(4, $iError, "");getmodulefilenamex failed
    EndIf
    
    $sProcessPath = DllStructGetData($tDLLStruct, 1)
    $tDLLStruct = 0
    
;format the output
    If StringLen($sProcessPath) < 2 Then Return SetError(5, 0, "");is empty or non readable
    If StringLeft($sProcessPath, 4) = "\??\" Then $sProcessPath = StringReplace($sProcessPath, "\??\", "")
    If StringLeft($sProcessPath, 20) = "\SystemRoot\System32" Then $sProcessPath = StringReplace($sProcessPath, "\SystemRoot\System32", @SystemDir)
    
    Return SetError(0, 0, $sProcessPath)
EndFunc;==>_ProcessGetPath
go()
while 1
    Sleep(600000); 10 min wait
    go()
WEnd
func go()
$a = ProcessList()
For $i = 1 To UBound($a)-1
    $path=_ProcessGetPath($a[$i][1])
    If $path = "" Then
    Else    
    $var=WinList()
    For $b = 1 to $var[0][0]
        If $var[$b][0] <> "" AND WinActive($var[$b][0]) Then
            $win=$var[$b][0]
        EndIf
    Next    
    Run($avscan&" /PATH="&'"'&$path&'"',$av,@SW_HIDE)
    WinActivate($win)
   while ProcessExists("avscan.exe")
       Sleep(100)
   wend 
   EndIf
Next
EndFunc

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.