Leaderboard

Hi! I don't like WMI. It's slow and it only works if the WMI-server can run. I use this func in my security-app "ModHelper", here: http://www.autoitscript.com/forum/index.php?showtopic=84939 I need to be able to suspend processes so they can't get up to no good... WMI doesn't work if you suspend it... It works on XP sp3 and Vista Home. Hope you will try on others. (pre NT will not work.) (The structures involved are not publicly disclosed (?) by Microsoft, likely so they can change them whenever they feel like it...) Thanks to wraithdu for borrowing his GetDebugPrivilege, and also for suggestions! Also check out his great variant using remote thread execution, further down! #include <WinAPI.au3> ; _GetPrivilege_SEDEBUG() uses this include. My function needs none. #include <array.au3> ; Needed to display array in example. Not needed by Func. #RequireAdmin ; Reported to be of use on Vista, getting more info from protected processes... ; ############# Needed Constants ################### Global Const $PROCESS_VM_READ=0x10 Global Const $PROCESS_QUERY_INFORMATION = 0x400 ; ############ Example code ####################### _GetPrivilege_SEDEBUG() ; I need this for tricky processes. Not needed for most... $list=ProcessList() Redim $list[ubound($list,1)][3] for $i=1 to ubound($list,1)-1 $list[$i][2]=_WinAPI_GetCommandLineFromPID($list[$i][1]) Next _ArrayDisplay($list) Exit ; ############################################### ; ############ Here be func! #################### Func _WinAPI_GetCommandLineFromPID($PID) $ret1=DllCall("kernel32.dll", 'int', 'OpenProcess', 'int', $PROCESS_VM_READ+$PROCESS_QUERY_INFORMATION, 'int', False, 'int', $PID) $tag_PROCESS_BASIC_INFORMATION = "int ExitStatus;" & _ "ptr PebBaseAddress;" & _ "ptr AffinityMask;" & _ "ptr BasePriority;" & _ "ulong UniqueProcessId;" & _ "ulong InheritedFromUniqueProcessId;" $PBI=DllStructCreate($tag_PROCESS_BASIC_INFORMATION) DllCall("ntdll.dll", "int", "ZwQueryInformationProcess", "hwnd", $ret1[0], "int", 0, "ptr", DllStructGetPtr($PBI), "int", _ DllStructGetSize($PBI), "int",0) $dw=DllStructCreate("ptr") DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _ "ptr", DllStructGetData($PBI,2)+0x10, _ ; PebBaseAddress+16 bytes <-- ptr _PROCESS_PARAMETERS "ptr", DllStructGetPtr($dw), "int", 4, "ptr", 0) $unicode_string = DllStructCreate("ushort Length;ushort MaxLength;ptr String") DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _ "ptr", DllStructGetData($dw, 1)+0x40, _ ; _PROCESS_PARAMETERS+64 bytes <-- ptr CommandLine Offset (UNICODE_STRING struct) - Win XP / Vista. "ptr", DllStructGetPtr($unicode_string), "int", DllStructGetSize($unicode_string), "ptr", 0) $ret=DllCall("kernel32.dll", "int", "ReadProcessMemory", "hwnd", $ret1[0], _ "ptr", DllStructGetData($unicode_string, "String"), _ ; <-- ptr Commandline Unicode String "wstr", 0, "int", DllStructGetData($unicode_string, "Length") + 2, "int*", 0) ; read Length + terminating NULL (2 bytes in unicode) DllCall("kernel32.dll", 'int', 'CloseHandle', "hwnd", $ret1[0]) If $ret[5] Then Return $ret[3] ; If bytes returned, return commandline... Return "" ; Getting empty string is correct behaviour when there is no commandline to be had... EndFunc ; ####################### Below Func is Part of example - Needed to get commandline from more processes. ############ ; ####################### Thanks for this function, wraithdu! (Didn't know it was your.) :) ######################### Func _GetPrivilege_SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" ; count of LUID structs * sizeof LUID struct Local $TOKEN_ADJUST_PRIVILEGES = 0x20 Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", $TOKEN_ADJUST_PRIVILEGES, "ptr*", "") Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "") ;msgbox(0,"",$call[3] & " " & _WinAPI_GetLastErrorMessage()) Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0)) Return ($call[0] <> 0) ; $call[0] <> 0 is success EndFunc ;==>_GetPrivilege_SEDEBUG trancexx fixed 64-bit support and fleshed out structs. Func _WinAPI_GetCommandLineFromPID($iPID) Local $aCall = DllCall("kernel32.dll", "handle", "OpenProcess", _ "dword", 1040, _ ; PROCESS_VM_READ | PROCESS_QUERY_INFORMATION "bool", 0, _ "dword", $iPID) If @error Or Not $aCall[0] Then Return SetError(1, 0, "") EndIf Local $hProcess = $aCall[0] Local $tPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & _ "ptr PebBaseAddress;" & _ "dword_ptr AffinityMask;" & _ "dword_ptr BasePriority;" & _ "dword_ptr UniqueProcessId;" & _ "dword_ptr InheritedFromUniqueProcessId") $aCall = DllCall("ntdll.dll", "int", "NtQueryInformationProcess", _ "handle", $hProcess, _ "dword", 0, _ ; ProcessBasicInformation "ptr", DllStructGetPtr($tPROCESS_BASIC_INFORMATION), _ "dword", DllStructGetSize($tPROCESS_BASIC_INFORMATION), _ "dword*", 0) If @error Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(2, 0, "") EndIf Local $tPEB = DllStructCreate("byte InheritedAddressSpace;" & _ "byte ReadImageFileExecOptions;" & _ "byte BeingDebugged;" & _ "byte Spare;" & _ "ptr Mutant;" & _ "ptr ImageBaseAddress;" & _ "ptr LoaderData;" & _ "ptr ProcessParameters;" & _ "ptr SubSystemData;" & _ "ptr ProcessHeap;" & _ "ptr FastPebLock;" & _ "ptr FastPebLockRoutine;" & _ "ptr FastPebUnlockRoutine;" & _ "dword EnvironmentUpdateCount;" & _ "ptr KernelCallbackTable;" & _ "ptr EventLogSection;" & _ "ptr EventLog;" & _ "ptr FreeList;" & _ "dword TlsExpansionCounter;" & _ "ptr TlsBitmap;" & _ "dword TlsBitmapBits[2];" & _ "ptr ReadOnlySharedMemoryBase;" & _ "ptr ReadOnlySharedMemoryHeap;" & _ "ptr ReadOnlyStaticServerData;" & _ "ptr AnsiCodePageData;" & _ "ptr OemCodePageData;" & _ "ptr UnicodeCaseTableData;" & _ "dword NumberOfProcessors;" & _ "dword NtGlobalFlag;" & _ "ubyte Spare2[4];" & _ "int64 CriticalSectionTimeout;" & _ "dword HeapSegmentReserve;" & _ "dword HeapSegmentCommit;" & _ "dword HeapDeCommitTotalFreeThreshold;" & _ "dword HeapDeCommitFreeBlockThreshold;" & _ "dword NumberOfHeaps;" & _ "dword MaximumNumberOfHeaps;" & _ "ptr ProcessHeaps;" & _ "ptr GdiSharedHandleTable;" & _ "ptr ProcessStarterHelper;" & _ "ptr GdiDCAttributeList;" & _ "ptr LoaderLock;" & _ "dword OSMajorVersion;" & _ "dword OSMinorVersion;" & _ "dword OSBuildNumber;" & _ "dword OSPlatformId;" & _ "dword ImageSubSystem;" & _ "dword ImageSubSystemMajorVersion;" & _ "dword ImageSubSystemMinorVersion;" & _ "dword GdiHandleBuffer[34];" & _ "dword PostProcessInitRoutine;" & _ "dword TlsExpansionBitmap;" & _ "byte TlsExpansionBitmapBits[128];" & _ "dword SessionId") $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPROCESS_BASIC_INFORMATION, "PebBaseAddress"), _ "ptr", DllStructGetPtr($tPEB), _ "dword", DllStructGetSize($tPEB), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(3, 0, "") EndIf Local $tPROCESS_PARAMETERS = DllStructCreate("dword AllocationSize;" & _ "dword ActualSize;" & _ "dword Flags;" & _ "dword Unknown1;" & _ "word LengthUnknown2;" & _ "word MaxLengthUnknown2;" & _ "ptr Unknown2;" & _ "handle InputHandle;" & _ "handle OutputHandle;" & _ "handle ErrorHandle;" & _ "word LengthCurrentDirectory;" & _ "word MaxLengthCurrentDirectory;" & _ "ptr CurrentDirectory;" & _ "handle CurrentDirectoryHandle;" & _ "word LengthSearchPaths;" & _ "word MaxLengthSearchPaths;" & _ "ptr SearchPaths;" & _ "word LengthApplicationName;" & _ "word MaxLengthApplicationName;" & _ "ptr ApplicationName;" & _ "word LengthCommandLine;" & _ "word MaxLengthCommandLine;" & _ "ptr CommandLine;" & _ "ptr EnvironmentBlock;" & _ "dword Unknown[9];" & _ "word LengthUnknown3;" & _ "word MaxLengthUnknown3;" & _ "ptr Unknown3;" & _ "word LengthUnknown4;" & _ "word MaxLengthUnknown4;" & _ "ptr Unknown4;" & _ "word LengthUnknown5;" & _ "word MaxLengthUnknown5;" & _ "ptr Unknown5;") $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPEB, "ProcessParameters"), _ "ptr", DllStructGetPtr($tPROCESS_PARAMETERS), _ "dword", DllStructGetSize($tPROCESS_PARAMETERS), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(4, 0, "") EndIf $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPROCESS_PARAMETERS, "CommandLine"), _ "wstr", "", _ "dword", DllStructGetData($tPROCESS_PARAMETERS, "MaxLengthCommandLine"), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(5, 0, "") EndIf DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return $aCall[3] EndFunc /Manko [EDIT: trancexx corrections!]

That's untrue: XP isn't a valid roman numeral.

For extracting lines containing urls : $aLines = StringRegExp($sContent, "(?mi)(\N*(?:(?:http)|(?:https)|(?:rtmp)|(?:rtmps)):\N*)", 3) _ArrayDisplay($aLines)

Something like that here? #include <GDIPlus.au3> #include <GUIConstantsEx.au3> _GDIPlus_Startup() ;initialize GDI+ Global Const $iWidth = 600, $iHeight = 300, $iBgColor = 0x303030 ;$iBgColor format RRGGBB Global $hGUI = GUICreate("GDI+ Test", $iWidth, $iHeight) ;create a test GUI GUISetBkColor($iBgColor, $hGUI) ;set GUI background color GUISetState(@SW_SHOW) Global $hGraphics = _GDIPlus_GraphicsCreateFromHWND($hGUI) ;create a graphics object from a window handle _GDIPlus_GraphicsSetSmoothingMode($hGraphics, $GDIP_SMOOTHINGMODE_HIGHQUALITY) ;sets the graphics object rendering quality (antialiasing) Global Const $fDeg = 180 / ACos(-1), $fRad = ACos(-1) / 180 _GDIPlus_DrawLaserBeam($hGraphics, 10, -10, 300, 310, 10) _GDIPlus_DrawLaserBeam($hGraphics, -10, 100, 600, 0) _GDIPlus_DrawLaserBeam($hGraphics, 100, 310, 300, -10, 5) _GDIPlus_DrawLaserBeam($hGraphics, 280, -50, 620, 300, 50) Do Until GUIGetMsg() = $GUI_EVENT_CLOSE ;cleanup GDI+ resources _GDIPlus_GraphicsDispose($hGraphics) _GDIPlus_Shutdown() GUIDelete($hGUI) Func _GDIPlus_DrawLaserBeam(ByRef $hGraphics, $iX1, $iY1, $iX2, $iY2, $iSize = 20, $iCInner = 0xFFE0FFFF, $iCOuter = 0x80104030) ;coded by UEZ build 2014-09-05 Local Const $fAngle = ATan(($iY2 - $iY1) / ($iX2 - $iX1)) * $fDeg ;calculate the angle of the 2 points Local Const $iW = Round(Sqrt(($iY2 - $iY1) ^ 2 + ($iX2 - $iX1) ^ 2), 0), $iH = $iW ;length between the 2 points Local Const $hBitmap = _GDIPlus_BitmapCreateFromScan0($iW, $iH) Local Const $hCtxt = _GDIPlus_ImageGetGraphicsContext($hBitmap) _GDIPlus_GraphicsSetSmoothingMode($hCtxt, $GDIP_SMOOTHINGMODE_HIGHQUALITY) Local Const $hMatrix = _GDIPlus_MatrixCreate() _GDIPlus_MatrixTranslate($hMatrix, $iW / 2, $iH / 2) _GDIPlus_MatrixRotate($hMatrix, $fAngle + 90) _GDIPlus_MatrixTranslate($hMatrix, -$iW / 2, -$iH / 2) _GDIPlus_GraphicsSetTransform($hCtxt, $hMatrix) Local Const $hBrush = _GDIPlus_LineBrushCreate(($iW - $iSize) / 2, 0, ($iW + $iSize) / 2, 0, 0, 0) ;create gradient brush Local $aColorGradient[4][2] $aColorGradient[0][0] = 3 $aColorGradient[1][0] = $iCOuter $aColorGradient[1][1] = 0.0 $aColorGradient[2][0] = $iCInner $aColorGradient[2][1] = 0.5 $aColorGradient[3][0] = $iCOuter $aColorGradient[3][1] = 1.0 _GDIPlus_LineBrushSetPresetBlend($hBrush, $aColorGradient) _GDIPlus_GraphicsFillRect($hCtxt, ($iW - $iSize) / 2, 0, $iSize, $iH, $hBrush) Local Const $hPath = _GDIPlus_PathCreate() _GDIPlus_PathAddRectangle($hPath, ($iW - $iSize) / 2 - $iSize / 2, 0, $iSize * 2, $iH) Local Const $hBrush_Glow = _GDIPlus_PathBrushCreateFromPath($hPath) ;create glow brush _GDIPlus_PathBrushSetSigmaBlend($hBrush_Glow, 1, 0.75) _GDIPlus_PathBrushSetFocusScales($hBrush_Glow, 0, 0.995) _GDIPlus_PathBrushSetCenterColor($hBrush_Glow, $iCInner) Local $aColor[2] = [1, $iCInner - 0xFF000000] _GDIPlus_PathBrushSetSurroundColorsWithCount($hBrush_Glow, $aColor) _GDIPlus_PathBrushSetWrapMode($hBrush_Glow, 0) _GDIPlus_GraphicsFillRect($hCtxt, ($iW - $iSize) / 2 - $iSize / 2, 0, $iSize * 2, $iH, $hBrush_Glow) Local $fDX, $fDY If $fAngle <= 180 Then ;adjust position $fDX = $iX2 - ($iW / 2 + Cos($fAngle * $fRad) * $iW / 2) $fDY = $iY2 - ($iH / 2 + Sin($fAngle * $fRad) * $iH / 2) Else $fDX = $iX1 - ($iW / 2 + Cos($fAngle * $fRad) * $iW / 2) $fDY = $iY1 - ($iH / 2 + Sin($fAngle * $fRad) * $iH / 2) EndIf _GDIPlus_GraphicsDrawImageRect($hGraphics, $hBitmap, $fDX, $fDY, $iW, $iH) _GDIPlus_PathDispose($hPath) _GDIPlus_MatrixDispose($hMatrix) _GDIPlus_BrushDispose($hBrush) _GDIPlus_BrushDispose($hBrush_Glow) _GDIPlus_GraphicsDispose($hCtxt) _GDIPlus_BitmapDispose($hBitmap) EndFunc ;==>_GDIPlus_DrawLaserBeam Br, UEZ

There is no multithreading with AutoIt I'm afraid, and if chrome needs activating to accept automated input, best you might do is try another browser.

rootx, dog ate your helpfile?* Look at FileInstall in the help file, or the ResourcesEX UDF in the Examples forum. *in my best Melba impersonation

FranklinZero, You have been a member here for over 3 years - and yet it seems that you still have not realised that there are some Forum rules (there is also a link at bottom right of each page) that we ask posters to respect. Among them is the following: Do not ask for help with AutoIt scripts, post links to, or start discussion topics on the following subjects: [...] Launching, automation or script interaction with games or game servers, regardless of the game so posting a script containing the line: $nwPLP = _ProcessListProperties ("GameClient.exe") is not really a very good idea. Please go and read the rules carefully before you post again. JohnOne, A visit to the opticians might be good idea. M23

I've often thought it would be nice to have a @FuncName macro of some sort.

this >link could also be of interest