Search the Community
Showing results for tags 'scanner'.
-
Hi, how to use twain scanning in my app with custom settings 1. output format : jpg 2. compressing jpg 3. mx res : 100 4.custom filename path (examle: D:\123.jpg) 5. get scanner list and scan with selected scanner (get scanner list in my combo or any ctrl) 6. free version eztwain free tested
-
Malware Scanner Features: - Can detect over 500 malware's known fake processes. - Very small and easy to use. Note: 1. Some processes can be found as false positives. 2. Terminating a process may cause undesired results such as system's malfunction or shutdown. Please be careful! 3. This program is ONLY for advanced users! 4. Only tested on Windows 7 Home Premium, I need your testing result on other OS and machines! 5. This is only a tool just to check for fake processes by their name. Source Code: ;Malware Scanner ;1.0.0 ;3 Sep 2012 ;8:36 ;logmein ;AutoIT 3.3.8.1 #NoTrayIcon #include <ButtonConstants.au3> #include <EditConstants.au3> #include <GUIConstantsEx.au3> #include <WindowsConstants.au3> #include <Constants.au3> #include <ListViewConstants.au3> #include <GuiListView.au3> Global $TITLE = 'Malware Scanner', $VERSION = '1.0.0' #Region ### START Koda GUI section ### Form=C:Program Files (x86)AutoIt3SciTEKodaFormsForm1.kxf $formMain = GUICreate($TITLE & ' ' & $VERSION, 762, 376, Default, Default) GUISetFont(10, 400, 0, "Arial") $Label1 = GUICtrlCreateLabel("Scan your system for malware's processes:", 8, 8, 257, 20) $btnScan = GUICtrlCreateButton("&Scan", 8, 32, 83, 25) GUICtrlSetFont(-1, 10, 800, 0, "Arial") $btnAbout = GUICtrlCreateButton("&About", 96, 32, 75, 25) $Group1 = GUICtrlCreateGroup("Result", 8, 64, 745, 305, -1, $WS_EX_TRANSPARENT) $tabMain = GUICtrlCreateTab(16, 88, 729, 273) GUICtrlSetFont(-1, 10, 400, 0, "Arial") $tabProcess = GUICtrlCreateTabItem("&Process") $listProcess = GUICtrlCreateListView("Name|PID|Path", 24, 120, 714, 206) $hdlListProcess = GUICtrlGetHandle(-1) GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 0, 200) GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 1, 100) GUICtrlSendMsg(-1, $LVM_SETCOLUMNWIDTH, 2, 400) GUICtrlSetFont(-1, 10, 400, 0, "Arial") ;$btnKill = GUICtrlCreateButton("&Kill", 584, 328, 75, 25) GUICtrlSetFont(-1, 10, 400, 0, "Arial") $btnKill = GUICtrlCreateButton("&Kill", 664, 328, 75, 25) GUICtrlSetFont(-1, 10, 400, 0, "Arial") GUICtrlCreateTabItem("") GUICtrlCreateGroup("", -99, -99, 1, 1) GUISetState(@SW_SHOW) #EndRegion ### END Koda GUI section ### While 1 $nMsg = GUIGetMsg() Switch $nMsg Case $GUI_EVENT_CLOSE Exit Case $btnScan _Scan() Case $btnKill _EndProcess () Case $btnAbout MsgBox (64,'About',StringUpper($TITLE) & @CRLF & 'Version: ' & $VERSION & @CRLF & 'Author: logmein (AutoITScript.com)' & @crLf & 'Special Thanks to: PsaltyDS' & @CRLF &@CRLF &'To report any suspicious process or false positives, please contact me at: minhthanh.autoit@gmail.com. I appreciate your help!','',$formMain) EndSwitch WEnd Func _scan () _GUICtrlListView_DeleteAllItems ($hdlListProcess) If Not FileExists ('database.3db') Then MsgBox (32,$TITLE,'Database not found!','',$formMain) Return EndIf ProgressOn ($TITLE,'Scanning for suspicious processes...','',Default,Default,18) $processlist = _ProcessListProperties() $read = FileRead ('database.3db') $split = StringSplit ($read,@CRLF) If $processlist[0][0] <> 0 Then For $i = 1 To $processlist[0][0] ProgressSet (Int($i*100/$processlist[0][0]),$processlist[$i][0]) For $u =1 To $split[0] if $processlist[$i][0] = $split[$u] Then $index = _GUICtrlListView_AddItem($hdlListProcess, $processlist[$i][0]);name _GUICtrlListView_AddSubItem($hdlListProcess, $index, $processlist[$i][1], 1);pid _GUICtrlListView_AddSubItem($hdlListProcess, $index, $processlist[$i][5], 2);path EndIf Next Next ProgressOff () Else MsgBox(32, $TITLE, 'Can''t build process list!') EndIf EndFunc Func _EndProcess() $select = _GUICtrlListView_GetSelectedIndices($hdlListProcess, 'True');Retrieve indices of selected item (position) If $select[0] <> 0 Then $Msg = MsgBox(16 + 4, $TITLE, 'Are you sure to end this process? Ending a process will cause undesired result!', '', $formMain) If $Msg = 6 Then $GetItem = _GUICtrlListView_GetItem($hdlListProcess, $select[1], 1);retrieve process ID to be closed MsgBox (64,$GetItem[3],'') ProcessClose($GetItem[3]) If Not @error Then _GUICtrlListView_DeleteItem($hdlListProcess, $select[1]) MsgBox(64, $TITLE, 'Process ended!', '', $formMain) ;_log($GetItem[3], 5) Else MsgBox(16, $TITLE, 'Can not end this process!', '', $formMain) EndIf EndIf EndIf EndFunc ;==>_EndProcess ;=============================================================================== ; Function Name: _ProcessListProperties() ; Description: Get various properties of a process, or all processes ; Call With: _ProcessListProperties( [$Process [, $sComputer]] ) ; Parameter(s): (optional) $Process - PID or name of a process, default is "" (all) ; (optional) $sComputer - remote computer to Get list from, default is local ; Requirement(s): AutoIt v3.2.4.9+ ; Return Value(s): On Success - Returns a 2D array of processes, as in ProcessList() ; with additional columns added: ; [0][0] - Number of processes listed (can be 0 If no matches found) ; [1][0] - 1st process name ; [1][1] - 1st process PID ; [1][2] - 1st process Parent PID ; [1][3] - 1st process owner ; [1][4] - 1st process priority (0 = low, 31 = high) ; [1][5] - 1st process executable path ; [1][6] - 1st process CPU usage ; [1][7] - 1st process memory usage ; [1][8] - 1st process creation date/time = "MM/DD/YYY hh:mm:ss" (hh = 00 to 23) ; [1][9] - 1st process command line string ; ... ; [n][0] thru [n][9] - last process properties ; On Failure: Returns array with [0][0] = 0 and sets @Error to non-zero (see code below) ; Author(s): PsaltyDS at http://www.autoitscript.com/forum ; Date/Version: 12/01/2009 -- v2.0.4 ; Notes: If an integer PID or string process name is provided and no match is found, ; Then [0][0] = 0 and @error = 0 (not treated as an error, same as ProcessList) ; This function requires admin permissions to the target computer. ; All properties come from the Win32_Process class in WMI. ; To Get time-base properties (CPU and Memory usage), a 100ms SWbemRefresher is used. ;=============================================================================== Func _ProcessListProperties($Process = "", $sComputer = ".") Local $sUserName, $sMsg, $sUserDomain, $avProcs, $dtmDate Local $avProcs[1][2] = [[0, ""]], $n = 1 ; Convert PID If passed as string If StringIsInt($Process) Then $Process = Int($Process) ; Connect to WMI and Get process objects $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy, (Debug)}!" & $sComputer & "rootcimv2") If IsObj($oWMI) Then ; Get collection processes from Win32_Process If $Process == "" Then ; Get all $colProcs = $oWMI.ExecQuery("select * from win32_Process") ElseIf IsInt($Process) Then ; Get by PID $colProcs = $oWMI.ExecQuery("select * from win32_Process where ProcessId = " & $Process) Else ; Get by Name $colProcs = $oWMI.ExecQuery("select * from win32_Process where Name = '" & $Process & "'") EndIf If IsObj($colProcs) Then ; Return for no matches If $colProcs.count = 0 Then Return $avProcs ; Size the array ReDim $avProcs[$colProcs.count + 1][10] $avProcs[0][0] = UBound($avProcs) - 1 ; For each process... For $oProc In $colProcs ; [n][0] = process name $avProcs[$n][0] = $oProc.name ; [n][1] = process PID $avProcs[$n][1] = $oProc.ProcessId ; [n][2] = Parent PID $avProcs[$n][2] = $oProc.ParentProcessId ; [n][3] = owner ;If $oProc.GetOwner($sUserName, $sUserDomain) = 0 Then $avProcs[$n][3] = $sUserDomain & "" & $sUserName ; [n][4] = Priority $avProcs[$n][4] = $oProc.Priority ; [n][5] = Executable path $avProcs[$n][5] = $oProc.ExecutablePath ; [n][8] = Creation date/time $dtmDate = $oProc.CreationDate If $dtmDate <> "" Then ; Back referencing RegExp pattern from weaponx Local $sRegExpPatt = "A(d{4})(d{2})(d{2})(d{2})(d{2})(d{2})(?:.*)" $dtmDate = StringRegExpReplace($dtmDate, $sRegExpPatt, "$2/$3/$1 $4:$5:$6") EndIf $avProcs[$n][8] = $dtmDate ; [n][9] = Command line string $avProcs[$n][9] = $oProc.CommandLine ; increment index $n += 1 Next Else SetError(2); Error getting process collection from WMI EndIf ; release the collection object $colProcs = 0 ; Get collection of all processes from Win32_PerfFormattedData_PerfProc_Process ; Have to use an SWbemRefresher to pull the collection, or all Perf data will be zeros Local $oRefresher = ObjCreate("WbemScripting.SWbemRefresher") $colProcs = $oRefresher.AddEnum($oWMI, "Win32_PerfFormattedData_PerfProc_Process").objectSet $oRefresher.Refresh ; Time delay before calling refresher Local $iTime = TimerInit() Do Sleep(20) Until TimerDiff($iTime) >= 100 $oRefresher.Refresh ; Get PerfProc data For $oProc In $colProcs ; Find it in the array For $n = 1 To $avProcs[0][0] If $avProcs[$n][1] = $oProc.IDProcess Then ; [n][6] = CPU usage $avProcs[$n][6] = $oProc.PercentProcessorTime ; [n][7] = memory usage $avProcs[$n][7] = $oProc.WorkingSet ExitLoop EndIf Next Next Else SetError(1); Error connecting to WMI EndIf ; Return array Return $avProcs EndFunc ;==>_ProcessListProperties And the most important part: Database, see attached file. Download, extract and put it into your @ScriptDir. Thanks PsaltyDS for your useful script:) database.zip