nlgma Posted September 7, 2010 Posted September 7, 2010 I've been kicking around this script for a few weeks. It's not much but it kind of gives you and Idea of what I'm trying to do. I keep running in to little issues here and there. I would like to know if it's wroth the time to script or should I just download something ?To list a few things I want it to do:1. List all running Processes2. Go to a site an scrape data about the Processes (processlibrary.com)3. Create a white list of allowed Processes4. Create a black list of blocked Processes5. Warning for all other Processesexpandcollapse popup#include <GuiConstantsEx.au3> #include <GuiListView.au3> #include <GuiImageList.au3> #include <Array.au3> _Main() Func _Main() GUICreate("List Process and PID", 400, 400) Global $hListView = GUICtrlCreateListView("", 2, 2, 394, 180) _GUICtrlListView_SetExtendedListViewStyle($hListView, BitOR($LVS_EX_FULLROWSELECT, $LVS_EX_CHECKBOXES)) Global $hListKill = GUICtrlCreateListView("", 2, 222, 394, 140) _GUICtrlListView_SetExtendedListViewStyle($hListKill, BitOR($LVS_EX_FULLROWSELECT, $LVS_EX_CHECKBOXES)) Global $Add_White = GUICtrlCreateButton("Add to White list", 5, 375, 100, 20) Global $Add_Black = GUICtrlCreateButton("Add to Black list", 125, 375, 100, 20) Global $Kill = GUICtrlCreateButton("Kill", 250, 375, 50, 20) GUISetState() ; Add columns _GUICtrlListView_AddColumn($hListView, "Process", 100) _GUICtrlListView_AddColumn($hListView, "PID", 100) _GUICtrlListView_SetColumnWidth($hListView, 1, 50) _GUICtrlListView_AddColumn($hListView, "Executable Path", 100) _GUICtrlListView_SetColumnWidth($hListView, 2, 250) ; Add columns _GUICtrlListView_AddColumn($hListKill, "Process", 100) _GUICtrlListView_AddColumn($hListKill, "PID", 100) _GUICtrlListView_SetColumnWidth($hListKill, 1, 50) _GUICtrlListView_AddColumn($hListKill, "Executable Path", 100) _GUICtrlListView_SetColumnWidth($hListKill, 2, 250) SplashTextOn("Process List Properties...", "Please wait ...", 200, 50) Global $avRET = _ProcessListProperties() $hImage = _GUIImageList_Create(16, 16, 5, $avRET[0][0]) Global $o = 0 For $i = 1 To $avRET[0][0] _GUICtrlListView_AddItem($hListView, $avRET[$i][0], $o) _GUICtrlListView_AddSubItem($hListView, $o, $avRET[$i][1], 1) _GUICtrlListView_AddSubItem($hListView, $o, $avRET[$i][5], 2) $o = $o + 1 Next SplashOff() EndFunc ;==>_Main Global $o = 0 While 1 $msg = GUIGetMsg() Select Case $msg = $GUI_EVENT_CLOSE Exit Case $msg = $Add_White For $i = 1 To $avRET[0][0] If _GUICtrlListView_GetItemChecked($hListView, $i) = True Then MsgBox(0, _GUICtrlListView_GetItemText($hListView, $i), _GUICtrlListView_GetItemChecked($hListView, $i)) ;Add Selected Items to White List EndIf Next Case $msg = $Add_Black For $i = 1 To $avRET[0][0] If _GUICtrlListView_GetItemChecked($hListView, $i) = True Then $aItem = _GUICtrlListView_GetItemTextArray($hListView, $i) _GUICtrlListView_BeginUpdate($hListKill) _GUICtrlListView_AddItem($hListKill, $aItem[1], 0) _GUICtrlListView_AddSubItem($hListKill, $o, $aItem[2], 1) _GUICtrlListView_AddSubItem($hListKill, $o, $aItem[3], 2) _GUICtrlListView_SetItemChecked($hListView, $i, False) _GUICtrlListView_EndUpdate($hListKill) $o = $o + 1 EndIf Next Case $msg = $Kill For $i = 1 To $avRET[0][0] If _GUICtrlListView_GetItemChecked($hListKill, $i) = True Then SplashTextOn("Process Killing...", "Please wait ...", 200, 50) $aItem = _GUICtrlListView_GetItemTextArray($hListKill, $i) If ProcessExists($aItem[1]) Then ;Do ; ProcessClose($aItem[1]) ;Until ProcessExists($aItem[1]) = 0 SplashOff() EndIf EndIf Next EndSelect WEnd ;=============================================================================== ; Function Name: _ProcessListProperties() ; Description: Get various properties of a process, or all processes ; Call With: _ProcessListProperties( [$Process [, $sComputer]] ) ; Parameter(s): (optional) $Process - PID or name of a process, default is "" (all) ; (optional) $sComputer - remote computer to get list from, default is local ; Requirement(s): AutoIt v3.2.4.9+ ; Return Value(s): On Success - Returns a 2D array of processes, as in ProcessList() ; with additional columns added: ; [0][0] - Number of processes listed (can be 0 if no matches found) ; [1][0] - 1st process name ; [1][1] - 1st process PID ; [1][2] - 1st process Parent PID ; [1][3] - 1st process owner ; [1][4] - 1st process priority (0 = low, 31 = high) ; [1][5] - 1st process executable path ; [1][6] - 1st process CPU usage ; [1][7] - 1st process memory usage ; [1][8] - 1st process creation date/time = "MM/DD/YYY hh:mm:ss" (hh = 00 to 23) ; [1][9] - 1st process command line string ; ... ; [n][0] thru [n][9] - last process properties ; On Failure: Returns array with [0][0] = 0 and sets @Error to non-zero (see code below) ; Author(s): PsaltyDS at http://www.autoitscript.com/forum ; Date/Version: 12/01/2009 -- v2.0.4 ; Notes: If an integer PID or string process name is provided and no match is found, ; then [0][0] = 0 and @error = 0 (not treated as an error, same as ProcessList) ; This function requires admin permissions to the target computer. ; All properties come from the Win32_Process class in WMI. ; To get time-base properties (CPU and Memory usage), a 100ms SWbemRefresher is used. ;=============================================================================== Func _ProcessListProperties($Process = "", $sComputer = ".") Local $sUserName, $sMsg, $sUserDomain, $avProcs, $dtmDate Local $avProcs[1][2] = [[0, ""]], $n = 1 ; Convert PID if passed as string If StringIsInt($Process) Then $Process = Int($Process) ; Connect to WMI and get process objects $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy, (Debug)}!\\" & $sComputer & "\root\cimv2") If IsObj($oWMI) Then ; Get collection processes from Win32_Process If $Process == "" Then ; Get all $colProcs = $oWMI.ExecQuery("select * from win32_Process") ElseIf IsInt($Process) Then ; Get by PID $colProcs = $oWMI.ExecQuery("select * from win32_Process where ProcessId = " & $Process) Else ; Get by Name $colProcs = $oWMI.ExecQuery("select * from win32_Process where Name = '" & $Process & "'") EndIf If IsObj($colProcs) Then ; Return for no matches If $colProcs.count = 0 Then Return $avProcs ; Size the array ReDim $avProcs[$colProcs.count + 1][10] $avProcs[0][0] = UBound($avProcs) - 1 ; For each process... For $oProc In $colProcs ; [n][0] = process name $avProcs[$n][0] = $oProc.name ; [n][1] = process PID $avProcs[$n][1] = $oProc.ProcessId ; [n][2] = Parent PID $avProcs[$n][2] = $oProc.ParentProcessId ; [n][3] = Owner If $oProc.GetOwner($sUserName, $sUserDomain) = 0 Then $avProcs[$n][3] = $sUserDomain & "\" & $sUserName ; [n][4] = Priority $avProcs[$n][4] = $oProc.Priority ; [n][5] = Executable path $avProcs[$n][5] = $oProc.ExecutablePath ; [n][8] = Creation date/time $dtmDate = $oProc.CreationDate If $dtmDate <> "" Then ; Back referencing RegExp pattern from weaponx Local $sRegExpPatt = "\A(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(?:.*)" $dtmDate = StringRegExpReplace($dtmDate, $sRegExpPatt, "$2/$3/$1 $4:$5:$6") EndIf $avProcs[$n][8] = $dtmDate ; [n][9] = Command line string $avProcs[$n][9] = $oProc.CommandLine ; increment index $n += 1 Next Else SetError(2); Error getting process collection from WMI EndIf ; release the collection object $colProcs = 0 ; Get collection of all processes from Win32_PerfFormattedData_PerfProc_Process ; Have to use an SWbemRefresher to pull the collection, or all Perf data will be zeros Local $oRefresher = ObjCreate("WbemScripting.SWbemRefresher") $colProcs = $oRefresher.AddEnum($oWMI, "Win32_PerfFormattedData_PerfProc_Process" ).objectSet $oRefresher.Refresh ; Time delay before calling refresher Local $iTime = TimerInit() Do Sleep(50) Until TimerDiff($iTime) >= 100 $oRefresher.Refresh ; Get PerfProc data For $oProc In $colProcs ; Find it in the array For $n = 1 To $avProcs[0][0] If $avProcs[$n][1] = $oProc.IDProcess Then ; [n][6] = CPU usage $avProcs[$n][6] = $oProc.PercentProcessorTime ; [n][7] = memory usage $avProcs[$n][7] = $oProc.WorkingSet ExitLoop EndIf Next Next Else SetError(1); Error connecting to WMI EndIf ; Return array Return $avProcs EndFunc ;==>_ProcessListProperties
maqleod Posted September 8, 2010 Posted September 8, 2010 I like the idea of the white/black lists. You're welcome to check out my process manager for ideas. It is not designed for the direction you're going with your project, but it will certainly give you some useful tidbits to build off of. You can get the source here: http://www.pulsarsoftware.net/Download/Source/PM_1.0_Source.zip Search the forums for the CompInfo.au3 UDF. I'd keep at it, its always worth pushing through all those little issues to get to a nice working script. [u]You can download my projects at:[/u] Pulsar Software
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now