Confuzzled Posted August 17, 2005 Posted August 17, 2005 I've searched the help file and the forums and haven't found anything that gives the name of the running program. I know ProcessList will give you the name and processID of each running program, but I need the full program name and path of each process, and as a bonus, any parameters passed to the process when launched.Example from an AdAware report:#:8 [svchost.exe] - I can get this from ProcessList ModuleName : C:\WINDOWS\System32\svchost.exe - want this Command Line : C:\WINDOWS\System32\svchost.exe -k NetworkService - would be nice ProcessID : 1132 - I can get this from ProcessList ThreadCreationTime : 08-08-2005 3:56:16 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe#:9 [svchost.exe] - I can get this from ProcessList ModuleName : C:\WINDOWS\System32\svchost.exe - want this Command Line : C:\WINDOWS\System32\svchost.exe -k LocalService - would be nice ProcessID : 1204 - I can get this from ProcessList ThreadCreationTime : 08-08-2005 3:56:17 AM BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exeObviously it can be done. I've seen the code here in the forums to extract the file and product version, etc from the file name once it has been identified and have used that in other code, but the identification is the bit I'm looking for.I've been stumped where there are a number of processes running with different version names and file locations but the same process name - production and beta versions - and need to differentiate between them, hence just searching for the file from the process name is not going to solve my problem.Any pointers and hints would be appreciated.
Valuater Posted August 18, 2005 Posted August 18, 2005 Well... me and my "hard-headed" ways of getting there. After hours i got this for ya from services.exeC:\WINDOWS\$NtServicePackUninstall$\services.exeC:\WINDOWS\ServicePackFiles\i386\services.exeC:\WINDOWS\system32\services.exe File Name: services.exeFile ID: 748Version: 5.1.2600.2180 Link info found**C:\WINDOWS\system32\services.msc%HOMEDRIVE%%HOMEPATH%/sStarts and stop services.%SystemRoot%\system32\filemgmt.dll01this is howexpandcollapse popup#include <Array.au3> Dim $hFile3A , $hFile3B , $prog[10], $details[10] ; List all processes $list = ProcessList() for $i = 1 to $list[0][0] #Region --- CodeWizard generated code Start --- ;MsgBox features: Title=Yes, Text=Yes, Buttons=Yes, No, and Cancel, Icon=Question If Not IsDeclared("iMsgBoxAnswer") Then Dim $iMsgBoxAnswer $iMsgBoxAnswer = MsgBox(35,"Process Information","Press *Yes* to get Process information for " & @CRLF & @CRLF & $list[$i][0] & @CRLF & @CRLF & "Press *No* to see the next Process " & @CRLF) Select Case $iMsgBoxAnswer = 6;Yes SplashTextOn("Searching", @CRLF & "... Please Wait ...", 240, 60) Call("Get_info") Case $iMsgBoxAnswer = 7;No Case $iMsgBoxAnswer = 2;Cancel Exit EndSelect #EndRegion --- CodeWizard generated code End --- next Func Get_info() RunWait(@ComSpec & ' /c ' & 'dir "' & @HomeDrive & "\" & $list[$i][0] & '" /a :h /b /s' & ' > "' & @TempDir & "\dir_" & $i & ".txt", '', @SW_HIDE) Sleep(2000) $hFile = FileOpen(@TempDir & "\dir_"& $i &".txt", 1) ; Check if file opened for writting OK If $hFile = -1 Then MsgBox(0, "Write Error 1", "Unable to open file.") EndIf FileWriteLine($hFile, " ") FileWriteLine($hFile, "File Name: " & $list[$i][0]) FileWriteLine($hFile, "File ID: " & $list[$i][1]) $ver = FileGetVersion($list[$i][0]) FileWriteLine($hFile, "Version: " & $ver) FileWriteLine($hFile, " ") FileClose($hFile) $result = StringReplace($list[$i][0], "exe", "lnk") RunWait(@ComSpec & ' /c ' & 'dir "' & @HomeDrive & "\" & $result & '" /a :h /b /s' & ' > "' & @TempDir & "\Link_" & $i & ".txt", '', @SW_HIDE) Sleep(2000) $hFile2 = FileOpen(@TempDir & "\Link_"& $i &".txt", 0) ; Check if file opened for reading OK If $hFile2 = -1 Then MsgBox(0, "Read Error 2", "Unable to open file.") EndIf $sLine = FileReadLine($hFile2) FileClose($hFile2) If FileExists($sline) Then $hFile3A = FileOpen(@TempDir & "\dir_"& $i &".txt", 1) ; Check if file opened for writting OK If $hFile3A = -1 Then MsgBox(0, "Write Error 3A", "Unable to open file.") EndIf FileWriteLine($hFile3A, "Link info found**") $prog = FileGetShortcut($sline) For $t = 0 to 6 Sleep(200) FileWriteLine($hFile3A, $prog[$t]) Next FileClose($hFile3B) Else $hFile3B = FileOpen(@TempDir & "\dir_"& $i &".txt", 1) ; Check if file opened for writting OK If $hFile3B = -1 Then MsgBox(0, "Write Error 3B", "Unable to open file.") EndIf FileWriteLine($hFile3B, "No link info found") FileClose($hFile3B) EndIf SplashOff() RunWait('Notepad "' & @TempDir & "\dir_"& $i &".txt"); for testing EndFuncI never claim to be the sharpest here.... but maybe it could help( i'm sure there are easier ways)... but it worked 8)
trids Posted August 18, 2005 Posted August 18, 2005 Also check out www.sysinternals.com .. they have some awesome (and free) commandline utilities that you can very easily automate with AU3HTH
Confuzzled Posted August 20, 2005 Author Posted August 20, 2005 Well... me and my "hard-headed" ways of getting there. After hours i got this for ya from services.exethis is howExtract all process names Search drive for all filenames that matchI never claim to be the sharpest here.... but maybe it could help( i'm sure there are easier ways)... but it worked 8)<{POST_SNAPBACK}>Thanks, I tried that and it seems to get a semblance of what I want, but it doesn't allow for other drives, etc, as it makes the assumption that the program names and the process names are the same, and they are resident on the homedrive. The other issue is doing a search of all files on the drive takes a while on my system.Still looking...
Confuzzled Posted September 7, 2005 Author Posted September 7, 2005 Seems the solution was right under my nose: I ran AutoIt Scriptomatic and selected the root\CIMV2 WMI NameSpace and Win32_Process WMI Class and voila, instant code!Results (indentation lost during cut-and-paste):; Generated by AutoIt Scriptomatic$wbemFlagReturnImmediately = 0x10$wbemFlagForwardOnly = 0x20$colItems = ""$strComputer = "localhost"$Output=""$Output = $Output & "Computer: " & $strComputer & @CRLF$Output = $Output & "==========================================" & @CRLF$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")$colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly)If IsObj($colItems) then For $objItem In $colItems $Output = $Output & "Caption: " & $objItem.Caption & @CRLF $Output = $Output & "CommandLine: " & $objItem.CommandLine & @CRLF $Output = $Output & "CreationClassName: " & $objItem.CreationClassName & @CRLF $Output = $Output & "CreationDate: " & WMIDateStringToDate($objItem.CreationDate) & @CRLF $Output = $Output & "CSCreationClassName: " & $objItem.CSCreationClassName & @CRLF $Output = $Output & "CSName: " & $objItem.CSName & @CRLF $Output = $Output & "Description: " & $objItem.Description & @CRLF $Output = $Output & "ExecutablePath: " & $objItem.ExecutablePath & @CRLF $Output = $Output & "ExecutionState: " & $objItem.ExecutionState & @CRLF $Output = $Output & "Handle: " & $objItem.Handle & @CRLF $Output = $Output & "HandleCount: " & $objItem.HandleCount & @CRLF $Output = $Output & "InstallDate: " & WMIDateStringToDate($objItem.InstallDate) & @CRLF $Output = $Output & "KernelModeTime: " & $objItem.KernelModeTime & @CRLF $Output = $Output & "MaximumWorkingSetSize: " & $objItem.MaximumWorkingSetSize & @CRLF $Output = $Output & "MinimumWorkingSetSize: " & $objItem.MinimumWorkingSetSize & @CRLF $Output = $Output & "Name: " & $objItem.Name & @CRLF $Output = $Output & "OSCreationClassName: " & $objItem.OSCreationClassName & @CRLF $Output = $Output & "OSName: " & $objItem.OSName & @CRLF $Output = $Output & "OtherOperationCount: " & $objItem.OtherOperationCount & @CRLF $Output = $Output & "OtherTransferCount: " & $objItem.OtherTransferCount & @CRLF $Output = $Output & "PageFaults: " & $objItem.PageFaults & @CRLF $Output = $Output & "PageFileUsage: " & $objItem.PageFileUsage & @CRLF $Output = $Output & "ParentProcessId: " & $objItem.ParentProcessId & @CRLF $Output = $Output & "PeakPageFileUsage: " & $objItem.PeakPageFileUsage & @CRLF $Output = $Output & "PeakVirtualSize: " & $objItem.PeakVirtualSize & @CRLF $Output = $Output & "PeakWorkingSetSize: " & $objItem.PeakWorkingSetSize & @CRLF $Output = $Output & "Priority: " & $objItem.Priority & @CRLF $Output = $Output & "PrivatePageCount: " & $objItem.PrivatePageCount & @CRLF $Output = $Output & "ProcessId: " & $objItem.ProcessId & @CRLF $Output = $Output & "QuotaNonPagedPoolUsage: " & $objItem.QuotaNonPagedPoolUsage & @CRLF $Output = $Output & "QuotaPagedPoolUsage: " & $objItem.QuotaPagedPoolUsage & @CRLF $Output = $Output & "QuotaPeakNonPagedPoolUsage: " & $objItem.QuotaPeakNonPagedPoolUsage & @CRLF $Output = $Output & "QuotaPeakPagedPoolUsage: " & $objItem.QuotaPeakPagedPoolUsage & @CRLF $Output = $Output & "ReadOperationCount: " & $objItem.ReadOperationCount & @CRLF $Output = $Output & "ReadTransferCount: " & $objItem.ReadTransferCount & @CRLF $Output = $Output & "SessionId: " & $objItem.SessionId & @CRLF $Output = $Output & "Status: " & $objItem.Status & @CRLF $Output = $Output & "TerminationDate: " & WMIDateStringToDate($objItem.TerminationDate) & @CRLF $Output = $Output & "ThreadCount: " & $objItem.ThreadCount & @CRLF $Output = $Output & "UserModeTime: " & $objItem.UserModeTime & @CRLF $Output = $Output & "VirtualSize: " & $objItem.VirtualSize & @CRLF $Output = $Output & "WindowsVersion: " & $objItem.WindowsVersion & @CRLF $Output = $Output & "WorkingSetSize: " & $objItem.WorkingSetSize & @CRLF $Output = $Output & "WriteOperationCount: " & $objItem.WriteOperationCount & @CRLF $Output = $Output & "WriteTransferCount: " & $objItem.WriteTransferCount & @CRLF if Msgbox(1,"WMI Output",$Output) = 2 then ExitLoop $Output="" NextElse Msgbox(0,"WMI Output","No WMI Objects Found for class: " & "Win32_Process" )EndifFunc WMIDateStringToDate($dtmDate) Return (StringMid($dtmDate, 5, 2) & "/" & _ StringMid($dtmDate, 7, 2) & "/" & StringLeft($dtmDate, 4) _ & " " & StringMid($dtmDate, 9, 2) & ":" & StringMid($dtmDate, 11, 2) & ":" & StringMid($dtmDate,13, 2))EndFuncThis is the solution I was looking for.
jefhal Posted September 8, 2005 Posted September 8, 2005 I ran AutoIt ScriptomaticWhat is AutoIt Scriptomatic? I've heard of Scriptomatic, but not one by AutoIt... ...by the way, it's pronounced: "JIF"... Bob Berry --- inventor of the GIF format
Confuzzled Posted September 8, 2005 Author Posted September 8, 2005 What is AutoIt Scriptomatic? I've heard of Scriptomatic, but not one by AutoIt...<{POST_SNAPBACK}>SvenP wrote it. See WMI ScriptOMatic tool for AutoIt, Kickin' Microsoft's...
Endgame Posted September 29, 2005 Posted September 29, 2005 $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", _ $wbemFlagReturnImmediately + $wbemFlagForwardOnly)I get an error at this point in the script. My error reads:Unable to parse line.: $colProcess = $objWMIService.ExecQuery("Select * from Win32_Process") $colProcess = $objWMIService.E^ ERRORDoes anybody have any insight into this error? Thanks.Endgame EndgameMy UDFsFile Size ConvertMacros in INI UDF
Endgame Posted September 29, 2005 Posted September 29, 2005 I get an error at this point in the script.Does anybody have any insight into this error? Thanks.EndgameNever mind. I answered my own question when I realized that most of you are running beta version of AutoIt. I upgraded my AutoIt to v3.1.1.80 (beta) and it worked like a charm!Thanks.Endgame EndgameMy UDFsFile Size ConvertMacros in INI UDF
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now