Zohar Posted August 17, 2014 Author Share Posted August 17, 2014 (edited) Thank you very much sahsanu Will download it now. Where are you getting that from? I just tried 100 time and got correct file and path 100 times. That's 100 out of 100 Hmm, what method did you use? Edited August 17, 2014 by Zohar Link to comment Share on other sites More sharing options...
JohnOne Posted August 17, 2014 Share Posted August 17, 2014 Terenz post. AutoIt Absolute Beginners Require a serial Pause Script Video Tutorials by Morthawt ipify Monkey's are, like, natures humans. Link to comment Share on other sites More sharing options...
Exit Posted August 17, 2014 Share Posted August 17, 2014 Can anyone recommend of a Simple Image Editing program? I would recommend Irfanview When pressing F12, you have a nice editing environment. And the full path is in the window title. App: Au3toCmd UDF: _SingleScript() Link to comment Share on other sites More sharing options...
funkey Posted August 17, 2014 Share Posted August 17, 2014 Maybe working dir changes when saving a file with paint? Zohar 1 Programming today is a race between software engineers striving tobuild bigger and better idiot-proof programs, and the Universetrying to produce bigger and better idiots.So far, the Universe is winning. Link to comment Share on other sites More sharing options...
Zohar Posted August 20, 2018 Author Share Posted August 20, 2018 (edited) Hi All 4 years have passed, and this week, when playing with a newer version of Process Explorer, I found a solution that seems to be working.. All the time, when using Process Explorer, I looked at the bottom pane (Handles list). Instead of doing that, I simply needed to DoubleClick the process, to see its Properties window: Apparantly funkey wrote this in 2014, (in a post right above this one), and I somehow missed this reply here: On 8/17/2014 at 8:17 PM, funkey said: Maybe working dir changes when saving a file with paint? Thank you funkey, you are right. So now I would like to ask: How can I get the Current Folder of another process? Edited August 20, 2018 by Zohar Link to comment Share on other sites More sharing options...
funkey Posted August 20, 2018 Share Posted August 20, 2018 Hello after 4 years I changed this script to this: expandcollapse popup#include <WinAPI.au3> ; _GetPrivilege_SEDEBUG() uses this include. My function needs none. #include <array.au3> ; Needed to display array in example. Not needed by Func. #RequireAdmin ; Reported to be of use on Vista, getting more info from protected processes... ; ############# Needed Constants ################### Global Const $PROCESS_VM_READ=0x10 Global Const $PROCESS_QUERY_INFORMATION = 0x400 ; ############ Example code ####################### _GetPrivilege_SEDEBUG() ; I need this for tricky processes. Not needed for most... $list=ProcessList() Redim $list[ubound($list,1)][4] for $i=1 to ubound($list,1)-1 $list[$i][2]=_WinAPI_GetCommandLineFromPID($list[$i][1]) $list[$i][3]=_WinAPI_GetCurrentDirectoryFromPID($list[$i][1]) Next _ArrayDisplay($list) Exit ; ############################################### ; ############ Here be func! #################### Func _WinAPI_GetCommandLineFromPID($iPID) Local $aCall = DllCall("kernel32.dll", "handle", "OpenProcess", _ "dword", 1040, _ ; PROCESS_VM_READ | PROCESS_QUERY_INFORMATION "bool", 0, _ "dword", $iPID) If @error Or Not $aCall[0] Then Return SetError(1, 0, "") EndIf Local $hProcess = $aCall[0] Local $tPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & _ "ptr PebBaseAddress;" & _ "dword_ptr AffinityMask;" & _ "dword_ptr BasePriority;" & _ "dword_ptr UniqueProcessId;" & _ "dword_ptr InheritedFromUniqueProcessId") $aCall = DllCall("ntdll.dll", "int", "NtQueryInformationProcess", _ "handle", $hProcess, _ "dword", 0, _ ; ProcessBasicInformation "ptr", DllStructGetPtr($tPROCESS_BASIC_INFORMATION), _ "dword", DllStructGetSize($tPROCESS_BASIC_INFORMATION), _ "dword*", 0) If @error Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(2, 0, "") EndIf Local $tPEB = DllStructCreate("byte InheritedAddressSpace;" & _ "byte ReadImageFileExecOptions;" & _ "byte BeingDebugged;" & _ "byte Spare;" & _ "ptr Mutant;" & _ "ptr ImageBaseAddress;" & _ "ptr LoaderData;" & _ "ptr ProcessParameters;" & _ "ptr SubSystemData;" & _ "ptr ProcessHeap;" & _ "ptr FastPebLock;" & _ "ptr FastPebLockRoutine;" & _ "ptr FastPebUnlockRoutine;" & _ "dword EnvironmentUpdateCount;" & _ "ptr KernelCallbackTable;" & _ "ptr EventLogSection;" & _ "ptr EventLog;" & _ "ptr FreeList;" & _ "dword TlsExpansionCounter;" & _ "ptr TlsBitmap;" & _ "dword TlsBitmapBits[2];" & _ "ptr ReadOnlySharedMemoryBase;" & _ "ptr ReadOnlySharedMemoryHeap;" & _ "ptr ReadOnlyStaticServerData;" & _ "ptr AnsiCodePageData;" & _ "ptr OemCodePageData;" & _ "ptr UnicodeCaseTableData;" & _ "dword NumberOfProcessors;" & _ "dword NtGlobalFlag;" & _ "ubyte Spare2[4];" & _ "int64 CriticalSectionTimeout;" & _ "dword HeapSegmentReserve;" & _ "dword HeapSegmentCommit;" & _ "dword HeapDeCommitTotalFreeThreshold;" & _ "dword HeapDeCommitFreeBlockThreshold;" & _ "dword NumberOfHeaps;" & _ "dword MaximumNumberOfHeaps;" & _ "ptr ProcessHeaps;" & _ "ptr GdiSharedHandleTable;" & _ "ptr ProcessStarterHelper;" & _ "ptr GdiDCAttributeList;" & _ "ptr LoaderLock;" & _ "dword OSMajorVersion;" & _ "dword OSMinorVersion;" & _ "dword OSBuildNumber;" & _ "dword OSPlatformId;" & _ "dword ImageSubSystem;" & _ "dword ImageSubSystemMajorVersion;" & _ "dword ImageSubSystemMinorVersion;" & _ "dword GdiHandleBuffer[34];" & _ "dword PostProcessInitRoutine;" & _ "dword TlsExpansionBitmap;" & _ "byte TlsExpansionBitmapBits[128];" & _ "dword SessionId") $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPROCESS_BASIC_INFORMATION, "PebBaseAddress"), _ "ptr", DllStructGetPtr($tPEB), _ "dword", DllStructGetSize($tPEB), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(3, 0, "") EndIf Local $tPROCESS_PARAMETERS = DllStructCreate("dword AllocationSize;" & _ "dword ActualSize;" & _ "dword Flags;" & _ "dword Unknown1;" & _ "word LengthUnknown2;" & _ "word MaxLengthUnknown2;" & _ "ptr Unknown2;" & _ "handle InputHandle;" & _ "handle OutputHandle;" & _ "handle ErrorHandle;" & _ "word LengthCurrentDirectory;" & _ "word MaxLengthCurrentDirectory;" & _ "ptr CurrentDirectory;" & _ "handle CurrentDirectoryHandle;" & _ "word LengthSearchPaths;" & _ "word MaxLengthSearchPaths;" & _ "ptr SearchPaths;" & _ "word LengthApplicationName;" & _ "word MaxLengthApplicationName;" & _ "ptr ApplicationName;" & _ "word LengthCommandLine;" & _ "word MaxLengthCommandLine;" & _ "ptr CommandLine;" & _ "ptr EnvironmentBlock;" & _ "dword Unknown[9];" & _ "word LengthUnknown3;" & _ "word MaxLengthUnknown3;" & _ "ptr Unknown3;" & _ "word LengthUnknown4;" & _ "word MaxLengthUnknown4;" & _ "ptr Unknown4;" & _ "word LengthUnknown5;" & _ "word MaxLengthUnknown5;" & _ "ptr Unknown5;") $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPEB, "ProcessParameters"), _ "ptr", DllStructGetPtr($tPROCESS_PARAMETERS), _ "dword", DllStructGetSize($tPROCESS_PARAMETERS), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(4, 0, "") EndIf $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPROCESS_PARAMETERS, "CommandLine"), _ "wstr", "", _ "dword", DllStructGetData($tPROCESS_PARAMETERS, "MaxLengthCommandLine"), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(5, 0, "") EndIf DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return $aCall[3] EndFunc Func _WinAPI_GetCurrentDirectoryFromPID($iPID) Local $aCall = DllCall("kernel32.dll", "handle", "OpenProcess", _ "dword", 1040, _ ; PROCESS_VM_READ | PROCESS_QUERY_INFORMATION "bool", 0, _ "dword", $iPID) If @error Or Not $aCall[0] Then Return SetError(1, 0, "") EndIf Local $hProcess = $aCall[0] Local $tPROCESS_BASIC_INFORMATION = DllStructCreate("dword_ptr ExitStatus;" & _ "ptr PebBaseAddress;" & _ "dword_ptr AffinityMask;" & _ "dword_ptr BasePriority;" & _ "dword_ptr UniqueProcessId;" & _ "dword_ptr InheritedFromUniqueProcessId") $aCall = DllCall("ntdll.dll", "int", "NtQueryInformationProcess", _ "handle", $hProcess, _ "dword", 0, _ ; ProcessBasicInformation "ptr", DllStructGetPtr($tPROCESS_BASIC_INFORMATION), _ "dword", DllStructGetSize($tPROCESS_BASIC_INFORMATION), _ "dword*", 0) If @error Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(2, 0, "") EndIf Local $tPEB = DllStructCreate("byte InheritedAddressSpace;" & _ "byte ReadImageFileExecOptions;" & _ "byte BeingDebugged;" & _ "byte Spare;" & _ "ptr Mutant;" & _ "ptr ImageBaseAddress;" & _ "ptr LoaderData;" & _ "ptr ProcessParameters;" & _ "ptr SubSystemData;" & _ "ptr ProcessHeap;" & _ "ptr FastPebLock;" & _ "ptr FastPebLockRoutine;" & _ "ptr FastPebUnlockRoutine;" & _ "dword EnvironmentUpdateCount;" & _ "ptr KernelCallbackTable;" & _ "ptr EventLogSection;" & _ "ptr EventLog;" & _ "ptr FreeList;" & _ "dword TlsExpansionCounter;" & _ "ptr TlsBitmap;" & _ "dword TlsBitmapBits[2];" & _ "ptr ReadOnlySharedMemoryBase;" & _ "ptr ReadOnlySharedMemoryHeap;" & _ "ptr ReadOnlyStaticServerData;" & _ "ptr AnsiCodePageData;" & _ "ptr OemCodePageData;" & _ "ptr UnicodeCaseTableData;" & _ "dword NumberOfProcessors;" & _ "dword NtGlobalFlag;" & _ "ubyte Spare2[4];" & _ "int64 CriticalSectionTimeout;" & _ "dword HeapSegmentReserve;" & _ "dword HeapSegmentCommit;" & _ "dword HeapDeCommitTotalFreeThreshold;" & _ "dword HeapDeCommitFreeBlockThreshold;" & _ "dword NumberOfHeaps;" & _ "dword MaximumNumberOfHeaps;" & _ "ptr ProcessHeaps;" & _ "ptr GdiSharedHandleTable;" & _ "ptr ProcessStarterHelper;" & _ "ptr GdiDCAttributeList;" & _ "ptr LoaderLock;" & _ "dword OSMajorVersion;" & _ "dword OSMinorVersion;" & _ "dword OSBuildNumber;" & _ "dword OSPlatformId;" & _ "dword ImageSubSystem;" & _ "dword ImageSubSystemMajorVersion;" & _ "dword ImageSubSystemMinorVersion;" & _ "dword GdiHandleBuffer[34];" & _ "dword PostProcessInitRoutine;" & _ "dword TlsExpansionBitmap;" & _ "byte TlsExpansionBitmapBits[128];" & _ "dword SessionId") $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPROCESS_BASIC_INFORMATION, "PebBaseAddress"), _ "ptr", DllStructGetPtr($tPEB), _ "dword", DllStructGetSize($tPEB), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(3, 0, "") EndIf Local $tPROCESS_PARAMETERS = DllStructCreate("dword AllocationSize;" & _ "dword ActualSize;" & _ "dword Flags;" & _ "dword Unknown1;" & _ "word LengthUnknown2;" & _ "word MaxLengthUnknown2;" & _ "ptr Unknown2;" & _ "handle InputHandle;" & _ "handle OutputHandle;" & _ "handle ErrorHandle;" & _ "word LengthCurrentDirectory;" & _ "word MaxLengthCurrentDirectory;" & _ "ptr CurrentDirectory;" & _ "handle CurrentDirectoryHandle;" & _ "word LengthSearchPaths;" & _ "word MaxLengthSearchPaths;" & _ "ptr SearchPaths;" & _ "word LengthApplicationName;" & _ "word MaxLengthApplicationName;" & _ "ptr ApplicationName;" & _ "word LengthCommandLine;" & _ "word MaxLengthCommandLine;" & _ "ptr CommandLine;" & _ "ptr EnvironmentBlock;" & _ "dword Unknown[9];" & _ "word LengthUnknown3;" & _ "word MaxLengthUnknown3;" & _ "ptr Unknown3;" & _ "word LengthUnknown4;" & _ "word MaxLengthUnknown4;" & _ "ptr Unknown4;" & _ "word LengthUnknown5;" & _ "word MaxLengthUnknown5;" & _ "ptr Unknown5;") $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPEB, "ProcessParameters"), _ "ptr", DllStructGetPtr($tPROCESS_PARAMETERS), _ "dword", DllStructGetSize($tPROCESS_PARAMETERS), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(4, 0, "") EndIf $aCall = DllCall("kernel32.dll", "bool", "ReadProcessMemory", _ "ptr", $hProcess, _ "ptr", DllStructGetData($tPROCESS_PARAMETERS, "CurrentDirectory"), _ "wstr", "", _ "dword", DllStructGetData($tPROCESS_PARAMETERS, "MaxLengthCurrentDirectory"), _ "dword*", 0) If @error Or Not $aCall[0] Then DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return SetError(5, 0, "") EndIf DllCall("kernel32.dll", "bool", "CloseHandle", "handle", $hProcess) Return $aCall[3] EndFunc ; ####################### Below Func is Part of example - Needed to get commandline from more processes. ############ ; ####################### Thanks for this function, wraithdu! (Didn't know it was your.) :) ######################### Func _GetPrivilege_SEDEBUG() Local $tagLUIDANDATTRIB = "int64 Luid;dword Attributes" Local $count = 1 Local $tagTOKENPRIVILEGES = "dword PrivilegeCount;byte LUIDandATTRIB[" & $count * 12 & "]" ; count of LUID structs * sizeof LUID struct Local $TOKEN_ADJUST_PRIVILEGES = 0x20 Local $call = DllCall("advapi32.dll", "int", "OpenProcessToken", "ptr", _WinAPI_GetCurrentProcess(), "dword", $TOKEN_ADJUST_PRIVILEGES, "ptr*", "") Local $hToken = $call[3] $call = DllCall("advapi32.dll", "int", "LookupPrivilegeValue", "str", Chr(0), "str", "SeDebugPrivilege", "int64*", "") ;msgbox(0,"",$call[3] & " " & _WinAPI_GetLastErrorMessage()) Local $iLuid = $call[3] Local $TP = DllStructCreate($tagTOKENPRIVILEGES) Local $LUID = DllStructCreate($tagLUIDANDATTRIB, DllStructGetPtr($TP, "LUIDandATTRIB")) DllStructSetData($TP, "PrivilegeCount", $count) DllStructSetData($LUID, "Luid", $iLuid) DllStructSetData($LUID, "Attributes", $SE_PRIVILEGE_ENABLED) $call = DllCall("advapi32.dll", "int", "AdjustTokenPrivileges", "ptr", $hToken, "int", 0, "ptr", DllStructGetPtr($TP), "dword", 0, "ptr", Chr(0), "ptr", Chr(0)) Return ($call[0] <> 0) ; $call[0] <> 0 is success EndFunc ;==>_GetPrivilege_SEDEBUG Hope this helps Deye 1 Programming today is a race between software engineers striving tobuild bigger and better idiot-proof programs, and the Universetrying to produce bigger and better idiots.So far, the Universe is winning. Link to comment Share on other sites More sharing options...
Zohar Posted August 21, 2018 Author Share Posted August 21, 2018 Thank you very much funkey All this code is needed just for getting the Current Folder of the process? Link to comment Share on other sites More sharing options...
AdamUL Posted August 21, 2018 Share Posted August 21, 2018 Have a look at _WinAPI_GetProcessFileName included in the AutoIt UDFs. Adam Link to comment Share on other sites More sharing options...
Zohar Posted August 24, 2018 Author Share Posted August 24, 2018 Hi AdamUL Thank you, but note that the Startup Folder is not the Working Folder. Startup Folder is where the EXE is, Working Folder is something that may change, like in this example - Paint changes it every time you save a file, according to the path of the saved file.. Link to comment Share on other sites More sharing options...
junkew Posted August 26, 2018 Share Posted August 26, 2018 (edited) Maybe you can use the windows recent documents that list is updated when you save a document from any program. This gives some things you could google on List of Windows MRU Locations - ForensicsWikihttps://forensicswiki.org/wiki/List_of_Windows_MRU_Locations Edited August 26, 2018 by junkew FAQ 31 How to click some elements, FAQ 40 Test automation with AutoIt, Multithreading CLR .NET Powershell CMDLets Link to comment Share on other sites More sharing options...
Zohar Posted August 29, 2018 Author Share Posted August 29, 2018 Hi junkew Thank you, but we alreadyu have a deterministic way of getting the Path. I would like to continue with that direction, and not choose others.. Link to comment Share on other sites More sharing options...
rudi Posted August 29, 2018 Share Posted August 29, 2018 Hi, you can use the tool HANDLE.EXE from sysinternals to retrieve the information, you are looking for. HANDLE.EXE will need to be launched UAC Admin elevated. C:\install\bat>handle --help Handle v3.46 Copyright (C) 1997-2011 Mark Russinovich Sysinternals - www.sysinternals.com usage: handle [[-a [-l]] [-u] | [-c <handle> [-y]] | [-s]] [-p <process>|<pid>] [name] -a Dump all handle information. -l Just show pagefile-backed section handles. -c Closes the specified handle (interpreted as a hexadecimal number). You must specify the process by its PID. WARNING: Closing handles can cause application or system instability. -y Don't prompt for close handle confirmation. -s Print count of each type of handle open. -u Show the owning user name when searching for handles. -p Dump handles belonging to process (partial name accepted). name Search for handles to objects with <name> (fragment accepted). No arguments will dump all file references. With RegEx you can retrieve the FullFilePathName you need. C:\install\bat>handle filelocked-test Handle v3.46 Copyright (C) 1997-2011 Mark Russinovich Sysinternals - www.sysinternals.com WINWORD.EXE pid: 6960 type: File AA0: C:\temp\FileLocked-test.docx Regards, Rudi. Earth is flat, pigs can fly, and Nuclear Power is SAFE! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now