killaz219 Posted August 1, 2006 Posted August 1, 2006 I wana know if there is any way to retrieve the parent PID. I have a way of getting the hwnd but that usually comes back 0x000000, even when I tried running it from Ollydbg or the sort. I have been messing around with API for a little while but I still can't find a way to get the PPID without using hwnd.
Moderators SmOke_N Posted August 1, 2006 Moderators Posted August 1, 2006 You could use the API GetProcessTimes and compare from there. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
killaz219 Posted August 1, 2006 Author Posted August 1, 2006 You could use the API GetProcessTimes and compare from there.I just tried it but I can't get it to work. Can you give me a code sample?
Moderators SmOke_N Posted August 1, 2006 Moderators Posted August 1, 2006 I just tried it but I can't get it to work. Can you give me a code sample?Unfortunately, I've never played with it, and I'm too tired personally to wrap my head around it... But it seems that is the route you should take.What do you have so far that isn't working that you've tried?... Maybe it just needs tweaking. Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
killaz219 Posted August 1, 2006 Author Posted August 1, 2006 Unfortunately, I've never played with it, and I'm too tired personally to wrap my head around it... But it seems that is the route you should take.What do you have so far that isn't working that you've tried?... Maybe it just needs tweaking.It's not so much that it isn't working as it is I don't know how to set it up to get what I want it to do. MSDN didn't help me at all, and neither did my API helpfile, so I'm lost.
/dev/null Posted August 1, 2006 Posted August 1, 2006 It's not so much that it isn't working as it is I don't know how to set it up to get what I want it to do. MSDN didn't help me at all, and neither did my API helpfile, so I'm lost. WMI can give you that information. $wbemFlagReturnImmediately = 0x10 $wbemFlagForwardOnly = 0x20 $strComputer = "." $objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\cimv2") $colItems = $objWMIService.ExecQuery("SELECT * FROM Win32_Process", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly) ;$colItems = $objWMIService.ExecQuery("Select * from Win32_Process",,48) $output = "" For $objItem in $colItems $Output = $Output & "Name: " & $objItem.Name & @CRLF $Output = $Output & "ParentProcessId: " & $objItem.ParentProcessId & @CRLF $Output = $Output & "ProcessId: " & $objItem.ProcessId & @CRLF Next clipPut($output) Cheers Kurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *
killaz219 Posted August 1, 2006 Author Posted August 1, 2006 WMI can give you that information.CheersKurtThx I'll try it out
/dev/null Posted August 1, 2006 Posted August 1, 2006 Thx I'll try it outO.K. You could start with @AutoItPID, then retrieve the PID and Paren PID of all process and compare the PID to @AutoItPID ==> Parent PID is then known.CheersKurt __________________________________________________________(l)user: Hey admin slave, how can I recover my deleted files?admin: No problem, there is a nice tool. It's called rm, like recovery method. Make sure to call it with the "recover fast" option like this: rm -rf *
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now