cypher175 Posted April 12, 2010 Share Posted April 12, 2010 How would I modify your code Manko to only get the ProcessOwner of a single PID or process name..?? Link to comment Share on other sites More sharing options...
Manko Posted April 13, 2010 Author Share Posted April 13, 2010 Hi, Cypher175! I've done some changes... Look at first post! /Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Ascend4nt Posted April 13, 2010 Share Posted April 13, 2010 Manko, hows it goin! Hey - I just tested this, and a rewrite I did, on Vista x64. It turns out that anything in another Session # will not return Owner info unless Admin rights are given. Oh well, at least on earlier O/S's it seemed to work fine =\ My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
Manko Posted April 14, 2010 Author Share Posted April 14, 2010 Manko, hows it goin! Hey - I just tested this, and a rewrite I did, on Vista x64. It turns out that anything in another Session # will not return Owner info unless Admin rights are given. Oh well, at least on earlier O/S's it seemed to work fine =\Ascend4nt: Friend! Glad to see you back! Was the rewrite to get admin rights? Or did you change those first dwords to something else? It's good to see you!/Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Ascend4nt Posted April 14, 2010 Share Posted April 14, 2010 (edited) Oh, the rewrite was to fit in with this big Process functions module I did (1500+ lines not including the 'undocumented' module), and I had an older version of your function so it was only very slight modifications - a different way to calculate offsets (you originally had a hardcoded #), plus filtering capability. The admin rights of course is something ya need to do at the top of the script or during compiling..I've also experimented with creating a 'ProcessGetOwner' function for single processes, and it actually works on XP but for like 5% of processes on Vista+ it gives odd results. (Posted it -> here to see if anyone can help with it (and avoid hijacking Manko's thread))*edit: Even more peculiar, the WTS list reports 2 fewer instances of 'dllhost.exe' on the Vista box I'm testing it on. Can't quite figure out why it would be missing those, but the counts are definitely off.. Edited April 14, 2010 by Ascend4nt My contributions: Performance Counters in Windows - Measure CPU, Disk, Network etc Performance | Network Interface Info, Statistics, and Traffic | CPU Multi-Processor Usage w/o Performance Counters | Disk and Device Read/Write Statistics | Atom Table Functions | Process, Thread, & DLL Functions UDFs | Process CPU Usage Trackers | PE File Overlay Extraction | A3X Script Extract | File + Process Imports/Exports Information | Windows Desktop Dimmer Shade | Spotlight + Focus GUI - Highlight and Dim for Eyestrain Relief | CrossHairs (FullScreen) | Rubber-Band Boxes using GUI's (_GUIBox) | GUI Fun! | IE Embedded Control Versioning (use IE9+ and HTML5 in a GUI) | Magnifier (Vista+) Functions UDF | _DLLStructDisplay (Debug!) | _EnumChildWindows (controls etc) | _FileFindEx | _ClipGetHTML | _ClipPutHTML + ClipPutHyperlink | _FileGetShortcutEx | _FilePropertiesDialog | I/O Port Functions | File(s) Drag & Drop | _RunWithReducedPrivileges | _ShellExecuteWithReducedPrivileges | _WinAPI_GetSystemInfo | dotNETGetVersions | Drive(s) Power Status | _WinGetDesktopHandle | _StringParseParameters | Screensaver, Sleep, Desktop Lock Disable | Full-Screen Crash Recovery Wrappers/Modifications of others' contributions: _DOSWildcardsToPCRegEx (original code: RobSaunder's) | WinGetAltTabWinList (original: Authenticity) UDF's added support/programming to: _ExplorerWinGetSelectedItems | MIDIEx UDF (original code: eynstyne) (All personal code/wrappers centrally located at Ascend4nt's AutoIT Code) Link to comment Share on other sites More sharing options...
Gianni Posted August 24, 2012 Share Posted August 24, 2012 hello all how this function could be used to provide information about the processes from remote machines? thank you. Chimp small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt.... Link to comment Share on other sites More sharing options...
Manko Posted August 27, 2012 Author Share Posted August 27, 2012 (edited) Check out "WTSEnumerateProcesses" API-call on MSDN. (First hit if you google it.) You'll have to edit the function... Dunno if it's any good remotely... seems like it uses netbios... /Manko Edited August 27, 2012 by Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Gianni Posted September 2, 2012 Share Posted September 2, 2012 thanks Manko,....too difficult for me to use the windows api...I think I will use the dos command "tasklist" with the / s parameter (as suggested here: ) although this command, unlike your function requires administrative rights on the remote machine, but for my purpose can also be effective.thank you again. Chimp small minds discuss people average minds discuss events great minds discuss ideas.... and use AutoIt.... Link to comment Share on other sites More sharing options...
francoiste Posted February 7, 2018 Share Posted February 7, 2018 i have spawned a follow-up question in: https://www.autoitscript.com/forum/topic/192333-crash-in-dllstructgetdata/ Link to comment Share on other sites More sharing options...
francoiste Posted February 16, 2018 Share Posted February 16, 2018 (edited) proposed fix (to check the actual StringLength): expandcollapse popup#include <array.au3> ; Needed to display array in example. #include <security.au3> ; Get OWNER from SID. $tag_WTS_PROCESS_INFO = _ "DWORD SessionId;" & _ "DWORD ProcessId;" & _ "PTR pProcessName;" & _ "PTR pUserSid" ; ############ Example code ####################### MsgBox(0, "Process by name or number(PID)", "'Owner' of Explorer.exe is " & _ProcessListOWNER_WTS("Explorer.exe")) $temp = _ProcessListOWNER_WTS() $temp[0][0] = "Process" $temp[0][1] = "ProcessId" $temp[0][2] = "SessionId" $temp[0][3] = "ProcessOWNER" _ArrayDisplay($temp, "Process list with OWNER...") ; ############################################### ; ############ Here be func! #################### Func _ProcessListOWNER_WTS($PID = 0) Local $i, $ret, $ret1, $mem $ret = DllCall("WTSApi32.dll", "int", "WTSEnumerateProcessesW", "int", 0, "int", 0, "int", 1, "ptr*", 0, "int*", 0) Local $array[$ret[5]][4] $mem = DllStructCreate($tag_WTS_PROCESS_INFO, $ret[4]) For $i = 0 To $ret[5] - 1 $mem = DllStructCreate($tag_WTS_PROCESS_INFO, $ret[4] + ($i * DllStructGetSize($mem))) ;if DllStructGetData($mem, "pProcessName") Then Local $pData = DllStructGetData($mem, "pProcessName") Local $iStringLen = _PtrStringLenW($pData) Local $pName = DllStructCreate("wchar[" & $iStringLen + 1 & "]", $pData) $array[$i][0] = DllStructGetData($pName, 1) ;EndIf $array[$i][1] = DllStructGetData($mem, "ProcessId") $array[$i][2] = DllStructGetData($mem, "SessionId") ;if DllStructGetData($mem, "pUserSid") Then $ret1 = _Security__LookupAccountSid(DllStructGetData($mem, "pUserSid")) If IsArray($ret1) Then $array[$i][3] = $ret1[0] ;EndIf Next DllCall("WTSApi32.dll", "int", "WTSFreeMemory", "int", $ret[4]) If $PID Then If IsInt($PID) Then For $i = 0 To UBound($array, 1) - 1 If $array[$i][1] = $PID Then Return $array[$i][3] EndIf Next Else For $i = 0 To UBound($array, 1) - 1 If $array[$i][0] = $PID Then Return $array[$i][3] EndIf Next EndIf EndIf Return $array EndFunc ;==>_ProcessListOWNER_WTS ;################################ END FUNC ########################################## Func _PtrStringLenW($pString) Local $aCall = DllCall("kernel32.dll", "dword", "lstrlenW", "ptr", $pString) If @error Then Return SetError(1, 0, 0) Return $aCall[0] EndFunc ;==>_PtrStringLenW Edited February 20, 2018 by francoiste Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now