cypher175 Posted May 13, 2009 Posted May 13, 2009 Is there any Code/Function to check if a specific process is running under User or System Privileges..??
spudw2k Posted May 13, 2009 Posted May 13, 2009 (edited) Is there any Code/Function to check if a specific process is running under User or System Privileges..??You can try a WMI query. I believe the container you are interested in is Win32_Process, and you'll need to call the getuser() getowner() method. This example can be tailored to your needs. _ProcessRetrieve() Func _ProcessRetrieve($host = @ComputerName,$usr=0) $objWMIService = ObjGet("winmgmts:{impersonationLevel=impersonate}!\\" & $host & "\root\cimv2") If not IsObj($objWMIService) Then Return 0 $colItems = $objWMIService.ExecQuery ("SELECT * FROM Win32_Process") For $objItem in $colItems $objItem.GetOwner($usr) ConsoleWrite($objItem.Name & ":" & $objItem.ProcessId & @TAB) ConsoleWrite($usr & @CRLF) Next Return 1 EndFunc Edited May 13, 2009 by spudw2k Spoiler Things I've Made: Always On Top Tool ◊ AU History ◊ Deck of Cards ◊ HideIt ◊ ICU ◊ Icon Freezer ◊ Ipod Ejector ◊ Junos Configuration Explorer ◊ Link Downloader ◊ MD5 Folder Enumerator ◊ PassGen ◊ Ping Tool ◊ Quick NIC ◊ Read OCR ◊ RemoteIT ◊ SchTasksGui ◊ SpyCam ◊ System Scan Report Tool ◊ System UpTime ◊ Transparency Machine ◊ VMWare ESX Builder Misc Code Snippets: ADODB Example ◊ CheckHover ◊ Detect SafeMode ◊ DynEnumArray ◊ GetNetStatData ◊ HashArray ◊ IsBetweenDates ◊ Local Admins ◊ Make Choice ◊ Recursive File List ◊ Remove Sizebox Style ◊ Retrieve PNPDeviceID ◊ Retrieve SysListView32 Contents ◊ Set IE Homepage ◊ Tickle Expired Password ◊ Transpose Array Projects: Drive Space Usage GUI ◊ LEDkIT ◊ Plasma_kIt ◊ Scan Engine Builder ◊ SpeeDBurner ◊ SubnetCalc Cool Stuff: AutoItObject UDF ◊ Extract Icon From Proc ◊ GuiCtrlFontRotate ◊ Hex Edit Funcs ◊ Run binary ◊ Service_UDF
WideBoyDixon Posted May 13, 2009 Posted May 13, 2009 Alternatively try: OpenProcessToken GetTokenInformation LookupAccountSid All in Advapi32.dll I think (being lazy and not checking). WBD [center]Wide by name, Wide by nature and Wide by girth[u]Scripts[/u]{Hot Folders} {Screen Calipers} {Screen Crosshairs} {Cross-Process Subclassing} {GDI+ Clock} {ASCII Art Signatures}{Another GDI+ Clock} {Desktop Goldfish} {Game of Life} {3D Pie Chart} {Stock Tracker}[u]UDFs[/u]{_FileReplaceText} {_ArrayCompare} {_ToBase}~ My Scripts On Google Code ~[/center]
cypher175 Posted May 14, 2009 Author Posted May 14, 2009 Alternatively try:OpenProcessTokenGetTokenInformationLookupAccountSidAll in Advapi32.dll I think (being lazy and not checking).WBDare those Autoit UDF's or something else..?? How would i use those functions that you listed..??
FreeFry Posted May 14, 2009 Posted May 14, 2009 (edited) using DllCallEdit:I took some time to dig in how those functions works, and found that all of the functions needed are actually included as UDF's in autoit:#include <Security.au3> #include <Constants.au3> ConsoleWrite("Process explorer.exe is running under user: " & _ProcessGetOwner("explorer.exe") & @LF) Func _ProcessGetOwner($ivPID) $ivPID = ProcessExists($ivPID) If Not $ivPID Then Return(SetError(1, 0, 0)) Local Const $TOKEN_READ = 0x00020000+0x0008; STANDARD_RIGHTS_READ+TOKEN_QUERY Local $hvProcess = _WinAPI_OpenProcess($PROCESS_QUERY_INFORMATION, False, $ivPID, False) Local $hvToken = _Security__OpenProcessToken($hvProcess, $TOKEN_READ) Local $bvSID = _Security__GetTokenInformation($hvToken, $TOKENOWNER) Local $avRet = DllStructCreate("ulong", DllStructGetPtr($bvSID)) $avRet = _Security__SidToStringSid(DllStructGetData($avRet, 1)) $avRet = _Security__LookupAccountSid($avRet) _WinAPI_CloseHandle($hvProcess) _WinAPI_CloseHandle($hvToken) If Not IsArray($avRet) Then Return(SetError(1, 0, "")) Return(SetError(0, $avRet[2], $avRet[0])) EndFunc Edited May 14, 2009 by FreeFry
cypher175 Posted May 15, 2009 Author Posted May 15, 2009 would there be anyway using those same or other functions to check the CPU% Usage of a Specified Process..??
rajeshontheweb Posted May 15, 2009 Posted May 15, 2009 try to go through processlistproperties udf and u'll find most of your process information listing needs are resolved. Started late is much better than having never started it!!!!Failure is another step towards success. I've been messing around with: Adding Entry to 'Hosts'File Information Lister (Logger)Yet Another AutoIT Error Handler Yet Another AutoIT Error Handler & Debugger Control your App's TaskBar Button YCurrency Ticker (Latest Release : 16 Apr 2009)_WinInetInternetCheckConnection UDF Symantec Definitions Lister UDF _GetLocalIPAddresses UDF UDF to get Special Folder Information WMI_NetworkAdapterConfiguration2Array WMI_CDRomDriveCapabilities _ScriptExists - Check if your au3 script is running!! Uninstaller UDF Get Version for your application (at script level or compiled stage) Uninstaller Pro - faster alternative to windows application removal applet
cypher175 Posted May 15, 2009 Author Posted May 15, 2009 where is this processlistproperties udf at..?? i cant seem to locate it in the AutoIt Install directory..??
rajeshontheweb Posted May 15, 2009 Posted May 15, 2009 Forum Link _ProcessListProperties Started late is much better than having never started it!!!!Failure is another step towards success. I've been messing around with: Adding Entry to 'Hosts'File Information Lister (Logger)Yet Another AutoIT Error Handler Yet Another AutoIT Error Handler & Debugger Control your App's TaskBar Button YCurrency Ticker (Latest Release : 16 Apr 2009)_WinInetInternetCheckConnection UDF Symantec Definitions Lister UDF _GetLocalIPAddresses UDF UDF to get Special Folder Information WMI_NetworkAdapterConfiguration2Array WMI_CDRomDriveCapabilities _ScriptExists - Check if your au3 script is running!! Uninstaller UDF Get Version for your application (at script level or compiled stage) Uninstaller Pro - faster alternative to windows application removal applet
Sundance Posted June 10, 2009 Posted June 10, 2009 using DllCall Edit: I took some time to dig in how those functions works, and found that all of the functions needed are actually included as UDF's in autoit: #include <Security.au3> #include <Constants.au3> ConsoleWrite("Process explorer.exe is running under user: " & _ProcessGetOwner("explorer.exe") & @LF) Func _ProcessGetOwner($ivPID) $ivPID = ProcessExists($ivPID) If Not $ivPID Then Return(SetError(1, 0, 0)) Local Const $TOKEN_READ = 0x00020000+0x0008; STANDARD_RIGHTS_READ+TOKEN_QUERY Local $hvProcess = _WinAPI_OpenProcess($PROCESS_QUERY_INFORMATION, False, $ivPID, False) Local $hvToken = _Security__OpenProcessToken($hvProcess, $TOKEN_READ) Local $bvSID = _Security__GetTokenInformation($hvToken, $TOKENOWNER) Local $avRet = DllStructCreate("ulong", DllStructGetPtr($bvSID)) $avRet = _Security__SidToStringSid(DllStructGetData($avRet, 1)) $avRet = _Security__LookupAccountSid($avRet) _WinAPI_CloseHandle($hvProcess) _WinAPI_CloseHandle($hvToken) If Not IsArray($avRet) Then Return(SetError(1, 0, "")) Return(SetError(0, $avRet[2], $avRet[0])) EndFunc Hi FreeFry, what value has $TOKENOWNER? I looked at MSDN. Is it 1? greetz Sundance
Sundance Posted December 3, 2009 Posted December 3, 2009 Ah, thx !LolAfter 6 month i had not written down your answer and i can't see your post here .. :-)What was the value of $Tokenonwner again?thxSundance
jvanegmond Posted December 3, 2009 Posted December 3, 2009 Lol After 6 month i had not written down your answer and i can't see your post here .. :-) What was the value of $Tokenonwner again? thx Sundance Hello, the value is known to the AutoIt script, so it must be defined somewhere. Probably in the includes, because it's not in the main script. With this information, we go to: C:\Program Files\AutoIt3\Include\SecurityConstants.au3 (it was not in Security.au3) We find this value: Global Const $TOKENOWNER = 4 Your answer is 4. You could have seen it all by yourself, very easily. github.com/jvanegmond
Sundance Posted December 3, 2009 Posted December 3, 2009 (edited) Hello, the value is known to the AutoIt script, so it must be defined somewhere. Probably in the includes, because it's not in the main script. With this information, we go to: C:\Program Files\AutoIt3\Include\SecurityConstants.au3 (it was not in Security.au3) We find this value: Global Const $TOKENOWNER = 4 Your answer is 4. You could have seen it all by yourself, very easily. Thx Manadar, i looked at the Security.au3 and wondered where it could be defined. You are right, i should have been iritated why AutoIt knows about $TokenOwner.... Thx for your quick reply Sundance Edited December 4, 2009 by Sundance
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now