AutoHotkey Homepage AutoHotkey Community
Let's help each other out
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

process list+file names+command lines
Goto page 1, 2  Next
 
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions
View previous topic :: View next topic  
Author Message
shimanov



Joined: 25 Sep 2005
Posts: 612
PostPosted: Thu Mar 30, 2006 7:54 pm    Post subject: process list+file names+command lines Reply with quote
Enumerate processes, identify associated file names, identify command lines. I'll have to elaborate later.

Replicates functionality of tool described in another post.

notes:
    * tested with Windows XP SP2
    * read-only operations
    * requires debugging privilege (usually assigned to Administrator accounts) for comprehensive information


Code:
OnExit, HandleExit

success := DllCall( "advapi32.dll\LookupPrivilegeValueA"
                  , "uint", 0
                  , "str", "SeDebugPrivilege"
                  , "int64*", luid_SeDebugPrivilege )
if ( ReportError( ErrorLevel or !success
            , "LookupPrivilegeValue: SeDebugPrivilege"
            , "success = " success ) )
   ExitApp

Process, Exist
pid_this := ErrorLevel

hp_this := DllCall( "OpenProcess"
                  , "uint", 0x400                                 ; PROCESS_QUERY_INFORMATION
                  , "int", false
                  , "uint", pid_this )
if ( ReportError( ErrorLevel or hp_this = 0
            , "OpenProcess: pid_this"
            , "hp_this = " hp_this ) )
   ExitApp

success := DllCall( "advapi32.dll\OpenProcessToken"
                  , "uint", hp_this
                  , "uint", 0x20                                 ; TOKEN_ADJUST_PRIVILEGES
                  , "uint*", ht_this )
if ( ReportError( ErrorLevel or !success
            , "OpenProcessToken: hp_this"
            , "success = " success ) )
   ExitApp

VarSetCapacity( token_info, 4+( 8+4 ), 0 )
   EncodeInteger( 1, 4, &token_info, 0 )
   EncodeInteger( luid_SeDebugPrivilege, 8, &token_info, 4 )
      EncodeInteger( 2, 4, &token_info, 12 )                           ; SE_PRIVILEGE_ENABLED

success := DllCall( "advapi32.dll\AdjustTokenPrivileges"
                  , "uint", ht_this
                  , "int", false
                  , "uint", &token_info
                  , "uint", 0
                  , "uint", 0
                  , "uint", 0 )
if ( ReportError( ErrorLevel or !success
            , "AdjustTokenPrivileges: ht_this; SeDebugPrivilege ~ SE_PRIVILEGE_ENABLED"
            , "success = " success ) )
   ExitApp

Gui, Add, ListView, x5 y5 w800 h400, PID|file name|command line
Gui, Show, x50 y50 w810 h410, EnumProcesses experiment

total := EnumProcesses( pid_list )

loop, parse, pid_list, |
   LV_Add( "", A_LoopField, GetModuleFileNameEx( A_LoopField ), GetRemoteCommandLine( A_LoopField ) )

LV_ModifyCol( 1, "Integer Sort AutoHdr" )
LV_ModifyCol( 2, "AutoHdr" )
LV_ModifyCol( 3, "AutoHdr" )
return

HandleExit:
   DllCall( "CloseHandle", "uint", ht_this )
   DllCall( "CloseHandle", "uint", hp_this )
ExitApp

F12::Reload

GuiClose:
ExitApp

EncodeInteger( p_value, p_size, p_address, p_offset )
{
   loop, %p_size%
      DllCall( "RtlFillMemory", "uint", p_address+p_offset+A_Index-1, "uint", 1, "uchar", p_value >> ( 8*( A_Index-1 ) ) )
}

ReportError( p_condition, p_title, p_extra )
{
   if p_condition
      MsgBox,
         ( LTrim
            [Error] %p_title%
            EL = %ErrorLevel%, LE = %A_LastError%
            
            %p_extra%
         )
   
   return, p_condition
}

EnumProcesses( byref r_pid_list )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return, false
   }
   
   pid_list_size := 4*1000
   VarSetCapacity( pid_list, pid_list_size )
   
   status := DllCall( "psapi.dll\EnumProcesses", "uint", &pid_list, "uint", pid_list_size, "uint*", pid_list_actual )
   if ( ErrorLevel or !status )
      return, false
      
   total := pid_list_actual//4

   r_pid_list=
   address := &pid_list
   loop, %total%
   {
      r_pid_list := r_pid_list "|" ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *( address+3 ) << 24 ) )
      address += 4
   }
   
   StringTrimLeft, r_pid_list, r_pid_list, 1
   
   return, total
}

GetModuleFileNameEx( p_pid )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return
   }

   h_process := DllCall( "OpenProcess", "uint", 0x10|0x400, "int", false, "uint", p_pid )
   if ( ErrorLevel or h_process = 0 )
      return
   
   name_size = 255
   VarSetCapacity( name, name_size )
   
   result := DllCall( "psapi.dll\GetModuleFileNameExA", "uint", h_process, "uint", 0, "str", name, "uint", name_size )
   
   DllCall( "CloseHandle", h_process )
   
   return, name
}

GetRemoteCommandLine( p_pid_target )
{
   hp_target := DllCall( "OpenProcess"
                     , "uint", 0x10                              ; PROCESS_VM_READ
                     , "int", false
                     , "uint", p_pid_target )
   if ( ErrorLevel or hp_target = 0 )
   {
      result = < error: OpenProcess > EL = %ErrorLevel%, LE = %A_LastError%, hp_target = %hp_target%
      Gosub, return
   }

   hm_kernel32 := DllCall( "GetModuleHandle", "str", "kernel32.dll" )

   pGetCommandLineA := DllCall( "GetProcAddress", "uint", hm_kernel32, "str", "GetCommandLineA" )

   buffer_size = 6
   VarSetCapacity( buffer, buffer_size )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pGetCommandLineA, "uint", &buffer, "uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 1 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      ppCommandLine += ( ( *( &buffer+A_Index ) ) << ( 8*( A_Index-1 ) ) )
   
   buffer_size = 4
   VarSetCapacity( buffer, buffer_size, 0 )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", ppCommandLine, "uint", &buffer, "uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 2 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      pCommandLine += ( ( *( &buffer+A_Index-1 ) ) << ( 8*( A_Index-1 ) ) )

   buffer_size = 32768
   VarSetCapacity( result, buffer_size, 1 )
   
   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
   if ( !success )
   {
      loop, %buffer_size%
      {
         success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine+A_Index-1, "uint", &result, "uint", 1, "uint", 0 )
         
         if ( !success or Asc( result ) = 0 )
         {
            buffer_size := A_Index
            break
         }
      }
      success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
      if ( ErrorLevel or !success )
      {
         result = < error: ReadProcessMemory 3 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
         Gosub, return
      }
   }

return:
   DllCall( "CloseHandle", "uint", hp_target )
   
   return, result
}
Back to top
View user's profile Send private message
Chris
Site Admin


Joined: 02 Mar 2004
Posts: 10465
PostPosted: Thu Mar 30, 2006 8:47 pm    Post subject: Reply with quote
Very impressive. I know this will be a popular topic, and it may also be of use when the time comes to work on a built-in "Process, List" command.

Thanks.
Back to top
View user's profile Send private message Send e-mail
evl



Joined: 24 Aug 2005
Posts: 1238
PostPosted: Thu Mar 30, 2006 8:54 pm    Post subject: Reply with quote
@ shimanov:
What took you so long - I posted about that other app in the CMDret thread almost 18 hours ago Wink (heavy sarcasm!). Very neat. I was thinking about making a script to store a list of running scripts (which requires knowing the command line parameter for autohotkey.exe) and then closing and restarting them after updating to a new version of autohotkey. Now it's a purely AHK solution I might use it in my Alt-Tab replacement too Very Happy
Back to top
View user's profile Send private message
shimanov



Joined: 25 Sep 2005
Posts: 612
PostPosted: Thu Mar 30, 2006 9:57 pm    Post subject: Reply with quote
to Chris:
    Thanks. It uses the standard EnumProcesses API to retrieve a list of processes, and some of the other mechanisms employed will likely limit its universality. But it seems to work fairly well otherwise.


to evl:
    18 hours? I should have abstained from sleeping, eating,... -- always some diversion to cope with.

    I actually posted the code, at this time, in response to your request in the other thread. If you look closely, GetRemoteCommandLine is actually GetCPA_file_name in a general form. The enhancement is realized with access to comprehensive information permitted by enabling the debugging privilege, which also affects the effectiveness of GetModuleFileNameEx.
Back to top
View user's profile Send private message
evl



Joined: 24 Aug 2005
Posts: 1238
PostPosted: Thu Mar 30, 2006 10:48 pm    Post subject: Reply with quote
@ shimanov:
Quote:
I should have abstained from sleeping
- I haven't got the hang of dreaming in AHK code yet either Smile

... and yes, that code does look awfully familiar now you mention it Laughing
Back to top
View user's profile Send private message
AngieX



Joined: 26 Nov 2006
Posts: 77
PostPosted: Mon Jan 22, 2007 4:38 am    Post subject: Reply with quote
Hi, can someone please examine the O.P. code, and please show me how to modify this so I can use it in a GUI 1 and GUI 2 scenario (where one GUI is the code above and the other is something else.... for now a blank GUI will do). I want this to be GUI 2 and a blank GUI 1....... but it keeps breaking when I try assigning the unique GUI value in there. I am not sure what is going on. Thank you so kindly for a guiding light! Very Happy
Back to top
View user's profile Send private message
PhiLho



Joined: 27 Dec 2005
Posts: 6721
Location: France (near Paris)
PostPosted: Mon Jan 22, 2007 10:03 am    Post subject: Reply with quote
Be a guide yourself, show us the code that breaks, perhaps we can put the finger on the problem...
_________________
vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")
Back to top
View user's profile Send private message Visit poster's website
AngieX



Joined: 26 Nov 2006
Posts: 77
PostPosted: Tue Jan 23, 2007 2:34 am    Post subject: Reply with quote
Oops, I am very sorry Embarassed

Code:



OnExit, HandleExit

success := DllCall( "advapi32.dll\LookupPrivilegeValueA"
                  , "uint", 0
                  , "str", "SeDebugPrivilege"
                  , "int64*", luid_SeDebugPrivilege )
if ( ReportError( ErrorLevel or !success
            , "LookupPrivilegeValue: SeDebugPrivilege"
            , "success = " success ) )
   ExitApp

Process, Exist
pid_this := ErrorLevel

hp_this := DllCall( "OpenProcess"
                  , "uint", 0x400                                 ; PROCESS_QUERY_INFORMATION
                  , "int", false
                  , "uint", pid_this )
if ( ReportError( ErrorLevel or hp_this = 0
            , "OpenProcess: pid_this"
            , "hp_this = " hp_this ) )
   ExitApp

success := DllCall( "advapi32.dll\OpenProcessToken"
                  , "uint", hp_this
                  , "uint", 0x20                                 ; TOKEN_ADJUST_PRIVILEGES
                  , "uint*", ht_this )
if ( ReportError( ErrorLevel or !success
            , "OpenProcessToken: hp_this"
            , "success = " success ) )
   ExitApp

VarSetCapacity( token_info, 4+( 8+4 ), 0 )
   EncodeInteger( 1, 4, &token_info, 0 )
   EncodeInteger( luid_SeDebugPrivilege, 8, &token_info, 4 )
      EncodeInteger( 2, 4, &token_info, 12 )                           ; SE_PRIVILEGE_ENABLED

success := DllCall( "advapi32.dll\AdjustTokenPrivileges"
                  , "uint", ht_this
                  , "int", false
                  , "uint", &token_info
                  , "uint", 0
                  , "uint", 0
                  , "uint", 0 )
if ( ReportError( ErrorLevel or !success
            , "AdjustTokenPrivileges: ht_this; SeDebugPrivilege ~ SE_PRIVILEGE_ENABLED"
            , "success = " success ) )
   ExitApp

Gui, Add, ListView, x5 y5 w800 h400, PID|file name|command line
Gui, Show, x50 y50 w810 h410, EnumProcesses experiment

total := EnumProcesses( pid_list )

loop, parse, pid_list, |
   LV_Add( "", A_LoopField, GetModuleFileNameEx( A_LoopField ), GetRemoteCommandLine( A_LoopField ) )

LV_ModifyCol( 1, "Integer Sort AutoHdr" )
LV_ModifyCol( 2, "AutoHdr" )
LV_ModifyCol( 3, "AutoHdr" )
return

HandleExit:
   DllCall( "CloseHandle", "uint", ht_this )
   DllCall( "CloseHandle", "uint", hp_this )
ExitApp

F12::Reload

GuiClose:
ExitApp

EncodeInteger( p_value, p_size, p_address, p_offset )
{
   loop, %p_size%
      DllCall( "RtlFillMemory", "uint", p_address+p_offset+A_Index-1, "uint", 1, "uchar", p_value >> ( 8*( A_Index-1 ) ) )
}

ReportError( p_condition, p_title, p_extra )
{
   if p_condition
      MsgBox,
         ( LTrim
            [Error] %p_title%
            EL = %ErrorLevel%, LE = %A_LastError%
           
            %p_extra%
         )
   
   return, p_condition
}

EnumProcesses( byref r_pid_list )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return, false
   }
   
   pid_list_size := 4*1000
   VarSetCapacity( pid_list, pid_list_size )
   
   status := DllCall( "psapi.dll\EnumProcesses", "uint", &pid_list, "uint", pid_list_size, "uint*", pid_list_actual )
   if ( ErrorLevel or !status )
      return, false
     
   total := pid_list_actual//4

   r_pid_list=
   address := &pid_list
   loop, %total%
   {
      r_pid_list := r_pid_list "|" ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *( address+3 ) << 24 ) )
      address += 4
   }
   
   StringTrimLeft, r_pid_list, r_pid_list, 1
   
   return, total
}

GetModuleFileNameEx( p_pid )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return
   }

   h_process := DllCall( "OpenProcess", "uint", 0x10|0x400, "int", false, "uint", p_pid )
   if ( ErrorLevel or h_process = 0 )
      return
   
   name_size = 255
   VarSetCapacity( name, name_size )
   
   result := DllCall( "psapi.dll\GetModuleFileNameExA", "uint", h_process, "uint", 0, "str", name, "uint", name_size )
   
   DllCall( "CloseHandle", h_process )
   
   return, name
}

GetRemoteCommandLine( p_pid_target )
{
   hp_target := DllCall( "OpenProcess"
                     , "uint", 0x10                              ; PROCESS_VM_READ
                     , "int", false
                     , "uint", p_pid_target )
   if ( ErrorLevel or hp_target = 0 )
   {
      result = < error: OpenProcess > EL = %ErrorLevel%, LE = %A_LastError%, hp_target = %hp_target%
      Gosub, return
   }

   hm_kernel32 := DllCall( "GetModuleHandle", "str", "kernel32.dll" )

   pGetCommandLineA := DllCall( "GetProcAddress", "uint", hm_kernel32, "str", "GetCommandLineA" )

   buffer_size = 6
   VarSetCapacity( buffer, buffer_size )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pGetCommandLineA, "uint", &buffer, "uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 1 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      ppCommandLine += ( ( *( &buffer+A_Index ) ) << ( 8*( A_Index-1 ) ) )
   
   buffer_size = 4
   VarSetCapacity( buffer, buffer_size, 0 )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", ppCommandLine, "uint", &buffer, "uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 2 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      pCommandLine += ( ( *( &buffer+A_Index-1 ) ) << ( 8*( A_Index-1 ) ) )

   buffer_size = 32768
   VarSetCapacity( result, buffer_size, 1 )
   
   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
   if ( !success )
   {
      loop, %buffer_size%
      {
         success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine+A_Index-1, "uint", &result, "uint", 1, "uint", 0 )
         
         if ( !success or Asc( result ) = 0 )
         {
            buffer_size := A_Index
            break
         }
      }
      success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
      if ( ErrorLevel or !success )
      {
         result = < error: ReadProcessMemory 3 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
         Gosub, return
      }
   }

return:
   DllCall( "CloseHandle", "uint", hp_target )
   
   return, result
}



Basically, I would like to use this, but in a GUI 2 or GUI 3 scenerio Wink I am trying to absorb all the finer points of coding here, and this one is sort-of difficult.
Back to top
View user's profile Send private message
PhiLho



Joined: 27 Dec 2005
Posts: 6721
Location: France (near Paris)
PostPosted: Tue Jan 23, 2007 8:57 am    Post subject: Reply with quote
The code you gave works fine on my system, WinXP SP2...
You wrote:
Quote:
I want this to be GUI 2 and a blank GUI 1....... but it keeps breaking when I try assigning the unique GUI value in there.
That's this code you should show. I suggest you edit your previous message to show your best try. Smile
_________________
vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")
Back to top
View user's profile Send private message Visit poster's website
AngieX



Joined: 26 Nov 2006
Posts: 77
PostPosted: Thu Jan 25, 2007 7:36 pm    Post subject: Reply with quote
I must be slipping today!

I didn't even put GUI 2 in there to demonstrate what I mean. See this version, I only changed the GUI control to 2. I looked all over this code and do not see how to reassign data to flow into 2
Code:


OnExit, HandleExit

success := DllCall( "advapi32.dll\LookupPrivilegeValueA"
                  , "uint", 0
                  , "str", "SeDebugPrivilege"
                  , "int64*", luid_SeDebugPrivilege )
if ( ReportError( ErrorLevel or !success
            , "LookupPrivilegeValue: SeDebugPrivilege"
            , "success = " success ) )
   ExitApp

Process, Exist
pid_this := ErrorLevel

hp_this := DllCall( "OpenProcess"
                  , "uint", 0x400                                 ; PROCESS_QUERY_INFORMATION
                  , "int", false
                  , "uint", pid_this )
if ( ReportError( ErrorLevel or hp_this = 0
            , "OpenProcess: pid_this"
            , "hp_this = " hp_this ) )
   ExitApp

success := DllCall( "advapi32.dll\OpenProcessToken"
                  , "uint", hp_this
                  , "uint", 0x20                                 ; TOKEN_ADJUST_PRIVILEGES
                  , "uint*", ht_this )
if ( ReportError( ErrorLevel or !success
            , "OpenProcessToken: hp_this"
            , "success = " success ) )
   ExitApp

VarSetCapacity( token_info, 4+( 8+4 ), 0 )
   EncodeInteger( 1, 4, &token_info, 0 )
   EncodeInteger( luid_SeDebugPrivilege, 8, &token_info, 4 )
      EncodeInteger( 2, 4, &token_info, 12 )                           ; SE_PRIVILEGE_ENABLED

success := DllCall( "advapi32.dll\AdjustTokenPrivileges"
                  , "uint", ht_this
                  , "int", false
                  , "uint", &token_info
                  , "uint", 0
                  , "uint", 0
                  , "uint", 0 )
if ( ReportError( ErrorLevel or !success
            , "AdjustTokenPrivileges: ht_this; SeDebugPrivilege ~ SE_PRIVILEGE_ENABLED"
            , "success = " success ) )
   ExitApp

Gui, 2: Add, ListView, x5 y5 w800 h400, PID|file name|command line
Gui, 2: Show, x50 y50 w810 h410, EnumProcesses experiment

total := EnumProcesses( pid_list )

loop, parse, pid_list, |
   LV_Add( "", A_LoopField, GetModuleFileNameEx( A_LoopField ), GetRemoteCommandLine( A_LoopField ) )

LV_ModifyCol( 1, "Integer Sort AutoHdr" )
LV_ModifyCol( 2, "AutoHdr" )
LV_ModifyCol( 3, "AutoHdr" )
return

HandleExit:
   DllCall( "CloseHandle", "uint", ht_this )
   DllCall( "CloseHandle", "uint", hp_this )
ExitApp

F12::Reload

GuiClose:
ExitApp

EncodeInteger( p_value, p_size, p_address, p_offset )
{
   loop, %p_size%
      DllCall( "RtlFillMemory", "uint", p_address+p_offset+A_Index-1, "uint", 1, "uchar", p_value >> ( 8*(

A_Index-1 ) ) )
}

ReportError( p_condition, p_title, p_extra )
{
   if p_condition
      MsgBox,
         ( LTrim
            [Error] %p_title%
            EL = %ErrorLevel%, LE = %A_LastError%
           
            %p_extra%
         )
   
   return, p_condition
}

EnumProcesses( byref r_pid_list )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return, false
   }
   
   pid_list_size := 4*1000
   VarSetCapacity( pid_list, pid_list_size )
   
   status := DllCall( "psapi.dll\EnumProcesses", "uint", &pid_list, "uint", pid_list_size, "uint*",

pid_list_actual )
   if ( ErrorLevel or !status )
      return, false
     
   total := pid_list_actual//4

   r_pid_list=
   address := &pid_list
   loop, %total%
   {
      r_pid_list := r_pid_list "|" ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *(

address+3 ) << 24 ) )
      address += 4
   }
   
   StringTrimLeft, r_pid_list, r_pid_list, 1
   
   return, total
}

GetModuleFileNameEx( p_pid )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return
   }

   h_process := DllCall( "OpenProcess", "uint", 0x10|0x400, "int", false, "uint", p_pid )
   if ( ErrorLevel or h_process = 0 )
      return
   
   name_size = 255
   VarSetCapacity( name, name_size )
   
   result := DllCall( "psapi.dll\GetModuleFileNameExA", "uint", h_process, "uint", 0, "str", name, "uint",

name_size )
   
   DllCall( "CloseHandle", h_process )
   
   return, name
}

GetRemoteCommandLine( p_pid_target )
{
   hp_target := DllCall( "OpenProcess"
                     , "uint", 0x10                              ; PROCESS_VM_READ
                     , "int", false
                     , "uint", p_pid_target )
   if ( ErrorLevel or hp_target = 0 )
   {
      result = < error: OpenProcess > EL = %ErrorLevel%, LE = %A_LastError%, hp_target = %hp_target%
      Gosub, return
   }

   hm_kernel32 := DllCall( "GetModuleHandle", "str", "kernel32.dll" )

   pGetCommandLineA := DllCall( "GetProcAddress", "uint", hm_kernel32, "str", "GetCommandLineA" )

   buffer_size = 6
   VarSetCapacity( buffer, buffer_size )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pGetCommandLineA, "uint", &buffer,

"uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 1 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      ppCommandLine += ( ( *( &buffer+A_Index ) ) << ( 8*( A_Index-1 ) ) )
   
   buffer_size = 4
   VarSetCapacity( buffer, buffer_size, 0 )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", ppCommandLine, "uint", &buffer,

"uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 2 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      pCommandLine += ( ( *( &buffer+A_Index-1 ) ) << ( 8*( A_Index-1 ) ) )

   buffer_size = 32768
   VarSetCapacity( result, buffer_size, 1 )
   
   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint",

buffer_size, "uint", 0 )
   if ( !success )
   {
      loop, %buffer_size%
      {
         success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine+A_Index-1, "uint",

&result, "uint", 1, "uint", 0 )
         
         if ( !success or Asc( result ) = 0 )
         {
            buffer_size := A_Index
            break
         }
      }
      success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result,

"uint", buffer_size, "uint", 0 )
      if ( ErrorLevel or !success )
      {
         result = < error: ReadProcessMemory 3 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
         Gosub, return
      }
   }

return:
   DllCall( "CloseHandle", "uint", hp_target )
   
   return, result
}


Back to top
View user's profile Send private message
toralf



Joined: 31 Jan 2005
Posts: 3842
Location: Bremen, Germany
PostPosted: Thu Jan 25, 2007 7:53 pm    Post subject: Reply with quote
Please try if
Code:
Gui, 2:+Default
solves it?
_________________
Ciao
toralf
Back to top
View user's profile Send private message Send e-mail Visit poster's website
AngieX



Joined: 26 Nov 2006
Posts: 77
PostPosted: Thu Jan 25, 2007 7:58 pm    Post subject: Reply with quote
I tried adding 'Gui, 2:+Default' to the code I posted in my last message, and no go, unfortunately! Sad Sad
Back to top
View user's profile Send private message
toralf



Joined: 31 Jan 2005
Posts: 3842
Location: Bremen, Germany
PostPosted: Thu Jan 25, 2007 8:34 pm    Post subject: Reply with quote
Please check if between the following lines
Code:
total := EnumProcesses( pid_list )

loop, parse, pid_list, |
pid_list contains any data.

What exactly is not working?
_________________
Ciao
toralf
Back to top
View user's profile Send private message Send e-mail Visit poster's website
AngieX



Joined: 26 Nov 2006
Posts: 77
PostPosted: Fri Jan 26, 2007 12:48 am    Post subject: Reply with quote
Ah, it works if the GUI is set to 1, but if it's set to 2 or more, then upon running my last example of code it does not display any data in the GUI Sad
Back to top
View user's profile Send private message
BoBoĻ
Guest
PostPosted: Thu Sep 27, 2007 9:56 am    Post subject: Reply with quote
Quote:
Ah, it works if the GUI is set to 1, but if it's set to 2 or more, then upon running my last example of code it does not display any data in the GUI
If set to 1 (the master, btw obsolete) it shouldn't be a problem. If set to 2 (without an existing master) it won't work, right? Well, to create a master Gui, to which consecutive Guis are belonging, seems/is mandatory. If there's no master you're out of business.
Back to top
Display posts from previous:   
Post new topic   Reply to topic    AutoHotkey Community Forum Index -> Scripts & Functions All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum


Powered by phpBB © 2001, 2005 phpBB Group