[Q & A] Processes / Threads / Handles / Modules

Get help with using AutoHotkey and its commands and hotkeys
whynotregister
Posts: 110
Joined: 05 Nov 2016, 22:42

[Q & A] Processes / Threads / Handles / Modules

09 Dec 2016, 20:52

I was seeking information about the thread, and this post resolved it.
Thank you very much.
whynotregister
Posts: 110
Joined: 05 Nov 2016, 22:42

Re: [Functions] Processes / Threads / Modules

31 Jan 2017, 21:03

thank you good script.
Is there a way to know the filename of the thread?
Image
haucher
Posts: 2
Joined: 29 Mar 2017, 11:57

Re: [Functions] Processes / Threads / Modules

29 Mar 2017, 12:00

GetProcessHandles does not work Handle return is strange.
User avatar
jNizM
Posts: 2530
Joined: 30 Sep 2013, 01:33
GitHub: jNizM
Contact:

Re: [Functions] Processes / Threads / Modules

29 Mar 2017, 12:24

Why? Process handles are no unique numbers like processes are.
[AHK] 1.1.30.03 x64 Unicode | [WIN] 10 Pro (Version 1909) x64 | [GitHub] Profile
Donations are appreciated if I could help you
haucher
Posts: 2
Joined: 29 Mar 2017, 11:57

Re: [Functions] Processes / Threads / Modules

29 Mar 2017, 13:14

jNizM wrote:Why? Process handles are no unique numbers like processes are.
Is it possible to know the pid that has a certain process handle?
User avatar
jNizM
Posts: 2530
Joined: 30 Sep 2013, 01:33
GitHub: jNizM
Contact:

Re: [Q & A] Processes / Threads / Modules

30 Mar 2017, 01:52

I will look into it

edit:
Changed GetProcessHandles
-> new returns (Handle-Type and FilePath if Type is File)

Will look for more informations
[AHK] 1.1.30.03 x64 Unicode | [WIN] 10 Pro (Version 1909) x64 | [GitHub] Profile
Donations are appreciated if I could help you
whynotregister
Posts: 110
Joined: 05 Nov 2016, 22:42

Re: [Q & A] Processes / Threads / Modules

30 Mar 2017, 04:39

jNizM wrote:I will look into it

edit:
Changed GetProcessHandles
-> new returns (Handle-Type and FilePath if Type is File)

Will look for more informations
Thank you for sharing the script

There seems to be an error.
Image


The list of paths that own handles for the same process is different (process explorer / GetProcessHandles).
Also, when I perform "open process" with the cheat engine, I can not confirm it with "GetProcessHandles"
and, it does not check the Windows processes that own handles of all processes that run automatically, such as csrss and svchost.
User avatar
jNizM
Posts: 2530
Joined: 30 Sep 2013, 01:33
GitHub: jNizM
Contact:

Re: [Q & A] Processes / Threads / Handles / Modules

30 Mar 2017, 05:49

Changed GetProcessHandles
-> added handle name

Code: Select all

for i, v in GetProcessHandles(pid)
    MsgBox % "Handle:`t"   v.Handle    "`n"
           . "Type:`t"     v.Type      "`n"
           . "Name:`t"     v.Name      "`n"
           . "Path:`t"     v.FilePath
atm it returns all handels (+ type / name / filepath) from a pid

The Process Explorer Search returns all processes who used your searched process (handle)

btw you got some unicode problems in your output
[AHK] 1.1.30.03 x64 Unicode | [WIN] 10 Pro (Version 1909) x64 | [GitHub] Profile
Donations are appreciated if I could help you
whynotregister
Posts: 110
Joined: 05 Nov 2016, 22:42

Re: [Q & A] Processes / Threads / Handles / Modules

30 Mar 2017, 06:47

jNizM wrote:Changed GetProcessHandles
-> added handle name

Code: Select all

for i, v in GetProcessHandles(pid)
    MsgBox % "Handle:`t"   v.Handle    "`n"
           . "Type:`t"     v.Type      "`n"
           . "Name:`t"     v.Name      "`n"
           . "Path:`t"     v.FilePath
atm it returns all handels (+ type / name / filepath) from a pid

The Process Explorer Search returns all processes who used your searched process (handle)

btw you got some unicode problems in your output

For example, if you run "openprocess" on 1.exe with the cheat engine, you will not be able to check it with "GetProcessHandles".
Is it working properly?
User avatar
jNizM
Posts: 2530
Joined: 30 Sep 2013, 01:33
GitHub: jNizM
Contact:

Re: [Q & A] Processes / Threads / Handles / Modules

30 Mar 2017, 07:51

I will see what I can do but I will never get all handles like the ProcessExplorer does
In 64 bit versions of Windows, starting from Vista, Microsoft has enforced that any program that is supposed to be loaded into the kernel space should be digitally signed by Microsoft.
[AHK] 1.1.30.03 x64 Unicode | [WIN] 10 Pro (Version 1909) x64 | [GitHub] Profile
Donations are appreciated if I could help you
whynotregister
Posts: 110
Joined: 05 Nov 2016, 22:42

Re: [Q & A] Processes / Threads / Handles / Modules

30 Mar 2017, 07:55

jNizM wrote:I will see what I can do but I will never get all handles like the ProcessExplorer does
In 64 bit versions of Windows, starting from Vista, Microsoft has enforced that any program that is supposed to be loaded into the kernel space should be digitally signed by Microsoft.
Thank you very much. :D

Return to “Ask For Help”

Who is online

Users browsing this forum: Albireo, Bing [Bot], Google [Bot], Odlanir, pn4265 and 244 guests