With MBAM (Malwarebytes Anti-Malware) 2.x, CLI support has been removed. It's planned to be added back in the future, but they said that back with 2.0 and here we are still waiting.
This script was tested and designed for the free home version 2.1.6.1022 of MBAM (screenshot below).
#SingleInstance force #Persistent detectHiddenWindows,on folder:="C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs" title:="Malwarebytes Anti-Malware" logCount:=ComObjCreate("Shell.Application").NameSpace(folder).Items.Count run "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe","C:\Program Files (x86)\Malwarebytes Anti-Malware",hide winWait,% title sleep 2000 winGetPos,,,cw,ch,% title controlClick,% "x" cw//2 " y" ch-65,% title winMinimize,% title while(ComObjCreate("Shell.Application").NameSpace(folder).Items.Count=logCount) sleep 1000 loop,files,% folder "\mbam*.xml" { if(a_index=1){ lFile:=a_loopFileName,file:=lFile lFileT:=a_loopFileTimeCreated continue } file:=lFileT>a_loopFileTimeCreated?lFile:a_loopFileName } subPattern:=["<file><path>","</path><vendor>","</vendor><action>","</action><hash>","</hash></file>"] replacePattern:=["Path: ","Vendor: ","Action: ","Hash: ","`n"] regExMatch(file,"O)" subPattern[1] ".*" subPattern[2] ".*" subPattern[3] ".*" subPattern[4] ".*" subPattern[5],foundObjects) loop { if(foundObjects.Pos(a_index)="") break tp:=foundObjects.Value(a_index) for i,a in subPattern{ tp:=strReplace(tp,subPattern[i],a,replacePattern[i]) } strOut.=tp } if(strOut){ msgbox,,Detected Objects,% strOut winActivate,% title } else winClose,% title exitApp
If anyone could find a less arbitrary method of a "silent" scan initialization, that would be nice.
Notes:
Using the PID/HWND is unreliable; opens a second instance for heuristics. Window class too generic.
Seems to require a small window of time to load elements into the gui (minimizing immediately results in a blank gui).
No visible controls.