Jump to content

Sky Slate Blueberry Blackcurrant Watermelon Strawberry Orange Banana Apple Emerald Chocolate
Photo

process list+file names+command lines


  • Please log in to reply
21 replies to this topic
shimanov
  • Members
  • 610 posts
  • Last active: Jul 18 2006 08:35 PM
  • Joined: 25 Sep 2005
Enumerate processes, identify associated file names, identify command lines. I'll have to elaborate later.

Replicates functionality of tool described in another post.

notes:
* tested with Windows XP SP2
* read-only operations
* requires debugging privilege (usually assigned to Administrator accounts) for comprehensive information
OnExit, HandleExit

success := DllCall( "advapi32.dll\LookupPrivilegeValueA"
						, "uint", 0
						, "str", "SeDebugPrivilege"
						, "int64*", luid_SeDebugPrivilege )
if ( ReportError( ErrorLevel or !success
				, "LookupPrivilegeValue: SeDebugPrivilege"
				, "success = " success ) )
	ExitApp

Process, Exist
pid_this := ErrorLevel

hp_this := DllCall( "OpenProcess"
						, "uint", 0x400											; PROCESS_QUERY_INFORMATION
						, "int", false
						, "uint", pid_this )
if ( ReportError( ErrorLevel or hp_this = 0
				, "OpenProcess: pid_this"
				, "hp_this = " hp_this ) )
	ExitApp

success := DllCall( "advapi32.dll\OpenProcessToken"
						, "uint", hp_this
						, "uint", 0x20											; TOKEN_ADJUST_PRIVILEGES
						, "uint*", ht_this )
if ( ReportError( ErrorLevel or !success
				, "OpenProcessToken: hp_this"
				, "success = " success ) )
	ExitApp

VarSetCapacity( token_info, 4+( 8+4 ), 0 )
	EncodeInteger( 1, 4, &token_info, 0 )
	EncodeInteger( luid_SeDebugPrivilege, 8, &token_info, 4 )
		EncodeInteger( 2, 4, &token_info, 12 )									; SE_PRIVILEGE_ENABLED

success := DllCall( "advapi32.dll\AdjustTokenPrivileges"
						, "uint", ht_this
						, "int", false
						, "uint", &token_info
						, "uint", 0
						, "uint", 0
						, "uint", 0 )
if ( ReportError( ErrorLevel or !success
				, "AdjustTokenPrivileges: ht_this; SeDebugPrivilege ~ SE_PRIVILEGE_ENABLED"
				, "success = " success ) )
	ExitApp

Gui, Add, ListView, x5 y5 w800 h400, PID|file name|command line
Gui, Show, x50 y50 w810 h410, EnumProcesses experiment

total := EnumProcesses( pid_list )

loop, parse, pid_list, |
   LV_Add( "", A_LoopField, GetModuleFileNameEx( A_LoopField ), GetRemoteCommandLine( A_LoopField ) )

LV_ModifyCol( 1, "Integer Sort AutoHdr" )
LV_ModifyCol( 2, "AutoHdr" )
LV_ModifyCol( 3, "AutoHdr" )
return

HandleExit:
	DllCall( "CloseHandle", "uint", ht_this )
	DllCall( "CloseHandle", "uint", hp_this )
ExitApp

F12::Reload

GuiClose:
ExitApp

EncodeInteger( p_value, p_size, p_address, p_offset )
{
	loop, %p_size%
		DllCall( "RtlFillMemory", "uint", p_address+p_offset+A_Index-1, "uint", 1, "uchar", p_value >> ( 8*( A_Index-1 ) ) )
}

ReportError( p_condition, p_title, p_extra )
{
	if p_condition
		MsgBox,
			( LTrim
				[Error] %p_title%
				EL = %ErrorLevel%, LE = %A_LastError%
				
				%p_extra%
			)
	
	return, p_condition
}

EnumProcesses( byref r_pid_list )
{
	if A_OSVersion in WIN_95,WIN_98,WIN_ME 
	{
		MsgBox, This Windows version (%A_OSVersion%) is not supported.
		return, false
	}
	
	pid_list_size := 4*1000
	VarSetCapacity( pid_list, pid_list_size )
	
	status := DllCall( "psapi.dll\EnumProcesses", "uint", &pid_list, "uint", pid_list_size, "uint*", pid_list_actual )
	if ( ErrorLevel or !status )
		return, false
		
	total := pid_list_actual//4

	r_pid_list=
	address := &pid_list
	loop, %total%
	{
		r_pid_list := r_pid_list "|" ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *( address+3 ) << 24 ) )
		address += 4
	}
	
	StringTrimLeft, r_pid_list, r_pid_list, 1
	
	return, total
}

GetModuleFileNameEx( p_pid )
{
	if A_OSVersion in WIN_95,WIN_98,WIN_ME 
	{
		MsgBox, This Windows version (%A_OSVersion%) is not supported.
		return
	}

	h_process := DllCall( "OpenProcess", "uint", 0x10|0x400, "int", false, "uint", p_pid )
	if ( ErrorLevel or h_process = 0 )
		return
	
	name_size = 255
	VarSetCapacity( name, name_size )
	
	result := DllCall( "psapi.dll\GetModuleFileNameExA", "uint", h_process, "uint", 0, "str", name, "uint", name_size )
	
	DllCall( "CloseHandle", [color=red]"uint"[/color], h_process ) ; [color=red]Corrected[/color] [color=black]by Moderator! 2010-03-16[/color]
	
	return, name
}

GetRemoteCommandLine( p_pid_target )
{
	hp_target := DllCall( "OpenProcess"
							, "uint", 0x10										; PROCESS_VM_READ
							, "int", false
							, "uint", p_pid_target )
	if ( ErrorLevel or hp_target = 0 )
	{
		result = < error: OpenProcess > EL = %ErrorLevel%, LE = %A_LastError%, hp_target = %hp_target%
		Gosub, return
	}

	hm_kernel32 := DllCall( "GetModuleHandle", "str", "kernel32.dll" )

	pGetCommandLineA := DllCall( "GetProcAddress", "uint", hm_kernel32, "str", "GetCommandLineA" )

	buffer_size = 6 
	VarSetCapacity( buffer, buffer_size ) 

	success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pGetCommandLineA, "uint", &buffer, "uint", buffer_size, "uint", 0 )
	if ( ErrorLevel or !success )
	{
		result = < error: ReadProcessMemory 1 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
		Gosub, return
	}

	loop, 4
		ppCommandLine += ( ( *( &buffer+A_Index ) ) << ( 8*( A_Index-1 ) ) )
	
	buffer_size = 4
	VarSetCapacity( buffer, buffer_size, 0 ) 

	success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", ppCommandLine, "uint", &buffer, "uint", buffer_size, "uint", 0 )
	if ( ErrorLevel or !success )
	{
		result = < error: ReadProcessMemory 2 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
		Gosub, return
	}

	loop, 4
		pCommandLine += ( ( *( &buffer+A_Index-1 ) ) << ( 8*( A_Index-1 ) ) )

	buffer_size = 32768
	VarSetCapacity( result, buffer_size, 1 )
	
	success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
	if ( !success )
	{
		loop, %buffer_size%
		{
			success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine+A_Index-1, "uint", &result, "uint", 1, "uint", 0 )
			
			if ( !success or Asc( result ) = 0 )
			{
				buffer_size := A_Index
				break
			}
		}
		success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
		if ( ErrorLevel or !success )
		{
			result = < error: ReadProcessMemory 3 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
			Gosub, return
		}
	}

return:
	DllCall( "CloseHandle", "uint", hp_target )
	
	return, result
}


Chris
  • Administrators
  • 10727 posts
  • Last active:
  • Joined: 02 Mar 2004
Very impressive. I know this will be a popular topic, and it may also be of use when the time comes to work on a built-in "Process, List" command.

Thanks.

evl
  • Members
  • 1237 posts
  • Last active: Oct 20 2010 11:41 AM
  • Joined: 24 Aug 2005
@ shimanov:
What took you so long - I posted about that other app in the CMDret thread almost 18 hours ago :wink: (heavy sarcasm!). Very neat. I was thinking about making a script to store a list of running scripts (which requires knowing the command line parameter for autohotkey.exe) and then closing and restarting them after updating to a new version of autohotkey. Now it's a purely AHK solution I might use it in my Alt-Tab replacement too :D

shimanov
  • Members
  • 610 posts
  • Last active: Jul 18 2006 08:35 PM
  • Joined: 25 Sep 2005
to Chris:
Thanks. It uses the standard EnumProcesses API to retrieve a list of processes, and some of the other mechanisms employed will likely limit its universality. But it seems to work fairly well otherwise.
to evl:
18 hours? I should have abstained from sleeping, eating,... -- always some diversion to cope with.

I actually posted the code, at this time, in response to your request in the other thread. If you look closely, GetRemoteCommandLine is actually GetCPA_file_name in a general form. The enhancement is realized with access to comprehensive information permitted by enabling the debugging privilege, which also affects the effectiveness of GetModuleFileNameEx.

evl
  • Members
  • 1237 posts
  • Last active: Oct 20 2010 11:41 AM
  • Joined: 24 Aug 2005
@ shimanov:

I should have abstained from sleeping

- I haven't got the hang of dreaming in AHK code yet either :)

... and yes, that code does look awfully familiar now you mention it :lol:

AngieX
  • Members
  • 77 posts
  • Last active: Aug 16 2008 03:17 AM
  • Joined: 26 Nov 2006
Hi, can someone please examine the O.P. code, and please show me how to modify this so I can use it in a GUI 1 and GUI 2 scenario (where one GUI is the code above and the other is something else.... for now a blank GUI will do). I want this to be GUI 2 and a blank GUI 1....... but it keeps breaking when I try assigning the unique GUI value in there. I am not sure what is going on. Thank you so kindly for a guiding light! :D

PhiLho
  • Moderators
  • 6850 posts
  • Last active: Jan 02 2012 10:09 PM
  • Joined: 27 Dec 2005
Be a guide yourself, show us the code that breaks, perhaps we can put the finger on the problem...
Posted Image vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

AngieX
  • Members
  • 77 posts
  • Last active: Aug 16 2008 03:17 AM
  • Joined: 26 Nov 2006
Oops, I am very sorry :oops:


OnExit, HandleExit

success := DllCall( "advapi32.dll\LookupPrivilegeValueA"
                  , "uint", 0
                  , "str", "SeDebugPrivilege"
                  , "int64*", luid_SeDebugPrivilege )
if ( ReportError( ErrorLevel or !success
            , "LookupPrivilegeValue: SeDebugPrivilege"
            , "success = " success ) )
   ExitApp

Process, Exist
pid_this := ErrorLevel

hp_this := DllCall( "OpenProcess"
                  , "uint", 0x400                                 ; PROCESS_QUERY_INFORMATION
                  , "int", false
                  , "uint", pid_this )
if ( ReportError( ErrorLevel or hp_this = 0
            , "OpenProcess: pid_this"
            , "hp_this = " hp_this ) )
   ExitApp

success := DllCall( "advapi32.dll\OpenProcessToken"
                  , "uint", hp_this
                  , "uint", 0x20                                 ; TOKEN_ADJUST_PRIVILEGES
                  , "uint*", ht_this )
if ( ReportError( ErrorLevel or !success
            , "OpenProcessToken: hp_this"
            , "success = " success ) )
   ExitApp

VarSetCapacity( token_info, 4+( 8+4 ), 0 )
   EncodeInteger( 1, 4, &token_info, 0 )
   EncodeInteger( luid_SeDebugPrivilege, 8, &token_info, 4 )
      EncodeInteger( 2, 4, &token_info, 12 )                           ; SE_PRIVILEGE_ENABLED

success := DllCall( "advapi32.dll\AdjustTokenPrivileges"
                  , "uint", ht_this
                  , "int", false
                  , "uint", &token_info
                  , "uint", 0
                  , "uint", 0
                  , "uint", 0 )
if ( ReportError( ErrorLevel or !success
            , "AdjustTokenPrivileges: ht_this; SeDebugPrivilege ~ SE_PRIVILEGE_ENABLED"
            , "success = " success ) )
   ExitApp

Gui, Add, ListView, x5 y5 w800 h400, PID|file name|command line
Gui, Show, x50 y50 w810 h410, EnumProcesses experiment

total := EnumProcesses( pid_list )

loop, parse, pid_list, |
   LV_Add( "", A_LoopField, GetModuleFileNameEx( A_LoopField ), GetRemoteCommandLine( A_LoopField ) )

LV_ModifyCol( 1, "Integer Sort AutoHdr" )
LV_ModifyCol( 2, "AutoHdr" )
LV_ModifyCol( 3, "AutoHdr" )
return

HandleExit:
   DllCall( "CloseHandle", "uint", ht_this )
   DllCall( "CloseHandle", "uint", hp_this )
ExitApp

F12::Reload

GuiClose:
ExitApp

EncodeInteger( p_value, p_size, p_address, p_offset )
{
   loop, %p_size%
      DllCall( "RtlFillMemory", "uint", p_address+p_offset+A_Index-1, "uint", 1, "uchar", p_value >> ( 8*( A_Index-1 ) ) )
}

ReportError( p_condition, p_title, p_extra )
{
   if p_condition
      MsgBox,
         ( LTrim
            [Error] %p_title%
            EL = %ErrorLevel%, LE = %A_LastError%
            
            %p_extra%
         )
   
   return, p_condition
}

EnumProcesses( byref r_pid_list )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return, false
   }
   
   pid_list_size := 4*1000
   VarSetCapacity( pid_list, pid_list_size )
   
   status := DllCall( "psapi.dll\EnumProcesses", "uint", &pid_list, "uint", pid_list_size, "uint*", pid_list_actual )
   if ( ErrorLevel or !status )
      return, false
      
   total := pid_list_actual//4

   r_pid_list=
   address := &pid_list
   loop, %total%
   {
      r_pid_list := r_pid_list "|" ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *( address+3 ) << 24 ) )
      address += 4
   }
   
   StringTrimLeft, r_pid_list, r_pid_list, 1
   
   return, total
}

GetModuleFileNameEx( p_pid )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return
   }

   h_process := DllCall( "OpenProcess", "uint", 0x10|0x400, "int", false, "uint", p_pid )
   if ( ErrorLevel or h_process = 0 )
      return
   
   name_size = 255
   VarSetCapacity( name, name_size )
   
   result := DllCall( "psapi.dll\GetModuleFileNameExA", "uint", h_process, "uint", 0, "str", name, "uint", name_size )
   
   DllCall( "CloseHandle", h_process )
   
   return, name
}

GetRemoteCommandLine( p_pid_target )
{
   hp_target := DllCall( "OpenProcess"
                     , "uint", 0x10                              ; PROCESS_VM_READ
                     , "int", false
                     , "uint", p_pid_target )
   if ( ErrorLevel or hp_target = 0 )
   {
      result = < error: OpenProcess > EL = %ErrorLevel%, LE = %A_LastError%, hp_target = %hp_target%
      Gosub, return
   }

   hm_kernel32 := DllCall( "GetModuleHandle", "str", "kernel32.dll" )

   pGetCommandLineA := DllCall( "GetProcAddress", "uint", hm_kernel32, "str", "GetCommandLineA" )

   buffer_size = 6
   VarSetCapacity( buffer, buffer_size )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pGetCommandLineA, "uint", &buffer, "uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 1 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      ppCommandLine += ( ( *( &buffer+A_Index ) ) << ( 8*( A_Index-1 ) ) )
   
   buffer_size = 4
   VarSetCapacity( buffer, buffer_size, 0 )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", ppCommandLine, "uint", &buffer, "uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 2 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      pCommandLine += ( ( *( &buffer+A_Index-1 ) ) << ( 8*( A_Index-1 ) ) )

   buffer_size = 32768
   VarSetCapacity( result, buffer_size, 1 )
   
   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
   if ( !success )
   {
      loop, %buffer_size%
      {
         success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine+A_Index-1, "uint", &result, "uint", 1, "uint", 0 )
         
         if ( !success or Asc( result ) = 0 )
         {
            buffer_size := A_Index
            break
         }
      }
      success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", buffer_size, "uint", 0 )
      if ( ErrorLevel or !success )
      {
         result = < error: ReadProcessMemory 3 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
         Gosub, return
      }
   }

return:
   DllCall( "CloseHandle", "uint", hp_target )
   
   return, result
}


Basically, I would like to use this, but in a GUI 2 or GUI 3 scenerio ;) I am trying to absorb all the finer points of coding here, and this one is sort-of difficult.

PhiLho
  • Moderators
  • 6850 posts
  • Last active: Jan 02 2012 10:09 PM
  • Joined: 27 Dec 2005
The code you gave works fine on my system, WinXP SP2...
You wrote:

I want this to be GUI 2 and a blank GUI 1....... but it keeps breaking when I try assigning the unique GUI value in there.

That's this code you should show. I suggest you edit your previous message to show your best try. :-)
Posted Image vPhiLho := RegExReplace("Philippe Lhoste", "^(\w{3})\w*\s+\b(\w{3})\w*$", "$1$2")

AngieX
  • Members
  • 77 posts
  • Last active: Aug 16 2008 03:17 AM
  • Joined: 26 Nov 2006
I must be slipping today!

I didn't even put GUI 2 in there to demonstrate what I mean. See this version, I only changed the GUI control to 2. I looked all over this code and do not see how to reassign data to flow into 2
OnExit, HandleExit

success := DllCall( "advapi32.dll\LookupPrivilegeValueA"
                  , "uint", 0
                  , "str", "SeDebugPrivilege"
                  , "int64*", luid_SeDebugPrivilege )
if ( ReportError( ErrorLevel or !success
            , "LookupPrivilegeValue: SeDebugPrivilege"
            , "success = " success ) )
   ExitApp

Process, Exist
pid_this := ErrorLevel

hp_this := DllCall( "OpenProcess"
                  , "uint", 0x400                                 ; PROCESS_QUERY_INFORMATION
                  , "int", false
                  , "uint", pid_this )
if ( ReportError( ErrorLevel or hp_this = 0
            , "OpenProcess: pid_this"
            , "hp_this = " hp_this ) )
   ExitApp

success := DllCall( "advapi32.dll\OpenProcessToken"
                  , "uint", hp_this
                  , "uint", 0x20                                 ; TOKEN_ADJUST_PRIVILEGES
                  , "uint*", ht_this )
if ( ReportError( ErrorLevel or !success
            , "OpenProcessToken: hp_this"
            , "success = " success ) )
   ExitApp

VarSetCapacity( token_info, 4+( 8+4 ), 0 )
   EncodeInteger( 1, 4, &token_info, 0 )
   EncodeInteger( luid_SeDebugPrivilege, 8, &token_info, 4 )
      EncodeInteger( 2, 4, &token_info, 12 )                           ; SE_PRIVILEGE_ENABLED

success := DllCall( "advapi32.dll\AdjustTokenPrivileges"
                  , "uint", ht_this
                  , "int", false
                  , "uint", &token_info
                  , "uint", 0
                  , "uint", 0
                  , "uint", 0 )
if ( ReportError( ErrorLevel or !success
            , "AdjustTokenPrivileges: ht_this; SeDebugPrivilege ~ SE_PRIVILEGE_ENABLED"
            , "success = " success ) )
   ExitApp

Gui, 2: Add, ListView, x5 y5 w800 h400, PID|file name|command line
Gui, 2: Show, x50 y50 w810 h410, EnumProcesses experiment

total := EnumProcesses( pid_list )

loop, parse, pid_list, |
   LV_Add( "", A_LoopField, GetModuleFileNameEx( A_LoopField ), GetRemoteCommandLine( A_LoopField ) )

LV_ModifyCol( 1, "Integer Sort AutoHdr" )
LV_ModifyCol( 2, "AutoHdr" )
LV_ModifyCol( 3, "AutoHdr" )
return

HandleExit:
   DllCall( "CloseHandle", "uint", ht_this )
   DllCall( "CloseHandle", "uint", hp_this )
ExitApp

F12::Reload

GuiClose:
ExitApp

EncodeInteger( p_value, p_size, p_address, p_offset )
{
   loop, %p_size%
      DllCall( "RtlFillMemory", "uint", p_address+p_offset+A_Index-1, "uint", 1, "uchar", p_value >> ( 8*( 

A_Index-1 ) ) )
}

ReportError( p_condition, p_title, p_extra )
{
   if p_condition
      MsgBox,
         ( LTrim
            [Error] %p_title%
            EL = %ErrorLevel%, LE = %A_LastError%
           
            %p_extra%
         )
   
   return, p_condition
}

EnumProcesses( byref r_pid_list )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return, false
   }
   
   pid_list_size := 4*1000
   VarSetCapacity( pid_list, pid_list_size )
   
   status := DllCall( "psapi.dll\EnumProcesses", "uint", &pid_list, "uint", pid_list_size, "uint*", 

pid_list_actual )
   if ( ErrorLevel or !status )
      return, false
     
   total := pid_list_actual//4

   r_pid_list=
   address := &pid_list
   loop, %total%
   {
      r_pid_list := r_pid_list "|" ( *( address )+( *( address+1 ) << 8 )+( *( address+2 ) << 16 )+( *( 

address+3 ) << 24 ) )
      address += 4
   }
   
   StringTrimLeft, r_pid_list, r_pid_list, 1
   
   return, total
}

GetModuleFileNameEx( p_pid )
{
   if A_OSVersion in WIN_95,WIN_98,WIN_ME
   {
      MsgBox, This Windows version (%A_OSVersion%) is not supported.
      return
   }

   h_process := DllCall( "OpenProcess", "uint", 0x10|0x400, "int", false, "uint", p_pid )
   if ( ErrorLevel or h_process = 0 )
      return
   
   name_size = 255
   VarSetCapacity( name, name_size )
   
   result := DllCall( "psapi.dll\GetModuleFileNameExA", "uint", h_process, "uint", 0, "str", name, "uint", 

name_size )
   
   DllCall( "CloseHandle", h_process )
   
   return, name
}

GetRemoteCommandLine( p_pid_target )
{
   hp_target := DllCall( "OpenProcess"
                     , "uint", 0x10                              ; PROCESS_VM_READ
                     , "int", false
                     , "uint", p_pid_target )
   if ( ErrorLevel or hp_target = 0 )
   {
      result = < error: OpenProcess > EL = %ErrorLevel%, LE = %A_LastError%, hp_target = %hp_target%
      Gosub, return
   }

   hm_kernel32 := DllCall( "GetModuleHandle", "str", "kernel32.dll" )

   pGetCommandLineA := DllCall( "GetProcAddress", "uint", hm_kernel32, "str", "GetCommandLineA" )

   buffer_size = 6
   VarSetCapacity( buffer, buffer_size )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pGetCommandLineA, "uint", &buffer, 

"uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 1 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      ppCommandLine += ( ( *( &buffer+A_Index ) ) << ( 8*( A_Index-1 ) ) )
   
   buffer_size = 4
   VarSetCapacity( buffer, buffer_size, 0 )

   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", ppCommandLine, "uint", &buffer, 

"uint", buffer_size, "uint", 0 )
   if ( ErrorLevel or !success )
   {
      result = < error: ReadProcessMemory 2 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
      Gosub, return
   }

   loop, 4
      pCommandLine += ( ( *( &buffer+A_Index-1 ) ) << ( 8*( A_Index-1 ) ) )

   buffer_size = 32768
   VarSetCapacity( result, buffer_size, 1 )
   
   success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, "uint", 

buffer_size, "uint", 0 )
   if ( !success )
   {
      loop, %buffer_size%
      {
         success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine+A_Index-1, "uint", 

&result, "uint", 1, "uint", 0 )
         
         if ( !success or Asc( result ) = 0 )
         {
            buffer_size := A_Index
            break
         }
      }
      success := DllCall( "ReadProcessMemory", "uint", hp_target, "uint", pCommandLine, "uint", &result, 

"uint", buffer_size, "uint", 0 )
      if ( ErrorLevel or !success )
      {
         result = < error: ReadProcessMemory 3 > EL = %ErrorLevel%, LE = %A_LastError%, success = %success%
         Gosub, return
      }
   }

return:
   DllCall( "CloseHandle", "uint", hp_target )
   
   return, result
}




toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
Please try if
Gui, 2:+Default
solves it?
Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.

AngieX
  • Members
  • 77 posts
  • Last active: Aug 16 2008 03:17 AM
  • Joined: 26 Nov 2006
I tried adding 'Gui, 2:+Default' to the code I posted in my last message, and no go, unfortunately! :( :(

toralf
  • Moderators
  • 4035 posts
  • Last active: Aug 20 2014 04:23 PM
  • Joined: 31 Jan 2005
Please check if between the following lines
total := EnumProcesses( pid_list ) 

loop, parse, pid_list, | 
pid_list contains any data.

What exactly is not working?
Ciao
toralf
 
I use the latest AHK version (1.1.15+)
Please ask questions in forum on ahkscript.org. Why?
For online reference please use these Docs.

AngieX
  • Members
  • 77 posts
  • Last active: Aug 16 2008 03:17 AM
  • Joined: 26 Nov 2006
Ah, it works if the GUI is set to 1, but if it's set to 2 or more, then upon running my last example of code it does not display any data in the GUI :(

BoBo¨
  • Guests
  • Last active:
  • Joined: --

Ah, it works if the GUI is set to 1, but if it's set to 2 or more, then upon running my last example of code it does not display any data in the GUI

If set to 1 (the master, btw obsolete) it shouldn't be a problem. If set to 2 (without an existing master) it won't work, right? Well, to create a master Gui, to which consecutive Guis are belonging, seems/is mandatory. If there's no master you're out of business.