Autoit How to retrieve file path opened by process by process PID -

-

i want full path of file opened process example : image opened paint or in case multiple notepad processes running , got pid each notepad.exe process when using

_processgetpath

i path of notepad.exe not file.txt opened process, how retrieve txt file path ?

credits go authors of autoit unlocker!

#notrayicon #include "winapiex.au3" #include <winapi.au3>   dim $htimer = timerinit() dim $afiles = _processlistfiles("firefox.exe") ; list of files opened process consolewrite("+>took " & round(timerdiff($htimer)) & " milliseconds" & @crlf)  #include <array.au3> _arraydisplay($afiles)  exit  func _processlistfiles($vprocess, $nmaxfiles = 1000)     static local $aprivilege = dllcall("ntdll.dll", "int", "rtladjustprivilege", "int", 20, "int", 1, "int", 0, "int*", 0)     local $nprocessid = processexists($vprocess), $aret     static local $hcurrentprocess = _winapi_getcurrentprocess()     local $ahandles = _winapi_enumprocesshandles($nprocessid)     local $hobject, $afiles[$nmaxfiles+1], $spath     local $hprocess = _winapi_openprocess(0x0040, 0, $nprocessid, true)     $i = 1 $ahandles[0][0] step 1         if $ahandles[$i][3] = 0x00120189 or $ahandles[$i][3] = 0x0012019f or $ahandles[$i][3] = 0x00100000 continueloop         $hobject = _winapi_duplicatehandle($hprocess, $ahandles[$i][0], $hcurrentprocess, 0, false, $duplicate_same_access)         if not $hobject continueloop         if __isfileobject($hobject)             $spath = __fileobjectpath($hobject)             _winapi_closehandle($hobject)             if fileexists($spath)                 $n = 1 $afiles[0]                     if $afiles[$n] = $spath                         $spath = 0                         exitloop                     endif                 next                 if $spath                     $afiles[0] += 1                     $afiles[$afiles[0]] = $spath                     if $afiles[0] >= $nmaxfiles exitloop                 endif             endif         endif     next     redim $afiles[$afiles[0]+1]     return $afiles endfunc func __isfileobject(byref $hobject)     static local $tpoti = dllstructcreate('ushort;ushort;ptr;byte[128]'), $pdata, $length, $tstring     local $aret = dllcall("ntdll.dll", 'uint', 'ntqueryobject', 'ptr', $hobject, 'uint', 2, 'ptr', dllstructgetptr($tpoti), 'ulong', dllstructgetsize($tpoti), 'ptr', 0)     if @error or $aret[0] return     $pdata = dllstructgetdata($tpoti, 3)     if not $pdata return     $length = dllcall("kernel32.dll", 'int', 'lstrlenw', 'ptr', $pdata)     if @error or not $length[0] return     $length = $length[0]     $tstring = dllstructcreate('wchar[' & ($length + 1) & ']', $pdata)     if @error return     return (dllstructgetdata($tstring, 1) == "file") endfunc func __fileobjectpath($hobject)     static local $tstruct = dllstructcreate("char[255];")     local $adrive = drivegetdrive("all"), $spath     local $adrivesinfo[ubound($adrive) - 1][2]     $i = 0 ubound($adrivesinfo) - 1         $adrivesinfo[$i][0] = $adrive[$i + 1]         dllcall("kernel32.dll", "dword", "querydosdevice", "str", $adrivesinfo[$i][0], "ptr", dllstructgetptr($tstruct), "dword", 255)         $adrivesinfo[$i][1] = dllstructgetdata($tstruct, 1)     next     local static $tpoti = dllstructcreate("ushort length;ushort maximumlength;ptr buffer;wchar reserved[260];"), $sdevicestr, $vsolid = false     dllcall("ntdll.dll", "ulong", "ntqueryobject", "ptr", $hobject, "int", 1, "ptr", dllstructgetptr($tpoti), "ulong", dllstructgetsize($tpoti), "ulong*", "")     $sdevicestr = dllstructgetdata(dllstructcreate("wchar[" & ceiling(dllstructgetdata($tpoti, "length") / 2) & "];", dllstructgetdata($tpoti, "buffer")), 1)     $y = 0 ubound($adrivesinfo) - 1         if stringleft($sdevicestr, stringlen($adrivesinfo[$y][1])) = $adrivesinfo[$y][1]             $spath = stringupper($adrivesinfo[$y][0]) & stringtrimleft($sdevicestr, stringlen($adrivesinfo[$y][1]))         endif     next     return $spath endfunc

or try:

#notrayicon #include "winapiex.au3" #include <winapi.au3>  dim $htimer = timerinit() dim $afiles = _processlistfiles("wmplayer.exe") ; list of files opened process consolewrite("+>took " & round(timerdiff($htimer)) & " milliseconds" & @crlf)  #include <array.au3> _arraydisplay($afiles)   func _processlistfiles($vprocess, $nmaxfiles = 1000)     static local $aprivilege = dllcall("ntdll.dll", "int", "rtladjustprivilege", "int", 20, "int", 1, "int", 0, "int*", 0)     local $nprocessid = processexists($vprocess), $aret     static local $hcurrentprocess = _winapi_getcurrentprocess()     local $ahandles = _winapi_enumprocesshandles($nprocessid)     local $hobject, $afiles[$nmaxfiles+1], $spath     local $hprocess = _winapi_openprocess(0x0040, 0, $nprocessid, true)     $i = 1 $ahandles[0][0] step 1         $hobject = _winapi_duplicatehandle($hprocess, $ahandles[$i][0], $hcurrentprocess, 0, false, $duplicate_same_access)         if not $hobject continueloop         if __isfileobject($hobject)             if $ahandles[$i][3] = 0x00120189 or $ahandles[$i][3] = 0x0012019f or $ahandles[$i][3] = 0x00100000 or $ahandles[$i][3] = 0x001f01ff                 $spath = __fileobjectpath_ud($hobject)             else                 $spath = __fileobjectpath($hobject)             endif             _winapi_closehandle($hobject)             if fileexists($spath)                 $n = 1 $afiles[0]                     if $afiles[$n] = $spath                         $spath = 0                         exitloop                     endif                 next                 if $spath                     $afiles[0] += 1                     $afiles[$afiles[0]] = $spath                     if $afiles[0] >= $nmaxfiles exitloop                 endif             endif         endif     next     redim $afiles[$afiles[0]+1]     return $afiles endfunc func __isfileobject(byref $hobject)     static local $tpoti = dllstructcreate('ushort;ushort;ptr;byte[128]'), $pdata, $length, $tstring     local $aret = dllcall("ntdll.dll", 'uint', 'ntqueryobject', 'ptr', $hobject, 'uint', 2, 'ptr', dllstructgetptr($tpoti), 'ulong', dllstructgetsize($tpoti), 'ptr', 0)     if @error or $aret[0] return     $pdata = dllstructgetdata($tpoti, 3)     if not $pdata return     $length = dllcall("kernel32.dll", 'int', 'lstrlenw', 'ptr', $pdata)     if @error or not $length[0] return     $length = $length[0]     $tstring = dllstructcreate('wchar[' & ($length + 1) & ']', $pdata)     if @error return     return (dllstructgetdata($tstring, 1) == "file") endfunc func __fileobjectpath_ud($hobject)     static local $tstruct = dllstructcreate("char[255];")     local $adrive = drivegetdrive("all"), $spath     local $adrivesinfo[ubound($adrive) - 1][2]     $i = 0 ubound($adrivesinfo) - 1         $adrivesinfo[$i][0] = $adrive[$i + 1]         dllcall("kernel32.dll", "dword", "querydosdevice", "str", $adrivesinfo[$i][0], "ptr", dllstructgetptr($tstruct), "dword", 255)         $adrivesinfo[$i][1] = dllstructgetdata($tstruct, 1)     next     $sdevicestr = _objectgetnameud_threaded($hobject)     if not $sdevicestr return     $y = 0 ubound($adrivesinfo) - 1         if stringleft($sdevicestr, stringlen($adrivesinfo[$y][1])) = $adrivesinfo[$y][1]             $spath = stringupper($adrivesinfo[$y][0]) & stringtrimleft($sdevicestr, stringlen($adrivesinfo[$y][1]))         endif     next     return $spath endfunc func __fileobjectpath($hobject)     static local $tstruct = dllstructcreate("char[255];")     local $adrive = drivegetdrive("all"), $spath     local $adrivesinfo[ubound($adrive) - 1][2]     $i = 0 ubound($adrivesinfo) - 1         $adrivesinfo[$i][0] = $adrive[$i + 1]         dllcall("kernel32.dll", "dword", "querydosdevice", "str", $adrivesinfo[$i][0], "ptr", dllstructgetptr($tstruct), "dword", 255)         $adrivesinfo[$i][1] = dllstructgetdata($tstruct, 1)     next     local static $tpoti = dllstructcreate("ushort length;ushort maximumlength;ptr buffer;wchar reserved[260];"), $sdevicestr, $vsolid = false     dllcall("ntdll.dll", "ulong", "ntqueryobject", "ptr", $hobject, "int", 1, "ptr", dllstructgetptr($tpoti), "ulong", dllstructgetsize($tpoti), "ulong*", "")     $sdevicestr = dllstructgetdata(dllstructcreate("wchar[" & ceiling(dllstructgetdata($tpoti, "length") / 2) & "];", dllstructgetdata($tpoti, "buffer")), 1)     $y = 0 ubound($adrivesinfo) - 1         if stringleft($sdevicestr, stringlen($adrivesinfo[$y][1])) = $adrivesinfo[$y][1]             $spath = stringupper($adrivesinfo[$y][0]) & stringtrimleft($sdevicestr, stringlen($adrivesinfo[$y][1]))         endif     next     return $spath endfunc ; ============================================================================================== ; func _objectgetnameud_threaded($hobject) ; ; gets name associated kernel object handle. ;  useful 'file' types ; ; differs _objectgetnameud() in launches thread try , name ; if thread times-out, killed. ; ; workaround namedpipes issue - these types of objects ; locked in reads/writes/waits long periods of time , cause type of querying ; attempts on object lockup indefinitely. ; ; returns: ;  success: string representing name of object ;  failure: "" @error set ; ; author: ascend4nt ; ==============================================================================================  func _objectgetnameud_threaded($hobject)     local $ognt_code      ;~     $aret=dllcall("ntdll.dll", "long", "ntqueryobject", "handle", $hobject, "int", 1, _     ;~         "ptr", dllstructgetptr($stbuffer), "ulong", dllstructgetsize($stbuffer), "ulong*", 0)     if @autoitx64         $ognt_code='0x4831c04889ce483906742d483946087427504883ec2049c7c1ff7f00004c8d461848c7c201000000488b4e08488b1effd34883c428894610c3'     else         $ognt_code='0x5589e531c08b750839067421394604741c50b8ff7f0000508d461050b801000000508b4604508b1effd38946085dc3'     endif      local $aret, $sstr = "", $ierr = 0, $iext = 0, $stdata     local $stcode, $icodesize, $pthreadmem, $hthread = 0      if not isptr($hobject) or $hobject = 0 return seterror(1,0,"")      $icodesize = binarylen($ognt_code)      $aret = dllcall("kernel32.dll", "ptr", "getmodulehandlea", "str", "ntdll.dll")     if @error return seterror(2, @error, "")     if $aret[0] = 0 return seterror(3, 0, "")      $aret = dllcall("kernel32.dll", "ptr", "getprocaddress", "handle", $aret[0], "str", "ntqueryobject")     if @error return seterror(2, @error, "")     if $aret[0] = 0 return seterror(3, 0, "")     ;$pntqo = $aret[0]      ; data receive (must kept alive while thread exists!)     $stdata = dllstructcreate("ptr ntqo;handle object;ulong statusret;ulong structpad;ushort length;ushort maximumlength;ptr buffer;" & "byte [32768];")     dllstructsetdata($stdata, "object", $hobject)     dllstructsetdata($stdata, "ntqo", $aret[0])    ; $pntqo      $aret = dllcall("kernel32.dll", "ptr", "virtualallocex", "handle", -1, _         "ptr", 0, "ulong_ptr", $icodesize, "dword", 0x1000, "dword", 0x40)     if @error return seterror(2, @error, "")     if $aret[0] = 0 return seterror(3, 0, "")      $pthreadmem = $aret[0]     consolewrite("...return virtualallocex = " & $pthreadmem & @crlf)      ; code area (set in newly allocated space)     $stcode = dllstructcreate("byte ["&$icodesize&"];", $pthreadmem)     ; set code     dllstructsetdata($stcode, 1, $ognt_code)      ;msgbox(0, "code set", "code set @ " & $pthreadmem)    ; setting breakpoints      ; create thread - passing pointer $stdata     $aret = dllcall("kernel32.dll", "handle", "createthread", "ptr", 0, _         "ulong_ptr", 0, "ptr", $pthreadmem, "ulong_ptr", dllstructgetptr($stdata), "dword", 0, "dword*", 0)      if @error         $iext = @error         $ierr = 2         consolewrite("createthread error:" & @error & @crlf)     elseif $aret[0] = 0         $ierr = 3     else         consolewrite("...created thread, commencing wait.."&@crlf)         $hthread = $aret[0]         ; wait suitable amount of time thread complete (100 ms here)         $aret = dllcall("kernel32.dll", "dword", "waitforsingleobject", "handle", $hthread, "dword", 100)         if @error             $iext = @error             $ierr = 2             consolewrite("waitforsingleobject error: " & @error & @crlf)          ; other wait_object_0 (i.e., success)         elseif $aret[0] <> 0             $ierr = -1             ; terminate thread - locked on querying namedpipe             $aret = dllcall("kernel32.dll", "bool", "terminatethread", "handle", $hthread, "int", -1)             consolewrite("..terminatethread return: " & $aret[0] & @crlf)         else             consolewrite("..checking status return , looking string.."&@crlf)             $iext = dllstructgetdata($stdata, "statusret")             ; check ntstatus return of status_success (0)             if $iext = 0                 ; success, let's check , grab string return                 local $pstr, $ststring                 $pstr = dllstructgetdata($stdata, "buffer")                 if $pstr = 0                     ;consolewrite(@tab&"-- no object name string --"&@crlf)                     ;$sstr = ""                 else                     $ststring = dllstructcreate("wchar ["&(dllstructgetdata($stdata, "length")/2)&"];", $pstr)                     $sstr = dllstructgetdata($ststring, 1)                     ;consolewrite(@tab&"object name string = " & $ahandleinfo[$i][6] & @crlf)                 endif             else                 $ierr = 3             endif         endif     endif      ; free memory code in     $aret = dllcall("kernel32.dll", "bool", "virtualfreeex", "handle", -1, "ptr", $pthreadmem, "ulong_ptr", 0, "dword", 0x8000)     consolewrite("..return virtualfreeex = " & $aret[0] & @crlf)     _winapi_closehandle($hthread)      ; errors?     if $ierr return seterror($ierr, $iext, "")      ; yay, have string (or "" if there none)     return $sstr endfunc

Comments

Post a Comment

Popular posts from this blog

node.js - Mongoose: Cast to ObjectId failed for value on newly created object after setting the value -

-
this question has answer here: what's mongoose error cast objectid failed value xxx @ path “_id”? 7 answers even though has been asked many times because entity has no valid objectid field. i came across situation objectid set value can casted objectid still error. the schema: var serviceschema = parammongoose.schema({ servicename:{ type: parammongoose.schema.types.objectid , ref: 'servicenames',required:true } }); pseudo code: servicefromdb=new service({servicename:'some name'}); servicefromdb.servicename='000000000000000000000001'; servicefromdb.save(function(paramerror,paramdata){ if(paramerror){ console.log('but but...',servicefromdb,paramerror) } }); the output of code is: but but... { servicename: 000000000000000000000001, _id: 55079a90286f49280364f78b } { [casterror: cast objectid faile...
Read more

gradle error "Cannot convert the provided notation to a File or URI" -

-
i have defined 2 system properties in gradle.properties: systemprop.builddir=build systemprop.cfgdir=build\\cfg and have following task defined in build.gradle: task clean(group:'clean',description:'clean project') << { ant.sequential { delete(dir: system.properties.builddir) mkdir(dir: system.properties.builddir) delete(dir: system.properties.cfgdir) mkdir(dir: system.properties.cfgdir) } } this generates following error: execution failed task ':clean'. > cannot convert provided notation file or uri: {dir=build}. following types/formats supported: - string or charsequence path, e.g 'src/main/java' or '/usr/include' - string or charsequence uri, e.g 'file:/usr/include' - file instance. - uri or url instance. but equivalent block of code not generate error , works expected: task clean(group:'clean',description:'clean project') << { ...
Read more

python - NameError: name 'subprocess' is not defined -

-
i'm trying make rng website: http://jamesdotcom.com/?p=417 . when run following code: captureimage = subprocess.popen( [ "fswebcam", "-r", "356x292", "-d", "/dev/video0", "static.jpg", "--skip", "10" ], stdout=devnull, stderr=devnull) captureimage.communicate() i following error message: nameerror: name 'subprocess' not defined what should do? thanks have imported first? import subprocess captureimage = subprocess.popen(["fswebcam", ...) subprocess included in python standard library since python 2.4. should not necessary install it.
Read more