Results 1 to 9 of 9

Thread: Get remote Process Description.

  1. #1

    Thread Starter
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Get remote Process Description.

    Hi.
    This is nuts.
    So Anyhow I'm trying to get the process description as show in task manager.
    From what I read you might need to do this:
    Dim info As FileVersionInfo = FileVersionInfo.GetVersionInfo("\\remoteserver\C$\Windows\System32\notepad.exe")

    This is not supported on getting it from .NET Process on remote so you must use WMI.
    OK that is fine I used the Win32_Process object and got the "ExecutablePath" property.
    Now that is the issue. Some processes get it some don't. Notepad get it but smss.exe does not, so I cannot get the path to see that the description is "Windows Session Manager"
    So 2 questions.
    1)Is there a solid solution that get the path of a remote process for every process that has one (p.e. system idle of course does not have it)
    2)If not, is there a way to get the description other than FileVersionInfo? I'm smelling Windows API here and I don't want to go there, yet.

    Remeber, I'm talking about REMOTE process.

    Thanks.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  2. #2

    Thread Starter
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Get remote Process Description.

    OK.
    I haven't found anything on WMI or Process.
    I am not very optimistic about this but the only other way is Windows API.
    I have made a sample here if anyone interested that I HAVEN'T tested on a remote machine, since the office PC is down again.
    I will test tomorrow but it's a 50-50 scenario, else I can call it quits on getting a remote path.

    Code:
        <DllImport("Kernel32.dll")>
        Private Shared Function QueryFullProcessImageName(ByVal hProcess As IntPtr, ByVal flags As UInteger, ByVal text As StringBuilder, <Out> ByRef size As UInteger) As UInteger
        End Function
    
    ''' set a process id here... and call GetExecutablePath(process-handleid)
    
     Private Shared Function GetExecutablePath(ByVal dwProcessId As IntPtr) As String
    
            Dim buffer As StringBuilder = New StringBuilder(1024)      
            Dim strpath As String = ""
            If dwProcessId <> IntPtr.Zero Then  
    
                Dim nChars As UInteger = 256
                Dim Buff As StringBuilder = New StringBuilder(CInt(nChars))
                Dim success As UInteger = QueryFullProcessImageName(dwProcessId, 0, Buff, nChars)
    
                If 0 <> success Then
                    strpath = Buff.ToString()
                Else
                    Dim [error] As Integer = Marshal.GetLastWin32Error()
                    strpath = ("Error = " & [error] & " when calling QueryFullProcessImageName")
                End If
    
            End If
    
            Return strpath 
        End Function
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  3. #3

    Thread Starter
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Get remote Process Description.

    So, yeah, not working.
    The remote passed Intptr complains about remote and does not proceed.

    So another attempt is to call OpenProcess API first, pass all the process, and then pass the QueryFullProcessName , that , unfortunately does not work either returning zero pointer.

    Code:
     Public Function GetPathPr(ByVal _process As Process) As String
            Dim processPath As String = ""
    
            ' The new QueryLimitedInformation flag is only available on Windows Vista and up.
            If Environment.OSVersion.Version.Major >= 6 Then
                Dim processHandle As IntPtr = OpenProcess(ProcessAccessFlags.QueryLimitedInformation, False, _process.Id)
                Try
                    If Not processHandle = IntPtr.Zero Then
                        Dim buffer = New StringBuilder(1024)
                        If QueryFullProcessImageName(processHandle, 0, buffer, buffer.Capacity) Then
                            processPath = buffer.ToString()
                        End If
                    End If
                Finally
                    CloseHandle(processHandle)
                End Try      
            End If
    
            Return processPath
        End Function
    Of course this work fine on local service but by this documentation: https://docs.microsoft.com/en-us/win...imagefilenamew
    and this line: "To retrieve the name of the main executable module for a remote process in win32 path format, use the QueryFullProcessImageName function."
    I was under the impression that it would at least return something but I cannot find a way to pass a pointer of int of a process so I can test it.
    I may have to search for opening a remote process with API , maybe I'm doing something wrong...

    So, anyhow, I tested how many paths are returned with WMI and on 107 processes I get back 98 paths + 1 that is the windows idle and I will write it manually. It's not bad but some services that do have paths (for example "SMSS") do not want to give it to WMI...
    Last edited by sapator; Feb 26th, 2021 at 02:37 PM.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  4. #4
    eXtreme Programmer .paul.'s Avatar
    Join Date
    May 2007
    Location
    Chelmsford UK
    Posts
    25,464

    Re: Get remote Process Description.


  5. #5

    Thread Starter
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Get remote Process Description.

    Hi.
    Thanks but that is Win32_Service class that is used for services.
    The process namespace as mentioned in OP is Win32_Process class.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  6. #6
    eXtreme Programmer .paul.'s Avatar
    Join Date
    May 2007
    Location
    Chelmsford UK
    Posts
    25,464

    Re: Get remote Process Description.

    Quote Originally Posted by sapator View Post
    Hi.
    Thanks but that is Win32_Service class that is used for services.
    The process namespace as mentioned in OP is Win32_Process class.
    Sorry I didn’t read your OP thoroughly...

  7. #7

    Thread Starter
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Get remote Process Description.

    No problem.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

  8. #8
    PowerPoster ChrisE's Avatar
    Join Date
    Jun 2017
    Location
    Frankfurt
    Posts
    3,046

    Re: Get remote Process Description.

    is working with Powershell an option ?

    https://docs.microsoft.com/en-us/pow...powershell-7.1
    to hunt a species to extinction is not logical !
    since 2010 the number of Tigers are rising again in 2016 - 3900 were counted. with Baby Callas it's 3901, my wife and I had 2-3 months the privilege of raising a Baby Tiger.

  9. #9

    Thread Starter
    King of sapila
    Join Date
    Oct 2006
    Location
    Greece
    Posts
    6,597

    Re: Get remote Process Description.

    It's not. And not sure if it can get more descriptions on remote ("smss" is my test one).
    But anyhow I can live with 98 out of 107 corrects.
    ἄνδρα μοι ἔννεπε, μοῦσα, πολύτροπον, ὃς μάλα πολλὰ
    πλάγχθη, ἐπεὶ Τροίης ἱερὸν πτολίεθρον ἔπερσεν·

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width