Solved

add array

Posted on 2009-04-07
25
320 Views
Last Modified: 2012-05-06
below code written for one process. can you add array to it so that i can handle more than one process.
ProcessName = "notepad.exe" 

Set objWMI = GetObject("winmgmts:\\.\root\cimv2") 

Do

  Set colItems = objWMI.ExecQuery ("Select * from Win32_Process Where Name = '" & ProcessName & "'") 

 wscript.sleep 1500
 

Loop While colItems.Count = 0 
 

Set colProcesses = objWMI.ExecNotificationQuery ("Select * From __InstanceDeletionEvent " _

             & "Within 1 Where TargetInstance ISA 'Win32_Process' And TargetInstance.Name = '" & ProcessName & "'")
 

 Do  

  Set objProcess = colProcesses.NextEvent 

   Set objWMIService = GetObject  ("winmgmts:\\.\root\cimv2:Win32_Process") 

   objWMIService.Create ProcessName, null, null, intProcessID  

  msgbox "Started"
 

Loop

Open in new window

0
Comment
Question by:Indarnav
  • 14
  • 10
25 Comments
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility


arrProcesses = Array ("notepad.exe", "iexplore.exe") 'repeat as many times as necessary
 

Set objWMI = GetObject("winmgmts:\\.\root\cimv2") 
 

For Each ProcessName in arrProcesses

  Do

    Set colItems = objWMI.ExecQuery ("Select * from Win32_Process Where Name = '" & ProcessName & "'") 

    wscript.sleep 1500

  Loop While colItems.Count = 0 

 

  Set colProcesses = objWMI.ExecNotificationQuery ("Select * From __InstanceDeletionEvent " _

             & "Within 1 Where TargetInstance ISA 'Win32_Process' And TargetInstance.Name = '" & ProcessName & "'")

 

  Do  

    Set objProcess = colProcesses.NextEvent 

    Set objWMIService = GetObject  ("winmgmts:\\.\root\cimv2:Win32_Process") 

    objWMIService.Create ProcessName, null, null, intProcessID  

    msgbox "Started"

  Loop

Next

Open in new window

0
 

Author Comment

by:Indarnav
Comment Utility
i tested below code, it is not calling mspaint again.. pls check
arrProcesses = Array ("notepad.exe", "mspaint.exe") 'repeat as many times as necessary

 

Set objWMI = GetObject("winmgmts:\\.\root\cimv2") 

 

For Each ProcessName in arrProcesses

  Do

    Set colItems = objWMI.ExecQuery ("Select * from Win32_Process Where Name = '" & ProcessName & "'") 

    wscript.sleep 1500

  Loop While colItems.Count = 0 

 

  Set colProcesses = objWMI.ExecNotificationQuery ("Select * From __InstanceDeletionEvent " _

             & "Within 1 Where TargetInstance ISA 'Win32_Process' And TargetInstance.Name = '" & ProcessName & "'")

 

  Do  

    Set objProcess = colProcesses.NextEvent 

    Set objWMIService = GetObject  ("winmgmts:\\.\root\cimv2:Win32_Process") 

    objWMIService.Create ProcessName, null, null, intProcessID  

    msgbox "Started"

  Loop

Next

Open in new window

0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
You have a potential for an endless loop with this code.
If notepad is being tested, but is not open, it will stay in the first loop (while count =0) until notepad is opened, thus mspaint will never be tested.
Then it looks to try and recreate the process once it is eventually terminated.

What is it exactly that you're trying to accomplish with this?
0
 

Author Comment

by:Indarnav
Comment Utility
i just want if some one termiante defined process it restarts by this code. code take care of all defined processes
0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
Hmm - before I post new code...what are you looking for under the following conditions:

1) user has neither app open, but later opens the 2nd one (mspaint in your example).  Do you want to continue checking for the first app to open, or proceed to monitor the termination of the 2nd?

2) user opens both but then terminates app #1.  Do you want app #1 to reopen?

3) user opens both but termiantes app #2.  Do you want app #2 to reopen?

basically either loop could put you into an endless loop and quite easily avoid any testing for the 2nd app.
an inclusive collection of processes might better serve you, but could be defined to check for 'either' termination or only one...need to know what you're looking for....
0
 

Author Comment

by:Indarnav
Comment Utility
lets take the following as final platform for code writing.

1. firstly code will run.
2. both defined process will be called (definately)
3. now code will monitor both defined /called processes
4. if user terminates any of defined/called, code reopen it.
5. and loop continues.

0
 

Author Comment

by:Indarnav
Comment Utility
"looking for either termination..."
0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
Ok, this is designed to ensure that 1 instance (can be multiple, but 'never' 0) of each process will be running at all times.
Notes:

- script initially tests to see if the process is presently running and will only launch a new instance if not.

- there is currently an information line that alerts when the process is not running.  You can remove that altogether, or if you prefer, leave it and it will write this out to the screen (using cscript engine) or as a pop up (default wscript engine) if left intact.

- the deletion event queries every 1 second by default - this is adjustable via the constant QueryTimer.  Increase as desired if you want to allow some 'elbow room' for the user to reload the app within say 5 minutes (which would equate to 600 value).

- this is, by design, an endless script.  The only option to terminate is to kill the wscript or cscript process.  It has the potential to be quite annoying depending on what it is you're actually trying to accomplish here.  As I have no specific indication of what that is, the code below is provided as-is without warranting neither expressed or implied.

Good luck with your project.
~sirbounty
arrProcesses = Array ("notepad.exe", "mspaint.exe") 'repeat as many times as necessary

strComputer = "."

Const QueryTimer = 1
 

Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 
 

For Each p in arrProcesses

  If Not IsRunning(p) Then LaunchProcess(p)

Next
 

MonitorProcess()
 

Sub MonitorProcess()

  Set colProcesses = objWMI.ExecNotificationQuery ("Select * From __InstanceDeletionEvent Within " & QueryTimer & " Where TargetInstance ISA 'Win32_Process'")

  Do  

    Set objProcess = colProcesses.NextEvent

    wscript.echo objProcess.TargetInstance.Name

    strProcess = LCase(objProcess.TargetInstance.Name)

    For Each p in arrProcesses

      If p = strProcess Then

        If Not IsRunning(strProcess) Then 

          LaunchProcess (strProcess)

        End If

      End If

    Next

  Loop

End Sub
 

Sub LaunchProcess (strProcess)

  wscript.echo strProcess & " Not running.  Launching..."

  Set objWMIE = GetObject ("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")

  objWMIE.Create strProcess, null, null, intID

End Sub
 

Function IsRunning (strProcess)

  Set colP = objWMI.ExecQuery ("Select * From Win32_Process Where Name = '" & strProcess & "'")

  If colP.Count > 0 Then 

    IsRunning = True

  Else

    IsRunning = False

  End If

End Function

Open in new window

0
 

Author Comment

by:Indarnav
Comment Utility
i tested code , it seems code is also started monitoring some other processes as defined below.

when i ran code, it checked status of notepad and as it was not running so it called it. then code checked status of mspaint and opened it too.

when i terminated notepad, it restarted and after giving message for notepad.exe then following massages poped up for unknown exes.

avwsc.exe,
searchfilterhost.exe
taskeng.exe
taskmanager.exe
googleupdate.exe
searchprotocolhost.exe
msfeedsync.exe

you keep on clicking ok on message box, it keep on showing next exe name randomly and after showing three or four names, it becomes silent.

again when u termiante mspaint or notepad, it start showing message for unknown processes..

just check it why it is happening..??

Also please tell, if i want to add path for each exe in array, how to add exe path and where??
0
 

Author Comment

by:Indarnav
Comment Utility
see message i received..
Untitled.jpg
0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
You're running this with the default wscript engine - which produces pop up boxes with this information.
This comes from line 17 and simply denotes that a process was terminated.  Not unless it matches the ones you have in the array will it be restarted.
Simply remove line 17 to prevent that notification.
No need to add path...it checks the name only.
0
 

Author Comment

by:Indarnav
Comment Utility
i changed name of notepad.exe with abs.exe for testing. code did not started abs.exe, hope it did not find path for that..
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
Easiest solution would be to place abs.exe (whatever that is) in your path statement.

Start->Run->sysdm.cpl
On the advanced tab, click Environment variables, edit the Path under system variables to include the path to this app...add a semi-colon after the last entry
(ie.  c:\folder;c:\folder2;c:\folder3)
0
 

Author Comment

by:Indarnav
Comment Utility
i tested with following changes...

arrProcesses = Array ("c:\\path1\\abs.exe", "mspaint.exe") ...when code runs it starts my abs.exe but it did not start when i terminate it...

please give solution of path within code..will be best for me. not above.

or if above is possible through code then tell that...
0
 

Author Comment

by:Indarnav
Comment Utility
i added as u said but it is not working..i variable i added see in picture..
Untitled.jpg
0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
no, you would already have a variable "PATH" listed.  You need to highlight it and click Edit to 'append' your path to that PATH variable value.
(delete the variable you created as it is unnecessary).
0
 

Author Comment

by:Indarnav
Comment Utility
i edited path variable as shown in picture, still  not workng..
Untitled.jpg
0
 

Author Comment

by:Indarnav
Comment Utility
would u guide me further on this...?
0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
I would have to rewrite the code to incorporate that latest request and don't have the free time at the moment.
If you're in that much of a hurry, you can click the request attention link to get other experts here to assist...
0
 

Author Comment

by:Indarnav
Comment Utility
by what time u can provide...?
0
 
LVL 12

Expert Comment

by:piattnd
Comment Utility
What exactly is this script meant to do?  There might be a more efficient way to go about this.
0
 

Author Comment

by:Indarnav
Comment Utility
requirement is

when the code runs..it call defined exes from defnined (specified) path and incase anyone terminate any of called exes, code restart those and keep monitoring. intention is once the defined exes started running should not terminate
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
Comment Utility
This should do it for you.
arrProcesses = Array ("notepad.exe", "C:\Some Folder\Filename.exe") 'repeat as many times as necessary

strComputer = "."

Const QueryTimer = 1
 

Dim objWMI : Set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 
 

For Each p in arrProcesses

  pName = p

  If Instr(p, "\") > 0 Then pName = Right(p,Len(p) - InstrRev(p,"\"))

  If Not IsRunning(pName) Then LaunchProcess(p)

Next
 

MonitorProcess()
 

wscript.quit 
 

Sub MonitorProcess()

  Set colProcesses = objWMI.ExecNotificationQuery ("Select * From __InstanceDeletionEvent Within " & QueryTimer & " Where TargetInstance ISA 'Win32_Process'")

  Do  

    Set objProcess = colProcesses.NextEvent

    strProcess = LCase(objProcess.TargetInstance.Name)

    For Each p in arrProcesses

      pName = LCase(p)

      If Instr(p, "\") > 0 Then pName = LCase(Right(p,Len(p) - InstrRev(p,"\")))

      If pName = strProcess Then

        If Not IsRunning(strProcess) Then LaunchProcess (p)

      End If

    Next

  Loop

End Sub
 

Sub LaunchProcess (strProcess)

'  wscript.echo "Launching " & strProcess 

  Set objWMIE = GetObject ("winmgmts:\\" & strComputer & "\root\cimv2:Win32_Process")

  objWMIE.Create strProcess, null, null, intID

End Sub
 

Function IsRunning (strProcess)

  Set colP = objWMI.ExecQuery ("Select * From Win32_Process Where Name = '" & strProcess & "'")

  If colP.Count > 0 Then 

    IsRunning = True

  Else

    IsRunning = False

  End If

End Function

Open in new window

0
 

Author Comment

by:Indarnav
Comment Utility
great..it is perfect
0
 
LVL 67

Expert Comment

by:sirbounty
Comment Utility
Glad I could help - thanx for the grade. :^)
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
Welcome, welcome!  If you are new to the series and haven't been following along, please take a brief moment to review the first three installments: Part 1 (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/A_266-VBScri…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now