October 22, 2009


List Windows XP Running Process And ProcessID in VBScript

One of my reason why I hate Windows XP is because it is prone to virus. However, I can't escape from using it because there are instruments which I use that can only communicate with it's own proprietary windows program.

Love it or not, I still need these proprietary programs to run in the windows box on site because they don't have linux version of it nor even going to have it.

Leaving the windows box like that. I believe in some way, it will get infected when some user access the box to grab some data with their infected USB drive or there is virus in the network. It simply happened last two weeks on the site box where this virus prevent me to open the Windows Task Manager to show what process is running in the box.

Thanks to VBScript which allows me to view the running process and investigate.

So, after getting frustated and cursing the virus prone OS for some time, I just open Notepad program and begin writing this script:

' showproc.vbs
' Author: M. Fauzilkamil Zainuddin http://coderstalk.blogspot.com
' October 2009

Option Explicit

Dim oProc, oWMIServ, colProc
Dim strPC, strList
Dim StrSpace

strPC = "."

Set oWMIServ = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strPC & "\root\cimv2")

Set colProc = oWMIServ.ExecQuery("Select * from Win32_Process")

strSpace = string(20," ")
strList = "ProcName" & strSpace & vbTab & "ProcID" & vbCrLf & string(45,"-")

For Each oProc In colProc
strSpace = string(28 - len(oProc.Name)," ")
strList = strList & vbCrLf & oProc.Name & strSpace & vbTab & oProc.ProcessId

WScript.Echo strList

And then, I can see the suspicious process. They can't hide from me anymore. I can even kill the process by simply adding if statement which check for the suspicious process Name or ProcessID in specific and kill it. Here's a snippet to terminate specific ProcessID:

' just add this code below 'WScript.Echo strList'
For Each oProc In colProc
' the 3008 is the ProcessID that I want to kill.
' your process id may be different

If oProc.ProcessID = 3008 Then
End If

That's all for now. Happy coding!!
...Read more

Share This Article:

Bookmark This Article:
Feed Me Digg Technorati del.icio.us Best to Stumbleupon Reddit Blinklist Furl Spurl Yahoo Simpy