get pid procee running with runAs

[FAT12]

Hi,

I want to get pid process running with the RunAs command:
RunAppUser=WshShell.Run("runas /user:" & user & " " & CHR(34) & applicationName & CHR(34), 2, FALSE)

I can with the exec command:
Set oExec = WshShell.Exec(applicationName)
Wscript.Echo "PID de l'aapli lancée: " & oExec.ProcessID

Thanks for your answers.
Frederic.

 

[EBGreen]

the only way that I can think of to get the PID when you use the Run command is to use WMI to iterate the running processes then look for the one that you started.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[FAT12]

Thank ,
I don't know WMI what is it exactly ?

 

[EBGreen]

WMI = Windows Management Instrumentation:
WMI Documentation

Here is a sample script to demonstrate:

On Error Resume Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_Process",,48)
For Each objItem in colItems
    Wscript.Echo "Caption: " & objItem.Caption
    Wscript.Echo "CommandLine: " & objItem.CommandLine
    Wscript.Echo "CreationClassName: " & objItem.CreationClassName
    Wscript.Echo "CreationDate: " & objItem.CreationDate
    Wscript.Echo "CSCreationClassName: " & objItem.CSCreationClassName
    Wscript.Echo "CSName: " & objItem.CSName
    Wscript.Echo "Description: " & objItem.Description
    Wscript.Echo "ExecutablePath: " & objItem.ExecutablePath
    Wscript.Echo "ExecutionState: " & objItem.ExecutionState
    Wscript.Echo "Handle: " & objItem.Handle
    Wscript.Echo "HandleCount: " & objItem.HandleCount
    Wscript.Echo "InstallDate: " & objItem.InstallDate
    Wscript.Echo "KernelModeTime: " & objItem.KernelModeTime
    Wscript.Echo "MaximumWorkingSetSize: " & objItem.MaximumWorkingSetSize
    Wscript.Echo "MinimumWorkingSetSize: " & objItem.MinimumWorkingSetSize
    Wscript.Echo "Name: " & objItem.Name
    Wscript.Echo "OSCreationClassName: " & objItem.OSCreationClassName
    Wscript.Echo "OSName: " & objItem.OSName
    Wscript.Echo "OtherOperationCount: " & objItem.OtherOperationCount
    Wscript.Echo "OtherTransferCount: " & objItem.OtherTransferCount
    Wscript.Echo "PageFaults: " & objItem.PageFaults
    Wscript.Echo "PageFileUsage: " & objItem.PageFileUsage
    Wscript.Echo "ParentProcessId: " & objItem.ParentProcessId
    Wscript.Echo "PeakPageFileUsage: " & objItem.PeakPageFileUsage
    Wscript.Echo "PeakVirtualSize: " & objItem.PeakVirtualSize
    Wscript.Echo "PeakWorkingSetSize: " & objItem.PeakWorkingSetSize
    Wscript.Echo "Priority: " & objItem.Priority
    Wscript.Echo "PrivatePageCount: " & objItem.PrivatePageCount
    Wscript.Echo "ProcessId: " & objItem.ProcessId
    Wscript.Echo "QuotaNonPagedPoolUsage: " & objItem.QuotaNonPagedPoolUsage
    Wscript.Echo "QuotaPagedPoolUsage: " & objItem.QuotaPagedPoolUsage
    Wscript.Echo "QuotaPeakNonPagedPoolUsage: " & objItem.QuotaPeakNonPagedPoolUsage
    Wscript.Echo "QuotaPeakPagedPoolUsage: " & objItem.QuotaPeakPagedPoolUsage
    Wscript.Echo "ReadOperationCount: " & objItem.ReadOperationCount
    Wscript.Echo "ReadTransferCount: " & objItem.ReadTransferCount
    Wscript.Echo "SessionId: " & objItem.SessionId
    Wscript.Echo "Status: " & objItem.Status
    Wscript.Echo "TerminationDate: " & objItem.TerminationDate
    Wscript.Echo "ThreadCount: " & objItem.ThreadCount
    Wscript.Echo "UserModeTime: " & objItem.UserModeTime
    Wscript.Echo "VirtualSize: " & objItem.VirtualSize
    Wscript.Echo "WindowsVersion: " & objItem.WindowsVersion
    Wscript.Echo "WorkingSetSize: " & objItem.WorkingSetSize
    Wscript.Echo "WriteOperationCount: " & objItem.WriteOperationCount
    Wscript.Echo "WriteTransferCount: " & objItem.WriteTransferCount
Next

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[tsuji]

You can as well use resource kit tlist.exe and capture the stdout to a string. After that, parse it for the pid? This way, you can stay in an approach using tools for a consistent environment, rather than some heterogenous tools in power and sophistication.

 

[EBGreen]

It's true that not every windows install will have WMI present. If your environment is uniform enough that you can be sure that WMI will be available, then I still maintain that WMI is the best solution. If however, you can not be assured of uniformity, then tsuji is correct and parsing the output from tlist.exe should work.

[red]"... isn't sanity really just a one trick pony anyway?! I mean, all you get is one trick, rational thinking, but when you are good and crazy, oooh, oooh, oooh, the sky is the limit!" - The Tick[/red]

 

[PHV]

And why isn't WshShell.Exec an option ?

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ181-2886

 

[tsuji]

That too! (I only saw that it is the min window style which is the only reason not to. Synchronization is false by default, hence not breaching any requirement as .run is running parameter false too.)

 

[FAT12]

Hi,
Thanks for jours answer. but I have not always an solution to resolve my problem...
Is it possible to change user with vb and after to execute the command WshShell.Exec(.... so that the processus will be run with this user ?
Frederic.

 

[tsuji]

What is meant is this.
[tt]
RunAppUser=WshShell.exec("runas /user:" & user & " " & CHR(34) & applicationName & CHR(34))
[/tt]
But, it is true that what you get is not what you think you want. It is pid of runas, not applicationName. This, we failed to point out above.

The whole exercise boils down to the question: for what purpose you want to do with the pid of applicationName running? What the technology you show using, it seems quite pointless to get a pid no matter how good it is to know it.

If you consistently use wmi win32_process class to do the job, you can sure obtain functionality just like a runAs by providing the alternative credential to the create method. And, at the same time, you have firm control of the pid as it would be the out-param of the method. But, you are not familiar with the technology, so I can suppose you are not using it.

So with the pid, what do you want to deal with it?

 

[FAT12]

I just want to kill the process if necessary and to know if the process run.

I tried your code but it doesn't work :

'check number argument

result=RunAppUser2("EU\st09346","calc.exe","nounou")
WScript.Echo "*****" 

'************************************************************
' function running application 
'
'***********************************************************
Function RunAppUser2(byval user,byval applicationName,byval password)
Wscript.Echo "Appel fonction RunApplication"
On Error Resume Next
dim WshShell,FSO

set WshShell = CreateObject("WScript.Shell")

Wscript.Echo "Run As avec Exec Application: " & applicationName

oExec=WshShell.exec("runas /user:" & user & " " & CHR(34) & applicationName & CHR(34))
 
Wscript.Echo "PID de l'aapli lancée: " & oExec.ProcessID
WScript.Echo "fin appel RunAs: " & RunAppUser

I don't known what is the pb, can you help me ?
End Function

 

[tsuji]

Sorry, that was my mistake where I made an intended non-rigorous argument. But the script line should be rigorous! It sure meant this.

[tt] [red]set[/red] RunAppUser=WshShell.exec("runas /user:" & user & " " & CHR(34) & applicationName & CHR(34))[/tt]

Or in your script now, it is this.

[tt] [red]set[/red] oExec=WshShell.exec("runas /user:" & user & " " & CHR(34) & applicationName & CHR(34))
[/tt]

 

[FAT12]

but what is the difference between these lines ?

 

[tsuji]

Your best bet is still use tlist (tlist.exe) outputting to a file or directly to a variable. Then parse it to get the name of the process or pid (processid is _not_ a must). Then issue a kill (kill.exe) with /f if necessary. Run both tlist and kill using runAs with the same credential if necessary. But, to be able to kill a process, you need to have admin right all along.

 

[tsuji]

The difference is what shown in red color.

 

[FAT12]

Ok it works !
but the calc doesn't appear...
maybe because I don't use the password ?

 

[tsuji]

You ought to furnish it one way or the other.

 

[FAT12]

do you arrive to show the calculate ? if yes can you give me your code ?
Thanks.

 

[tsuji]

runas interactive option is needed if you're doing interactive. But then,...why? Check runas syntax documentation.