Terminate process SILENTLY using VBScript - vbscript

I am simply trying to kill a process using a batch that calls a vbscript, but i need the vbscript to do it silently. Or can this not be done without UAC prompting for privileges?

Used WMIC instead
wmic process where name="wscript.exe" call terminate > nul

You can TASKKILL a process with PID on a remote system, using different user credentials, and TASKLIST to list them.
At a command prompt type taskkill /? or this taskkill on technet. Using PID will prevent terminating a wrong process with the same. For example, a computer with both 2007 and 2010 versions of office installed and only the 2007 version needs terminating.
See tasklist /? or this tasklist on technet.
You can even combine PSEXEC to fill the gap which TASKLIST cannot do remotely.

To run a script or application in the Windows Shell using the ShellExecute method (cf msdn.microsoft.com):
Syntax
.ShellExecute "application", "parameters", "dir", "verb", windowFlag
Key
application The file to execute (required)
parameters Arguments for the executable
dir Working directory
verb The operation to execute (runas/open/edit/print)
windowFlag View mode application window (normal=1, hide=0, ...)
You can try this:
Set denyUAC = CreateObject("Shell.Application")
denyUAC.ShellExecute "cscript", "D:\demo\vbscript.vbs", "", "runas", 0

Related

How to end a file using vbs without starting anything?

So, I'm trying to make a security system using vbs that would terminate a process.
Ex:
If you see "cmd.exe"
Terminate cmd.exe
I have coded everything except for the terminating part. I have searched many places but all they do is first run that file and then terminate it. I want to terminate the existing running "cmd.exe"
I tried running a batch file that terminates all "cmd.exe" processes but it just terminated itself leaving the other "cmd.exe" open.
Powershell is not an option too because it's one of the process I want to terminate.
Regards,
A Viper
Running TaskKill Command with VB Script
TaskKill command can terminate all existing processes whose running in same image name.
For example, if the process you want to be terminated is "cmd.exe", you can use TaskKill as below in your script:
Dim WshShell : Set WshShell = WScript.CreateObject("WScript.Shell")
WshShell.Run "CMD /C TASKKILL /F /IM cmd.exe", 0, False
Above script is executed using Windows Script Host, which is not a process you want to be terminated, so this should work.

WMIC equivalent to the PSEXEC -h switch

I have a batch file which contains a WMIC command to run another batch file on a Windows server.
WMIC /user:<myusername> /password:<mypassword> /node:<server> process call create "D:\mybatchfile.bat"
mybatchfile.bat launches an exe which requires certain parameters to run, which are present in this batch file. However, the exe launches and quits citing insufficient privileges to continue the operation. I have tried to launch WMIC with escalated privileges but I get the same error in the log files.
The same thing works with psexec with the following syntax:
psexec \\<server> -u <myusername> -p <mypassword> -h "D:\mybatchfile.bat"
which launches the exe fine, but we would prefer to run this using native commands. As I understand, the -h switch lets the program be run with the highest privileges.
Does anyone have an explanation of why this is happening? What would be the correct WMIC equivalent to the PSEXEC command that I have used?
Any help would be greatly appreciated!
TL;DR :
powershell -Command "Start-Process cmd -Verb RunAs"
Details :
It sounds like the issue is the shell you're using (aka cmd.exe) doesn't have sufficient privileges. Before a shell has acknowledged the UAC, the integrity level of the shell's process is "medium". Activating an admin's elevated permissions effectively sets the integrity level to "high". Which is exactly what psexec -h is doing.
While cmd.exe was never built to do this for itself, it can call out to other programs which can create processes with elevated integrity levels. Examples include: powershell.exe, wscript.exe, and some COM objects.
Validate Before :
You can verify this case by typing whoami.exe /groups at a command line.
The bottom line states what the current integrity level is, which is default "Medium Mandatory Level". Success requires us to create a process with an integrity level set to "High Mandatory Level". So now, we just need to pick one of the following options:
Option 1 : Powershell
powershell -Command "Start-Process cmd.exe -Verb RunAs"
Option 2: Batch Script
#echo off
setlocal EnableDelayedExpansion
set "zFile=%temp%\sudo.tmp.vbs"
(
echo Set objShell = CreateObject^("Shell.Application"^)
echo objShell.ShellExecute "cmd.exe", "", "", "runas"
) > "!zFile!"
wscript /nologo "!zFile!" >nul 2>&1
erase "!zFile!" >nul 2>&1 || echo ;[e] Failed To Delete Temp File {"!zFile!"}
Option 3: Command Line
echo Set objShell = CreateObject^("Shell.Application"^) > %temp%\sudo.tmp.vbs
echo objShell.ShellExecute "cmd.exe", "", "", "runas" >> %temp%\sudo.tmp.vbs
wscript /nologo %temp%\sudo.tmp.vbs
erase %temp%\sudo.tmp.vbs
Validate After :
Same as before - type whoami /groups at a command prompt and you should now see the integrity level set at "high" (aka "SID=S-1-16-12288").

Kill batch file in such a way that its children are killed too, in Windows

I need to start an exe from a cmd (wrap the exe so I can supply some command-line options). The problem is that just calling the exe from the cmd does not make the wrapping completely transparent: if the .exe hangs, killing the cmd won't kill the exe. I need it to kill the exe too. Can I do that in plain Windows (from XP up), without adding any dependencies?
In Bash you have exec which replaces the shell process with the supplied command. This is handy for writing wrapper scripts, making the wrapping process completely transparent. I know Windows lacks execve() to make this possible, but I'm only interested in the parent-killing-its-children part.
CLARIFICATION: I'm not looking for ways to kill the exe, I am looking for ways to wrap (start) the exe so that killing it using standard ways (eg. Ctrl+C or from task manager) works. For instance, I could create a lnk file (Windows shortcut) and get this behavior, but I want to do it from a script (for one, lnks only work with absolute paths, I can't deploy that).
Thanks.
Taskkill can be used to match certain criteria. By entering Taskkill/? you get the manual and can read up on how to filter using common properties. I assume that all your children share a common portion in their name. You could use taskkill to math the name with wildcards and close all children that matched that name.
EDIT (taken from the comments section):
As IInspectable points out you can kill all child processes using the /T flag.
EDIT starting from a batch you could use START (reference here) to launch the exe parallel to the batch and have your abort in the batch.
Edit i wrote and tested this mini example:
#echo off
echo starting %1
start %1
echo Any key to kill execution
pause >> NUL
taskkill /IM %1 /t
taskkill /F /IM iexplore.exe
/F to force kill.
Which can kill subprocesses
e.g. https://www.windows-commandline.com/taskkill-kill-process/

Run BAT as admin (w/o shortcut)

So, I am trying to create a .bat to taskkill a specific program in Win7.
I am using the command:
taskkill /f /im "LCore.exe"
The .bat needs to be run as admin in order to work it seems so I have created a shortcut to it to run automatically in admin mode as specified in another thread (How to code a BAT file to always run as admin mode?).
However, when using the Microsoft Mouse and Keyboard Center to map one of my additional keys to run the shortcut it automatically runs the target of the shortcut rather than the shortcut itself which doesn't have the admin privileges needed (when selecting to map the shortcut it automatically changes the path to the target, manually setting the path returns a 'not found' error).
So basically I was wondering if there is another way that doesn't involve creating a shortcut to automatically run a .bat with elevated privileges.
#ECHO OFF
OPENFILES>NUL 2>&1
IF "%ERRORLEVEL%"=="0" GOTO :YouAreAdmin
GOTO :GetAdmin
:GetAdmin
ECHO.Set UAC = CreateObject^("Shell.Application"^) > "StartAsAdmin.vbs"
ECHO.UAC.ShellExecute "%~fs0", "", "", "runas", 1 >> "StartAsAdmin.vbs"
StartAsAdmin.vbs
DEL "StartAsAdmin.vbs"
EXIT /B
:OK
REM Your code starts here!
ECHO.
ECHO. If you see this, you have started as admin this bat file.
PAUSE>NUL
EXIT
Sorry, but I am new! :)
So first, OPENFILES command checks if you have runned program as administrator, like any command that needs administrator privileges. If you type >NUL 2>&1 after a command, CMD will hide any message from that command and will redirect error. So if you have troubles running a simple command action like OPENFILES, the only error that you can have is that batch file doesen't have administrator privileges. And if %ErrorLevel% is 0 (you have no errors running that command), it seems that you started application as administrator, so it steps to :OK label. But if %ErrorLevel% is not 0 (there is a problem), it seems that application doesen't have administrator privileges. So it will start automatly as administrator from a temporary VBScript generated by that batch file, then is started, and then deleted.
In Windows 7 you don't need to write additional scripts, because it has built-in "PowerShell" instrument. Try the following :
powershell.exe start-process taskkill.exe -verb runas -argumentlist '/f /im "LCore.exe"'

How to close the parent cmd console window from within the script it's hosting?

I am using the following command in the registry to run a vbscript locally from Windows Explorer's context menu:
cmd /T:1F /K "cscript.exe //nologo "C:\Some Path\Some Folder\MyScript.vbs" "%1""
I am using the /K switch for 2 reasons: to keep the console window open in case of script errors, and to change the back and fore colors of the console (this is actually done with the /T switch, but for some reason that I don't understand, the colors revert to default when the /C switch is used.
My question: how can I close the host console window (attached to the "cmd.exe" process) on normal execution end? WScript.Quit obviously returns to the console prompt. I thought about a WMI query for Win32_Process based on CommandLine, but that doesn't work if the script is invoked multiple times with the same parameter (i.e. file). Is there a way to obtain the top most parent process's id for example, which I can then use to terminate?
I believe you can simply append &&exit to your command string:
cmd /T:1F /K "cscript.exe //nologo "C:\Some Path\Some Folder\MyScript.vbs" "%1"&&exit"
Note that your quoted arguments are not quoted because of the extra enclosing quotes. You might be better off with:
cmd /T:1F /K ^"cscript.exe //nologo "C:\Some Path\Some Folder\MyScript.vbs" "%~1"^&&exit^"
Update
The script engine does not set the exit code upon runtime errors - it leaves that task to the script writer. It does set a positive exit code if there is a syntax error. That is a very unfortunate design.
I think the easiest thing to do is to modify your VBS script to always exit with a negative value upon success: WScript.Quit -1. Then you can conditionally EXIT the console only if the exit code is negative.
cmd /T:1F /K ^"cscript.exe //nologo "C:\Some Path\Some Folder\MyScript.vbs" "%~1"^||if not errorlevel 0 exit^"

Resources