Is it possible to attach the windows debugger in VS2010 to a process from a batch file?
preferably by giving it a process name
Since you presumably already have the process running, you would use vsjitdebugger.exe /p 1234 where 1234 is the PID of the process you want to debug. If you don't know it, you would have to use some other method to figure it out.
If you have the debugging tools for windows available, the tlist.exe utility will yield the process ID for a process name. If that is available, then the following will attach to a given process:
rem Get the process ID
for /f %%f in ('tlist -p %1') do set mypid=%%f
rem attach to it with selected debugger
vsjitDebugger -p %mypid%
Edit If tlist is not available, I think tasklist will work. It's a bit uglier, but the following worked for me (you know ... it works my on my system :) Note too that I edited the command previous example to work in a cmd.exe prompt (I use tcc, which does require as many % signs).
rem Get the process ID
for /f "tokens=2 delims= " %%f in ('tasklist /nh /fi "imagename eq %1"' ) do set mypid=%%f
rem attach to it with selected debugger
vsjitDebugger -p %mypid%
Specifying a /Command switch on devenv.exe 's command-line will make it run a specified command on open. You could specify the Debug.AttachToProcess command. Don't know if you can specify a pid, though, when you execute that command.
Related
I've noticed that my command line didn't start anymore, it just immediately minimized and closed itself upon running. I suspect this is due to a virus or at least some kind of malicious program having been executed. I found the following code inside my registry. It seems legible but my knowledge of batch / the command line is limited. Can anyone tell me what it does?
#mode 20,5 & tasklist /FI "IMAGENAME eq SoundModule.exe" 2>NUL | find /I /N "SoundModule.exe">NUL && exit & if exist "C:\Users\Leon\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" ( start /MIN "" "C:\Users\Leon\AppData\Roaming\Microsoft\SoundModule\SoundModule.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit )
According to this reddit thread, it's a "vmprotected cryptocurrency miner".
You most likely got it if you installed anything you downloaded from the torrent network, for example a popular game released in the past few weeks :^)
The following SO thread contains part of the solution: CMD.exe closes immediately after calling (Win7 64)
The malicious party added an AutoRun directive via registry to the Windows Command Processor (cmd.exe usually), which you need to remove from any of the following locations it's present in:
Computer\HKEY_CURRENT_USER\Software\Microsoft\Command Processor
Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor
What the directive does is to execute SoundModule.exe and then explorer.exe (if not already started).
According to the other reply in this thread, they set %comspec% to run at startup, via Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.
So on startup, it's running %comspec% (instead of the default Windows Explorer), which itself on start first runs SoundModule.exe and then explorer.exe. Not sure why they did it this way, anyone who makes use of cmd.exe was bound to figure it out and spread the word.
There are at least two confirmed VirusTotal records for this file: [1], [2]
I had the same program on my computer, check Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon for the shell value which is most likely "%comspec%" (which makes sense why it was just cmd running on startup since %comspec% is cmd.exe) and change it to "explorer.exe"
Run regedit
Go to HKLM\Software\Microsoft\Command Processor\ or HKEY_CURRENT_USER\Software\Microsoft\Command Processor\ or HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor\
For some reason there was AUTORUN key with "EXIT" inside.
Remove the AutoRun key and cmd will work fine.
Then check Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon for the shell value which is most likely "%comspec%" (which makes sense why it was just cmd running on startup since %comspec% is cmd.exe) and change it to "explorer.exe" as the user above said.
Edit: I also found that it was a cryptocurrency mining virus located at %appdata%\Microsoft\SoundModule or SoundMixer on my case.
You should probably delete this file too.
For reference, I will add that I was able to verify that my issue was the Autorun registry key by using Win-R to bring up the "Run" dialog, and typing cmd /d (which disables any autorun per the windows docs [https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/cmd] . This successfully opened a command prompt window.
Inspecting the registry, my HKEY_CURRENT_USER\Software\Microsoft\Command Processor had Autorun as Type=REG_SZ and Data=if exist. I made a restore point, then renamed that key to AutorunOld ... and then I was able to open a command prompt without issue.
I need to create a windows batch file (*.bat) file that only runs its commands if certain processes (and batch files) are NOT running.
I have looked at a solution that works for processes (*.exe) here:
How to wait for a process to terminate to execute another process in batch file
I want to do something very similar, however, there is one difficulty: Batch files show up as "cmd.exe" in the "TASKLIST" command.
I want to check if a specific bat file is running, for example: "C:\mybatch.bat", and if it is, wait until it is closed.
Checking if a specific bat file mybatch.bat is running could be a tougher task than it could look at first sight.
Looking for a particular window title in tasklist /V as well as testing CommandLine property in wmic process where "name='cmd.exe'" get CommandLine might fail under some imaginable circumstance.
1st. Can you
add title ThisIsDistinguishingString command at beginning of the mybatch.bat and
remove all other title commands from mybatch.bat and
ensure that mybatch.bat does not call another batch script(s) containing a title command?
Then check errorlevel returned from find command as follows:
:testMybatch
tasklist /V /FI "imagename eq cmd.exe" | find "ThisIsDistinguishingString" > nul
if errorlevel 1 (
rem echo mybatch.bat batch not found
) else (
echo mybatch.bat is running %date% %time%
timeout /T 10 /NOBREAK >NUL 2>&1
goto :testMybatch
)
2nd. Otherwise, check if wmic Windows Management Instrumentation command output could help
wmic process where "name='cmd.exe'" get /value
Then you could detect mybatch.bat in its output narrowed to
wmic process where "name='cmd.exe'" get CommandLine, ProcessID
Note that wmic could return some Win32_Process class properties, particularly CommandLine, empty if a particular process was launched under another user account or elevated (run as administrator).
Elevated wmic returns all properties in full.
What you say happens by default.
To test, crate a new .bat file (let's say 1.bat) and put in it
calc
mspaint
Save and run it.
Calculator will start. You will notice that Paitbrush will launch only when you have closed calculator.
There is this application build process that I am trying to automate. For this i wrote a java file, which runs every 24 hours.
A batch file is called from here that runs the application build whenever it is called.
I've run into a small problem, when the build fails due to incomplete or invalid files, a window pops up which tells me to look at the logs.
Since I haven't written the build files, I'm not really sure where this gets created from. I wanted to know if I can close this window while the process runs from the bat file.
It may be possible using taskkill, but you'd have to devise a filter that would ideally only match the process displaying the window and never match any other process. Something like:
taskkill /im program.exe
or maybe:
taskkill /fi "windowtitle eq title*"
You might also want to include the /f flag for forceful termination.
You'd also have to try and make sure that the taskkill command doesn't run too quickly and precede the creation of the popup window. You could try to query for the existence of such a process/window; your best bet here is probably wmic. Maybe:
#echo off
setlocal enabledelayedexpansion
set title=Notepad
set pid=
for /f %%i in ('wmic process where "caption like \"%%!title!%%\"" get processid^| findstr /r [0-9]') do #set pid=%%i
if "!pid!" neq "" taskkill /f /pid !pid!
There's no guarantee this will always work, but it's probably the best you can do.
I'm trying to uninstall a program EXE via batch file and am not having any success.
The uninstall string found in the registry is as follows:
C:\PROGRA~1\Kofax\Capture\ACUnInst.exe /Workstation
C:\PROGRA~1\Kofax\Capture\UNWISE.EXE /U
C:\PROGRA~1\Kofax\Capture\INSTALL.LOG
If I run that from CMD or batch it does nothing.
If I run C:\PROGRA~1\Kofax\Capture\UNWISE.EXE /U from CMD it will open up a dialog box to point to the INSTALL.LOG file and then proceed to uninstall.
At the end, it will ask me to click finish.
I need this to be silent, can you point me in the right direction? This is on XP and 7.
Every program that properly installs itself according to Microsoft's guidelines makes a registry entry in either HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall (for machine installs) or HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall (for user profile installs). Usually, the key for the program will be its GUID, or else the name of the program. Within that key will be an entry called UninstallString. This contains the command to execute to uninstall the program.
If you already know ahead of time what you will be uninstalling, it should be easy enough to just put that in your batch file. It gets tricky when you try to automate that process though. You can use the reg command to get data from the registry, but it returns a lot of text around the actual value of a given key, making it hard to use. You may want to experiment with using VBscript or PowerShell, as they have better options for getting data from the registry into a variable.
This might help you further.....
How to Create a script via batch file that will uninstall a program if it was installed on windows 7 64-bit or 32-bit
I've had the same problem and this is what I came up with.
Before you start using this method though, you might wanna look up the name of the application on WMIC using CMD so..
First you wanna do: WMIC product > C:\Users\"currentuser"\Desktop\allapps.txt
I'd recommend to output the command to an TXT file because it's really confusing to read it in the Cmd prompt, plus is easier to find the data you are looking for.
Now what you wanna do is find the actual name of the app... If you look at the code I put in, the app name says SkypeT because skype has "™" in the end of it and the command prompt can't interpretate that as it is.
After you got the app name, just put in the find in the 4th line and substitute, a few lines which contain my examples with skype...
Also you can probably creat a variable called %APP% and not worry as much, but at it's current it works just fine...
One thing to note! with me the msi /quiet command did not work, the program would not install or uninstall so I used /passive, which lets the users see what's going on.
#Echo off
CD %cd%
:VerInstall
for /f "tokens=12,*" %%a in ('wmic product list system ^| Find /I "SkypeT"') do (
if Errorlevel = 0 (
Echo Skype is installed! )
if Errorlevel = 1 ( Echo Skype is not installed, proceding to the installation!
Ping localhost -n 7 >nul
goto :Reinstall )
)
:Status
tasklist /nh /fi "IMAGENAME eq "APP.exe" | find ":"> nul
if errorlevel = 1 goto :force
goto :Uninstall
:Force
echo We are killing the proccess... Please do not use the application during this process!
Ping localhost -n 7 > nul
taskkill /F /FI "STATUS eq RUNNING" /IM APP* /T
echo The task was killed with success! Uninstalling...
Ping localhost -n 7 > nul
:Uninstall
cls
for /f "tokens=12,*" %%a in ('wmic product list system ^| Find /I "SkypeT"') do (
set %%a=%%a: =%
msiexec.exe /x %%a /passive /norestart
)
:DoWhile
cls
Tasklist /fi "IMAGENAME eq msi*" /fi "STATUS eq RUNNING" | Find ":" >nul
if errorlevel = 1 (
echo Installation in progress
Goto :DoWhile
)
echo Skype is Uninstalled
:Reinstall
msiexec.exe /i SkypeSetup.msi /passive /norestart
:reinstallLoop
Tasklist /fi "IMAGENAME eq msi*" /fi "STATUS eq RUNNING" | Find ":" >nul
if errorlevel = 1 (
echo Installation in progress
goto :reinstallLoop
)
echo Skype is installed
:end
cls
color 0A
Echo Done!
exit
One last thing. I used this as an Invisible EXE task, so the user couldn't interact with the command prompt and eventually close the window (I know, I know, it makes the whole echoes stupid, but it was for testing purposes).for that I used BAT to EXE converter 2.3.1, you can put everything to work on the background and it will work very nicelly. if you want to show progress to users just write START Echo "info" and replace the info with whatever you want, it will open another prompt and show the info you need.
Remember, Wmic commands sometimes take up to 20 seconds to execute since it's querying the conputer's system, so it might look like it's doing nothing at first but it will run! ;)
Good luck :)
We needed a batch file to remove a program and we couldn't use programmatic access to the registry.
For us, we needed to remove a custom MSI with a unique name. This only works for installers that use msi or integrate such that their cached installer is placed in the Package_Cache folder. It also requires a unique, known name for the msi or exe. That said, it is useful for those cases.
dir/s/b/x "c:\programdata\packag~1\your-installer.msi" > removeIt.bat
set /p RemoveIt=< removeIt.bat
echo ^"%RemoveIt%^" /quiet /uninstall > removeIt.bat
removeIt.bat
This works by writing all paths for 'your-installer.msi' to the new file 'removeIt.bat'
It then assigns the first line of that bat file to the variable 'RemoveIt'
Next, it creates a new 'removeIt.bat' that contains the path/name of the .msi to remove along with the needed switches to do so.
Finally, it runs the batch file which executes the command to uninstall the msi. This could be done with an .exe as well.
You will probably want to place the 'removeIt.bat' file into a known writable location, for us that was the temp folder.
Background: I use DOS START command to start MyDaemon:
#echo off
START "MyDaemon" java -cp test.jar MyTest /B
As part of this, I also want to check if MyDaemon is already running. If it is, I don't want to start it again.
The dos command that doesn't suit my requirement is:
tasklist /fi "imagename eq "MyDaemon" > nul
if errorlevel 1 start "MyDaemon" java -cp test.jar MyTest /B
and that's because, in the tasklist, the image name is "java.exe", not "MyDaemon". I am looking for the "application name" as seen in task manager, not the image name.
So how can I perform this check to see if MyDaemon is already running using DOS?
You may try:
tasklist /fi "windowtitle eq MyDaemon"
Type tasklist /? for further details.
No, you only can enumerate processes. If a process has been launched with parameters (like your'), you cannot see them.
I can give you a solution in .NET to get the application name for processes (or the title of the main window), but I don't think dos can do it.