Text only | Text with Images

WinBatch® Technical Support Forum

All Things WinBatch => WinBatch => Topic started by: MrLeadFoot on January 22, 2025, 06:54:34 PM

Title: Get Name of Program or .exe Calling a Compiled WinBatch .exe
Post by: MrLeadFoot on January 22, 2025, 06:54:34 PM
I'm probably reaching here, but is there a function that can detect the program/.exe that called a compiled WinBatch script?
Title: Re: Get Name of Program or .exe Calling a Compiled WinBatch .exe
Post by: snowsnowsnow on January 22, 2025, 11:48:47 PM
This should get you on the right track:

Code Select
#DefineFunction udfGetPPName(obj,pid)
Query = "Select ParentProcessId,Name from Win32_Process Where ProcessId = %pid%"
colProcesses = obj.ExecQuery(Query)
ForEach objProcess In colProcesses
    Return StrCat(pid,",",objProcess.Name,",",objProcess.ParentProcessId)
NEXT
#EndFunction

k32 = DllLoad("kernel32.dll")
mypid = DllCall(k32,long:"GetCurrentProcessId")
objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
FOR I = 1 TO 3
    pp = udfGetPPName(objWMIService,mypid)
    mypid = ItemExtract(3,pp,",")
NEXT
Pause("Results",StrCat("Grandparent PID: ",ItemExtract(1,pp,","),@CRLF,"Grandparent name: ",ItemExtract(2,pp,","),@CRLF,"Great-GrandParent ID: ",mypid))
Text only | Text with Images