Jump to content

Recommended Posts

Posted

Introduction to Stopping Processes with WMI

If ever you wish to stop or terminate a Windows process, then this is the page for you. Before you begin killing processes, you may wish to list processes running on a the Windows Server 2003 or XP computer. Task Manager is a great utility to match the names of the programs with their processes, you would not want to inadvertently kill the wrong process!

Scenario - Why you would want to Terminate a Process?

Perhaps you wish to restart a process, if so, then obviously you need to stop the process before you can start it again. Before the WMI script, can stop the program you need to know the precise name of the corresponding program. One way to investigate the names would be to Launch Task Manager, select the Application tab, right click the Task and then choose, Go to Process. Examples of processes that you could terminate include, spoolsv.exe, outlook.exe.

Another reason why you may wish to investigate, then kill processes is if a virus manages to launch itself as a process. Once you spot the impostor, then the next step is to create a WMI script, which terminates that virus \ process.

Example 1 - WMI Script to Terminate a Process on the Local Machine

The purpose of this script is to terminate a process on the local Windows machine. Think of this script as a preliminary script leading the main event in Example 2.

Prerequisites for your WMI Script

Run this script on Windows Server 2003 or XP. Naturally, if the named process does not exist, there is nothing for the script to terminate. Therefore, you need to start the process referenced on line 9, in my example this process (program) is calc.exe. Consider running my StartProcessScript first.

Note the .terminate method does not work with NT 4.0 or Windows 9x machines.

Instructions for Terminating a Process

Copy and paste the example script below into notepad or a VBScript editor.

Save the file with a .vbs extension, for example: ProcessKill.vbs

Double click ProcessKill.vbs and check Task Manger, Application Tab. You may actually wish to start both Calc.exe and Task manager before your run the script.

Option Explicit
Dim objWMIService, objProcess, colProcess
Dim strComputer, strProcessKill
strComputer = "."
strProcessKill = "'calc.exe'"

Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")

Set colProcess = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = " & strProcessKill )
For Each objProcess in colProcess
objProcess.Terminate()
Next
WSCript.Echo "Just killed process " & strProcessKill _
& " on " & strComputer
WScript.Quit

WMI Tutorial - Learning Points

From a WMI perspective

1) This script builds on the basic WMI command in Example 1. The heart of the script is the Win32_Process. Once we have selected the strProcessKill, then we call for the .Terminate method to close the program without issuing any warning to the user.

From a VBScript perspective

2) Study the VBScript syntax used just before the variable strProcessKill:

("Select * from Win32_Process Where Name = " & strProcessKill). For example, see where the speech marks end in relation to the bracket.

3) Although the script only terminates one process, it still has to loop through all the running processes to select the process = strProcessKill. For Each... In... Next handles this scripting structure.

Example 2 - WMI Script to Terminate a Process on a Distant Machine

This script builds on Example 1 and adds the ability to terminate a process on a remote machine.

Prerequisites for your WMI Script

Naturally, if the named process does not exist, there is nothing for the script to terminate. Therefore, you need to start the process referenced on line 9, in my example this process (program) is calc.exe.

Note the .terminate method does not work with NT 4.0 or Windows 9x machines.

Instructions for Terminating a Process

Copy and paste the example script below into notepad or a VBScript editor.

Save the file with a .vbs extension, for example: ProcessKill.vbs

Double click ProcessKill.vbs and check processes in Task Manger, there should be no calc.exe.

Option Explicit
Dim objWMIService, objProcess, colProcess
Dim strComputer, strProcessKill, strInput
strProcessKill = "'calc.exe'"

' Input Box to get name of machine to run the process
Do
strComputer = (InputBox(" ComputerName to Run Script",_
"Computer Name"))
If strComputer <> "" Then
strInput = True
If IsEmpty (sourcePC) Then WScript.Quit
End if
Loop until strInput = True


Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")

Set colProcess = objWMIService.ExecQuery _
("Select * from Win32_Process Where Name = " & strProcessKill )
For Each objProcess in colProcess
objProcess.Terminate()
Next
WSCript.Echo "Just killed process " & strProcessKill _
& " on " & strComputer
WScript.Quit

WMI Tutorial - Learning Points

From a WMI perspective

1) This script builds on the basic WMI command in Example 1. The heart of the script is the Win32_Process. Once we have selected the strProcessKill, then we call for the .Terminate method to close the program without issuing any warning to the user.

From a VBScript perspective

2) Study the VBScript syntax used just before the variable strProcessKill:

("Select * from Win32_Process Where Name = " & strProcessKill). For example, see where the speech marks end in relation to the bracket.

3) Although the script only terminates one process, it still has to loop through all the running processes to select the process = strProcessKill. For Each... In... Next handles this scripting structure.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...