How can I search for an PID for using an explicit handlename?

Question

My goal is to search all Process from every user and search if someone is using an explicit dll that I already know at the start of my script. And when a User is running a Procces in which my Handlename is running I want to kill this process.

I already know under which processname the handle would be running, that would be: msaccess

my Idea was to search for the process of msaccess like this:

$processName = "msaccess.exe"
$handleNamePath = "C:\\Program Files (x86)\\Sage\\Sage 100\\9.0\\Shared\\GEKKO.HPGebote.dll"

$process = Get-WmiObject Win32_Process | Where-Object {$_.Name -eq $processName} | Select-Object -ExpandProperty ProcessId

# Loop through all processes
foreach ($process in (Get-Process)) {
    # Get all handles for the process
    $handles = $process | Select-Object -ExpandProperty Handles

    # Check if any handle matches the search pattern
    foreach ($handle in $handles) {
Write-Output "Found handle $($handle.HandleName) in process $($process.Name)"

        if ($handle.HandleName -like $handleNamePath) {
            Write-Output "Found handle $handleNamePath in process $($process.Id)"
            # Kill the process
            $process.Kill()
        }
    }
}

At the end I want an similiar Output like that in the Ressource Monitor: Example

I tried this too, to loop through every process and look every children through but for some reason my dll path will not be found?

$parentProcesses = Get-Process | Where-Object {$_.ParentProcessId -eq 0} 

foreach ($parentProcess in $parentProcesses) {
    Write-Host "Elternprozess Name: $($parentProcess.ProcessName), ID: $($parentProcess.Id), Path: $($parentProcess.Path)"

    $childProcesses = Get-Process | Where-Object {$_.ParentProcessId -eq $parentProcess.Id}

    foreach ($childProcess in $childProcesses) {
        if ($childProcess.Path -like "C:\\Program Files (x86)\\Sage\\Sage 100\\9.0\\Shared\\GEKKO.HPGebote.dll") {
            Write-Host "    Kindprozess Name: $($childProcess.ProcessName), ID: $($childProcess.Id), Path: $($childProcess.Path)"
        }
    }
}

Here is a look on my Task Manager, the selected Process is my dll and I want it to find:

Example

but thats not working like I want, im quite new to this, has anyone an Idea or an advise for me How I could achieve that?

What error are you getting? You need to run As Admin so make sure you are starting PS by right click PS shortcut and select Run As Admin. — jdweng, Mar 27 '23 at 10:12
I using it as an Administrator and the Error is that the Handle is always empty but without an error code just 0 — BeginnerWPF, Mar 27 '23 at 10:19
Did you try to kill using ID instead of handle? I would change to ID : Select-Object -ExpandProperty Handles — jdweng, Mar 27 '23 at 10:27
when I remove the name from Handle and use just handle then I get a lot of IDs but when I look in the Task manager MSACCESS has an ID which dont even Pop up in the output when I change it to this: Write-Output "Found handle $($handle) in process $($process.Name)" — BeginnerWPF, Mar 27 '23 at 10:30
Try without the where and see if you get the ID. Issue is either the name is wrong or it is running with a different user : Get-WmiObject Win32_Process | Where-Object {$_.Name -eq $processName} | Select-Object -ExpandProperty ProcessId — jdweng, Mar 27 '23 at 10:44
the process msaccess is the PID which should be has my HandleNamePath as Handle included — BeginnerWPF, Mar 27 '23 at 11:17
Its always an underprocess of MSACCES it can only be found in MSACCESS Process — BeginnerWPF, Mar 27 '23 at 11:42
Then why didn't looking up by name work? Try following : Get-WmiObject Win32_Process | foreach { Write-Host "Name = " $_.Name ", ID = " $_.ProcessId} I think you are getting an array and kill a child and not the parent. — jdweng, Mar 27 '23 at 11:50
the problem is not to find the Process names and ID, the problem is to find to which Proccess of MSACCESS belongs handleNamePath, my goal is to kill all Proccess which are using this dll — BeginnerWPF, Mar 27 '23 at 11:58
You need to kill the parent or loop through the processes returned : Get-WmiObject Win32_Process | foreach { Write-Host "Name = " $_.Name ", ID = " $_.ProcessId ", Parent = " $_.ParentProcessId} — jdweng, Mar 27 '23 at 12:15
I think you need to use you original code and get all child items using following : https://stackoverflow.com/questions/70179457/powershell-how-to-get-process-id-of-children-given-only-the-parent-process-id?force_isolation=true — jdweng, Mar 27 '23 at 13:08
but I get an different output then the picture in my Example, In that I can just put in my Handle name and get out the PID of it and like that I want it in my Script — BeginnerWPF, Mar 27 '23 at 13:19
You need to find out why the handle name and the process ID do not match. I can't duplicate the issue. Print out a list of process names, process id, handle names and see if you can figure out why they are not aligning. I suspect the handle is a child process ID, but not sure. — jdweng, Mar 27 '23 at 13:34
but How can I read out the PID from my dll which is running? — BeginnerWPF, Mar 27 '23 at 15:09
You need to get the handle from the application. The handle may not be access name. Access may be another process. You probably have to get the handle in main and then get all children of the handle. — jdweng, Mar 27 '23 at 15:25
I tried it and updatet my question with that I tried but It cant find a single children in every procces that is identical to my dll which the ressource monitor can find — BeginnerWPF, Mar 28 '23 at 08:07
I would work my way up/down from the example output showing the dll by finding the parent ID to get better understanding of the structure of the processes and child processes. I think you may need to use MainWindowHandle : https://learn.microsoft.com/en-us/dotnet/api/system.diagnostics.process.mainwindowhandle?view=net-7.0#system-diagnostics-process-mainwindowhandle then kill the handle for Main Window. — jdweng, Mar 28 '23 at 09:16

How can I search for an PID for using an explicit handlename?

0 Answers0