本文整理汇总了Python中winappdbg.System.has_process方法的典型用法代码示例。如果您正苦于以下问题:Python System.has_process方法的具体用法?Python System.has_process怎么用?Python System.has_process使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类winappdbg.System
的用法示例。
在下文中一共展示了System.has_process方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import has_process [as 别名]
def main(argv):
# Print the banner.
print "SelectMyParent: Start a program with a selected parent process"
print "by Mario Vilas (mvilas at gmail.com)"
print "based on a Didier Stevens tool (https://DidierStevens.com)"
print
# Check the command line arguments.
if len(argv) < 3:
script = os.path.basename(argv[0])
print " %s <pid> <process.exe> [arguments]" % script
return
# Request debug privileges.
system = System()
system.request_debug_privileges()
# Parse the parent process argument.
try:
dwParentProcessId = HexInput.integer(argv[1])
except ValueError:
dwParentProcessId = None
if dwParentProcessId is not None:
dwMyProcessId = win32.GetProcessId( win32.GetCurrentProcess() )
if dwParentProcessId != dwMyProcessId:
system.scan_processes_fast()
if not system.has_process(dwParentProcessId):
print "Can't find process ID %d" % dwParentProcessId
return
else:
system.scan_processes()
process_list = system.find_processes_by_filename(argv[1])
if not process_list:
print "Can't find process %r" % argv[1]
return
if len(process_list) > 1:
print "Too many processes found:"
for process, name in process_list:
print "\t%d:\t%s" % (process.get_pid(), name)
return
dwParentProcessId = process_list[0][0].get_pid()
# Parse the target process argument.
filename = argv[2]
if not os.path.exists(filename):
try:
filename = win32.SearchPath(None, filename, '.exe')[0]
except WindowsError, e:
print "Error searching for %s: %s" % (filename, str(e))
return
argv = list(argv)
argv[2] = filename
示例2: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import has_process [as 别名]
def main(argv):
script = os.path.basename(argv[0])
params = argv[1:]
print "Process killer"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(params) == 0 or '-h' in params or '--help' in params or \
'/?' in params:
print "Usage:"
print " %s <process ID or name> [process ID or name...]"
print
print "If a process name is given instead of an ID all matching processes are killed."
exit()
# Scan for active processes.
# This is needed both to translate names to IDs, and to validate the user-supplied IDs.
s = System()
s.request_debug_privileges()
s.scan_processes()
# Parse the command line.
# Each ID is validated against the list of active processes.
# Each name is translated to an ID.
# On error, the program stops before killing any process at all.
targets = set()
for token in params:
try:
pid = HexInput.integer(token)
except ValueError:
pid = None
if pid is None:
matched = s.find_processes_by_filename(token)
if not matched:
print "Error: process not found: %s" % token
exit()
for (process, name) in matched:
targets.add(process.get_pid())
else:
if not s.has_process(pid):
print "Error: process not found: 0x%x (%d)" % (pid, pid)
exit()
targets.add(pid)
targets = list(targets)
targets.sort()
count = 0
# Try to terminate the processes using the TerminateProcess() API.
next_targets = list()
for pid in targets:
next_targets.append(pid)
try:
# Note we don't really need to call open_handle and close_handle,
# but it's good to know exactly which API call it was that failed.
process = Process(pid)
process.open_handle()
try:
process.kill(-1)
next_targets.pop()
count += 1
print "Terminated process %d" % pid
try:
process.close_handle()
except WindowsError, e:
print "Warning: call to CloseHandle() failed: %s" % str(e)
except WindowsError, e:
print "Warning: call to TerminateProcess() failed: %s" % str(e)
except WindowsError, e:
print "Warning: call to OpenProcess() failed: %s" % str(e)
示例3: parse_cmdline
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import has_process [as 别名]
#.........这里部分代码省略.........
help="Create a new console process [default]")
parser.add_option_group(commands)
# Tracing options
tracing = optparse.OptionGroup(parser, "Tracing options")
tracing.add_option("--trace", action="store_const", const="trace",
dest="mode",
help="Set the single step mode [default]")
if System.arch == win32.ARCH_I386:
tracing.add_option("--branch", action="store_const", const="branch",
dest="mode",
help="Set the step-on-branch mode (doesn't work on virtual machines)")
tracing.add_option("--syscall", action="store_const", const="syscall",
dest="mode",
help="Set the syscall trap mode")
## tracing.add_options("--module", action="append", metavar="MODULES",
## dest="modules",
## help="only trace into these modules (comma-separated)")
## debugging.add_option("--from-start", action="store_true",
## help="start tracing when the process is created [default]")
## debugging.add_option("--from-entry", action="store_true",
## help="start tracing when the entry point is reached")
parser.add_option_group(tracing)
# Debugging options
debugging = optparse.OptionGroup(parser, "Debugging options")
debugging.add_option("--autodetach", action="store_true",
help="automatically detach from debugees on exit [default]")
debugging.add_option("--follow", action="store_true",
help="automatically attach to child processes [default]")
debugging.add_option("--trusted", action="store_false", dest="hostile",
help="treat debugees as trusted code [default]")
debugging.add_option("--dont-autodetach", action="store_false",
dest="autodetach",
help="don't automatically detach from debugees on exit")
debugging.add_option("--dont-follow", action="store_false",
dest="follow",
help="don't automatically attach to child processes")
debugging.add_option("--hostile", action="store_true",
help="treat debugees as hostile code")
parser.add_option_group(debugging)
# Defaults
parser.set_defaults(
autodetach = True,
follow = True,
hostile = False,
windowed = list(),
console = list(),
attach = list(),
## modules = list(),
mode = "trace",
)
# Parse and validate the command line options
if len(argv) == 1:
argv = argv + [ '--help' ]
(options, args) = parser.parse_args(argv)
args = args[1:]
if not options.windowed and not options.console and not options.attach:
if not args:
parser.error("missing target application(s)")
options.console = [ args ]
else:
if args:
parser.error("don't know what to do with extra parameters: %s" % args)
# Get the list of attach targets
system = System()
system.request_debug_privileges()
system.scan_processes()
attach_targets = list()
for token in options.attach:
try:
dwProcessId = HexInput.integer(token)
except ValueError:
dwProcessId = None
if dwProcessId is not None:
if not system.has_process(dwProcessId):
parser.error("can't find process %d" % dwProcessId)
try:
process = Process(dwProcessId)
process.open_handle()
process.close_handle()
except WindowsError, e:
parser.error("can't open process %d: %s" % (dwProcessId, e))
attach_targets.append(dwProcessId)
else:
matched = system.find_processes_by_filename(token)
if not matched:
parser.error("can't find process %s" % token)
for process, name in matched:
dwProcessId = process.get_pid()
try:
process = Process(dwProcessId)
process.open_handle()
process.close_handle()
except WindowsError, e:
parser.error("can't open process %d: %s" % (dwProcessId, e))
attach_targets.append( process.get_pid() )
示例4: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import has_process [as 别名]
def main():
print "Process memory map"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) < 2 or "-h" in sys.argv or "--help" in sys.argv:
script = os.path.basename(sys.argv[0])
print "Usage:"
print " %s <pid>..." % script
print " %s <process.exe>..." % script
return
s = System()
s.request_debug_privileges()
s.scan_processes()
targets = set()
for token in sys.argv[1:]:
try:
pid = HexInput.integer(token)
if not s.has_process(pid):
print "Process not found: %s" % token
return
targets.add(pid)
except ValueError:
pl = s.find_processes_by_filename(token)
if not pl:
print "Process not found: %s" % token
return
for p, n in pl:
pid = p.get_pid()
targets.add(pid)
targets = list(targets)
targets.sort()
for pid in targets:
process = Process(pid)
fileName = process.get_filename()
memoryMap = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames()
if fileName:
print "Memory map for %d (%s):" % (pid, fileName)
else:
print "Memory map for %d:" % pid
print
## print CrashDump.dump_memory_map(memoryMap),
print CrashDump.dump_memory_map(memoryMap, mappedFilenames)
readable = 0
writeable = 0
executable = 0
private = 0
mapped = 0
image = 0
total = 0
for mbi in memoryMap:
size = mbi.RegionSize
if not mbi.is_free():
total += size
if mbi.is_readable():
readable += size
if mbi.is_writeable():
writeable += size
if mbi.is_executable():
executable += size
if mbi.is_private():
private += size
if mbi.is_mapped():
mapped += size
if mbi.is_image():
image += size
width = len(number(total))
print (" %%%ds bytes of readable memory" % width) % number(readable)
print (" %%%ds bytes of writeable memory" % width) % number(writeable)
print (" %%%ds bytes of executable memory" % width) % number(executable)
print (" %%%ds bytes of private memory" % width) % number(private)
print (" %%%ds bytes of mapped memory" % width) % number(mapped)
print (" %%%ds bytes of image memory" % width) % number(image)
print (" %%%ds bytes of total memory" % width) % number(total)
print