本文整理汇总了Python中winappdbg.System.iter_processes方法的典型用法代码示例。如果您正苦于以下问题:Python System.iter_processes方法的具体用法?Python System.iter_processes怎么用?Python System.iter_processes使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类winappdbg.System
的用法示例。
在下文中一共展示了System.iter_processes方法的3个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_explorer_pid
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import iter_processes [as 别名]
def get_explorer_pid():
# Request debug privileges.
System.request_debug_privileges()
# Scan for running processes.
system = System()
try:
system.scan_processes()
#system.scan_process_filenames()
except WindowsError:
system.scan_processes_fast()
# For each running process...
for process in system.iter_processes():
try:
pid = process.get_pid()
if pid in (0, 4, 8):
continue
if dev:
print "* Process:", process.get_filename(), "Pid:", pid, "Time:", process.get_running_time()
if process.get_filename() == "explorer.exe":
if process.get_running_time() < 300000:
return pid
# Skip processes we don't have permission to access.
except WindowsError, e:
if e.winerror == ERROR_ACCESS_DENIED:
continue
raise
示例2: testRunningProcesses
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import iter_processes [as 别名]
def testRunningProcesses(self):
validator = MemoryValidatorClass()
validator.Initialize("c:\\mem\\user\\")
CounterMonitor.Start()
System.request_debug_privileges()
with UpdateCounterForScope("main"):
system = System()
system.scan_processes()
totalProcesses = system.get_process_count()
for processIndex, process in enumerate(system.iter_processes()):
fileName = getattr(process, "fileName")
pid = getattr(process, "dwProcessId")
if not fileName or not pid:
continue
validator.ImageName = fileName
logging.info("---------------------------------------------")
validator.Message = "[{}] fileName:{} pid:{}".format(processIndex, fileName, pid)
logging.info(validator.Message)
if not any(s in fileName for s in self.PROCESS_TO_SCAN):
continue
print "------process {}/{} {}-------".format(processIndex, totalProcesses, fileName)
with validator.ExceptionHandler("Failed comparing {0}".format(fileName)):
process.scan_modules()
mods = {}
for module in process.iter_modules():
baseDllName = ntpath.basename(module.get_filename().lower())
mod = {
"BaseDllName": baseDllName,
"FullDllName": module.get_filename().lower(),
"StartAddr": module.get_base(),
"EndAddr": module.get_base() + module.get_size(),
"SizeOfImage": module.get_size(),
}
if not mods.get(baseDllName):
mods[baseDllName] = []
mods[baseDllName].append(mod)
validator.BuildLoadedModuleAddressesFromWinAppDbg(mods)
totalMods = len(mods)
for modIndex, modList in enumerate(mods.itervalues()):
print "module {}/{} {}".format(modIndex, totalMods, modList[0]["BaseDllName"])
for modIndex, mod in enumerate(modList):
validator.InitializeModuleInfoFromWinAppDbg(mod)
with validator.ExceptionHandler("failed comparing {0}".format(mod)):
memoryData = process.read(validator.DllBase, validator.SizeOfImage)
if not memoryData:
validator.Warn("failed to read memory data")
continue
validator.CompareExe(memoryData, validator.FullDllPath)
CounterMonitor.Stop()
validator.DumpFinalStats()
示例3: System
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import iter_processes [as 别名]
table.addRow( *header )
table.addRow( *separator )
# Request debug privileges.
System.request_debug_privileges()
# Scan for running processes.
system = System()
try:
system.scan_processes()
#system.scan_process_filenames()
except WindowsError:
system.scan_processes_fast()
# For each running process...
for process in system.iter_processes():
try:
# Get the process ID.
pid = process.get_pid()
# Skip "special" process IDs.
if pid in (0, 4, 8):
continue
# Skip 64 bit processes.
if process.get_bits() != 32:
continue
# Get the DEP policy flags.
flags, permanent = process.get_dep_policy()