本文整理汇总了Python中winappdbg.System.scan_processes_fast方法的典型用法代码示例。如果您正苦于以下问题:Python System.scan_processes_fast方法的具体用法?Python System.scan_processes_fast怎么用?Python System.scan_processes_fast使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类winappdbg.System的用法示例。
在下文中一共展示了System.scan_processes_fast方法的6个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: get_explorer_pid
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import scan_processes_fast [as 别名]
def get_explorer_pid():
# Request debug privileges.
System.request_debug_privileges()
# Scan for running processes.
system = System()
try:
system.scan_processes()
#system.scan_process_filenames()
except WindowsError:
system.scan_processes_fast()
# For each running process...
for process in system.iter_processes():
try:
pid = process.get_pid()
if pid in (0, 4, 8):
continue
if dev:
print "* Process:", process.get_filename(), "Pid:", pid, "Time:", process.get_running_time()
if process.get_filename() == "explorer.exe":
if process.get_running_time() < 300000:
return pid
# Skip processes we don't have permission to access.
except WindowsError, e:
if e.winerror == ERROR_ACCESS_DENIED:
continue
raise示例2: show
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import scan_processes_fast [as 别名]
def show(search = None, wide = True):
'show a table with the list of services'
# Take a snapshot of the running processes.
s = System()
s.request_debug_privileges()
try:
s.scan_processes()
s.scan_process_filenames()
except WindowsError:
s.scan_processes_fast()
pid_list = s.get_process_ids()
pid_list.sort()
if not pid_list:
print "Unknown error enumerating processes!"
return
# Get the filename of each process.
filenames = dict()
for pid in pid_list:
p = s.get_process(pid)
# Special process IDs.
# PID 0: System Idle Process. Also has a special meaning to the
# toolhelp APIs (current process).
# PID 4: System Integrity Group. See this forum post for more info:
# http://tinyurl.com/ycza8jo
# (points to social.technet.microsoft.com)
# Only on XP and above
# PID 8: System (?) only in Windows 2000 and below AFAIK.
# It's probably the same as PID 4 in XP and above.
if pid in (0, 4, 8):
fileName = ""
# Get the filename for all other processes.
else:
fileName = p.get_filename()
if fileName:
fileName = PathOperations.pathname_to_filename(fileName)
else:
fileName = ""
# Remember the filename.
filenames[pid] = fileName
# Make the search string lowercase if given.
if search is not None:
search = search.lower()
# Get the list of services.
try:
services = System.get_services()
except WindowsError, e:
print str(e)
return示例3: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import scan_processes_fast [as 别名]
def main(argv):
# Print the banner.
print "SelectMyParent: Start a program with a selected parent process"
print "by Mario Vilas (mvilas at gmail.com)"
print "based on a Didier Stevens tool (https://DidierStevens.com)"
print
# Check the command line arguments.
if len(argv) < 3:
script = os.path.basename(argv[0])
print " %s <pid> <process.exe> [arguments]" % script
return
# Request debug privileges.
system = System()
system.request_debug_privileges()
# Parse the parent process argument.
try:
dwParentProcessId = HexInput.integer(argv[1])
except ValueError:
dwParentProcessId = None
if dwParentProcessId is not None:
dwMyProcessId = win32.GetProcessId( win32.GetCurrentProcess() )
if dwParentProcessId != dwMyProcessId:
system.scan_processes_fast()
if not system.has_process(dwParentProcessId):
print "Can't find process ID %d" % dwParentProcessId
return
else:
system.scan_processes()
process_list = system.find_processes_by_filename(argv[1])
if not process_list:
print "Can't find process %r" % argv[1]
return
if len(process_list) > 1:
print "Too many processes found:"
for process, name in process_list:
print "\t%d:\t%s" % (process.get_pid(), name)
return
dwParentProcessId = process_list[0][0].get_pid()
# Parse the target process argument.
filename = argv[2]
if not os.path.exists(filename):
try:
filename = win32.SearchPath(None, filename, '.exe')[0]
except WindowsError, e:
print "Error searching for %s: %s" % (filename, str(e))
return
argv = list(argv)
argv[2] = filename示例4: find_hook_pid
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import scan_processes_fast [as 别名]
def find_hook_pid( procname ):
global gpid
global xp
global oldpid
s = System()
s.request_debug_privileges()
try:
s.scan_processes()
s.scan_process_filenames()
except WindowsError:
s.scan_processes_fast()
pid_list = s.get_process_ids()
pid_list.sort(reverse=True)
if not pid_list:
print "Unknown error enumerating processes!"
# s = raw_input()
sys.exit(1)
for pid in pid_list:
p = s.get_process(pid)
fileName = p.get_filename()
fname = str(fileName).lower()
if dev:
print "Process:", fname, "Pid:", pid
if fname.find(procname) >= 0:
if int(pid) != int(gpid):
oldpid = gpid
gpid = pid
if procname.find("svchost.exe") >= 0:
gpid = int(get_svchost_pid())
return gpid
elif procname.find("explorer.exe") >= 0:
gpid = int(get_explorer_pid())
return gpid
else:
return pid
return 0示例5: len
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import scan_processes_fast [as 别名]
header = ( " PID ", "DEP ", "DEP-ATL ", "Permanent ", "Filename " )
separator = [ " " * len(x) for x in header ]
table = Table()
table.addRow( *header )
table.addRow( *separator )
# Request debug privileges.
System.request_debug_privileges()
# Scan for running processes.
system = System()
try:
system.scan_processes()
#system.scan_process_filenames()
except WindowsError:
system.scan_processes_fast()
# For each running process...
for process in system.iter_processes():
try:
# Get the process ID.
pid = process.get_pid()
# Skip "special" process IDs.
if pid in (0, 4, 8):
continue
# Skip 64 bit processes.
if process.get_bits() != 32:
continue示例6: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import scan_processes_fast [as 别名]
def main(argv):
'Main function.'
# Print the banner.
print "Process enumerator"
print "by Mario Vilas (mvilas at gmail.com)"
print
# Parse the command line options.
(options, argv) = parse_cmdline(argv)
showFilenameOnly = not options.full_path
searchString = options.search
# Windows filenames are case insensitive.
if searchString:
searchString = searchString.lower()
# Take a snapshot of the running processes.
s = System()
s.request_debug_privileges()
try:
s.scan_processes()
if not showFilenameOnly:
s.scan_process_filenames()
except WindowsError:
s.scan_processes_fast()
pid_list = s.get_process_ids()
pid_list.sort()
if not pid_list:
print "Unknown error enumerating processes!"
return
# Get the filename of each process.
filenames = dict()
for pid in pid_list:
p = s.get_process(pid)
fileName = p.get_filename()
# Special process IDs.
# PID 0: System Idle Process. Also has a special meaning to the
# toolhelp APIs (current process).
# PID 4: System Integrity Group. See this forum post for more info:
# http://tinyurl.com/ycza8jo
# (points to social.technet.microsoft.com)
# Only on XP and above
# PID 8: System (?) only in Windows 2000 and below AFAIK.
# It's probably the same as PID 4 in XP and above.
if pid == 0:
fileName = "[System Idle Process]"
elif pid == 4:
fileName = "[System Integrity Group]"
elif pid == 8:
fileName = "[System]"
# Filename not available.
elif not fileName:
fileName = ""
# Get the process pathname instead, if requested.
elif showFilenameOnly:
fileName = PathOperations.pathname_to_filename(fileName)
# Filter the output with the search string.
if searchString and searchString not in fileName.lower():
continue
# Remember the filename.
filenames[pid] = fileName
# Get the window captions if requested.
# TODO: show window handles too if possible
captions = dict()
if options.windows:
for w in s.get_windows():
try:
pid = w.get_pid()
text = w.get_text()
except WindowsError:
continue
try:
captions[pid].add(text)
except KeyError:
capset = set()
capset.add(text)
captions[pid] = capset
# Get the services if requested.
services = dict()
if options.services:
try:
for descriptor in s.get_services():
try:
services[descriptor.ProcessId].add(descriptor.ServiceName)
except KeyError:
srvset = set()
srvset.add(descriptor.ServiceName)
services[descriptor.ProcessId] = srvset
except WindowsError, e:
print "Error getting the list of services: %s" % str(e)
return