当前位置: 首页>>代码示例>>Python>>正文


Python win32process.EnumProcessModules方法代码示例

本文整理汇总了Python中win32process.EnumProcessModules方法的典型用法代码示例。如果您正苦于以下问题:Python win32process.EnumProcessModules方法的具体用法?Python win32process.EnumProcessModules怎么用?Python win32process.EnumProcessModules使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在win32process的用法示例。


在下文中一共展示了win32process.EnumProcessModules方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: _scan_for_self

# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import EnumProcessModules [as 别名]
def _scan_for_self(self):
        win32api.Sleep(2000) # sleep to give time for process to be seen in system table.
        basename = self.cmdline.split()[0]
        pids = win32process.EnumProcesses()
        if not pids:
            UserLog.warn("WindowsProcess", "no pids", pids)
        for pid in pids:
            try:
                handle = win32api.OpenProcess(
                    win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ,
                        pywintypes.FALSE, pid)
            except pywintypes.error, err:
                UserLog.warn("WindowsProcess", str(err))
                continue
            try:
                modlist = win32process.EnumProcessModules(handle)
            except pywintypes.error,err:
                UserLog.warn("WindowsProcess",str(err))
                continue 
开发者ID:kdart,项目名称:pycopia,代码行数:21,代码来源:WindowsServer.py

示例2: GetProcessIdByName

# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import EnumProcessModules [as 别名]
def GetProcessIdByName(procname):
        """
        Try and get pid for a process by name.
        """

        ourPid = -1
        procname = procname.lower()

        try:
            ourPid = win32api.GetCurrentProcessId()

        except:
            pass

        pids = win32process.EnumProcesses()
        for pid in pids:
            if ourPid == pid:
                continue

            try:
                hPid = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, pid)

                try:
                    mids = win32process.EnumProcessModules(hPid)
                    for mid in mids:
                        name = str(win32process.GetModuleFileNameEx(hPid, mid))
                        if name.lower().find(procname) != -1:
                            return pid

                finally:
                    win32api.CloseHandle(hPid)
            except:
                pass

        return None 
开发者ID:MozillaSecurity,项目名称:peach,代码行数:37,代码来源:debugger.py

示例3: kill_process

# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import EnumProcessModules [as 别名]
def kill_process(name):
    
    for pid in win32process.EnumProcesses():
        
        # do try not to kill yourself
        if pid == win32api.GetCurrentProcessId():
            continue
        
        try:
            p = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION
                                     | win32con.PROCESS_VM_READ
                                     | win32con.PROCESS_TERMINATE,
                                     False, pid)
        except:
            continue

        if not p:
            continue
        
        try:
            hl = win32process.EnumProcessModules(p)
        except:
            win32api.CloseHandle(p)
            continue

        h = hl[0]
        pname = win32process.GetModuleFileNameEx(p, h)
        root, pname = os.path.split(pname)
        #print name, pname
        if compare(name, pname):
            #print "KILL", pname
            win32api.TerminateProcess(p, 0)
            win32api.CloseHandle(p)
            return True

        win32api.CloseHandle(p)
    return False 
开发者ID:kenorb-contrib,项目名称:BitTorrent,代码行数:39,代码来源:pykill.py

示例4: check_processes

# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import EnumProcessModules [as 别名]
def check_processes():
	pids = win32process.EnumProcesses()
	# TODO also check out WMI.  It might not be running, but it could help if it is:  
	#      http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
	# TODO process explorer can find quite a lot more information than this script.  This script has several problems:
	# TODO I can't open 64-bit processes for a 32-bit app.  I get this error:
	# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
	#        or WriteProcessMemory request was completed.
	# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
	# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
	# TODO should be able to find name (and threads?) for all processes.  Not necessarily path.

	for pid in sorted(pids):
		# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
		# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
		try:
			ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
		except:
			# print "ERROR: can't connected to PID " + str(pid)
			sys.stdout.write("?")
			continue
		else:
			user = "unknown\\unknown"
			try:
				tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
			except:
				pass
			else:
				sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
				#source = win32security.GetTokenInformation(tokenh, TokenSource)
				if sidObj:
					accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
					# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
					user = domainName + "\\" + accountName

			# print "PID %d is running as %s" % (pid, user)
			sys.stdout.write(".")
			try:
				mhs = win32process.EnumProcessModules(ph)
				# print mhs
			except:
				continue
			
			mhs = list(mhs)
			exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
			weak_perms = check_weak_write_perms(exe, 'file')
			# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
			if weak_perms:
				save_issue("WPC016", "weak_perms_exes", weak_perms)
				sys.stdout.write("!")
				
			for mh in mhs:
				# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
				dll = win32process.GetModuleFileNameEx(ph, mh)
				weak_perms = check_weak_write_perms(dll, 'file')
				# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
				if weak_perms:
					save_issue("WPC016", "weak_perms_dlls", weak_perms)
					sys.stdout.write("!")
	print 
开发者ID:51x,项目名称:WHP,代码行数:62,代码来源:windows-privesc-check.py


注:本文中的win32process.EnumProcessModules方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。