本文整理汇总了Python中win32process.GetModuleFileNameEx方法的典型用法代码示例。如果您正苦于以下问题:Python win32process.GetModuleFileNameEx方法的具体用法?Python win32process.GetModuleFileNameEx怎么用?Python win32process.GetModuleFileNameEx使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类win32process的用法示例。
在下文中一共展示了win32process.GetModuleFileNameEx方法的5个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: GetProcessIdByName
# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import GetModuleFileNameEx [as 别名]
def GetProcessIdByName(procname):
"""
Try and get pid for a process by name.
"""
ourPid = -1
procname = procname.lower()
try:
ourPid = win32api.GetCurrentProcessId()
except:
pass
pids = win32process.EnumProcesses()
for pid in pids:
if ourPid == pid:
continue
try:
hPid = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, pid)
try:
mids = win32process.EnumProcessModules(hPid)
for mid in mids:
name = str(win32process.GetModuleFileNameEx(hPid, mid))
if name.lower().find(procname) != -1:
return pid
finally:
win32api.CloseHandle(hPid)
except:
pass
return None 示例2: GetProcessNameFromHwnd
# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import GetModuleFileNameEx [as 别名]
def GetProcessNameFromHwnd(self, hwnd):
'''Acquire the process name from the window handle for use in the log filename.
'''
threadpid, procpid = win32process.GetWindowThreadProcessId(hwnd)
# PROCESS_QUERY_INFORMATION (0x0400) or PROCESS_VM_READ (0x0010) or PROCESS_ALL_ACCESS (0x1F0FFF)
mypyproc = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, procpid)
procname = win32process.GetModuleFileNameEx(mypyproc, 0)
return procname 示例3: kill_process
# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import GetModuleFileNameEx [as 别名]
def kill_process(name):
for pid in win32process.EnumProcesses():
# do try not to kill yourself
if pid == win32api.GetCurrentProcessId():
continue
try:
p = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION
| win32con.PROCESS_VM_READ
| win32con.PROCESS_TERMINATE,
False, pid)
except:
continue
if not p:
continue
try:
hl = win32process.EnumProcessModules(p)
except:
win32api.CloseHandle(p)
continue
h = hl[0]
pname = win32process.GetModuleFileNameEx(p, h)
root, pname = os.path.split(pname)
#print name, pname
if compare(name, pname):
#print "KILL", pname
win32api.TerminateProcess(p, 0)
win32api.CloseHandle(p)
return True
win32api.CloseHandle(p)
return False 示例4: EnumMissingModules
# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import GetModuleFileNameEx [as 别名]
def EnumMissingModules():
"""Enumerate all modules which match the patterns MODULE_PATTERNS.
PyInstaller often fails to locate all dlls which are required at
runtime. We import all the client modules here, we simply introdpect
all the modules we have loaded in our current running process, and
all the ones matching the patterns are copied into the client
package.
Yields:
a source file for a linked dll.
"""
module_handle = ctypes.c_ulong()
count = ctypes.c_ulong()
process_handle = ctypes.windll.kernel32.OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, os.getpid())
ctypes.windll.psapi.EnumProcessModules(
process_handle, ctypes.byref(module_handle), ctypes.sizeof(module_handle),
ctypes. byref(count))
# The size of a handle is pointer size (i.e. 64 bit on amd64 and 32 bit on
# i386).
if sys.maxsize > 2 ** 32:
handle_type = ctypes.c_ulonglong
dlls_arch = "x64"
else:
handle_type = ctypes.c_ulong
dlls_arch = "x86"
module_list = (handle_type * (count.value // ctypes.sizeof(handle_type)))()
ctypes.windll.psapi.EnumProcessModulesEx(
process_handle, ctypes.byref(module_list), ctypes.sizeof(module_list),
ctypes.byref(count), 2)
for x in module_list:
module_filename = win32process.GetModuleFileNameEx(process_handle, x).lower()
# PyInstaller is pretty bad in finding all the imported pyd files, and dlls.
if ("winsxs" in module_filename or "site-packages" in module_filename or
module_filename.endswith(".pyd") or "msvc" in module_filename or
"\\dlls" in module_filename):
yield module_filename
else:
print("Skipping %s" % module_filename)
# See issue https://github.com/google/rekall/issues/335
# We need to copy all these DLLs into the target as well.
ucrt_dir = os.path.join(UCRT_DIR, dlls_arch)
for filename in os.listdir(ucrt_dir):
if filename.lower().endswith(".dll"):
yield os.path.join(ucrt_dir, filename) 示例5: check_processes
# 需要导入模块: import win32process [as 别名]
# 或者: from win32process import GetModuleFileNameEx [as 别名]
def check_processes():
pids = win32process.EnumProcesses()
# TODO also check out WMI. It might not be running, but it could help if it is:
# http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
# TODO process explorer can find quite a lot more information than this script. This script has several problems:
# TODO I can't open 64-bit processes for a 32-bit app. I get this error:
# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
# or WriteProcessMemory request was completed.
# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
# TODO should be able to find name (and threads?) for all processes. Not necessarily path.
for pid in sorted(pids):
# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
try:
ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
except:
# print "ERROR: can't connected to PID " + str(pid)
sys.stdout.write("?")
continue
else:
user = "unknown\\unknown"
try:
tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
except:
pass
else:
sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
#source = win32security.GetTokenInformation(tokenh, TokenSource)
if sidObj:
accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
user = domainName + "\\" + accountName
# print "PID %d is running as %s" % (pid, user)
sys.stdout.write(".")
try:
mhs = win32process.EnumProcessModules(ph)
# print mhs
except:
continue
mhs = list(mhs)
exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
weak_perms = check_weak_write_perms(exe, 'file')
# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_exes", weak_perms)
sys.stdout.write("!")
for mh in mhs:
# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
dll = win32process.GetModuleFileNameEx(ph, mh)
weak_perms = check_weak_write_perms(dll, 'file')
# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_dlls", weak_perms)
sys.stdout.write("!")
print