本文整理匯總了Python中win32process.GetModuleFileNameEx方法的典型用法代碼示例。如果您正苦於以下問題:Python win32process.GetModuleFileNameEx方法的具體用法?Python win32process.GetModuleFileNameEx怎麽用?Python win32process.GetModuleFileNameEx使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類win32process的用法示例。
在下文中一共展示了win32process.GetModuleFileNameEx方法的5個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: GetProcessIdByName
# 需要導入模塊: import win32process [as 別名]
# 或者: from win32process import GetModuleFileNameEx [as 別名]
def GetProcessIdByName(procname):
"""
Try and get pid for a process by name.
"""
ourPid = -1
procname = procname.lower()
try:
ourPid = win32api.GetCurrentProcessId()
except:
pass
pids = win32process.EnumProcesses()
for pid in pids:
if ourPid == pid:
continue
try:
hPid = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, pid)
try:
mids = win32process.EnumProcessModules(hPid)
for mid in mids:
name = str(win32process.GetModuleFileNameEx(hPid, mid))
if name.lower().find(procname) != -1:
return pid
finally:
win32api.CloseHandle(hPid)
except:
pass
return None 示例2: GetProcessNameFromHwnd
# 需要導入模塊: import win32process [as 別名]
# 或者: from win32process import GetModuleFileNameEx [as 別名]
def GetProcessNameFromHwnd(self, hwnd):
'''Acquire the process name from the window handle for use in the log filename.
'''
threadpid, procpid = win32process.GetWindowThreadProcessId(hwnd)
# PROCESS_QUERY_INFORMATION (0x0400) or PROCESS_VM_READ (0x0010) or PROCESS_ALL_ACCESS (0x1F0FFF)
mypyproc = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, procpid)
procname = win32process.GetModuleFileNameEx(mypyproc, 0)
return procname 示例3: kill_process
# 需要導入模塊: import win32process [as 別名]
# 或者: from win32process import GetModuleFileNameEx [as 別名]
def kill_process(name):
for pid in win32process.EnumProcesses():
# do try not to kill yourself
if pid == win32api.GetCurrentProcessId():
continue
try:
p = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION
| win32con.PROCESS_VM_READ
| win32con.PROCESS_TERMINATE,
False, pid)
except:
continue
if not p:
continue
try:
hl = win32process.EnumProcessModules(p)
except:
win32api.CloseHandle(p)
continue
h = hl[0]
pname = win32process.GetModuleFileNameEx(p, h)
root, pname = os.path.split(pname)
#print name, pname
if compare(name, pname):
#print "KILL", pname
win32api.TerminateProcess(p, 0)
win32api.CloseHandle(p)
return True
win32api.CloseHandle(p)
return False 示例4: EnumMissingModules
# 需要導入模塊: import win32process [as 別名]
# 或者: from win32process import GetModuleFileNameEx [as 別名]
def EnumMissingModules():
"""Enumerate all modules which match the patterns MODULE_PATTERNS.
PyInstaller often fails to locate all dlls which are required at
runtime. We import all the client modules here, we simply introdpect
all the modules we have loaded in our current running process, and
all the ones matching the patterns are copied into the client
package.
Yields:
a source file for a linked dll.
"""
module_handle = ctypes.c_ulong()
count = ctypes.c_ulong()
process_handle = ctypes.windll.kernel32.OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, os.getpid())
ctypes.windll.psapi.EnumProcessModules(
process_handle, ctypes.byref(module_handle), ctypes.sizeof(module_handle),
ctypes. byref(count))
# The size of a handle is pointer size (i.e. 64 bit on amd64 and 32 bit on
# i386).
if sys.maxsize > 2 ** 32:
handle_type = ctypes.c_ulonglong
dlls_arch = "x64"
else:
handle_type = ctypes.c_ulong
dlls_arch = "x86"
module_list = (handle_type * (count.value // ctypes.sizeof(handle_type)))()
ctypes.windll.psapi.EnumProcessModulesEx(
process_handle, ctypes.byref(module_list), ctypes.sizeof(module_list),
ctypes.byref(count), 2)
for x in module_list:
module_filename = win32process.GetModuleFileNameEx(process_handle, x).lower()
# PyInstaller is pretty bad in finding all the imported pyd files, and dlls.
if ("winsxs" in module_filename or "site-packages" in module_filename or
module_filename.endswith(".pyd") or "msvc" in module_filename or
"\\dlls" in module_filename):
yield module_filename
else:
print("Skipping %s" % module_filename)
# See issue https://github.com/google/rekall/issues/335
# We need to copy all these DLLs into the target as well.
ucrt_dir = os.path.join(UCRT_DIR, dlls_arch)
for filename in os.listdir(ucrt_dir):
if filename.lower().endswith(".dll"):
yield os.path.join(ucrt_dir, filename) 示例5: check_processes
# 需要導入模塊: import win32process [as 別名]
# 或者: from win32process import GetModuleFileNameEx [as 別名]
def check_processes():
pids = win32process.EnumProcesses()
# TODO also check out WMI. It might not be running, but it could help if it is:
# http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
# TODO process explorer can find quite a lot more information than this script. This script has several problems:
# TODO I can't open 64-bit processes for a 32-bit app. I get this error:
# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
# or WriteProcessMemory request was completed.
# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
# TODO should be able to find name (and threads?) for all processes. Not necessarily path.
for pid in sorted(pids):
# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
try:
ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
except:
# print "ERROR: can't connected to PID " + str(pid)
sys.stdout.write("?")
continue
else:
user = "unknown\\unknown"
try:
tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
except:
pass
else:
sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
#source = win32security.GetTokenInformation(tokenh, TokenSource)
if sidObj:
accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
user = domainName + "\\" + accountName
# print "PID %d is running as %s" % (pid, user)
sys.stdout.write(".")
try:
mhs = win32process.EnumProcessModules(ph)
# print mhs
except:
continue
mhs = list(mhs)
exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
weak_perms = check_weak_write_perms(exe, 'file')
# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_exes", weak_perms)
sys.stdout.write("!")
for mh in mhs:
# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
dll = win32process.GetModuleFileNameEx(ph, mh)
weak_perms = check_weak_write_perms(dll, 'file')
# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_dlls", weak_perms)
sys.stdout.write("!")
print