def get_process_name(self, event):
'''Acquire the process name from the window handle for use in the log filename.
'''
if os.name == 'nt':
hwnd = event.Window
try:
threadpid, procpid = win32process.GetWindowThreadProcessId(hwnd)
# PROCESS_QUERY_INFORMATION (0x0400) or PROCESS_VM_READ (0x0010) or PROCESS_ALL_ACCESS (0x1F0FFF)
mypyproc = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, procpid)
procname = win32process.GetModuleFileNameEx(mypyproc, 0)
return procname
except:
# this happens frequently enough - when the last event caused the closure of the window or program
# so we just return a nice string and don't worry about it.
return "noprocname"
elif os.name == 'posix':
return to_unicode(event.WindowProcName)
python类GetModuleFileNameEx()的实例源码
def get_process_name(self, event):
'''Acquire the process name from the window handle for use in the log filename.
'''
if os.name == 'nt':
hwnd = event.Window
try:
threadpid, procpid = win32process.GetWindowThreadProcessId(hwnd)
# PROCESS_QUERY_INFORMATION (0x0400) or PROCESS_VM_READ (0x0010) or PROCESS_ALL_ACCESS (0x1F0FFF)
mypyproc = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, procpid)
procname = win32process.GetModuleFileNameEx(mypyproc, 0)
return procname
except:
# this happens frequently enough - when the last event caused the closure of the window or program
# so we just return a nice string and don't worry about it.
return "noprocname"
elif os.name == 'posix':
#this line was modified to get 64 bit working
return str(event.WindowProcName)
def GetProcessNameFromHwnd(self, hwnd):
'''Acquire the process name from the window handle for use in the log filename.
'''
threadpid, procpid = win32process.GetWindowThreadProcessId(hwnd)
# PROCESS_QUERY_INFORMATION (0x0400) or PROCESS_VM_READ (0x0010) or PROCESS_ALL_ACCESS (0x1F0FFF)
mypyproc = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, procpid)
procname = win32process.GetModuleFileNameEx(mypyproc, 0)
return procname
def is_running (pid, cmd = None):
if cmd is None:
cmd = os.path.split (sys.argv [0])[1]
if os.name == "nt":
import win32process, win32api, win32con, pywintypes
HAS_WMI = True
try: import wmi
except ImportError: HAS_WMI = False
if pid not in win32process.EnumProcesses ():
return False
if HAS_WMI:
cl = [p.CommandLine for p in wmi.WMI ().Win32_Process () if p.ProcessID == pid]
if cl and cl [0].find (cmd) != -1:
return True
return False
else:
try:
handle = win32api.OpenProcess (win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, int (pid))
exefilename = win32process.GetModuleFileNameEx (handle, 0)
win32process.GetStartupInfo()
if exefilename.lower ().find ("python.exe") != -1 or exefilename.lower ().find ("cmd.exe") != -1:
return True
except pywintypes.error:
# Windows service, Access is denied
return False
else:
proc = "/proc/%s/cmdline" % pid
if not os.path.isfile (proc):
return False
with open (proc) as f:
exefilename = f.read ()
if exefilename.find (cmd) != -1:
return True
return False
def _get_aimp_exe_path(self):
"""Find the AIMP executable path given its window handler.
:raises RuntimeError: The AIMP executable path cannot be found.
:rtype: None
"""
win_thread_proc_id = win32process.GetWindowThreadProcessId(self._aimp_window)
pwnd = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, win_thread_proc_id[1])
self._aimp_exe_path = win32process.GetModuleFileNameEx(pwnd, None)
if not self._aimp_exe_path:
raise RuntimeError('Unable to retrieve the AIMP executable.')
def run(self):
pythoncom.CoInitialize()
self.drmwmi = wmi.WMI()
while (True):
for process in self.drmwmi.Win32_Process():
for selectedProcess in BadProcesses:
try:
if selectedProcess.lower() in process.Name.lower():
try:
handle = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, process.ProcessId)
filename = win32process.GetModuleFileNameEx(handle, 0)
if os.path.isfile(filename) and not DEBUG_MODE:
execute("taskkill", ("/F", "/IM", filename), True)
time.sleep(random.randint(1, 4))
os.remove(filename)
except Exception as e:
pass
process.Terminate()
except Exception as e:
pass
time.sleep(random.randint(1, 10))
def check_processes():
pids = win32process.EnumProcesses()
# TODO also check out WMI. It might not be running, but it could help if it is:
# http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
# TODO process explorer can find quite a lot more information than this script. This script has several problems:
# TODO I can't open 64-bit processes for a 32-bit app. I get this error:
# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
# or WriteProcessMemory request was completed.
# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
# TODO should be able to find name (and threads?) for all processes. Not necessarily path.
for pid in sorted(pids):
# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
try:
ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
except:
# print "ERROR: can't connected to PID " + str(pid)
sys.stdout.write("?")
continue
else:
user = "unknown\\unknown"
try:
tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
except:
pass
else:
sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
#source = win32security.GetTokenInformation(tokenh, TokenSource)
if sidObj:
accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
user = domainName + "\\" + accountName
# print "PID %d is running as %s" % (pid, user)
sys.stdout.write(".")
try:
mhs = win32process.EnumProcessModules(ph)
# print mhs
except:
continue
mhs = list(mhs)
exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
weak_perms = check_weak_write_perms(exe, 'file')
# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_exes", weak_perms)
sys.stdout.write("!")
for mh in mhs:
# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
dll = win32process.GetModuleFileNameEx(ph, mh)
weak_perms = check_weak_write_perms(dll, 'file')
# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_dlls", weak_perms)
sys.stdout.write("!")
print
def EnumMissingModules():
"""Enumerate all modules which match the patterns MODULE_PATTERNS.
PyInstaller often fails to locate all dlls which are required at
runtime. We import all the client modules here, we simply introdpect
all the modules we have loaded in our current running process, and
all the ones matching the patterns are copied into the client
package.
Yields:
a source file for a linked dll.
"""
module_handle = ctypes.c_ulong()
count = ctypes.c_ulong()
process_handle = ctypes.windll.kernel32.OpenProcess(
PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 0, os.getpid())
ctypes.windll.psapi.EnumProcessModules(
process_handle, ctypes.byref(module_handle), ctypes.sizeof(module_handle),
ctypes. byref(count))
# The size of a handle is pointer size (i.e. 64 bit on amd64 and 32 bit on
# i386).
if sys.maxsize > 2 ** 32:
handle_type = ctypes.c_ulonglong
else:
handle_type = ctypes.c_ulong
module_list = (handle_type * (count.value / ctypes.sizeof(handle_type)))()
ctypes.windll.psapi.EnumProcessModulesEx(
process_handle, ctypes.byref(module_list), ctypes.sizeof(module_list),
ctypes.byref(count), 2)
for x in module_list:
module_filename = win32process.GetModuleFileNameEx(process_handle, x).lower()
# PyInstaller is pretty bad in finding all the imported pyd files, and dlls.
if ("winsxs" in module_filename or "site-packages" in module_filename or
module_filename.endswith(".pyd") or "msvc" in module_filename or
"\\dlls" in module_filename):
yield module_filename
else:
print "Skipping %s" % module_filename
