Python win32api.OpenProcess() Examples
The following are 24
code examples of win32api.OpenProcess().
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example.
You may also want to check out all available functions/classes of the module
win32api
, or try the search function
.
.
Example #1
| Source File: windows-privesc-check.py From WHP with Do What The F*ck You Want To Public License | 6 votes |
|
def get_extra_privs(): # Try to give ourselves some extra privs (only works if we're admin): # SeBackupPrivilege - so we can read anything # SeDebugPrivilege - so we can find out about other processes (otherwise OpenProcess will fail for some) # SeSecurityPrivilege - ??? what does this do? # Problem: Vista+ support "Protected" processes, e.g. audiodg.exe. We can't see info about these. # Interesting post on why Protected Process aren't really secure anyway: http://www.alex-ionescu.com/?p=34 th = win32security.OpenProcessToken(win32api.GetCurrentProcess(), win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY) privs = win32security.GetTokenInformation(th, TokenPrivileges) newprivs = [] for privtuple in privs: if privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeBackupPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeDebugPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeSecurityPrivilege"): print "Added privilege " + str(privtuple[0]) # privtuple[1] = 2 # tuples are immutable. WHY?! newprivs.append((privtuple[0], 2)) # SE_PRIVILEGE_ENABLED else: newprivs.append((privtuple[0], privtuple[1])) # Adjust privs privs = tuple(newprivs) str(win32security.AdjustTokenPrivileges(th, False , privs))
Example #2
| Source File: win32-identd.py From code with MIT License | 6 votes |
|
def get_pid_owner(self, fd, pid):
try:
proc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid)
token = win32security.OpenProcessToken(proc, win32con.TOKEN_QUERY)
user_sid, user_attr = win32security.GetTokenInformation(token,
win32security.TokenUser)
user = win32security.LookupAccountSid(None, user_sid)
return user_sid, user[0], user[1]
except win32api.error as e:
self.logEx("error",
"%s failed" % funcname,
("exception", e),
("function", e.funcname),
("error", "[%(winerror)d] %(strerror)s" % e),
None,
("process", pid),)
raise
Example #3
| Source File: windowsprivcheck.py From LHF with GNU General Public License v3.0 | 6 votes |
|
def get_extra_privs(): # Try to give ourselves some extra privs (only works if we're admin): # SeBackupPrivilege - so we can read anything # SeDebugPrivilege - so we can find out about other processes (otherwise OpenProcess will fail for some) # SeSecurityPrivilege - ??? what does this do? # Problem: Vista+ support "Protected" processes, e.g. audiodg.exe. We can't see info about these. # Interesting post on why Protected Process aren't really secure anyway: http://www.alex-ionescu.com/?p=34 th = win32security.OpenProcessToken(win32api.GetCurrentProcess(), win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY) privs = win32security.GetTokenInformation(th, TokenPrivileges) newprivs = [] for privtuple in privs: if privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeBackupPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeDebugPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeSecurityPrivilege"): print "Added privilege " + str(privtuple[0]) # privtuple[1] = 2 # tuples are immutable. WHY?! newprivs.append((privtuple[0], 2)) # SE_PRIVILEGE_ENABLED else: newprivs.append((privtuple[0], privtuple[1])) # Adjust privs privs = tuple(newprivs) str(win32security.AdjustTokenPrivileges(th, False , privs))
Example #4
| Source File: service_wrapper.py From resilient-python-api with MIT License | 6 votes |
|
def SvcDoRun(self):
import servicemanager
servicemanager.LogInfoMsg(self._svc_name_ + " Start Requested")
try:
hJob = win32job.CreateJobObject(None, "")
extended_info = win32job.QueryInformationJobObject(hJob, win32job.JobObjectExtendedLimitInformation)
extended_info['BasicLimitInformation']['LimitFlags'] = win32job.JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE
win32job.SetInformationJobObject(hJob, win32job.JobObjectExtendedLimitInformation, extended_info)
command = "resilient-circuits.exe run " + self._resilient_args_
command_args = shlex.split(command)
self.process_handle = subprocess.Popen(command_args)
# Convert process id to process handle:
perms = win32con.PROCESS_TERMINATE | win32con.PROCESS_SET_QUOTA
hProcess = win32api.OpenProcess(perms, False, self.process_handle.pid)
win32job.AssignProcessToJobObject(hJob, hProcess)
except:
servicemanager.LogErrorMsg(self._svc_name_ + " failed to launch resilient-circuits.exe")
raise
servicemanager.LogInfoMsg(self._svc_name_ + " Started")
while self.isAlive:
if self.process_handle.poll() != None:
self.SvcStop()
win32api.SleepEx(10000, True)
Example #5
| Source File: process.py From peach with Mozilla Public License 2.0 | 6 votes |
|
def closeApp(self, hProcess, title):
"""
Close Application by window title
"""
try:
win32gui.EnumWindows(FileWriterLauncherGui.enumCallback, title)
if hProcess is not None:
win32event.WaitForSingleObject(hProcess, 5 * 1000)
win32api.CloseHandle(hProcess)
for pid in self.genChildProcesses(proc):
try:
handle = win32api.OpenProcess(1, False, pid)
win32process.TerminateProcess(handle, -1)
win32api.CloseHandle(handle)
except:
pass
except:
pass
Example #6
| Source File: process.py From peach with Mozilla Public License 2.0 | 6 votes |
|
def closeApp(self, hProcess, title):
"""
Close Application by window title
"""
try:
win32gui.EnumWindows(FileWriterLauncherGui.enumCallback, title)
if proc is not None:
win32event.WaitForSingleObject(hProcess, 5 * 1000)
win32api.CloseHandle(hProcess)
for pid in self.genChildProcesses(proc):
try:
handle = win32api.OpenProcess(1, False, pid)
win32process.TerminateProcess(handle, -1)
win32api.CloseHandle(handle)
except:
pass
except:
pass
Example #7
| Source File: win_vmmap.py From IDAngr with BSD 2-Clause "Simplified" License | 5 votes |
|
def vmmap(pid, is_64=True):
base = 0
if is_64:
mbi = MEMORY_BASIC_INFORMATION_64()
addr_type = wintypes.LARGE_INTEGER
else:
mbi = MEMORY_BASIC_INFORMATION_32()
addr_type = wintypes.DWORD
proc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, 0, pid)
maps = []
while windll.kernel32.VirtualQueryEx(proc.handle, addr_type(base), ctypes.byref(mbi), ctypes.sizeof(mbi)) > 0:
mapperm = 0
if mbi.Protect & win32con.PAGE_EXECUTE:
mapperm = SEG_PROT_X
elif mbi.Protect & win32con.PAGE_EXECUTE_READ:
mapperm = SEG_PROT_X | SEG_PROT_R
elif mbi.Protect & win32con.PAGE_EXECUTE_READWRITE:
mapperm = SEG_PROT_X | SEG_PROT_R | SEG_PROT_W
elif mbi.Protect & win32con.PAGE_EXECUTE_WRITECOPY:
mapperm = SEG_PROT_X | SEG_PROT_R
elif mbi.Protect & win32con.PAGE_NOACCESS:
mapperm = 0
elif mbi.Protect & win32con.PAGE_READONLY:
mapperm = SEG_PROT_R
elif mbi.Protect & win32con.PAGE_READWRITE:
mapperm = SEG_PROT_R | SEG_PROT_W
elif mbi.Protect & win32con.PAGE_WRITECOPY:
mapperm = SEG_PROT_R
#print hex(mbi.BaseAddress) +"\t"+ hex(mbi.BaseAddress + mbi.RegionSize) +"\t"+ hex(mapperm)
maps.append((mbi.BaseAddress, mbi.BaseAddress + mbi.RegionSize, mapperm, ""))
base += mbi.RegionSize
win32api.CloseHandle(proc)
return maps
Example #8
| Source File: Utils.py From EventGhost with GNU General Public License v2.0 | 5 votes |
|
def KillProcess(pid = None, processName = None, hwnd = None, signal = 0, restart = False):
if pid:
pass
elif processName:
pids = GetPids(processName = processName)
if pids:
pid = pids[0]
else:
return False
elif hwnd:
hwnd = GetBestHwnd(hwnd)
pids = GetPids(hwnd = hwnd)
if pids:
pid = pids[0]
else:
return False
else:
return False
fullPath = GetProcessNameEx(pid = pid, fullPath = True)
try:
proc = OpenProcess(1, 0, pid)
TerminateProcess(proc, signal)
if restart:
eg.plugins.System.Execute(fullPath)
return True
except:
return False
Example #9
| Source File: login.py From code with MIT License | 5 votes |
|
def Popen(*args, **kwargs):
kwargs["creationflags"] = kwargs.get("creationflags", 0)
#kwargs["creationflags"] |= BELOW_NORMAL_PRIORITY_CLASS
proc = subprocess.Popen(*args, **kwargs)
hproc = win32api.OpenProcess(PROCESS_SET_INFORMATION, False, proc.pid)
#time.sleep(10)
#win32process.SetPriorityClass(hproc, NORMAL_PRIORITY_CLASS)
Example #10
| Source File: pykill.py From BitTorrent with GNU General Public License v3.0 | 5 votes |
|
def kill_process(name):
for pid in win32process.EnumProcesses():
# do try not to kill yourself
if pid == win32api.GetCurrentProcessId():
continue
try:
p = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION
| win32con.PROCESS_VM_READ
| win32con.PROCESS_TERMINATE,
False, pid)
except:
continue
if not p:
continue
try:
hl = win32process.EnumProcessModules(p)
except:
win32api.CloseHandle(p)
continue
h = hl[0]
pname = win32process.GetModuleFileNameEx(p, h)
root, pname = os.path.split(pname)
#print name, pname
if compare(name, pname):
#print "KILL", pname
win32api.TerminateProcess(p, 0)
win32api.CloseHandle(p)
return True
win32api.CloseHandle(p)
return False
Example #11
| Source File: tools.py From darkc0de-old-stuff with GNU General Public License v3.0 | 5 votes |
|
def beNice(very_nice=False):
if very_nice:
value = BELOW_NORMAL_PRIORITY_CLASS
else:
value = IDLE_PRIORITY_CLASS
pid = GetCurrentProcessId()
handle = OpenProcess(PROCESS_ALL_ACCESS, True, pid)
SetPriorityClass(handle, value)
Example #12
| Source File: logwriter.py From darkc0de-old-stuff with GNU General Public License v3.0 | 5 votes |
|
def GetProcessNameFromHwnd(self, hwnd): '''Acquire the process name from the window handle for use in the log filename. ''' threadpid, procpid = win32process.GetWindowThreadProcessId(hwnd) # PROCESS_QUERY_INFORMATION (0x0400) or PROCESS_VM_READ (0x0010) or PROCESS_ALL_ACCESS (0x1F0FFF) mypyproc = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, procpid) procname = win32process.GetModuleFileNameEx(mypyproc, 0) return procname
Example #13
| Source File: lockfile.py From python-for-android with Apache License 2.0 | 5 votes |
|
def kill(pid, signal):
try:
OpenProcess(0, 0, pid)
except pywintypes.error, e:
if e.args[0] == ERROR_ACCESS_DENIED:
return
elif e.args[0] == ERROR_INVALID_PARAMETER:
raise OSError(errno.ESRCH, None)
raise
Example #14
| Source File: debugger.py From peach with Mozilla Public License 2.0 | 5 votes |
|
def GetProcessIdByName(procname):
"""
Try and get pid for a process by name.
"""
ourPid = -1
procname = procname.lower()
try:
ourPid = win32api.GetCurrentProcessId()
except:
pass
pids = win32process.EnumProcesses()
for pid in pids:
if ourPid == pid:
continue
try:
hPid = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, pid)
try:
mids = win32process.EnumProcessModules(hPid)
for mid in mids:
name = str(win32process.GetModuleFileNameEx(hPid, mid))
if name.lower().find(procname) != -1:
return pid
finally:
win32api.CloseHandle(hPid)
except:
pass
return None
Example #15
| Source File: lockfile.py From learn_python3_spider with MIT License | 5 votes |
|
def kill(pid, signal):
try:
OpenProcess(0, 0, pid)
except pywintypes.error as e:
if e.args[0] == ERROR_ACCESS_DENIED:
return
elif e.args[0] == ERROR_INVALID_PARAMETER:
raise OSError(errno.ESRCH, None)
raise
else:
raise RuntimeError("OpenProcess is required to fail.")
# For monkeypatching in tests
Example #16
| Source File: guiminer.py From poclbm with GNU General Public License v3.0 | 5 votes |
|
def set_process_affinity(pid, mask):
"""Set the affinity for process to mask."""
flags = win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_SET_INFORMATION
handle = win32api.OpenProcess(flags, 0, pid)
win32process.SetProcessAffinityMask(handle, mask)
Example #17
| Source File: guiminer.py From poclbm with GNU General Public License v3.0 | 5 votes |
|
def get_process_affinity(pid):
"""Return the affinity mask for the specified process."""
flags = win32con.PROCESS_QUERY_INFORMATION
handle = win32api.OpenProcess(flags, 0, pid)
return win32process.GetProcessAffinityMask(handle)[0]
Example #18
| Source File: WindowsServer.py From pycopia with Apache License 2.0 | 5 votes |
|
def kill(self):
handle = win32api.OpenProcess(
win32con.PROCESS_VM_READ | win32con.PROCESS_TERMINATE, pywintypes.FALSE, self.childpid)
win32process.TerminateProcess(handle, 3)
Example #19
| Source File: WindowsServer.py From pycopia with Apache License 2.0 | 5 votes |
|
def _scan_for_self(self):
win32api.Sleep(2000) # sleep to give time for process to be seen in system table.
basename = self.cmdline.split()[0]
pids = win32process.EnumProcesses()
if not pids:
UserLog.warn("WindowsProcess", "no pids", pids)
for pid in pids:
try:
handle = win32api.OpenProcess(
win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ,
pywintypes.FALSE, pid)
except pywintypes.error, err:
UserLog.warn("WindowsProcess", str(err))
continue
try:
modlist = win32process.EnumProcessModules(handle)
except pywintypes.error,err:
UserLog.warn("WindowsProcess",str(err))
continue
Example #20
| Source File: lockfile.py From Safejumper-for-Desktop with GNU General Public License v2.0 | 5 votes |
|
def kill(pid, signal):
try:
OpenProcess(0, 0, pid)
except pywintypes.error as e:
if e.args[0] == ERROR_ACCESS_DENIED:
return
elif e.args[0] == ERROR_INVALID_PARAMETER:
raise OSError(errno.ESRCH, None)
raise
else:
raise RuntimeError("OpenProcess is required to fail.")
# For monkeypatching in tests
Example #21
| Source File: windows-privesc-check.py From WHP with Do What The F*ck You Want To Public License | 5 votes |
|
def check_processes():
pids = win32process.EnumProcesses()
# TODO also check out WMI. It might not be running, but it could help if it is:
# http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
# TODO process explorer can find quite a lot more information than this script. This script has several problems:
# TODO I can't open 64-bit processes for a 32-bit app. I get this error:
# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
# or WriteProcessMemory request was completed.
# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
# TODO should be able to find name (and threads?) for all processes. Not necessarily path.
for pid in sorted(pids):
# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
try:
ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
except:
# print "ERROR: can't connected to PID " + str(pid)
sys.stdout.write("?")
continue
else:
user = "unknown\\unknown"
try:
tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
except:
pass
else:
sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
#source = win32security.GetTokenInformation(tokenh, TokenSource)
if sidObj:
accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
user = domainName + "\\" + accountName
# print "PID %d is running as %s" % (pid, user)
sys.stdout.write(".")
try:
mhs = win32process.EnumProcessModules(ph)
# print mhs
except:
continue
mhs = list(mhs)
exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
weak_perms = check_weak_write_perms(exe, 'file')
# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_exes", weak_perms)
sys.stdout.write("!")
for mh in mhs:
# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
dll = win32process.GetModuleFileNameEx(ph, mh)
weak_perms = check_weak_write_perms(dll, 'file')
# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_dlls", weak_perms)
sys.stdout.write("!")
print
Example #22
| Source File: killProcName.py From ironpython2 with Apache License 2.0 | 5 votes |
|
def killProcName(procname):
# Change suggested by Dan Knierim, who found that this performed a
# "refresh", allowing us to kill processes created since this was run
# for the first time.
try:
win32pdhutil.GetPerformanceAttributes('Process','ID Process',procname)
except:
pass
pids = win32pdhutil.FindPerformanceAttributesByName(procname)
# If _my_ pid in there, remove it!
try:
pids.remove(win32api.GetCurrentProcessId())
except ValueError:
pass
if len(pids)==0:
result = "Can't find %s" % procname
elif len(pids)>1:
result = "Found too many %s's - pids=`%s`" % (procname,pids)
else:
handle = win32api.OpenProcess(win32con.PROCESS_TERMINATE, 0,pids[0])
win32api.TerminateProcess(handle,0)
win32api.CloseHandle(handle)
result = ""
return result
Example #23
| Source File: process.py From peach with Mozilla Public License 2.0 | 4 votes |
|
def callWindows(self):
"""
Launch program to consume file
"""
# Launch via spawn
realArgs = ["cmd.exe", "/c", self.command]
for a in self.args:
realArgs.append(a)
phandle = os.spawnv(os.P_NOWAIT, os.path.join(os.getenv('SystemRoot'), 'system32', 'cmd.exe'), realArgs)
# Give it some time before we KILL!
for i in range(int(self.waitTime / 0.25)):
if win32process.GetExitCodeProcess(phandle) != win32con.STILL_ACTIVE:
# Process exited already
break
time.sleep(0.25)
try:
pid = ctypes.windll.kernel32.GetProcessId(ctypes.c_ulong(phandle))
if pid > 0:
for cid in self.FindChildrenOf(pid):
chandle = win32api.OpenProcess(1, 0, cid)
win32process.TerminateProcess(chandle, 0)
try:
win32api.CloseHandle(chandle)
except:
pass
win32process.TerminateProcess(phandle, 0)
try:
win32api.CloseHandle(phandle)
except:
pass
except:
pass
Example #24
| Source File: windowsprivcheck.py From LHF with GNU General Public License v3.0 | 4 votes |
|
def check_processes():
pids = win32process.EnumProcesses()
# TODO also check out WMI. It might not be running, but it could help if it is:
# http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
# TODO process explorer can find quite a lot more information than this script. This script has several problems:
# TODO I can't open 64-bit processes for a 32-bit app. I get this error:
# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
# or WriteProcessMemory request was completed.
# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
# TODO should be able to find name (and threads?) for all processes. Not necessarily path.
for pid in sorted(pids):
# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
try:
ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
except:
# print "ERROR: can't connected to PID " + str(pid)
sys.stdout.write("?")
continue
else:
user = "unknown\\unknown"
try:
tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
except:
pass
else:
sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
#source = win32security.GetTokenInformation(tokenh, TokenSource)
if sidObj:
accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
user = domainName + "\\" + accountName
# print "PID %d is running as %s" % (pid, user)
sys.stdout.write(".")
try:
mhs = win32process.EnumProcessModules(ph)
# print mhs
except:
continue
mhs = list(mhs)
exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
weak_perms = check_weak_write_perms(exe, 'file')
# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_exes", weak_perms)
sys.stdout.write("!")
for mh in mhs:
# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
dll = win32process.GetModuleFileNameEx(ph, mh)
weak_perms = check_weak_write_perms(dll, 'file')
# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
if weak_perms:
save_issue("WPC016", "weak_perms_dlls", weak_perms)
sys.stdout.write("!")
print
