Python win32api.OpenProcess() Examples

The following are 24 code examples for showing how to use win32api.OpenProcess(). These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example.

You may check out the related API usage on the sidebar.

You may also want to check out all available functions/classes of the module win32api , or try the search function .

Example 1
def get_extra_privs():
	# Try to give ourselves some extra privs (only works if we're admin):
	# SeBackupPrivilege   - so we can read anything
	# SeDebugPrivilege    - so we can find out about other processes (otherwise OpenProcess will fail for some)
	# SeSecurityPrivilege - ??? what does this do?
	
	# Problem: Vista+ support "Protected" processes, e.g. audiodg.exe.  We can't see info about these.
	# Interesting post on why Protected Process aren't really secure anyway: http://www.alex-ionescu.com/?p=34
	
	th = win32security.OpenProcessToken(win32api.GetCurrentProcess(), win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY)
	privs = win32security.GetTokenInformation(th, TokenPrivileges)
	newprivs = []
	for privtuple in privs:
		if privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeBackupPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeDebugPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeSecurityPrivilege"):
			print "Added privilege " + str(privtuple[0])
			# privtuple[1] = 2 # tuples are immutable.  WHY?!
			newprivs.append((privtuple[0], 2)) # SE_PRIVILEGE_ENABLED
		else:
			newprivs.append((privtuple[0], privtuple[1]))
				
	# Adjust privs
	privs = tuple(newprivs)
	str(win32security.AdjustTokenPrivileges(th, False , privs)) 
Example 2
Project: pycopia   Author: kdart   File: WindowsServer.py    License: Apache License 2.0 6 votes vote down vote up
def _scan_for_self(self):
        win32api.Sleep(2000) # sleep to give time for process to be seen in system table.
        basename = self.cmdline.split()[0]
        pids = win32process.EnumProcesses()
        if not pids:
            UserLog.warn("WindowsProcess", "no pids", pids)
        for pid in pids:
            try:
                handle = win32api.OpenProcess(
                    win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ,
                        pywintypes.FALSE, pid)
            except pywintypes.error, err:
                UserLog.warn("WindowsProcess", str(err))
                continue
            try:
                modlist = win32process.EnumProcessModules(handle)
            except pywintypes.error,err:
                UserLog.warn("WindowsProcess",str(err))
                continue 
Example 3
Project: resilient-python-api   Author: ibmresilient   File: service_wrapper.py    License: MIT License 6 votes vote down vote up
def SvcDoRun(self):
        import servicemanager
        servicemanager.LogInfoMsg(self._svc_name_ + " Start Requested")
        try:
            hJob = win32job.CreateJobObject(None, "")
            extended_info = win32job.QueryInformationJobObject(hJob, win32job.JobObjectExtendedLimitInformation)
            extended_info['BasicLimitInformation']['LimitFlags'] = win32job.JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE
            win32job.SetInformationJobObject(hJob, win32job.JobObjectExtendedLimitInformation, extended_info)
            command = "resilient-circuits.exe run " + self._resilient_args_
            command_args = shlex.split(command)
            self.process_handle = subprocess.Popen(command_args)
            # Convert process id to process handle:
            perms = win32con.PROCESS_TERMINATE | win32con.PROCESS_SET_QUOTA
            hProcess = win32api.OpenProcess(perms, False, self.process_handle.pid)
            win32job.AssignProcessToJobObject(hJob, hProcess)
        except:
            servicemanager.LogErrorMsg(self._svc_name_ + " failed to launch resilient-circuits.exe")
            raise
        servicemanager.LogInfoMsg(self._svc_name_ + " Started")

        while self.isAlive:
            if self.process_handle.poll() != None:
                self.SvcStop()
            win32api.SleepEx(10000, True) 
Example 4
Project: peach   Author: MozillaSecurity   File: process.py    License: Mozilla Public License 2.0 6 votes vote down vote up
def closeApp(self, hProcess, title):
            """
            Close Application by window title
            """

            try:
                win32gui.EnumWindows(FileWriterLauncherGui.enumCallback, title)

                if proc is not None:
                    win32event.WaitForSingleObject(hProcess, 5 * 1000)
                    win32api.CloseHandle(hProcess)

                    for pid in self.genChildProcesses(proc):
                        try:
                            handle = win32api.OpenProcess(1, False, pid)
                            win32process.TerminateProcess(handle, -1)
                            win32api.CloseHandle(handle)
                        except:
                            pass

            except:
                pass 
Example 5
Project: peach   Author: MozillaSecurity   File: process.py    License: Mozilla Public License 2.0 6 votes vote down vote up
def closeApp(self, hProcess, title):
            """
            Close Application by window title
            """

            try:
                win32gui.EnumWindows(FileWriterLauncherGui.enumCallback, title)

                if hProcess is not None:
                    win32event.WaitForSingleObject(hProcess, 5 * 1000)
                    win32api.CloseHandle(hProcess)

                    for pid in self.genChildProcesses(proc):
                        try:
                            handle = win32api.OpenProcess(1, False, pid)
                            win32process.TerminateProcess(handle, -1)
                            win32api.CloseHandle(handle)
                        except:
                            pass

            except:
                pass 
Example 6
Project: LHF   Author: blindfuzzy   File: windowsprivcheck.py    License: GNU General Public License v3.0 6 votes vote down vote up
def get_extra_privs():
	# Try to give ourselves some extra privs (only works if we're admin):
	# SeBackupPrivilege   - so we can read anything
	# SeDebugPrivilege    - so we can find out about other processes (otherwise OpenProcess will fail for some)
	# SeSecurityPrivilege - ??? what does this do?
	
	# Problem: Vista+ support "Protected" processes, e.g. audiodg.exe.  We can't see info about these.
	# Interesting post on why Protected Process aren't really secure anyway: http://www.alex-ionescu.com/?p=34
	
	th = win32security.OpenProcessToken(win32api.GetCurrentProcess(), win32con.TOKEN_ADJUST_PRIVILEGES | win32con.TOKEN_QUERY)
	privs = win32security.GetTokenInformation(th, TokenPrivileges)
	newprivs = []
	for privtuple in privs:
		if privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeBackupPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeDebugPrivilege") or privtuple[0] == win32security.LookupPrivilegeValue(remote_server, "SeSecurityPrivilege"):
			print "Added privilege " + str(privtuple[0])
			# privtuple[1] = 2 # tuples are immutable.  WHY?!
			newprivs.append((privtuple[0], 2)) # SE_PRIVILEGE_ENABLED
		else:
			newprivs.append((privtuple[0], privtuple[1]))
				
	# Adjust privs
	privs = tuple(newprivs)
	str(win32security.AdjustTokenPrivileges(th, False , privs)) 
Example 7
Project: code   Author: grawity   File: win32-identd.py    License: MIT License 6 votes vote down vote up
def get_pid_owner(self, fd, pid):
        try:
            proc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid)
            token = win32security.OpenProcessToken(proc, win32con.TOKEN_QUERY)
            user_sid, user_attr = win32security.GetTokenInformation(token,
                        win32security.TokenUser)
            user = win32security.LookupAccountSid(None, user_sid)
            return user_sid, user[0], user[1]
        except win32api.error as e:
            self.logEx("error",
                "%s failed" % funcname,
                ("exception",   e),
                ("function",    e.funcname),
                ("error",       "[%(winerror)d] %(strerror)s" % e),
                None,
                ("process",     pid),)
            raise 
Example 8
Project: ironpython2   Author: IronLanguages   File: killProcName.py    License: Apache License 2.0 5 votes vote down vote up
def killProcName(procname):
	# Change suggested by Dan Knierim, who found that this performed a
	# "refresh", allowing us to kill processes created since this was run
	# for the first time.
	try:
		win32pdhutil.GetPerformanceAttributes('Process','ID Process',procname)
	except:
		pass

	pids = win32pdhutil.FindPerformanceAttributesByName(procname)

	# If _my_ pid in there, remove it!
	try:
		pids.remove(win32api.GetCurrentProcessId())
	except ValueError:
		pass

	if len(pids)==0:
		result = "Can't find %s" % procname
	elif len(pids)>1:
		result = "Found too many %s's - pids=`%s`" % (procname,pids)
	else:
		handle = win32api.OpenProcess(win32con.PROCESS_TERMINATE, 0,pids[0])
		win32api.TerminateProcess(handle,0)
		win32api.CloseHandle(handle)
		result = ""

	return result 
Example 9
Project: IDAngr   Author: andreafioraldi   File: win_vmmap.py    License: BSD 2-Clause "Simplified" License 5 votes vote down vote up
def vmmap(pid, is_64=True):
    base = 0
    if is_64:
        mbi = MEMORY_BASIC_INFORMATION_64()
        addr_type = wintypes.LARGE_INTEGER
    else:
        mbi = MEMORY_BASIC_INFORMATION_32()
        addr_type = wintypes.DWORD
    proc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, 0, pid)
    
    maps = []
    while windll.kernel32.VirtualQueryEx(proc.handle, addr_type(base), ctypes.byref(mbi), ctypes.sizeof(mbi)) > 0:
        mapperm = 0
        if mbi.Protect & win32con.PAGE_EXECUTE:
            mapperm = SEG_PROT_X
        elif mbi.Protect & win32con.PAGE_EXECUTE_READ:
            mapperm = SEG_PROT_X | SEG_PROT_R
        elif mbi.Protect & win32con.PAGE_EXECUTE_READWRITE:
            mapperm = SEG_PROT_X | SEG_PROT_R | SEG_PROT_W
        elif mbi.Protect & win32con.PAGE_EXECUTE_WRITECOPY:
            mapperm = SEG_PROT_X | SEG_PROT_R
        elif mbi.Protect & win32con.PAGE_NOACCESS:
            mapperm = 0
        elif mbi.Protect & win32con.PAGE_READONLY:
            mapperm = SEG_PROT_R
        elif mbi.Protect & win32con.PAGE_READWRITE:
            mapperm = SEG_PROT_R | SEG_PROT_W
        elif mbi.Protect & win32con.PAGE_WRITECOPY:
            mapperm = SEG_PROT_R
        #print hex(mbi.BaseAddress) +"\t"+ hex(mbi.BaseAddress + mbi.RegionSize) +"\t"+ hex(mapperm)
        maps.append((mbi.BaseAddress, mbi.BaseAddress + mbi.RegionSize, mapperm, ""))
        base += mbi.RegionSize
    
    win32api.CloseHandle(proc)
    return maps 
Example 10
def check_processes():
	pids = win32process.EnumProcesses()
	# TODO also check out WMI.  It might not be running, but it could help if it is:  
	#      http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
	# TODO process explorer can find quite a lot more information than this script.  This script has several problems:
	# TODO I can't open 64-bit processes for a 32-bit app.  I get this error:
	# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
	#        or WriteProcessMemory request was completed.
	# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
	# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
	# TODO should be able to find name (and threads?) for all processes.  Not necessarily path.

	for pid in sorted(pids):
		# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
		# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
		try:
			ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
		except:
			# print "ERROR: can't connected to PID " + str(pid)
			sys.stdout.write("?")
			continue
		else:
			user = "unknown\\unknown"
			try:
				tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
			except:
				pass
			else:
				sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
				#source = win32security.GetTokenInformation(tokenh, TokenSource)
				if sidObj:
					accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
					# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
					user = domainName + "\\" + accountName

			# print "PID %d is running as %s" % (pid, user)
			sys.stdout.write(".")
			try:
				mhs = win32process.EnumProcessModules(ph)
				# print mhs
			except:
				continue
			
			mhs = list(mhs)
			exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
			weak_perms = check_weak_write_perms(exe, 'file')
			# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
			if weak_perms:
				save_issue("WPC016", "weak_perms_exes", weak_perms)
				sys.stdout.write("!")
				
			for mh in mhs:
				# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
				dll = win32process.GetModuleFileNameEx(ph, mh)
				weak_perms = check_weak_write_perms(dll, 'file')
				# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
				if weak_perms:
					save_issue("WPC016", "weak_perms_dlls", weak_perms)
					sys.stdout.write("!")
	print 
Example 11
Project: Safejumper-for-Desktop   Author: proxysh   File: lockfile.py    License: GNU General Public License v2.0 5 votes vote down vote up
def kill(pid, signal):
            try:
                OpenProcess(0, 0, pid)
            except pywintypes.error as e:
                if e.args[0] == ERROR_ACCESS_DENIED:
                    return
                elif e.args[0] == ERROR_INVALID_PARAMETER:
                    raise OSError(errno.ESRCH, None)
                raise
            else:
                raise RuntimeError("OpenProcess is required to fail.")

    # For monkeypatching in tests 
Example 12
Project: pycopia   Author: kdart   File: WindowsServer.py    License: Apache License 2.0 5 votes vote down vote up
def kill(self):
        handle = win32api.OpenProcess(
            win32con.PROCESS_VM_READ | win32con.PROCESS_TERMINATE, pywintypes.FALSE, self.childpid)
        win32process.TerminateProcess(handle, 3) 
Example 13
Project: poclbm   Author: theRealTacoTime   File: guiminer.py    License: GNU General Public License v3.0 5 votes vote down vote up
def get_process_affinity(pid):
    """Return the affinity mask for the specified process."""
    flags = win32con.PROCESS_QUERY_INFORMATION
    handle = win32api.OpenProcess(flags, 0, pid)
    return win32process.GetProcessAffinityMask(handle)[0] 
Example 14
Project: poclbm   Author: theRealTacoTime   File: guiminer.py    License: GNU General Public License v3.0 5 votes vote down vote up
def set_process_affinity(pid, mask):
    """Set the affinity for process to mask."""
    flags = win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_SET_INFORMATION
    handle = win32api.OpenProcess(flags, 0, pid)
    win32process.SetProcessAffinityMask(handle, mask) 
Example 15
Project: learn_python3_spider   Author: wistbean   File: lockfile.py    License: MIT License 5 votes vote down vote up
def kill(pid, signal):
            try:
                OpenProcess(0, 0, pid)
            except pywintypes.error as e:
                if e.args[0] == ERROR_ACCESS_DENIED:
                    return
                elif e.args[0] == ERROR_INVALID_PARAMETER:
                    raise OSError(errno.ESRCH, None)
                raise
            else:
                raise RuntimeError("OpenProcess is required to fail.")

    # For monkeypatching in tests 
Example 16
Project: peach   Author: MozillaSecurity   File: debugger.py    License: Mozilla Public License 2.0 5 votes vote down vote up
def GetProcessIdByName(procname):
        """
        Try and get pid for a process by name.
        """

        ourPid = -1
        procname = procname.lower()

        try:
            ourPid = win32api.GetCurrentProcessId()

        except:
            pass

        pids = win32process.EnumProcesses()
        for pid in pids:
            if ourPid == pid:
                continue

            try:
                hPid = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, pid)

                try:
                    mids = win32process.EnumProcessModules(hPid)
                    for mid in mids:
                        name = str(win32process.GetModuleFileNameEx(hPid, mid))
                        if name.lower().find(procname) != -1:
                            return pid

                finally:
                    win32api.CloseHandle(hPid)
            except:
                pass

        return None 
Example 17
Project: python-for-android   Author: kuri65536   File: lockfile.py    License: Apache License 2.0 5 votes vote down vote up
def kill(pid, signal):
            try:
                OpenProcess(0, 0, pid)
            except pywintypes.error, e:
                if e.args[0] == ERROR_ACCESS_DENIED:
                    return
                elif e.args[0] == ERROR_INVALID_PARAMETER:
                    raise OSError(errno.ESRCH, None)
                raise 
Example 18
Project: darkc0de-old-stuff   Author: tuwid   File: logwriter.py    License: GNU General Public License v3.0 5 votes vote down vote up
def GetProcessNameFromHwnd(self, hwnd):
		'''Acquire the process name from the window handle for use in the log filename.
		'''
		threadpid, procpid = win32process.GetWindowThreadProcessId(hwnd)
		
		# PROCESS_QUERY_INFORMATION (0x0400) or PROCESS_VM_READ (0x0010) or PROCESS_ALL_ACCESS (0x1F0FFF)
		
		mypyproc = win32api.OpenProcess(win32con.PROCESS_ALL_ACCESS, False, procpid)
		procname = win32process.GetModuleFileNameEx(mypyproc, 0)
		return procname 
Example 19
Project: darkc0de-old-stuff   Author: tuwid   File: tools.py    License: GNU General Public License v3.0 5 votes vote down vote up
def beNice(very_nice=False):
        if very_nice:
            value = BELOW_NORMAL_PRIORITY_CLASS
        else:
            value = IDLE_PRIORITY_CLASS

        pid = GetCurrentProcessId()
        handle = OpenProcess(PROCESS_ALL_ACCESS, True, pid)
        SetPriorityClass(handle, value) 
Example 20
Project: BitTorrent   Author: kenorb-contrib   File: pykill.py    License: GNU General Public License v3.0 5 votes vote down vote up
def kill_process(name):
    
    for pid in win32process.EnumProcesses():
        
        # do try not to kill yourself
        if pid == win32api.GetCurrentProcessId():
            continue
        
        try:
            p = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION
                                     | win32con.PROCESS_VM_READ
                                     | win32con.PROCESS_TERMINATE,
                                     False, pid)
        except:
            continue

        if not p:
            continue
        
        try:
            hl = win32process.EnumProcessModules(p)
        except:
            win32api.CloseHandle(p)
            continue

        h = hl[0]
        pname = win32process.GetModuleFileNameEx(p, h)
        root, pname = os.path.split(pname)
        #print name, pname
        if compare(name, pname):
            #print "KILL", pname
            win32api.TerminateProcess(p, 0)
            win32api.CloseHandle(p)
            return True

        win32api.CloseHandle(p)
    return False 
Example 21
Project: code   Author: grawity   File: login.py    License: MIT License 5 votes vote down vote up
def Popen(*args, **kwargs):
	kwargs["creationflags"] = kwargs.get("creationflags", 0)
	#kwargs["creationflags"] |= BELOW_NORMAL_PRIORITY_CLASS
	proc = subprocess.Popen(*args, **kwargs)
	hproc = win32api.OpenProcess(PROCESS_SET_INFORMATION, False, proc.pid)
	#time.sleep(10)
	#win32process.SetPriorityClass(hproc, NORMAL_PRIORITY_CLASS) 
Example 22
Project: EventGhost   Author: EventGhost   File: Utils.py    License: GNU General Public License v2.0 5 votes vote down vote up
def KillProcess(pid = None, processName = None, hwnd = None, signal = 0, restart = False):
    if pid:
        pass
    elif processName:
        pids = GetPids(processName = processName)
        if pids:
            pid = pids[0]
        else:
            return False
    elif hwnd:
        hwnd = GetBestHwnd(hwnd)
        pids = GetPids(hwnd = hwnd)
        if pids:
            pid = pids[0]
        else:
            return False
    else:
        return False

    fullPath = GetProcessNameEx(pid = pid, fullPath = True)

    try:
        proc = OpenProcess(1, 0, pid)
        TerminateProcess(proc, signal)
        if restart:
            eg.plugins.System.Execute(fullPath)
        return True
    except:
        return False 
Example 23
Project: peach   Author: MozillaSecurity   File: process.py    License: Mozilla Public License 2.0 4 votes vote down vote up
def callWindows(self):
        """
        Launch program to consume file
        """

        # Launch via spawn

        realArgs = ["cmd.exe", "/c", self.command]
        for a in self.args:
            realArgs.append(a)

        phandle = os.spawnv(os.P_NOWAIT, os.path.join(os.getenv('SystemRoot'), 'system32', 'cmd.exe'), realArgs)

        # Give it some time before we KILL!
        for i in range(int(self.waitTime / 0.25)):
            if win32process.GetExitCodeProcess(phandle) != win32con.STILL_ACTIVE:
                # Process exited already
                break

            time.sleep(0.25)

        try:
            pid = ctypes.windll.kernel32.GetProcessId(ctypes.c_ulong(phandle))
            if pid > 0:
                for cid in self.FindChildrenOf(pid):

                    chandle = win32api.OpenProcess(1, 0, cid)
                    win32process.TerminateProcess(chandle, 0)

                    try:
                        win32api.CloseHandle(chandle)
                    except:
                        pass

            win32process.TerminateProcess(phandle, 0)

            try:
                win32api.CloseHandle(phandle)
            except:
                pass

        except:
            pass 
Example 24
Project: LHF   Author: blindfuzzy   File: windowsprivcheck.py    License: GNU General Public License v3.0 4 votes vote down vote up
def check_processes():
	pids = win32process.EnumProcesses()
	# TODO also check out WMI.  It might not be running, but it could help if it is:  
	#      http://groups.google.com/group/comp.lang.python/browse_thread/thread/1f50065064173ccb
	# TODO process explorer can find quite a lot more information than this script.  This script has several problems:
	# TODO I can't open 64-bit processes for a 32-bit app.  I get this error:
	# ERROR: can't open 6100: 299 EnumProcessModules, Only part of a ReadProcessMemory
	#        or WriteProcessMemory request was completed.
	# TODO I can't seem to get the name of elevated processes (user running as me, but with admin privs)
	# TODO I can't get details of certain processes runnign as SYSTEM on xp (e.g. pid 4 "system", csrss.exe)
	# TODO should be able to find name (and threads?) for all processes.  Not necessarily path.

	for pid in sorted(pids):
		# TODO there's a security descriptor for each process accessible via GetSecurityInfo according to http://msdn.microsoft.com/en-us/library/ms684880%28VS.85%29.aspx
		# TODO could we connect with PROCESS_QUERY_LIMITED_INFORMATION instead on Vista+
		try:
			ph = win32api.OpenProcess(win32con.PROCESS_VM_READ | win32con.PROCESS_QUERY_INFORMATION , False, pid)
		except:
			# print "ERROR: can't connected to PID " + str(pid)
			sys.stdout.write("?")
			continue
		else:
			user = "unknown\\unknown"
			try:
				tokenh = win32security.OpenProcessToken(ph, win32con.TOKEN_QUERY)
			except:
				pass
			else:
				sidObj, intVal = win32security.GetTokenInformation(tokenh, TokenUser)
				#source = win32security.GetTokenInformation(tokenh, TokenSource)
				if sidObj:
					accountName, domainName, accountTypeInt = win32security.LookupAccountSid(remote_server, sidObj)
					# print "pid=%d accountname=%s domainname=%s wow64=%s" % (pid, accountName, domainName, win32process.IsWow64Process(ph))
					user = domainName + "\\" + accountName

			# print "PID %d is running as %s" % (pid, user)
			sys.stdout.write(".")
			try:
				mhs = win32process.EnumProcessModules(ph)
				# print mhs
			except:
				continue
			
			mhs = list(mhs)
			exe = win32process.GetModuleFileNameEx(ph, mhs.pop(0))
			weak_perms = check_weak_write_perms(exe, 'file')
			# print_weak_perms("PID " + str(pid) + " running as " + user + ":", weak_perms)
			if weak_perms:
				save_issue("WPC016", "weak_perms_exes", weak_perms)
				sys.stdout.write("!")
				
			for mh in mhs:
				# print "PID %d (%s) has loaded module: %s" % (pid, exe, win32process.GetModuleFileNameEx(ph, mh))
				dll = win32process.GetModuleFileNameEx(ph, mh)
				weak_perms = check_weak_write_perms(dll, 'file')
				# print_weak_perms("DLL used by PID " + str(pid) + " running as " + user + " (" + exe + "):", weak_perms)
				if weak_perms:
					save_issue("WPC016", "weak_perms_dlls", weak_perms)
					sys.stdout.write("!")
	print