[英]Is there a way to list all DLLs loaded in Windows by ALL processes using Python?
I want to use Python to get a list of all DLLs loaded by every process on Windows 我想使用Python获取Windows上每个进程加载的所有DLL的列表
In PowerShell, I can do: 在PowerShell中,我可以执行以下操作:
Get-Process | Select -Expand Modules
Is there a way I can do this in Python, using a Windows api, without spawning a command shell (eg I want to avoid doing subprocess.popen(...)
)? 有没有一种方法可以使用Windows API在Python中执行此操作,而不会产生命令外壳程序(例如,我想避免执行subprocess.popen(...)
)?
The following list_processes
generator uses PyWin32 to call EnumProcesses
and EnumProcessModulesEx
. 以下list_processes
生成器使用PyWin32调用EnumProcesses
和EnumProcessModulesEx
。 I've written it to temporarily enable SeDebugPrivilege
in order to get virtual-memory read access for as many processes as possible. 我已经编写它来临时启用SeDebugPrivilege
,以便获得对尽可能多的进程的虚拟内存读取访问权限。 An elevated administrator should have this privilege. 高级别管理员应具有此特权。
import os
import win32con
import win32api
import win32process
import win32security
import collections
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
def adjust_privilege(name, attr=win32security.SE_PRIVILEGE_ENABLED):
if isinstance(name, str):
state = (win32security.LookupPrivilegeValue(None, name), attr)
else:
state = name
hToken = win32security.OpenProcessToken(win32process.GetCurrentProcess(),
win32security.TOKEN_ALL_ACCESS)
return win32security.AdjustTokenPrivileges(hToken, False, [state])
def get_process_modules(hProcess):
imagepath = win32process.GetModuleFileNameEx(hProcess, None)
imagepath_upper = imagepath.upper()
modules = []
for hModule in win32process.EnumProcessModulesEx(hProcess,
win32process.LIST_MODULES_ALL):
modulepath = win32process.GetModuleFileNameEx(hProcess, hModule)
if modulepath.upper() != imagepath_upper:
modules.append(modulepath)
return imagepath, sorted(modules)
Process = collections.namedtuple('Process', 'name path pid modules')
def list_processes():
prev_state = adjust_privilege(win32security.SE_DEBUG_NAME)
try:
for pid in win32process.EnumProcesses():
hProcess = None
path = ''
modules = []
if pid == 0:
name = 'System Idle Process'
elif pid == 4:
name = 'System'
else:
try:
hProcess = win32api.OpenProcess(
PROCESS_QUERY_LIMITED_INFORMATION |
win32con.PROCESS_VM_READ,
False, pid)
except win32api.error:
try:
hProcess = win32api.OpenProcess(
PROCESS_QUERY_LIMITED_INFORMATION,
False, pid)
except win32api.error as e:
pass
if hProcess:
try:
path, modules = get_process_modules(hProcess)
except win32process.error:
pass
name = os.path.basename(path)
yield Process(name, path, pid, modules)
finally:
if prev_state:
adjust_privilege(prev_state[0])
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.