有没有办法列出使用Python的所有进程在Windows中加载的所有DLL？

Question

I want to use Python to get a list of all DLLs loaded by every process on Windows 我想使用Python获取Windows上每个进程加载的所有DLL的列表

In PowerShell, I can do: 在PowerShell中，我可以执行以下操作：

Get-Process | Select -Expand Modules

Is there a way I can do this in Python, using a Windows api, without spawning a command shell (eg I want to avoid doing subprocess.popen(...) )? 有没有一种方法可以使用Windows API在Python中执行此操作，而不会产生命令外壳程序（例如，我想避免执行subprocess.popen(...) ）？

Answer 1

The following list_processes generator uses PyWin32 to call EnumProcesses and EnumProcessModulesEx . 以下list_processes生成器使用PyWin32调用EnumProcesses和EnumProcessModulesEx 。 I've written it to temporarily enable SeDebugPrivilege in order to get virtual-memory read access for as many processes as possible. 我已经编写它来临时启用SeDebugPrivilege ，以便获得对尽可能多的进程的虚拟内存读取访问权限。 An elevated administrator should have this privilege. 高级别管理员应具有此特权。

import os
import win32con
import win32api
import win32process
import win32security
import collections

PROCESS_QUERY_LIMITED_INFORMATION = 0x1000

def adjust_privilege(name, attr=win32security.SE_PRIVILEGE_ENABLED):
    if isinstance(name, str):
        state = (win32security.LookupPrivilegeValue(None, name), attr)
    else:
        state = name
    hToken = win32security.OpenProcessToken(win32process.GetCurrentProcess(),
                win32security.TOKEN_ALL_ACCESS)
    return win32security.AdjustTokenPrivileges(hToken, False, [state])

def get_process_modules(hProcess):
    imagepath = win32process.GetModuleFileNameEx(hProcess, None)
    imagepath_upper = imagepath.upper()
    modules = []
    for hModule in win32process.EnumProcessModulesEx(hProcess,
                        win32process.LIST_MODULES_ALL):
        modulepath = win32process.GetModuleFileNameEx(hProcess, hModule)
        if modulepath.upper() != imagepath_upper:
            modules.append(modulepath)
    return imagepath, sorted(modules)

Process = collections.namedtuple('Process', 'name path pid modules')

def list_processes():
    prev_state = adjust_privilege(win32security.SE_DEBUG_NAME)
    try:
        for pid in win32process.EnumProcesses():
            hProcess = None
            path = ''
            modules = []
            if pid == 0:
                name = 'System Idle Process'
            elif pid == 4:
                name = 'System'
            else:
                try:
                    hProcess = win32api.OpenProcess(
                        PROCESS_QUERY_LIMITED_INFORMATION |
                        win32con.PROCESS_VM_READ,
                        False, pid)
                except win32api.error:
                    try:
                        hProcess = win32api.OpenProcess(
                            PROCESS_QUERY_LIMITED_INFORMATION,
                            False, pid)
                    except win32api.error as e:
                        pass
                if hProcess:
                    try:
                        path, modules = get_process_modules(hProcess)
                    except win32process.error:
                        pass
                name = os.path.basename(path)
            yield Process(name, path, pid, modules)
    finally:
        if prev_state:
            adjust_privilege(prev_state[0])

有没有办法列出使用Python的所有进程在Windows中加载的所有DLL？

问题描述

1 个解决方案

解决方案1
0 2017-04-05 21:35:57

有没有办法列出使用Python的所有进程在Windows中加载的所有DLL？

问题描述

1 个解决方案

解决方案1 0 2017-04-05 21:35:57

解决方案1
0 2017-04-05 21:35:57