[英]Is there a way to list all DLLs loaded in Windows by ALL processes using Python?
我想使用Python獲取Windows上每個進程加載的所有DLL的列表
在PowerShell中,我可以執行以下操作:
Get-Process | Select -Expand Modules
有沒有一種方法可以使用Windows API在Python中執行此操作,而不會產生命令外殼程序(例如,我想避免執行subprocess.popen(...)
)?
以下list_processes
生成器使用PyWin32調用EnumProcesses
和EnumProcessModulesEx
。 我已經編寫它來臨時啟用SeDebugPrivilege
,以便獲得對盡可能多的進程的虛擬內存讀取訪問權限。 高級別管理員應具有此特權。
import os
import win32con
import win32api
import win32process
import win32security
import collections
PROCESS_QUERY_LIMITED_INFORMATION = 0x1000
def adjust_privilege(name, attr=win32security.SE_PRIVILEGE_ENABLED):
if isinstance(name, str):
state = (win32security.LookupPrivilegeValue(None, name), attr)
else:
state = name
hToken = win32security.OpenProcessToken(win32process.GetCurrentProcess(),
win32security.TOKEN_ALL_ACCESS)
return win32security.AdjustTokenPrivileges(hToken, False, [state])
def get_process_modules(hProcess):
imagepath = win32process.GetModuleFileNameEx(hProcess, None)
imagepath_upper = imagepath.upper()
modules = []
for hModule in win32process.EnumProcessModulesEx(hProcess,
win32process.LIST_MODULES_ALL):
modulepath = win32process.GetModuleFileNameEx(hProcess, hModule)
if modulepath.upper() != imagepath_upper:
modules.append(modulepath)
return imagepath, sorted(modules)
Process = collections.namedtuple('Process', 'name path pid modules')
def list_processes():
prev_state = adjust_privilege(win32security.SE_DEBUG_NAME)
try:
for pid in win32process.EnumProcesses():
hProcess = None
path = ''
modules = []
if pid == 0:
name = 'System Idle Process'
elif pid == 4:
name = 'System'
else:
try:
hProcess = win32api.OpenProcess(
PROCESS_QUERY_LIMITED_INFORMATION |
win32con.PROCESS_VM_READ,
False, pid)
except win32api.error:
try:
hProcess = win32api.OpenProcess(
PROCESS_QUERY_LIMITED_INFORMATION,
False, pid)
except win32api.error as e:
pass
if hProcess:
try:
path, modules = get_process_modules(hProcess)
except win32process.error:
pass
name = os.path.basename(path)
yield Process(name, path, pid, modules)
finally:
if prev_state:
adjust_privilege(prev_state[0])
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.