本文整理汇总了Python中winappdbg.Process类的典型用法代码示例。如果您正苦于以下问题:Python Process类的具体用法?Python Process怎么用?Python Process使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Process类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: load_dll
def load_dll( pid, filename ):
# Instance a Process object.
process = Process( pid )
# Load the DLL library in the process.
process.inject_dll( filename )
开发者ID:cgiogkarakis,项目名称:winappdbg,代码行数:7,代码来源:09_inject_dll.py
示例2: memory_search
def memory_search( pid ):
found = []
# Instance a Process object.
process = Process( pid )
# Search for the string in the process memory.
# Looking for User ID:
userid_pattern = '([0-9]\x00){3} \x00([0-9]\x00){3} \x00([0-9]\x00){3}[^)]'
for address in process.search_regexp( userid_pattern ):
found += [address]
print 'Possible UserIDs found:'
found = [i[-1] for i in found]
for i in set(found):
print i.replace('\x00','')
found = []
# Looking for Password:
pass_pattern = '([0-9]\x00){4}\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x07\x00\x00'
for address in process.search_regexp( pass_pattern ):
found += [process.read(address[0]-3,16)]
if found:
print '\nPassword:'
if len(found) > 1:
s = list(set([x for x in found if found.count(x) > 1]))
for i in s:
pwd = re.findall('[0-9]{4}',i.replace('\x00',''))[0]
print pwd
else:
print re.findall('[0-9]{4}',found[0].replace('\x00',''))[0]
return found
开发者ID:AlexxNica,项目名称:exploit-database,代码行数:32,代码来源:40342.py
示例3: process_kill
def process_kill( pid ):
# Instance a Process object.
process = Process( pid )
# Kill the process.
process.kill()
开发者ID:MarioVilas,项目名称:winappdbg,代码行数:7,代码来源:05_kill.py
示例4: print_api_address
def print_api_address( pid, modName, procName ):
# Request debug privileges.
System.request_debug_privileges()
# Instance a Process object.
process = Process( pid )
# Lookup it's modules.
process.scan_modules()
# Get the module.
module = process.get_module_by_name( modName )
if not module:
print "Module not found: %s" % modName
return
# Resolve the requested API function address.
address = module.resolve( procName )
# Print the address.
if address:
print "%s!%s == 0x%.08x" % ( modName, procName, address )
else:
print "Could not resolve %s in module %s" % (procName, modName)
开发者ID:Kent1,项目名称:winappdbg,代码行数:25,代码来源:16_resolve_api.py
示例5: show_command_line
def show_command_line(pid):
# Instance a Process object.
process = Process(pid)
# Print the process command line.
print process.get_command_line()
开发者ID:proxymoron,项目名称:winappdbg,代码行数:7,代码来源:07_command_line.py
示例6: main
def main():
print "Process memory reader"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) not in (4, 5):
script = os.path.basename(sys.argv[0])
print " %s <pid> <address> <size> [binary output file]" % script
print " %s <process.exe> <address> <size> [binary output file]" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p,n in pl:
print "\t%s: %s" % (HexDump.integer(p),n)
return
pid = pl[0][0].get_pid()
try:
address = HexInput.integer(sys.argv[2])
except Exception:
print "Invalid value for address: %s" % sys.argv[2]
return
try:
size = HexInput.integer(sys.argv[3])
except Exception:
print "Invalid value for size: %s" % sys.argv[3]
return
p = Process(pid)
data = p.read(address, size)
## data = p.peek(address, size)
print "Read %d bytes from PID %d" % (len(data), pid)
if len(sys.argv) == 5:
filename = sys.argv[4]
open(filename, 'wb').write(data)
print "Written %d bytes to %s" % (len(data), filename)
else:
if win32.sizeof(win32.LPVOID) == win32.sizeof(win32.DWORD):
width = 16
else:
width = 8
print
print HexDump.hexblock(data, address, width = width)
开发者ID:MarioVilas,项目名称:winappdbg,代码行数:57,代码来源:pread.py
示例7: process_read
def process_read( pid, address, length ):
# Instance a Process object.
process = Process( pid )
# Read the process memory.
data = process.read( address, length )
# You can also change the process memory.
# process.write( address, "example data" )
# Return a Python string with the memory contents.
return data
开发者ID:vkremez,项目名称:WinAPI-Debugger,代码行数:9,代码来源:ReadingProcessMemory.py
示例8: memory_search
def memory_search( pid, bytes ):
# Instance a Process object.
process = Process( pid )
# Search for the string in the process memory.
for address in process.search_bytes( bytes ):
# Print the memory address where it was found.
print HexDump.address( address )
开发者ID:cgiogkarakis,项目名称:winappdbg,代码行数:10,代码来源:11_memory_search.py
示例9: addProcess
def addProcess(self,pid, is_attached=False):
proc = Process(pid)
proc.pid = pid
self.procs.append(proc)
def readArray(vaddr, typ, s):
#print 'HIHIHI',proc, vaddr, typ, s
return proc.read_structure( vaddr, typ*s)
proc.readArray = readArray
proc.cont = proc.resume
return proc
开发者ID:f9tech,项目名称:twiler-site-packages,代码行数:10,代码来源:dbg.py
示例10: strings
def strings( pid ):
# Instance a Process object.
process = Process( pid )
# For each ASCII string found in the process memory...
for address, size, data in process.strings():
# Print the string and the memory address where it was found.
print "%s: %s" % ( HexDump.address(address), data )
开发者ID:cgiogkarakis,项目名称:winappdbg,代码行数:10,代码来源:12_strings.py
示例11: show_environment
def show_environment( pid ):
# Instance a Process object.
process = Process( pid )
# Get its environment variables.
environment = process.get_environment()
# Print the environment variables.
for variable, value in sorted( environment.items() ):
print "%s=%s" % (variable, value)
开发者ID:Debug-Orz,项目名称:winappdbg,代码行数:11,代码来源:08_environment.py
示例12: main
def main():
print "Process memory writer"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) < 4:
script = os.path.basename(sys.argv[0])
print " %s <pid> <address> {binary input file / hex data}" % script
print " %s <process.exe> <address> {binary input file / hex data}" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except Exception:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p,n in pl:
print "\t%s: %s" % (HexDump.integer(p),n)
return
pid = pl[0][0].get_pid()
try:
address = HexInput.integer(sys.argv[2])
except Exception:
print "Invalid value for address: %s" % sys.argv[2]
return
filename = ' '.join(sys.argv[3:])
if os.path.exists(filename):
data = open(filename, 'rb').read()
print "Read %d bytes from %s" % (len(data), filename)
else:
try:
data = HexInput.hexadecimal(filename)
except Exception:
print "Invalid filename or hex block: %s" % filename
return
p = Process(pid)
p.write(address, data)
print "Written %d bytes to PID %d" % (len(data), pid)
开发者ID:Debug-Orz,项目名称:winappdbg,代码行数:49,代码来源:pwrite.py
示例13: print_threads_and_modules
def print_threads_and_modules( pid ):
# Instance a Process object.
process = Process( pid )
print "Process %d" % process.get_pid()
# Now we can enumerate the threads in the process...
print "Threads:"
for thread in process.iter_threads():
print "\t%d" % thread.get_tid()
# ...and the modules in the process.
print "Modules:"
bits = process.get_bits()
for module in process.iter_modules():
print "\t%s\t%s" % (
HexDump.address( module.get_base(), bits ), module.get_filename()
)
开发者ID:vkremez,项目名称:WinAPI-Debugger,代码行数:15,代码来源:EnumerateThreadsDLLModulesInProcess.py
示例14: print_label_address
def print_label_address( pid, label ):
# Request debug privileges.
System.request_debug_privileges()
# Instance a Process object.
process = Process( pid )
# Lookup it's modules.
process.scan_modules()
# Resolve the requested label address.
address = process.resolve_label( label )
# Print the address.
print "%s == 0x%.08x" % ( label, address )
开发者ID:Kent1,项目名称:winappdbg,代码行数:16,代码来源:16_resolve_label.py
示例15: find_meterpreter_trace
def find_meterpreter_trace(pid,rateLimit):
if (System.arch == 'i386' and System.bits==32):
try:
meterpreter_trace_keywords = [['stdapi_railgun_api',False],
['stdapi_railgun_api_multi',False],
['stdapi_railgun_memread',False],
['stdapi_railgun_memwrite',False]
]
process = psutil.Process(pid)
if (process.is_running() and process.name()=='java.exe'):
meterpreter_trace_keywords = [['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_fs_file',False],
['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_net_tcp_client',False],
['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_net_tcp_server',False],
['class$com$metasploit$meterpreter$stdapi$channel_create_stdapi_net_udp_client',False]
]
except Exception,e:
pass #suppress no process name
#print "Searching in",pid
foundIndex = 0
process = Process(pid)
line = 0
#For each ASCII string found in the process memory...
for address, size, data in process.strings():
#print "%s: %s" % (HexDump.address(address),data)
data = data.strip()
if (data.find(meterpreter_trace_keywords[foundIndex][0]) >= 0):
meterpreter_trace_keywords[foundIndex][1] = True
mdlog.print_console(mdlog.SUCCESS_LEVEL,(meterpreter_trace_keywords[foundIndex][0]))
foundIndex += 1
if foundIndex > len(meterpreter_trace_keywords)-1:
break
line += 1
if (line > rateLimit):
return False
if foundIndex < 3:
#print "Found: %d" , foundIndex
return False
else:
found = True
for trace in meterpreter_trace_keywords:
found = found and trace[1]
return found
开发者ID:aliceicl,项目名称:metdec,代码行数:46,代码来源:metdec.py
示例16: memory_search
def memory_search( pid, strings ):
process = Process( pid )
mem_dump = []
######
# You could also use process.search_regexp to use regular expressions,
# or process.search_text for Unicode strings,
# or process.search_hexa for raw bytes represented in hex.
######
for address in process.search_bytes( strings ):
dump = process.read(address-10,800) #Dump 810 bytes from process memory
mem_dump.append(dump)
for i in mem_dump:
if "FortiClient SSLVPN offline" in i: #print all founds results by offsets to the screen.
print "\n"
print " [+] Address and port to connect: " + str(i[136:180])
print " [+] UserName: " + str(i[677:685])
print " [+] Password: " + str(i[705:715])
print "\n"
开发者ID:AlexxNica,项目名称:exploit-database,代码行数:18,代码来源:40330.py
示例17: unfreeze_threads
def unfreeze_threads( pid ):
# Request debug privileges.
System.request_debug_privileges()
# Instance a Process object.
process = Process( pid )
# This would also do the trick...
#
# process.resume()
#
# ...but let's do it the hard way:
# Lookup the threads in the process.
process.scan_threads()
# For each thread in the process...
for thread in process.iter_threads():
# Resume the thread execution.
thread.resume()
开发者ID:cgiogkarakis,项目名称:winappdbg,代码行数:22,代码来源:13_freeze.py
示例18: kill_cryptolocker
def kill_cryptolocker( pname, pid ):
# Instance a Process object.
process = Process( pid )
# Kill the process.
process.kill()
proc = "(" + pname + ":" + str(gpid) + ")"
if turkish:
txt = u"[*] Cryptolocker işlemcisi durduruldu! " + proc
log(txt)
print u"[*] Cryptolocker işlemcisi durduruldu! " + proc
else:
txt = "[*] Terminated Cryptolocker process! " + proc
log(txt)
print "[*] Terminated Cryptolocker process! " + proc
if root.state() != "normal":
os.system(filename)
sys.exit(1)
开发者ID:demtevfik,项目名称:hack4career,代码行数:22,代码来源:cryptokiller.py
示例19: wildcard_search
def wildcard_search( pid, pattern ):
#
# Hex patterns must be in this form:
# "68 65 6c 6c 6f 20 77 6f 72 6c 64" # "hello world"
#
# Spaces are optional. Capitalization of hex digits doesn't matter.
# This is exactly equivalent to the previous example:
# "68656C6C6F20776F726C64" # "hello world"
#
# Wildcards are allowed, in the form of a "?" sign in any hex digit:
# "5? 5? c3" # pop register / pop register / ret
# "b8 ?? ?? ?? ??" # mov eax, immediate value
#
# Instance a Process object.
process = Process( pid )
# Search for the hexadecimal pattern in the process memory.
for address, data in process.search_hexa( pattern ):
# Print a hex dump for each memory location found.
print HexDump.hexblock(data, address = address)
开发者ID:MarioVilas,项目名称:winappdbg,代码行数:23,代码来源:12_wildcard_search.py
示例20: print_threads_and_modules
def print_threads_and_modules( pid, debug ):
# Instance a Process object.
process = Process( pid )
print "Process %d" % process.get_pid()
# Now we can enumerate the threads in the process...
print "Threads:"
for thread in process.iter_threads():
print "\t%d" % thread.get_tid()
# ...and the modules in the process.
print "Modules:"
bits = process.get_bits()
for module in process.iter_modules():
print "\thas module: %s\t%s" % (
HexDump.address( module.get_base(), bits ),
module.get_filename()
)
print "Breakpoints:"
for i in debug.get_all_breakpoints():
bp = i[2]
print "breakpoint: %s %x" % (bp.get_state_name(), bp.get_address())
开发者ID:nitram2342,项目名称:spooky-hook,代码行数:24,代码来源:spooky-hook.py
注:本文中的winappdbg.Process类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论