0

我正在寻找一种在新进程开始运行时获取它们的方法。目前我可以得到这样的进程列表:

from ctypes import *

psapi = windll.psapi

print "[+] PID dumper by Y"
print "[+] contact : If you know me then give me a shout"

def getListOfProcesses():
    max_array = c_ulong * 4096 # define long array to capture all the processes
    pProcessIds = max_array() # array to store the list of processes
    pBytesReturned = c_ulong() # the number of bytes returned in the array
    #EnumProcess 
    psapi.EnumProcesses(byref(pProcessIds),
                        sizeof(pProcessIds),
                        byref(pBytesReturned))

    # get the number of returned processes
    nReturned = pBytesReturned.value/sizeof(c_ulong())
    pidProcessArray = [i for i in pProcessIds][:nReturned]
    for processes in pidProcessArray:
        print "[+] Running Process PID %d" % processes 

getListOfProcesses()

提前致谢

4

1 回答 1

0

您可以使用WMI 模块执行此操作:

import wmi

c = wmi.WMI()
process_watcher = c.Win32_Process.watch_for("creation")

while True:
    p = process_watcher()
    print "[+] Running Process PID %d" % p.ProcessId

顺便说一句,在您的getListOfProcesses函数中,您可以使用pProcessIds[:nReturned]而不是列表理解。

于 2013-08-18T20:40:40.690 回答