from ctypes import c_long , c_int , c_uint , c_char , c_ubyte , c_char_p , c_void_p
from ctypes import windll
from ctypes import Structure
from ctypes import sizeof , POINTER , pointer , cast
# const variable
TH32CS_SNAPPROCESS = 2
STANDARD_RIGHTS_REQUIRED = 0x000F0000
SYNCHRONIZE = 0x00100000
PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF)
TH32CS_SNAPMODULE = 0x00000008
TH32CS_SNAPTHREAD = 0x00000004
# struct
class PROCESSENTRY32(Structure):
_fields_ = [ ( 'dwSize' , c_uint ) ,
( 'cntUsage' , c_uint) ,
( 'th32ProcessID' , c_uint) ,
( 'th32DefaultHeapID' , c_uint) ,
( 'th32ModuleID' , c_uint) ,
( 'cntThreads' , c_uint) ,
( 'th32ParentProcessID' , c_uint) ,
( 'pcPriClassBase' , c_long) ,
( 'dwFlags' , c_uint) ,
( 'szExeFile' , c_char * 260 ) ,
( 'th32MemoryBase' , c_long) ,
( 'th32AccessKey' , c_long ) ]
class MODULEENTRY32(Structure):
_fields_ = [ ( 'dwSize' , c_long ) ,
( 'th32ModuleID' , c_long ),
( 'th32ProcessID' , c_long ),
( 'GlblcntUsage' , c_long ),
( 'ProccntUsage' , c_long ) ,
( 'modBaseAddr' , c_long ) ,
( 'modBaseSize' , c_long ) ,
( 'hModule' , c_void_p ) ,
( 'szModule' , c_char * 256 ),
( 'szExePath' , c_char * 260 ) ]
class THREADENTRY32(Structure):
_fields_ = [
('dwSize' , c_long ),
('cntUsage' , c_long),
('th32ThreadID' , c_long),
('th32OwnerProcessID' , c_long),
('tpBasePri' , c_long),
('tpDeltaPri' , c_long),
('dwFlags' , c_long) ]
# forigen function
## CreateToolhelp32Snapshot
CreateToolhelp32Snapshot= windll.kernel32.CreateToolhelp32Snapshot
CreateToolhelp32Snapshot.reltype = c_long
CreateToolhelp32Snapshot.argtypes = [ c_int , c_int ]
## Process32First
Process32First = windll.kernel32.Process32First
Process32First.argtypes = [ c_void_p , POINTER( PROCESSENTRY32 ) ]
Process32First.rettype = c_int
## Process32Next
Process32Next = windll.kernel32.Process32Next
Process32Next.argtypes = [ c_void_p , POINTER(PROCESSENTRY32) ]
Process32Next.rettype = c_int
## OpenProcess
OpenProcess = windll.kernel32.OpenProcess
OpenProcess.argtypes = [ c_void_p , c_int , c_long ]
OpenProcess.rettype = c_long
## GetPriorityClass
GetPriorityClass = windll.kernel32.GetPriorityClass
GetPriorityClass.argtypes = [ c_void_p ]
GetPriorityClass.rettype = c_long
## CloseHandle
CloseHandle = windll.kernel32.CloseHandle
CloseHandle.argtypes = [ c_void_p ]
CloseHandle.rettype = c_int
## Module32First
Module32First = windll.kernel32.Module32First
Module32First.argtypes = [ c_void_p , POINTER(MODULEENTRY32) ]
Module32First.rettype = c_int
## Module32Next
Module32Next = windll.kernel32.Module32Next
Module32Next.argtypes = [ c_void_p , POINTER(MODULEENTRY32) ]
Module32Next.rettype = c_int
## Thread32First
Thread32First = windll.kernel32.Thread32First
Thread32First.argtypes = [ c_void_p , POINTER(THREADENTRY32) ]
Thread32First.rettype = c_int
## Thread32Next
Thread32Next = windll.kernel32.Thread32Next
Thread32Next.argtypes = [ c_void_p , POINTER(THREADENTRY32) ]
Thread32Next.rettype = c_int
## GetLastError
GetLastError = windll.kernel32.GetLastError
GetLastError.rettype = c_long
def ListProcessModules( ProcessID ):
hModuleSnap = c_void_p(0)
me32 = MODULEENTRY32()
me32.dwSize = sizeof( MODULEENTRY32 )
hModuleSnap = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, ProcessID )
ret = Module32First( hModuleSnap, pointer(me32) )
if ret == 0 :
print 'ListProcessModules() Error on Module32First[%d]' % GetLastError()
CloseHandle( hModuleSnap )
return False
while ret :
print " MODULE NAME: %s"% me32.szModule
print " executable = %s"% me32.szExePath
print " process ID = 0x%08X"% me32.th32ProcessID
print " ref count (g) = 0x%04X"% me32.GlblcntUsage
print " ref count (p) = 0x%04X"% me32.ProccntUsage
print " base address = 0x%08X"% me32.modBaseAddr
print " base size = %d"% me32.modBaseSize
ret = Module32Next( hModuleSnap , pointer(me32) )
CloseHandle( hModuleSnap )
return True
def ListProcessThreads( ProcessID ):
hThreadSnap = c_void_p(0)
te32 = THREADENTRY32 ()
te32.dwSize = sizeof(THREADENTRY32 )
hThreadSnap = CreateToolhelp32Snapshot( TH32CS_SNAPTHREAD, 0 )
ret = Thread32First( hThreadSnap, pointer(te32) )
if ret == 0 :
print 'ListProcessThreads() Error on Thread32First[%d]' % GetLastError()
CloseHandle( hThreadSnap )
return False
while ret :
if te32.th32OwnerProcessID == ProcessID :
print " THREAD ID = 0x%08X"% te32.th32ThreadID
print " base priority = %d"% te32.tpBasePri
print " delta priority = %d"% te32.tpDeltaPri
ret = Thread32Next( hThreadSnap, pointer(te32) )
CloseHandle( hThreadSnap )
return True
# main
if __name__ == '__main__' :
hProcessSnap = c_void_p(0)
hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS , 0 )
pe32 = PROCESSENTRY32()
pe32.dwSize = sizeof( PROCESSENTRY32 )
ret = Process32First( hProcessSnap , pointer( pe32 ) )
while ret :
print ""
print "=================================================="
print "Process Name : %s " % pe32.szExeFile
print "--------------------------------------------------"
hProcess = OpenProcess( PROCESS_ALL_ACCESS , 0 , pe32.th32ProcessID )
dwPriorityClass = GetPriorityClass( hProcess )
if dwPriorityClass == 0 :
CloseHandle( hProcess )
print " process ID = 0x%08X" % pe32.th32ProcessID
print " thread count = %d" % pe32.cntThreads
print " parent process ID = 0x%08X" % pe32.th32ParentProcessID
print " Priority Base = %d" % pe32.pcPriClassBase
print " Priority Class = %d" % dwPriorityClass
ListProcessModules( pe32.th32ProcessID )
ListProcessThreads( pe32.th32ProcessID )
ret = Process32Next( hProcessSnap, pointer(pe32) )
