def python_dll_path():
dllpath_size = 1024
dllpath = ctypes.create_unicode_buffer(dllpath_size)
dllpath_len = ctypes.windll.kernel32.GetModuleFileNameW(HMODULE(sys.dllhandle), dllpath, dllpath_size)
if not dllpath_len:
return ""
return dllpath[:dllpath_len]
def GetBaseAddress(hProcess, ModName):
baseaddr = 0
imagesize = 0
BIG_HANDLE_ARRAY = HMODULE * 1024
arrHandle = BIG_HANDLE_ARRAY()
needed = DWORD()
res = windll.psapi.EnumProcessModulesEx(hProcess.__int__(),
addressof(arrHandle),
sizeof(arrHandle),
addressof(needed), 0x03)
if res:
numofmod = needed.value / sizeof(HMODULE)
for i in range(numofmod):
hMod = HMODULE(arrHandle[i])
TmpModName = create_string_buffer(1024)
windll.psapi.GetModuleBaseNameA(hProcess.__int__(), hMod,
TmpModName, len(TmpModName))
if ModName.lower() == TmpModName.value.lower():
ModInfo = MODULEINFO()
windll.psapi.GetModuleInformation(hProcess.__int__(), hMod,
addressof(ModInfo),
sizeof(ModInfo))
baseaddr = ModInfo.lpBaseOfDll
imagesize = ModInfo.SizeOfImage
#print "Module name:%s Base address:%x" % (ModName.value,ModInfo.lpBaseOfDll)
kernel32.CloseHandle(hMod)
return (baseaddr, imagesize)
def IsSysWOW64(hProcess):
syswow64 = False
BIG_HANDLE_ARRAY = HMODULE * 1024
arrHandle = BIG_HANDLE_ARRAY()
needed = DWORD()
res = windll.psapi.EnumProcessModulesEx(hProcess.__int__(),
addressof(arrHandle),
sizeof(arrHandle),
addressof(needed), 0x03)
if res:
numofmod = needed.value / sizeof(HMODULE)
for i in range(numofmod):
hMod = HMODULE(arrHandle[i])
TmpModName = create_string_buffer(1024)
windll.psapi.GetModuleBaseNameA(hProcess.__int__(), hMod,
TmpModName, len(TmpModName))
if "wow64.dll" == TmpModName.value.lower():
syswow64 = True
kernel32.CloseHandle(hMod)
return syswow64
def get_notifyicon_wnd_class():
global _notifyicon_wnd_class
if _notifyicon_wnd_class is None:
hmodule = HMODULE(0)
assert GetModuleHandleExA(0, None, byref(hmodule))
log("GetModuleHandleExA(..)=%#x", int(hmodule.value))
NIwc = WNDCLASSEX()
NIwc.cbSize = sizeof(WNDCLASSEX)
NIwc.style = win32con.CS_HREDRAW | win32con.CS_VREDRAW
NIwc.lpfnWndProc = WNDPROC(NotifyIconWndProc)
NIwc.hInstance = hmodule
NIwc.hBrush = GetStockObject(win32con.WHITE_BRUSH)
NIwc.lpszClassName = "win32NotifyIcon"
NIclassAtom = RegisterClassExA(byref(NIwc))
log("RegisterClassExA(%s)=%i", NIwc.lpszClassName, NIclassAtom)
if NIclassAtom == 0:
raise ctypes.WinError(ctypes.get_last_error())
NIwc.NIclassAtom = NIclassAtom
_notifyicon_wnd_class = NIwc
return _notifyicon_wnd_class
def EnumModules(hProcess):
BIG_HANDLE_ARRAY = HMODULE * 1024
#BIG_HANDLE_ARRAY = DWORD * 1024
arrHandle = BIG_HANDLE_ARRAY()
needed = DWORD()
res = windll.psapi.EnumProcessModulesEx(hProcess.__int__(),
addressof(arrHandle),
sizeof(arrHandle),
addressof(needed), 0x03)
if res:
numofmod = needed.value / sizeof(HMODULE)
for i in range(numofmod):
hMod = HMODULE(arrHandle[i])
ModName = create_string_buffer(1024)
windll.psapi.GetModuleBaseNameA(hProcess.__int__(), hMod, ModName,
len(ModName))
ModInfo = MODULEINFO()
windll.psapi.GetModuleInformation(hProcess.__int__(), hMod,
addressof(ModInfo),
sizeof(ModInfo))
print "Module name:%s Base address:%x" % (ModName.value,
ModInfo.lpBaseOfDll)
windll.kernel32.CloseHandle(hMod)
def GetModuleHandleW(lpModuleName):
return HMODULE(_GetModuleHandleW(lpModuleName))
user32 = ['GetGuiResources'])
N = 500
dword_array = DWORD * N
aProcesses = dword_array()
cBytes = DWORD()
# constants for OpenProcess
PROCESS_QUERY_INFORMATION = 0x400
PROCESS_VM_READ = 0x10
PROCESS_SET_QUOTA = 0x0100
OPEN_PROCESS_FLAGS = PROCESS_QUERY_INFORMATION | PROCESS_VM_READ
szProcessName = create_unicode_buffer(MAX_PATH)
hMod = HMODULE()
cBytesNeeded = DWORD()
class PROCESS_MEMORY_COUNTERS(Structure):
_fields_ = [
("cb", DWORD),
("PageFaultCount", DWORD),
("PeakWorkingSetSize", SIZE_T),
("WorkingSetSize", SIZE_T),
("QuotaPeakPagedPoolUsage", SIZE_T),
("QuotaPagedPoolUsage", SIZE_T),
("QuotaPeakNonPagedPoolUsage", SIZE_T),
("QuotaNonPagedPoolUsage", SIZE_T),
("PagefileUsage", SIZE_T),
("PeakPagefileUsage", SIZE_T)
]