def main():
pid = int(sys.argv[1])
proc = Process(pid)
#= info
print "pid;", proc.get_pid()
print "is_alive;", proc.is_alive()
print "is_debugged;", proc.is_debugged()
print "is_wow;", proc.is_wow64()
print "arch;", proc.get_arch()
print "bits;", proc.get_bits()
print "filename:", proc.get_filename()
print "exit_time;", proc.get_exit_time()
print "running_time;", proc.get_running_time()
print "service;", proc.get_services()
print "policy;", proc.get_dep_policy()
print "peb;", proc.get_peb()
print "main_module;", proc.get_main_module()
print "peb_address", proc.get_peb_address()
print "entry_point;", proc.get_entry_point()
print "image_base;", proc.get_image_base()
print "image_name;", proc.get_image_name()
print "command_line;", proc.get_command_line()
print "environment;", proc.get_environment()
print "handle;", proc.get_handle()
print "resume;",proc.resume()
def search_string(pid, func, size):
process = Process(pid)
print "get_image_base:", hex(process.get_image_base())
print "get_main_module:", process.get_main_module()
dosheader = process.read(process.get_image_base(), 100)
print ''.join(["%02X " % ord(x) for x in dosheader]).strip()
sys.exit(0)
search_dll, search_func = _split_dll_func(func)
print search_dll, ":", search_func
if search_dll is None or search_func is None:
print "%s not found!" % arg
sys.exit(-1)
dict = {}
for file, file_addr in process.get_modules():
if ismatch(file, ".*" + search_dll + "$") or ismatch(
file, ".*" + search_dll + ".dll$"):
print file, " : ", hex(file_addr), " (", file_addr, ")"
return ""
def proces_info(pid, addr=""):
x = int(addr, 16)
process = Process(pid)
print "get_arch:", process.get_arch()
print "get_bits:", process.get_bits()
# print "get_main_module:", process.get_main_module()
print "get_command_line:", process.get_command_line()
print "get_image_name:", (process.get_image_name())
print "get_image_base:", hex(process.get_image_base())
print "get_peb:", hex(process.get_peb().ImageBaseAddress)
print "get_peb_address:", hex(process.get_peb_address())
print "get_entry_point:", hex(process.get_entry_point())
