def get_process_privileges(pid): try: # 타깃 프로세스의 핸들 구하기 hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid) # 메인 프로세스 토큰 열기 htok = win32security.OpenProcessToken(hproc, win32con.TOKEN_QUERY) # 활성화된 권한 목록 추출 privs = win32security.GetTokenInformation( htok, win32security.TokenPrivileges) # 권한에 대해 루프를 돌면서 활성화된 권한 출력 priv_list = "" for i in privs: # 권한에 대해 루프를 돌면서 활성화된 권한 출력 if i[1] == 3: priv_list += "%s|" % win32security.LookupPrivilegeName( None, i[0]) except Exception as e: print e priv_list = "N/A" return priv_list
def PID_Identifier(pid): try: hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid) htok = win32security.OpenProcessToken(hproc, win32con.TOKEN_QUERY) privs = win32security.GetTokenInformation( htok, win32security.TokenPrivileges) priv_list = "" for i in privs: if i[1] == 3: priv_list += "%s|" % win32security.LookupPrivilegeName( None, i[0]) except: priv_list = "N/A" return priv_list
def get_process_privileges(pid): try: hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid) # 타겟 프로세스의 핸들 얻음 htok = win32security.OpenProcessToken( hproc, win32con.TOKEN_QUERY) # 타겟 프로세스의 토큰 오픈 privs = win32security.GetTokenInformation( htok, win32security.TokenPrivileges) # 타겟 프로세스의 토큰 정보 요청(활성화된 권한 목록 추출) priv_list = "" for i in privs: if (i[1] == 3): priv_list += "%s|" % win32security.LookupPrivilegeName( None, i[0]) except: priv_list = "N/A" return priv_list
def get_process_privileges(pid): try: #根据进程id,获得目标进程的句柄 hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid) #打开进程的令牌 htok = win32security.OpenProcessToken(hproc, win32con.TOKEN_QUERY) #获取权限列表,记录了每个权限权限是否启用 privs = win32security.GetTokenInformation( htok, win32security.TokenPrivileges) #迭代每个权限,如果i[1] == 3则为已启用的权限 priv_list = "" for i in privs: if i[1] == 3: #获得权限名称 priv_list += "%s|" % win32security.LookupPrivilegeName( None, i[0]) except: priv_list = "N/A" return priv_lis
def get_process_privileges(pid): try: # Obtain a handle to the target process t_proc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid) # Open the main process token t_tok = win32security.OpenProcessToken(t_proc, win32con.TOKEN_QUERY) # Retrieve the list of enabled privileges privs = win32security.GetTokenInformation(t_tok, win32security.TokenPrivileges) # Iterate over privileges and output the ones that are enabled priv_list = "" for p in privs: # Check if the privilege is enabled if p[1] == 3: priv_list += "{} | ".format(win32security.LookupPrivilegeName(None, p[0])) except: priv_list = "N/A" return priv_list
wmi_obj = wmi.WMI(privileges=["Security"]) #creating the process watcher process_watcher = wmi_obj.Win32_Process.watch_for("creation") #creating a loop that keeps printing details for each process launched while True: new_process = process_watcher() print "The Process name is:", new_process.Caption print "The CommandLine:", new_process.CommandLine print "The Executable path:", new_process.ExecutablePath print "The Date of creation:", new_process.CreationDate print "Thread count:", new_process.ThreadCount print "Process Owner:", new_process.GetOwner() print "The ProcessID:", new_process.ProcessID print "The Parent PID:", new_process.ParentProcessID #assigning required variables for the privileges process = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, new_process.ProcessID) token = win32security.OpenProcessToken(process, win32con.TOKEN_QUERY) privileges = win32security.GetTokenInformation( token, win32security.TokenPrivileges) for TokenPrivileges in privileges: if TokenPrivileges[1] == 3: win32security.LookupPrivilegeName(None, TokenPrivileges[0]) print TokenPrivileges