def main(): pid = int(sys.argv[1]) proc = Process(pid) #= info print "pid;", proc.get_pid() print "is_alive;", proc.is_alive() print "is_debugged;", proc.is_debugged() print "is_wow;", proc.is_wow64() print "arch;", proc.get_arch() print "bits;", proc.get_bits() print "filename:", proc.get_filename() print "exit_time;", proc.get_exit_time() print "running_time;", proc.get_running_time() print "service;", proc.get_services() print "policy;", proc.get_dep_policy() print "peb;", proc.get_peb() print "main_module;", proc.get_main_module() print "peb_address", proc.get_peb_address() print "entry_point;", proc.get_entry_point() print "image_base;", proc.get_image_base() print "image_name;", proc.get_image_name() print "command_line;", proc.get_command_line() print "environment;", proc.get_environment() print "handle;", proc.get_handle() print "resume;",proc.resume()
def print_alnum_jump_addresses(pid): # Request debug privileges so we can inspect the memory of services too. System.request_debug_privileges() # Suspend the process so there are no malloc's and free's while iterating. process = Process(pid) process.suspend() try: # For each executable alphanumeric address... for address, packed, module in iterate_alnum_jump_addresses(process): # Format the address for printing. numeric = HexDump.address(address, process.get_bits()) ascii = repr(packed) # Format the module name for printing. if module: modname = module.get_name() else: modname = "" # Try to disassemble the code at this location. try: code = process.disassemble(address, 16)[0][2] except NotImplementedError: code = "" # Print it. print numeric, ascii, modname, code # Resume the process when we're done. # This is inside a "finally" block, so if the program is interrupted # for any reason we don't leave the process suspended. finally: process.resume()