def build_targets_list(self): # Take a process snapshot self.system = System() self.system.request_debug_privileges() self.system.scan_processes() # If no targets were given, search on all processes if not self.targets: self.targets = self.system.get_process_ids() # If targets were given, search only on those processes else: expanded_targets = set() for token in self.targets: try: pid = HexInput.integer(token) if not self.system.has_process(pid): self.parser.error("process not found: %s" % token) expanded_targets.add(pid) except ValueError: found = self.system.find_processes_by_filename(token) pidlist = [process.get_pid() for (process, _) in found] if not pidlist: self.parser.error("process not found: %s" % token) expanded_targets.update(pidlist) self.targets = list(expanded_targets) # Sort the targets list self.targets.sort()
def get_explorer_pid(): # Request debug privileges. System.request_debug_privileges() # Scan for running processes. system = System() try: system.scan_processes() #system.scan_process_filenames() except WindowsError: system.scan_processes_fast() # For each running process... for process in system.iter_processes(): try: pid = process.get_pid() if pid in (0, 4, 8): continue if dev: print "* Process:", process.get_filename(), "Pid:", pid, "Time:", process.get_running_time() if process.get_filename() == "explorer.exe": if process.get_running_time() < 300000: return pid # Skip processes we don't have permission to access. except WindowsError, e: if e.winerror == ERROR_ACCESS_DENIED: continue raise
def getpidexe(name): # get pid from process contain the name string system = System() for process in system: if process.get_filename() != None and name != None: if name.lower() in process.get_filename().lower(): return process.get_pid()
def main(): print "Process string extractor" print "by Mario Vilas (mvilas at gmail.com)" print if len(sys.argv) != 2: script = os.path.basename(sys.argv[0]) print " %s <pid>" % script print " %s <process.exe>" % script return System.request_debug_privileges() try: pid = HexInput.integer(sys.argv[1]) except Exception, e: s = System() s.scan_processes() pl = s.find_processes_by_filename(sys.argv[1]) if not pl: print "Process not found: %s" % sys.argv[1] return if len(pl) > 1: print "Multiple processes found for %s" % sys.argv[1] for p, n in pl: print "\t%s: %s" % (p.get_pid(), n) return pid = pl[0][0].get_pid() s.clear() del s
def simple_debugger(argv): with Debug(ScriptExecutionMonitorEventHandler(), bKillOnExit=False) as debug: if len(argv) == 0: attached = False logging.info("Try to attach to WINWORD.EXE...") while not attached: for process in System(): filename = process.get_filename() if filename and "WINWORD.EXE" in filename: logging.info("Attaching to: %s (%d)" % (filename, process.get_pid())) debug.attach(process.get_pid()) attached = True if attached: debug.loop() else: logging.error("Unabel to find a WINWORD.exe process") elif argv[0].isdigit(): # attach via PID pid = int(argv[0]) debug.attach(pid) logging.info("Attaching to: %d" % pid) debug.loop() else: logging.error("Usage: %s [PID]" % sys.argv[0])
def getPidsByImg(img): result = [] system = System() system.scan_processes() for ( process, name ) in system.find_processes_by_filename( img ): result.append(process.get_pid()) return result
def print_state( process_name ): # Request debug privileges. System.request_debug_privileges() # Find the first process that matches the requested name. system = System() process, filename = system.find_processes_by_filename( process_name )[ 0 ] # Suspend the process execution. process.suspend() try: # For each thread in the process... for thread in process.iter_threads(): # Get the thread state. tid = thread.get_tid() eip = thread.get_pc() code = thread.disassemble_around( eip ) context = thread.get_context() # Display the thread state. print print "-" * 79 print "Thread: %s" % HexDump.integer( tid ) print print CrashDump.dump_registers( context ) print CrashDump.dump_code( code, eip ), print "-" * 79 # Resume the process execution. finally: process.resume()
def main(): print("Process memory reader") print("by Mario Vilas (mvilas at gmail.com)") print if len(sys.argv) not in (4, 5): script = os.path.basename(sys.argv[0]) print(" %s <pid> <address> <size> [binary output file]" % script) print(" %s <process.exe> <address> <size> [binary output file]" % script) return System.request_debug_privileges() try: pid = HexInput.integer(sys.argv[1]) except: s = System() s.scan_processes() pl = s.find_processes_by_filename(sys.argv[1]) if not pl: print("Process not found: %s" % sys.argv[1]) return if len(pl) > 1: print("Multiple processes found for %s" % sys.argv[1]) for p, n in pl: print("\t%s: %s" % (HexDump.integer(p), n)) return pid = pl[0][0].get_pid() try: address = HexInput.integer(sys.argv[2]) except Exception: print("Invalid value for address: %s" % sys.argv[2]) return try: size = HexInput.integer(sys.argv[3]) except Exception: print("Invalid value for size: %s" % sys.argv[3]) return p = Process(pid) data = p.read(address, size) ## data = p.peek(address, size) print("Read %d bytes from PID %d" % (len(data), pid)) if len(sys.argv) == 5: filename = sys.argv[4] open(filename, 'wb').write(data) print("Written %d bytes to %s" % (len(data), filename)) else: if win32.sizeof(win32.LPVOID) == win32.sizeof(win32.DWORD): width = 16 else: width = 8 print print(HexDump.hexblock(data, address, width=width))
def main(): # Create a system snaphot. system = System() # Get the Desktop window. root = system.get_desktop_window() # Now show the window tree. show_window_tree(root)
def print_handle_caption(): system = System() for window in system.get_windows(): handle = HexDump.integer(window.get_handle()) caption = window.get_text() if not caption in None: print "%s\t%s" % (handle, caption)
def show(search=None, wide=True): 'show a table with the list of services' # Take a snapshot of the running processes. s = System() s.request_debug_privileges() try: s.scan_processes() s.scan_process_filenames() except WindowsError: s.scan_processes_fast() pid_list = s.get_process_ids() pid_list.sort() if not pid_list: print "Unknown error enumerating processes!" return # Get the filename of each process. filenames = dict() for pid in pid_list: p = s.get_process(pid) # Special process IDs. # PID 0: System Idle Process. Also has a special meaning to the # toolhelp APIs (current process). # PID 4: System Integrity Group. See this forum post for more info: # http://tinyurl.com/ycza8jo # (points to social.technet.microsoft.com) # Only on XP and above # PID 8: System (?) only in Windows 2000 and below AFAIK. # It's probably the same as PID 4 in XP and above. if pid in (0, 4, 8): fileName = "" # Get the filename for all other processes. else: fileName = p.get_filename() if fileName: fileName = PathOperations.pathname_to_filename(fileName) else: fileName = "" # Remember the filename. filenames[pid] = fileName # Make the search string lowercase if given. if search is not None: search = search.lower() # Get the list of services. try: services = System.get_services() except WindowsError, e: print str(e) return
def get_pid_by_name(name): system = System() for process in system: exe_path = process.get_image_name() if exe_path == None: continue procname = os.path.basename(exe_path) if procname == name: return process.get_pid() raise Exception("No Process named %(name)s is found" % locals())
def main(argv): # Print the banner. print "SelectMyParent: Start a program with a selected parent process" print "by Mario Vilas (mvilas at gmail.com)" print "based on a Didier Stevens tool (https://DidierStevens.com)" print # Check the command line arguments. if len(argv) < 3: script = os.path.basename(argv[0]) print " %s <pid> <process.exe> [arguments]" % script return # Request debug privileges. system = System() system.request_debug_privileges() # Parse the parent process argument. try: dwParentProcessId = HexInput.integer(argv[1]) except ValueError: dwParentProcessId = None if dwParentProcessId is not None: dwMyProcessId = win32.GetProcessId(win32.GetCurrentProcess()) if dwParentProcessId != dwMyProcessId: system.scan_processes_fast() if not system.has_process(dwParentProcessId): print "Can't find process ID %d" % dwParentProcessId return else: system.scan_processes() process_list = system.find_processes_by_filename(argv[1]) if not process_list: print "Can't find process %r" % argv[1] return if len(process_list) > 1: print "Too many processes found:" for process, name in process_list: print "\t%d:\t%s" % (process.get_pid(), name) return dwParentProcessId = process_list[0][0].get_pid() # Parse the target process argument. filename = argv[2] if not ntpath.exists(filename): try: filename = win32.SearchPath(None, filename, '.exe')[0] except WindowsError, e: print "Error searching for %s: %s" % (filename, str(e)) return argv = list(argv) argv[2] = filename
def getuserps_id(): # return all process under user/user process # only return pids system = System() userps = [] for process in system: try: if getwinuser() in getuname(process.get_pid()): userps.append((str(process.get_pid()))) except: pass return userps
def getuserps(): # return all process under user/user process # return pids and process names system = System() userps = [] for process in system: try: if getwinuser() in getuname(process.get_pid()): userps.append((process.get_pid(), process.get_filename())) except: pass return userps
def main(): print("Process memory writer") print("by Mario Vilas (mvilas at gmail.com)") print() if len(sys.argv) < 4: script = os.path.basename(sys.argv[0]) print(" %s <pid> <address> {binary input file / hex data}" % script) print(" %s <process.exe> <address> {binary input file / hex data}" % script) return System.request_debug_privileges() try: pid = HexInput.integer(sys.argv[1]) except Exception: s = System() s.scan_processes() pl = s.find_processes_by_filename(sys.argv[1]) if not pl: print("Process not found: %s" % sys.argv[1]) return if len(pl) > 1: print("Multiple processes found for %s" % sys.argv[1]) for p, n in pl: print("\t%s: %s" % (HexDump.integer(p), n)) return pid = pl[0][0].get_pid() try: address = HexInput.integer(sys.argv[2]) except Exception: print("Invalid value for address: %s" % sys.argv[2]) return filename = ' '.join(sys.argv[3:]) if os.path.exists(filename): data = open(filename, 'rb').read() print("Read %d bytes from %s" % (len(data), filename)) else: try: data = HexInput.hexadecimal(filename) except Exception: print("Invalid filename or hex block: %s" % filename) return p = Process(pid) p.write(address, data) print("Written %d bytes to PID %d" % (len(data), pid))
def scan_processes(): runtime_code_dict = {} # Create a system snaphot. number_of_scanned_processes = 0 system = System() for process in system: if process.get_filename() and os.path.basename( process.get_filename()).lower() in RELEVANT_PROCSS_LIST: try: scan_process_memory(process, runtime_code_dict) number_of_scanned_processes += 1 except: pass return runtime_code_dict, number_of_scanned_processes
def testRunningProcesses(self): validator = MemoryValidatorClass() validator.Initialize('c:\\mem\\user\\') CounterMonitor.Start() System.request_debug_privileges() with UpdateCounterForScope('main'): system = System() system.scan_processes() totalProcesses = system.get_process_count() for processIndex, process in enumerate(system.iter_processes()): fileName = getattr(process, 'fileName') pid = getattr(process, 'dwProcessId') if not fileName or not pid: continue validator.ImageName = fileName logging.info("---------------------------------------------") validator.Message = "[{}] fileName:{} pid:{}".format(processIndex, fileName, pid) logging.info(validator.Message) if not any(s in fileName for s in self.PROCESS_TO_SCAN): continue print '------process {}/{} {}-------'.format(processIndex, totalProcesses, fileName) with validator.ExceptionHandler('Failed comparing {0}'.format(fileName)): process.scan_modules() mods = {} for module in process.iter_modules(): baseDllName = ntpath.basename(module.get_filename().lower()) mod = { 'BaseDllName' : baseDllName, 'FullDllName' : module.get_filename().lower(), 'StartAddr' : module.get_base(), 'EndAddr' : module.get_base() + module.get_size(), 'SizeOfImage' : module.get_size() } if not mods.get(baseDllName): mods[baseDllName] = [] mods[baseDllName].append(mod) validator.BuildLoadedModuleAddressesFromWinAppDbg(mods) totalMods = len(mods) for modIndex, modList in enumerate(mods.itervalues()): print 'module {}/{} {}'.format(modIndex, totalMods, modList[0]['BaseDllName']) for modIndex, mod in enumerate(modList): validator.InitializeModuleInfoFromWinAppDbg(mod) with validator.ExceptionHandler('failed comparing {0}'.format(mod)): memoryData = process.read(validator.DllBase, validator.SizeOfImage) if not memoryData: validator.Warn('failed to read memory data') continue validator.CompareExe(memoryData, validator.FullDllPath) CounterMonitor.Stop() validator.DumpFinalStats()
def getuserps_idx(): # return all process # only return pids system = System() userps = [] for process in system: try: if process.get_pid() == 0 or process.get_pid( ) == 4 or process.get_pid() == 8: continue else: userps.append((str(process.get_pid()), process.get_filename())) except: pass return userps
def main(): """TODO """ print "...as script dumper for as3s.exe..." if len(sys.argv) != 2: print "usage: %s swf.as" % sys.argv[0] return try: s = System() s.request_debug_privileges() s.scan() p = s.find_processes_by_filename("as3s.exe")[0][0] except Exception, e: print "[-] oops..." % str(e) return
def list_processes(match_name=""): print "[+] processes:" s = System() l = [] if len(match_name) > 0: l1 = [] for p in s.find_processes_by_filename(match_name): l.append(p[0]) else: l = s for p in l: print "%5d\t%s" % (p.get_pid(), p.get_filename()) return l
def main(): print("Process DLL injector") print("by Mario Vilas (mvilas at gmail.com)") print if len(sys.argv) != 3: script = os.path.basename(sys.argv[0]) print("Injects a DLL into a running process.") print(" %s <pid> <library.dll>" % script) print(" %s <process.exe> <library.dll>" % script) return System.request_debug_privileges() try: pid = HexInput.integer(sys.argv[1]) except Exception: s = System() s.scan_processes() pl = s.find_processes_by_filename(sys.argv[1]) if not pl: print("Process not found: %s" % sys.argv[1]) return if len(pl) > 1: print("Multiple processes found for %s" % sys.argv[1]) for p,n in pl: print("\t%12d: %s" % (p,n)) return pid = pl[0][0].get_pid() print("Using PID %d (0x%x)" % (pid, pid)) dll = sys.argv[2] print("Using DLL %s" % dll) p = Process(pid) b = p.get_bits() if b != System.bits: print(() "Cannot inject into a %d bit process from a %d bit Python VM!" % (b, System.bits) ) return p.scan_modules() p.inject_dll(dll)
def find_hook_pid( procname ): global gpid global xp global oldpid s = System() s.request_debug_privileges() try: s.scan_processes() s.scan_process_filenames() except WindowsError: s.scan_processes_fast() pid_list = s.get_process_ids() pid_list.sort(reverse=True) if not pid_list: print "Unknown error enumerating processes!" # s = raw_input() sys.exit(1) for pid in pid_list: p = s.get_process(pid) fileName = p.get_filename() fname = str(fileName).lower() if dev: print "Process:", fname, "Pid:", pid if fname.find(procname) >= 0: if int(pid) != int(gpid): oldpid = gpid gpid = pid if procname.find("svchost.exe") >= 0: gpid = int(get_svchost_pid()) return gpid elif procname.find("explorer.exe") >= 0: gpid = int(get_explorer_pid()) return gpid else: return pid return 0
def get_processes_list(): """Take a snapshot and return the list of processes""" if sys.platform == 'win32': # (based on winappdbg examples) # Create a system snaphot system = System() # The snapshot is initially empty, so populate it system.scan_processes() process_ids = list(system.iter_process_ids()) # winappdbg does not include our pid, add it manually process_ids.append(get_current_process_id()) process_ids.sort() # Return the processes in the system snapshot (iterator) return (WinProcess(pid) for pid in process_ids) else: pids = psi.process.ProcessTable() return (LinuxProcess(pid) for pid in pids)
def main(): print "Process memory map" print "by Mario Vilas (mvilas at gmail.com)" print if len(sys.argv) < 2 or '-h' in sys.argv or '--help' in sys.argv: script = os.path.basename(sys.argv[0]) print "Usage:" print " %s <pid>..." % script print " %s <process.exe>..." % script return s = System() s.request_debug_privileges() s.scan_processes() targets = set() for token in sys.argv[1:]: try: pid = HexInput.integer(token) if not s.has_process(pid): print "Process not found: %s" % token return targets.add(pid) except ValueError: pl = s.find_processes_by_filename(token) if not pl: print "Process not found: %s" % token return for p, n in pl: pid = p.get_pid() targets.add(pid) targets = list(targets) targets.sort() for pid in targets: process = Process(pid) fileName = process.get_filename() memoryMap = process.get_memory_map() mappedFilenames = process.get_mapped_filenames() if fileName: print "Memory map for %d (%s):" % (pid, fileName) else: print "Memory map for %d:" % pid print ## print CrashDump.dump_memory_map(memoryMap), print CrashDump.dump_memory_map(memoryMap, mappedFilenames) readable = 0 writeable = 0 executable = 0 private = 0 mapped = 0 image = 0 total = 0 for mbi in memoryMap: size = mbi.RegionSize if not mbi.is_free(): total += size if mbi.is_readable(): readable += size if mbi.is_writeable(): writeable += size if mbi.is_executable(): executable += size if mbi.is_private(): private += size if mbi.is_mapped(): mapped += size if mbi.is_image(): image += size width = len(number(total)) print(" %%%ds bytes of readable memory" % width) % number(readable) print(" %%%ds bytes of writeable memory" % width) % number(writeable) print(" %%%ds bytes of executable memory" % width) % number(executable) print(" %%%ds bytes of private memory" % width) % number(private) print(" %%%ds bytes of mapped memory" % width) % number(mapped) print(" %%%ds bytes of image memory" % width) % number(image) print(" %%%ds bytes of total memory" % width) % number(total) print
def getPidByImg(img): system = System() system.scan_processes() for ( process, name ) in system.find_processes_by_filename( img ): return process.get_pid() return 0
def starting_process(path): system = System() process = system.start_process(path) print "Started process %d (%d bits)" % (process.get_pid(), process.get_bits()) return process.get_pid()
def parse_cmdline(argv): # Help message and version string version = ("Process execution tracer\n" "by Mario Vilas (mvilas at gmail.com)\n" "%s\n") % winappdbg.version usage = ( "\n" "\n" " Create a new process (parameters for the target must be escaped):\n" " %prog [options] -c <executable> [parameters for the target]\n" " %prog [options] -w <executable> [parameters for the target]\n" "\n" " Attach to a running process (by filename):\n" " %prog [options] -a <executable>\n" "\n" " Attach to a running process (by ID):\n" " %prog [options] -a <process id>") ## formatter = optparse.IndentedHelpFormatter() ## formatter = optparse.TitledHelpFormatter() parser = optparse.OptionParser( usage=usage, version=version, ## formatter=formatter, ) # Commands commands = optparse.OptionGroup(parser, "Commands") commands.add_option("-a", "--attach", action="append", type="string", metavar="PROCESS", help="Attach to a running process") commands.add_option("-w", "--windowed", action="callback", type="string", metavar="CMDLINE", callback=callback_execute_target, help="Create a new windowed process") commands.add_option("-c", "--console", action="callback", type="string", metavar="CMDLINE", callback=callback_execute_target, help="Create a new console process [default]") parser.add_option_group(commands) # Tracing options tracing = optparse.OptionGroup(parser, "Tracing options") tracing.add_option("--trace", action="store_const", const="trace", dest="mode", help="Set the single step mode [default]") if System.arch == win32.ARCH_I386: tracing.add_option( "--branch", action="store_const", const="branch", dest="mode", help= "Set the step-on-branch mode (doesn't work on virtual machines)") tracing.add_option("--syscall", action="store_const", const="syscall", dest="mode", help="Set the syscall trap mode") ## tracing.add_options("--module", action="append", metavar="MODULES", ## dest="modules", ## help="only trace into these modules (comma-separated)") ## debugging.add_option("--from-start", action="store_true", ## help="start tracing when the process is created [default]") ## debugging.add_option("--from-entry", action="store_true", ## help="start tracing when the entry point is reached") parser.add_option_group(tracing) # Debugging options debugging = optparse.OptionGroup(parser, "Debugging options") debugging.add_option( "--autodetach", action="store_true", help="automatically detach from debugees on exit [default]") debugging.add_option( "--follow", action="store_true", help="automatically attach to child processes [default]") debugging.add_option("--trusted", action="store_false", dest="hostile", help="treat debugees as trusted code [default]") debugging.add_option( "--dont-autodetach", action="store_false", dest="autodetach", help="don't automatically detach from debugees on exit") debugging.add_option("--dont-follow", action="store_false", dest="follow", help="don't automatically attach to child processes") debugging.add_option("--hostile", action="store_true", help="treat debugees as hostile code") parser.add_option_group(debugging) # Defaults parser.set_defaults( autodetach=True, follow=True, hostile=False, windowed=list(), console=list(), attach=list(), ## modules = list(), mode="trace", ) # Parse and validate the command line options if len(argv) == 1: argv = argv + ['--help'] (options, args) = parser.parse_args(argv) args = args[1:] if not options.windowed and not options.console and not options.attach: if not args: parser.error("missing target application(s)") options.console = [args] else: if args: parser.error("don't know what to do with extra parameters: %s" % args) # Get the list of attach targets system = System() system.request_debug_privileges() system.scan_processes() attach_targets = list() for token in options.attach: try: dwProcessId = HexInput.integer(token) except ValueError: dwProcessId = None if dwProcessId is not None: if not system.has_process(dwProcessId): parser.error("can't find process %d" % dwProcessId) try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError as e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append(dwProcessId) else: matched = system.find_processes_by_filename(token) if not matched: parser.error("can't find process %s" % token) for process, name in matched: dwProcessId = process.get_pid() try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError as e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append(process.get_pid()) options.attach = attach_targets # Get the list of console programs to execute console_targets = list() for vector in options.console: if not vector: parser.error("bad use of --console") filename = vector[0] if not ntpath.exists(filename): try: filename = win32.SearchPath(None, filename, '.exe')[0] except WindowsError as e: parser.error("error searching for %s: %s" % (filename, str(e))) vector[0] = filename console_targets.append(vector) options.console = console_targets # Get the list of windowed programs to execute windowed_targets = list() for vector in options.windowed: if not vector: parser.error("bad use of --windowed") filename = vector[0] if not ntpath.exists(filename): try: filename = win32.SearchPath(None, filename, '.exe')[0] except WindowsError as e: parser.error("error searching for %s: %s" % (filename, str(e))) vector[0] = filename windowed_targets.append(vector) options.windowed = windowed_targets # If no targets were set at all, show an error message if not options.attach and not options.console and not options.windowed: parser.error("no targets found!") return options
# * Redistributions in binary form must reproduce the above copyright # notice,this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # * Neither the name of the copyright holder nor the names of its # contributors may be used to endorse or promote products derived from # this software without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. from winappdbg import System, HexDump # Create a system snaphot. system = System() # Now we can enumerate the top-level windows. for window in system.get_windows(): handle = HexDump.integer(window.get_handle()) caption = window.get_text() if caption is not None: print "%s:\t%s" % (handle, caption)
def main(argv): # print(the banner.) print("SelectMyParent: Start a program with a selected parent process") print("by Mario Vilas (mvilas at gmail.com)") print("based on a Didier Stevens tool (https://DidierStevens.com)") print # Check the command line arguments. if len(argv) < 3: script = os.path.basename(argv[0]) print(" %s <pid> <process.exe> [arguments]" % script) return # Request debug privileges. system = System() system.request_debug_privileges() # Parse the parent process argument. try: dwParentProcessId = HexInput.integer(argv[1]) except ValueError: dwParentProcessId = None if dwParentProcessId is not None: dwMyProcessId = win32.GetProcessId(win32.GetCurrentProcess()) if dwParentProcessId != dwMyProcessId: system.scan_processes_fast() if not system.has_process(dwParentProcessId): print("Can't find process ID %d" % dwParentProcessId) return else: system.scan_processes() process_list = system.find_processes_by_filename(argv[1]) if not process_list: print("Can't find process %r" % argv[1]) return if len(process_list) > 1: print("Too many processes found:") for process, name in process_list: print("\t%d:\t%s" % (process.get_pid(), name)) return dwParentProcessId = process_list[0][0].get_pid() # Parse the target process argument. filename = argv[2] if not ntpath.exists(filename): try: filename = win32.SearchPath(None, filename, '.exe')[0] except WindowsError as e: print("Error searching for %s: %s" % (filename, str(e))) return argv = list(argv) argv[2] = filename # Start the new process. try: process = system.start_process(system.argv_to_cmdline(argv[2:]), bConsole=True, bInheritHandles=True, dwParentProcessId=dwParentProcessId) dwProcessId = process.get_pid() except AttributeError as e: if "InitializeProcThreadAttributeList" in str(e): print("This tool requires Windows Vista or above.") else: print("Error starting new process: %s" % str(e)) return except WindowsError as e: print("Error starting new process: %s" % str(e)) return print("Process created: %d" % dwProcessId) return dwProcessId