def get_process_privileges(pid):
try:
# 타깃 프로세스의 핸들 구하기
hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False,
pid)
# 메인 프로세스 토큰 열기
htok = win32security.OpenProcessToken(hproc, win32con.TOKEN_QUERY)
# 활성화된 권한 목록 추출
privs = win32security.GetTokenInformation(
htok, win32security.TokenPrivileges)
# 권한에 대해 루프를 돌면서 활성화된 권한 출력
priv_list = ""
for i in privs:
# 권한에 대해 루프를 돌면서 활성화된 권한 출력
if i[1] == 3:
priv_list += "%s|" % win32security.LookupPrivilegeName(
None, i[0])
except Exception as e:
print e
priv_list = "N/A"
return priv_list
def PID_Identifier(pid):
try:
hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False,
pid)
htok = win32security.OpenProcessToken(hproc, win32con.TOKEN_QUERY)
privs = win32security.GetTokenInformation(
htok, win32security.TokenPrivileges)
priv_list = ""
for i in privs:
if i[1] == 3:
priv_list += "%s|" % win32security.LookupPrivilegeName(
None, i[0])
except:
priv_list = "N/A"
return priv_list
def get_process_privileges(pid):
try:
hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False,
pid) # 타겟 프로세스의 핸들 얻음
htok = win32security.OpenProcessToken(
hproc, win32con.TOKEN_QUERY) # 타겟 프로세스의 토큰 오픈
privs = win32security.GetTokenInformation(
htok,
win32security.TokenPrivileges) # 타겟 프로세스의 토큰 정보 요청(활성화된 권한 목록 추출)
priv_list = ""
for i in privs:
if (i[1] == 3):
priv_list += "%s|" % win32security.LookupPrivilegeName(
None, i[0])
except:
priv_list = "N/A"
return priv_list
def get_process_privileges(pid):
try:
#根据进程id,获得目标进程的句柄
hproc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False,
pid)
#打开进程的令牌
htok = win32security.OpenProcessToken(hproc, win32con.TOKEN_QUERY)
#获取权限列表,记录了每个权限权限是否启用
privs = win32security.GetTokenInformation(
htok, win32security.TokenPrivileges)
#迭代每个权限,如果i[1] == 3则为已启用的权限
priv_list = ""
for i in privs:
if i[1] == 3:
#获得权限名称
priv_list += "%s|" % win32security.LookupPrivilegeName(
None, i[0])
except:
priv_list = "N/A"
return priv_lis
def get_process_privileges(pid):
try:
# Obtain a handle to the target process
t_proc = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False, pid)
# Open the main process token
t_tok = win32security.OpenProcessToken(t_proc, win32con.TOKEN_QUERY)
# Retrieve the list of enabled privileges
privs = win32security.GetTokenInformation(t_tok, win32security.TokenPrivileges)
# Iterate over privileges and output the ones that are enabled
priv_list = ""
for p in privs:
# Check if the privilege is enabled
if p[1] == 3:
priv_list += "{} | ".format(win32security.LookupPrivilegeName(None, p[0]))
except:
priv_list = "N/A"
return priv_list
wmi_obj = wmi.WMI(privileges=["Security"])
#creating the process watcher
process_watcher = wmi_obj.Win32_Process.watch_for("creation")
#creating a loop that keeps printing details for each process launched
while True:
new_process = process_watcher()
print "The Process name is:", new_process.Caption
print "The CommandLine:", new_process.CommandLine
print "The Executable path:", new_process.ExecutablePath
print "The Date of creation:", new_process.CreationDate
print "Thread count:", new_process.ThreadCount
print "Process Owner:", new_process.GetOwner()
print "The ProcessID:", new_process.ProcessID
print "The Parent PID:", new_process.ParentProcessID
#assigning required variables for the privileges
process = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION, False,
new_process.ProcessID)
token = win32security.OpenProcessToken(process, win32con.TOKEN_QUERY)
privileges = win32security.GetTokenInformation(
token, win32security.TokenPrivileges)
for TokenPrivileges in privileges:
if TokenPrivileges[1] == 3:
win32security.LookupPrivilegeName(None, TokenPrivileges[0])
print TokenPrivileges
