Hi, Eric!
Below, derived from your code, an exemple for to found modules in memory
(useful for "scan memory" with clamwin, or other usages)
@-salutations
--
Michel Claveau
import win32api,win32con,win32process,win32security
# Request privileges to enable "debug process", so we can later use
PROCESS_VM_READ, retardedly required to GetModuleFileNameEx()
priv_flags = win32security.TOKEN_ADJUST_PRIVILEGES |
win32security.TOKEN_QUERY
hToken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
priv_flags)
# enable "debug process"
privilege_id = win32security.LookupPrivilegeValue
(None,win32security.SE_DEBUG_NAME)
old_privs = win32security.AdjustTokenPrivileges (hToken, 0,[(privilege_id,
win32security.SE_PRIVILEGE_ENABLED)])
# get all filenames of all modules from all processes (dict for no doublons
& count instances)
lm={}
for pid in win32process.EnumProcesses():
try:
pshandle = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION |
win32con.PROCESS_VM_READ, False, pid)
exename = win32process.GetModuleFileNameEx(pshandle, 0)
for module in win32process.EnumProcessModules(pshandle):
fname=win32process.GetModuleFileNameEx(pshandle, module)
lm[fname]=lm.setdefault(fname,0)+1
win32api.CloseHandle(pshandle)
except:
pass
# clean up
win32api.CloseHandle(hToken)
for filename in lm:
print "Nb:",lm[filename],'\t filename:',filename
_______________________________________________
python-win32 mailing list
python-win32@python.org
http://mail.python.org/mailman/listinfo/python-win32
