from ctypes import *
import sys
import struct
hDevice=windll.kernel32.CreateFileA(b'\\\\.\\aswSP_Open',
0x02000000, #MAXIMUM_ALLOWED
3,
None,
3,
0,
0)
if (hDevice&0xffffffff)==0xffffffff:
print('0x%08x'%(windll.kernel32.GetLastError()))
sys.exit(0)
OutBuffer=b'\0'*4
OutBufferSize=len(OutBuffer)
n=c_ulong(0)
windll.kernel32.DeviceIoControl(hDevice,
0xb2d60190,
None,
0,
OutBuffer,
OutBufferSize,
byref(n),
None)
Enabled=struct.unpack('<I',OutBuffer)[0]
if Enabled==0:
print('avast! Self Protection is not enabled')
else:
print('avast! Self Protection is enabled')
print('List of trusted PIDs:')
for Pid in range(4,4096,4):
InBuffer=struct.pack('<I',Pid)
InBufferSize=len(InBuffer)
OutBuffer=b'\0'*4
OutBufferSize=len(OutBuffer)
n=c_ulong(0)
windll.kernel32.DeviceIoControl(hDevice,
0xb2d600cc,
InBuffer,
InBufferSize,
OutBuffer,
OutBufferSize,
byref(n),
None)
if struct.unpack('<I',OutBuffer)[0]!=0:
print(' %4d'%(Pid))
windll.kernel32.CloseHandle(hDevice)