API tools faq
paste
Advertisement
Fare9

Untitled

Fare9
Mar 31st, 2019
298
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 2.24 KB | None | 0 0
raw download clone embed print report
  1. import os
  2. import sys
  3. import ctypes
  4. from ctypes import *
  5. import struct
  6.  
  7. BYTE      = c_ubyte
  8. USHORT    = c_ushort
  9. WORD      = c_ushort
  10. DWORD     = c_uint
  11. DWORDLONG = c_ulonglong
  12. LONG      = c_int
  13. ULONG     = c_uint
  14. UINT64    = c_ulonglong
  15. LPBYTE    = POINTER(c_ubyte)
  16. LPTSTR    = POINTER(c_char)
  17. HANDLE    = c_void_p
  18. PVOID     = c_void_p
  19. LPVOID    = c_void_p
  20. UINT_PTR  = c_void_p
  21. ULONG_PTR = c_void_p
  22. SIZE_T    = c_void_p
  23. HMODULE   = c_void_p
  24. PWCHAR    = c_wchar_p
  25. DOUBLE    = c_double
  26. LARGE_INTEGER = c_longlong
  27.  
  28.  
  29. class UNICODE_STRING(Structure):
  30.     _fields_ = [
  31.         ("Length", USHORT),
  32.         ("MaximumLength", USHORT),
  33.         ("Buffer", PWCHAR)
  34.     ]
  35.  
  36. '''
  37. class UNICODE_STRING(Structure):
  38.    _pack_ = 1
  39.    _fields_ = [
  40.        ("Length", USHORT),
  41.        ("MaximumLength", USHORT),
  42.        ("Buffer", PWCHAR),
  43. ]
  44. '''
  45.  
  46. class SYSTEM_PROCESS_INFORMATION(Structure):
  47.     _fields_ = [
  48.         ("NextEntryOffset", ULONG),
  49.         ("NumberOfThreads", ULONG),
  50.         ("Reserved", UINT64 * 3),
  51.         ("CreateTime", LARGE_INTEGER),
  52.         ("UserTime", LARGE_INTEGER),
  53.         ("KernelTime", LARGE_INTEGER),
  54.         ("ImageName", UNICODE_STRING),
  55.         ("BasePriority", ULONG),
  56.         ("ProcessId", PVOID),
  57.         ("InheritedFromProcessId", PVOID)
  58. ]
  59.  
  60. NTDLL = windll.ntdll
  61. libc = cdll.msvcrt
  62.  
  63. proclist = []
  64. pidlist = []
  65. buf = create_string_buffer(1024 * 1024)
  66. p = cast(buf, c_void_p)
  67.  
  68. retlen = c_ulong(0)
  69. retval = NTDLL.NtQuerySystemInformation(5, p, 1024*1024, byref(retlen))
  70.  
  71. if retval:
  72.     sys.exit(-1)
  73.  
  74. proc = cast(p, POINTER(SYSTEM_PROCESS_INFORMATION)).contents
  75.  
  76. while proc.NextEntryOffset:
  77.     p.value += proc.NextEntryOffset
  78.     proc = cast(p, POINTER(SYSTEM_PROCESS_INFORMATION)).contents
  79.  
  80.     print "NextEntryOffset: %x" % (proc.NextEntryOffset)
  81.     print "NumberOfThreads: %x" % (proc.NumberOfThreads)
  82.     print "CreateTime: %x" % (proc.CreateTime)
  83.     print "UserTime: %x" % (proc.UserTime)
  84.     print "KernelTime: %x" % (proc.KernelTime)
  85.     print "ProcessID: %x" % (int(proc.ProcessId))
  86.     print "ImageName.Length: %x" % (proc.ImageName.Length)
  87.  
  88.     if (proc.ImageName.Length):
  89.         a = proc.ImageName.Buffer
  90.         b = a.encode('ascii', 'ignore')
  91.         print b
  92.  
  93. raw_input()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!