Process¶
-
base_address(process_id)¶ Returns process base address, looking at its modules.
Parameters: process_id (ctypes.wintypes.HANDLE) – The identifier of the process. Returns: The base address of the current process. Return type: ctypes.wintypes.HANDLE
-
open(process_id, debug=None, process_access=None)¶ Open a process given its process_id. By default the process is opened with full access and in debug mode.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684320%28v=vs.85%29.aspx https://msdn.microsoft.com/en-us/library/windows/desktop/aa379588%28v=vs.85%29.aspx
Parameters: - process_id (ctypes.wintypes.HANDLE) – The identifier of the process to be opened
- debug (bool) – open process in debug mode
- process_access (pymem.ressources.structure) – desired access level
Returns: A handle of the given process_id
Return type: ctypes.wintypes.HANDLE
-
open_main_thread(process_id)¶ List given process threads and return a handle to first created one.
Parameters: process_id (ctypes.wintypes.HANDLE) – The identifier of the process Returns: A handle to the first thread of the given process_id Return type: ctypes.wintypes.HANDLE
-
open_thread(thread_id, thread_access=None)¶ Opens an existing thread object.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms684335%28v=vs.85%29.aspx
Parameters: thread_id (ctypes.wintypes.HANDLE) – The identifier of the thread to be opened. Returns: A handle to the first thread of the given process_id Return type: ctypes.wintypes.HANDLE
-
close_handle(handle)¶ Closes an open object handle.
https://msdn.microsoft.com/en-us/library/windows/desktop/ms724211%28v=vs.85%29.aspx
Parameters: handle (ctypes.wintypes.HANDLE) – A valid handle to an open object. Returns: If the function succeeds, the return value is nonzero. Return type: bool
-
list_processes()¶ List all processes
https://msdn.microsoft.com/en-us/library/windows/desktop/ms682489%28v=vs.85%29.aspx https://msdn.microsoft.com/en-us/library/windows/desktop/ms684834%28v=vs.85%29.aspx
Returns: a list of process entry 32. Return type: list(pymem.ressources.structure.ProcessEntry32)
-
process_from_name(name)¶ Open a process given its name.
Parameters: name (str) – The name of the process to be opened Returns: The ProcessEntry32 structure of the given process. Return type: ctypes.wintypes.HANDLE
-
process_from_id(process_id)¶ Open a process given its name.
Parameters: process_id (ctypes.wintypes.HANDLE) – The identifier of the process Returns: The ProcessEntry32 structure of the given process. Return type: ctypes.wintypes.HANDLE
-
list_process_thread(process_id)¶ List all threads of given processes_id
Parameters: process_id (ctypes.wintypes.HANDLE) – The identifier of the process Returns: a list of thread entry 32. Return type: list(pymem.ressources.structure.ThreadEntry32)
-
module_from_name(process_id, module_name)¶ Retrieve a module loaded by given process_id.
d3d9 = module_from_name(1234, 'd3d9')
Parameters: - process_id (ctypes.wintypes.HANDLE) – The identifier of the process
- module_name (str) – The module name
Returns: ModuleEntry32
-
list_process_modules(process_id)¶ List all modules of a given processes by its process_id
Parameters: process_id (ctypes.wintypes.HANDLE) – The identifier of the process Returns: a list of module entry 32. Return type: list(pymem.ressources.structure.ModuleEntry32)