[python-win32] trying to grab exe of foreground window

[Michel Claveau]

Hi, Eric!

Below, derived from your code, an exemple for to found modules in memory 
(useful for "scan memory" with clamwin, or other usages)

@-salutations
-- 
Michel Claveau




import win32api,win32con,win32process,win32security

# Request privileges to enable "debug process", so we can later use 
PROCESS_VM_READ, retardedly required to GetModuleFileNameEx()
priv_flags = win32security.TOKEN_ADJUST_PRIVILEGES | 
win32security.TOKEN_QUERY
hToken = win32security.OpenProcessToken(win32api.GetCurrentProcess(), 
priv_flags)

# enable "debug process"
privilege_id = win32security.LookupPrivilegeValue 
(None,win32security.SE_DEBUG_NAME)
old_privs = win32security.AdjustTokenPrivileges (hToken, 0,[(privilege_id, 
win32security.SE_PRIVILEGE_ENABLED)])

# get all filenames of all modules from all processes (dict for no doublons 
& count instances)
lm={}
for pid in win32process.EnumProcesses():
    try:
        pshandle = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | 
win32con.PROCESS_VM_READ, False, pid)
        exename = win32process.GetModuleFileNameEx(pshandle, 0)
        for module in win32process.EnumProcessModules(pshandle):
            fname=win32process.GetModuleFileNameEx(pshandle, module)
            lm[fname]=lm.setdefault(fname,0)+1
        win32api.CloseHandle(pshandle)
    except:
        pass

# clean up
win32api.CloseHandle(hToken)

for filename in lm:
    print "Nb:",lm[filename],'\t  filename:',filename




 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-win32/attachments/20090724/db21933e/attachment.htm>