格式化代码
This commit is contained in:
xaoyaoo
parent
ab587e3bc7
commit
ad7c65e253
@ -44,6 +44,24 @@ class PROCESSENTRY32(ctypes.Structure):
|
||||
("szExeFile", ctypes.c_char * MAX_PATH)]
|
||||
|
||||
|
||||
class VS_FIXEDFILEINFO(ctypes.Structure):
|
||||
_fields_ = [
|
||||
('dwSignature', ctypes.wintypes.DWORD),
|
||||
('dwStrucVersion', ctypes.wintypes.DWORD),
|
||||
('dwFileVersionMS', ctypes.wintypes.DWORD),
|
||||
('dwFileVersionLS', ctypes.wintypes.DWORD),
|
||||
('dwProductVersionMS', ctypes.wintypes.DWORD),
|
||||
('dwProductVersionLS', ctypes.wintypes.DWORD),
|
||||
('dwFileFlagsMask', ctypes.wintypes.DWORD),
|
||||
('dwFileFlags', ctypes.wintypes.DWORD),
|
||||
('dwFileOS', ctypes.wintypes.DWORD),
|
||||
('dwFileType', ctypes.wintypes.DWORD),
|
||||
('dwFileSubtype', ctypes.wintypes.DWORD),
|
||||
('dwFileDateMS', ctypes.wintypes.DWORD),
|
||||
('dwFileDateLS', ctypes.wintypes.DWORD),
|
||||
]
|
||||
|
||||
|
||||
# 加载dll
|
||||
kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)
|
||||
psapi = ctypes.WinDLL('psapi', use_last_error=True)
|
||||
@ -214,24 +232,6 @@ def get_file_version_info(file_path):
|
||||
return f"{version[0]}.{version[1]}.{version[2]}.{version[3]}"
|
||||
|
||||
|
||||
class VS_FIXEDFILEINFO(ctypes.Structure):
|
||||
_fields_ = [
|
||||
('dwSignature', ctypes.wintypes.DWORD),
|
||||
('dwStrucVersion', ctypes.wintypes.DWORD),
|
||||
('dwFileVersionMS', ctypes.wintypes.DWORD),
|
||||
('dwFileVersionLS', ctypes.wintypes.DWORD),
|
||||
('dwProductVersionMS', ctypes.wintypes.DWORD),
|
||||
('dwProductVersionLS', ctypes.wintypes.DWORD),
|
||||
('dwFileFlagsMask', ctypes.wintypes.DWORD),
|
||||
('dwFileFlags', ctypes.wintypes.DWORD),
|
||||
('dwFileOS', ctypes.wintypes.DWORD),
|
||||
('dwFileType', ctypes.wintypes.DWORD),
|
||||
('dwFileSubtype', ctypes.wintypes.DWORD),
|
||||
('dwFileDateMS', ctypes.wintypes.DWORD),
|
||||
('dwFileDateLS', ctypes.wintypes.DWORD),
|
||||
]
|
||||
|
||||
|
||||
def get_process_list():
|
||||
h_process_snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
|
||||
if h_process_snap == ctypes.wintypes.HANDLE(-1).value:
|
||||
@ -257,8 +257,6 @@ def get_process_list():
|
||||
return process_list
|
||||
|
||||
|
||||
bias_list = []
|
||||
|
||||
if __name__ == "__main__":
|
||||
processes = get_process_list()
|
||||
for pid, name in processes:
|
||||
|
||||
@ -11,7 +11,7 @@ import os
|
||||
import re
|
||||
import winreg
|
||||
from typing import List, Union
|
||||
from .utils import pattern_scan_all, verify_key, get_exe_version, get_exe_bit, info_error
|
||||
from .utils import verify_key, get_exe_version, get_exe_bit, info_error
|
||||
from .ctypes_utils import get_process_list, get_info_with_key, get_memory_maps, get_process_exe_path, \
|
||||
get_file_version_info
|
||||
from .memory_search import search_memory
|
||||
|
||||
@ -1,7 +1,6 @@
|
||||
import ctypes
|
||||
import ctypes.wintypes as wintypes
|
||||
import logging
|
||||
from ctypes.wintypes import HANDLE
|
||||
import re
|
||||
import sys
|
||||
|
||||
|
||||
@ -7,11 +7,8 @@
|
||||
# -------------------------------------------------------------------------------
|
||||
import os
|
||||
import re
|
||||
import sys
|
||||
import hmac
|
||||
import traceback
|
||||
|
||||
import pymem
|
||||
import hashlib
|
||||
from win32com.client import Dispatch
|
||||
|
||||
@ -22,7 +19,6 @@ def info_error(func):
|
||||
:param func:
|
||||
:return:
|
||||
"""
|
||||
|
||||
def wrapper(*args, **kwargs):
|
||||
try:
|
||||
return func(*args, **kwargs)
|
||||
@ -31,7 +27,6 @@ def info_error(func):
|
||||
rdata = f"{traceback_data}"
|
||||
print(f"info_error: \n{rdata}")
|
||||
return "None"
|
||||
|
||||
return wrapper
|
||||
|
||||
|
||||
@ -112,33 +107,3 @@ def get_exe_bit(file_path):
|
||||
print('get exe bit error: File not found or cannot be opened')
|
||||
return 64
|
||||
|
||||
|
||||
def pattern_scan_all(handle, pattern, *, return_multiple=False, find_num=100):
|
||||
"""
|
||||
扫描内存中所有匹配的模式
|
||||
:param handle: 进程句柄
|
||||
:param pattern: 模式
|
||||
:param return_multiple: 是否返回所有匹配
|
||||
:param find_num: 最多查找数量
|
||||
"""
|
||||
next_region = 0
|
||||
found = []
|
||||
user_space_limit = 0x7FFFFFFF0000 if sys.maxsize > 2 ** 32 else 0x7fff0000
|
||||
while next_region < user_space_limit:
|
||||
try:
|
||||
next_region, page_found = pymem.pattern.scan_pattern_page(
|
||||
handle,
|
||||
next_region,
|
||||
pattern,
|
||||
return_multiple=return_multiple
|
||||
)
|
||||
except Exception as e:
|
||||
print(e)
|
||||
break
|
||||
if not return_multiple and page_found:
|
||||
return page_found
|
||||
if page_found:
|
||||
found += page_found
|
||||
if len(found) > find_num:
|
||||
break
|
||||
return found
|
||||
|
||||
Loading…
Reference in New Issue
Block a user