memory, PE files, etc...

[kiuhnm03]

Hi!
I'd like to write one or more scripts that analyze processes in memory on 
Windows 7. I used to do these things in C++ by using native Win32 API calls.
How should I proceed in python? Any pointers?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: memory, PE files, etc...

[Tim Golden]

On 27/10/2014 17:16, kiuhn...@yahoo.it wrote:
> Hi! I'd like to write one or more scripts that analyze processes in
> memory on Windows 7. I used to do these things in C++ by using native
> Win32 API calls. How should I proceed in python? Any pointers?
> 

psutil is definitely your friend:

  https://github.com/giampaolo/psutil

Although WMI can be quite handy too, depending on what you're trying to do:

  http://timgolden.me.uk/python/wmi/

TJG
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: memory, PE files, etc...

[kiuhnm03]

On Monday, October 27, 2014 6:24:19 PM UTC+1, Tim Golden wrote:
> psutil is definitely your friend:
> 
>   https://github.com/giampaolo/psutil
> 
> Although WMI can be quite handy too, depending on what you're trying to do:
> 
>   http://timgolden.me.uk/python/wmi/
> 
> TJG

Thanks for answering.
I don't know if psutil is what I'm looking for.
What I need to do is more related to debugging than to administration.
Let's say I want to search for a sequence of bytes in the .text section of a 
given module. Can I do that with psutil?
Maybe I should buy this book:
http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: memory, PE files, etc...

[Rustom Mody]

On Tuesday, October 28, 2014 12:41:40 AM UTC+5:30, kiuh...@yahoo.it wrote:
> On Monday, October 27, 2014 6:24:19 PM UTC+1, Tim Golden wrote:
> > psutil is definitely your friend:
> > 
> >   https://github.com/giampaolo/psutil
> > 
> > Although WMI can be quite handy too, depending on what you're trying to do:
> > 
> >   http://timgolden.me.uk/python/wmi/
> > 
> > TJG
> 
> Thanks for answering.
> I don't know if psutil is what I'm looking for.
> What I need to do is more related to debugging than to administration.
> Let's say I want to search for a sequence of bytes in the .text section of a 
> given module. Can I do that with psutil?

https://code.google.com/p/pefile/

?
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: memory, PE files, etc...

[gandalf23]

On Tuesday, October 28, 2014 3:37:19 AM UTC+1, Rustom Mody wrote:
> On Tuesday, October 28, 2014 12:41:40 AM UTC+5:30, kiuh...@yahoo.it wrote:
> > On Monday, October 27, 2014 6:24:19 PM UTC+1, Tim Golden wrote:
> > > psutil is definitely your friend:
> > > 
> > >   https://github.com/giampaolo/psutil
> > > 
> > > Although WMI can be quite handy too, depending on what you're trying to 
> > > do:
> > > 
> > >   http://timgolden.me.uk/python/wmi/
> > > 
> > > TJG
> > 
> > Thanks for answering.
> > I don't know if psutil is what I'm looking for.
> > What I need to do is more related to debugging than to administration.
> > Let's say I want to search for a sequence of bytes in the .text section of 
> > a given module. Can I do that with psutil?
> 
> https://code.google.com/p/pefile/
> 
> ?

I need to analyze the memory of running processes.
The answer is PyDbg or direct access to the API of Windows.
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: memory, PE files, etc...

[Denis McMahon]

On Mon, 27 Oct 2014 10:16:43 -0700, kiuhnm03 wrote:

> I'd like to write one or more scripts that analyze processes in memory
> on Windows 7. I used to do these things in C++ by using native Win32 API
> calls.
> How should I proceed in python? Any pointers?

This seems to be a very common request. Does anyone know why?

-- 
Denis McMahon, denismfmcma...@gmail.com
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: memory, PE files, etc...

[Chris Angelico]

On Wed, Oct 29, 2014 at 1:18 PM, Denis McMahon  wrote:
> On Mon, 27 Oct 2014 10:16:43 -0700, kiuhnm03 wrote:
>
>> I'd like to write one or more scripts that analyze processes in memory
>> on Windows 7. I used to do these things in C++ by using native Win32 API
>> calls.
>> How should I proceed in python? Any pointers?
>
> This seems to be a very common request. Does anyone know why?

I hadn't noticed it as hugely common, but in any case... I'd say it's
because ctypes and pywin32 are (rightly) obscure, so people don't know
they can basically do the same thing in Python as in C++. That's what
python-list is for, I think.

ChrisA
-- 
https://mail.python.org/mailman/listinfo/python-list

Re: memory, PE files, etc...

[Tim Golden]

On 29/10/2014 02:18, Denis McMahon wrote:
> On Mon, 27 Oct 2014 10:16:43 -0700, kiuhnm03 wrote:
> 
>> I'd like to write one or more scripts that analyze processes in memory
>> on Windows 7. I used to do these things in C++ by using native Win32 API
>> calls.
>> How should I proceed in python? Any pointers?
> 
> This seems to be a very common request. Does anyone know why?
> 

I certainly wouldn't have called it common, assuming you're referring to
the specific request of analyzing processes in memory. I admit we do see
on and off the more general request of "How do I do in Python on Windows
this thing I can do in C/C++?".

TJG
-- 
https://mail.python.org/mailman/listinfo/python-list