tasklist沒有列出64個系統中的所有模塊

Question

我遇到了一些問題。我會試着爲我的機器上的所有進程獲取所有模塊（dll文件）。我試圖在CMD中執行此命令：

tasklist /m 

但是這是64位系統的問題。如果你`重新64位機器上運行32位PROGRAMM它沒有列出所有模塊，只

ntdll.dll, wow64.dll, wow64win.dll, wow64cpu.dll 

然後我試着用Python腳本來做到這一點，使用pywin32（WIN32API）。

這是代碼：

import win32security,win32file,win32api,ntsecuritycon,win32con,win32process 

processes = win32process.EnumProcesses() 

for pid in processes: 
    dll_list = [] 
    try: 
     if pid: 
      print('pid:', pid) 
      ph = win32api.OpenProcess(win32con.MAXIMUM_ALLOWED, False, pid) 
      dll = win32process.EnumProcessModules(ph) 
      for dll_name in dll: 
       dll_name_norm = win32process.GetModuleFileNameEx(ph, dll_name) 
       dll_list.append(dll_name_norm) 

      print("dll_list: ", dll_list) 
      print("--------------") 
    except: 
     print("Error") 
     print("--------------") 

但結果是一樣的。 =（ 請幫助我，我如何可以看到所有的dll文件，加載每個進程。

PS它可以只是標準的Windows工具，如命令行，任務列表（不ListDlls，進程資源管理器或相同的東西）或Python腳本。

謝謝你很多！

Answer 1

EnumProcessModules只是顯示具有相同bittiness爲Python的過程。相反，調用EnumProcessModulesEx與dwFilterFlag=LIST_MODULES_ALL。

您當前的代碼需要win32api模塊，只有recently added EnumProcessModulesEx，並且不在標準庫中。以下是僅使用標準庫的解決方案：

from ctypes import byref, create_unicode_buffer, sizeof, WinDLL 
from ctypes.wintypes import DWORD, HMODULE, MAX_PATH 

Psapi = WinDLL('Psapi.dll') 
Kernel32 = WinDLL('kernel32.dll') 

PROCESS_QUERY_INFORMATION = 0x0400 
PROCESS_VM_READ = 0x0010 

LIST_MODULES_ALL = 0x03 

def EnumProcesses(): 
    buf_count = 256 
    while True: 
     buf = (DWORD * buf_count)() 
     buf_size = sizeof(buf) 
     res_size = DWORD() 
     if not Psapi.EnumProcesses(byref(buf), buf_size, byref(res_size)): 
      raise OSError('EnumProcesses failed') 
     if res_size.value >= buf_size: 
      buf_count *= 2 
      continue 
     count = res_size.value // (buf_size // buf_count) 
     return buf[:count] 

def EnumProcessModulesEx(hProcess): 
    buf_count = 256 
    while True: 
     buf = (HMODULE * buf_count)() 
     buf_size = sizeof(buf) 
     needed = DWORD() 
     if not Psapi.EnumProcessModulesEx(hProcess, byref(buf), buf_size, 
              byref(needed), LIST_MODULES_ALL): 
      raise OSError('EnumProcessModulesEx failed') 
     if buf_size < needed.value: 
      buf_count = needed.value // (buf_size // buf_count) 
      continue 
     count = needed.value // (buf_size // buf_count) 
     return map(HMODULE, buf[:count]) 

def GetModuleFileNameEx(hProcess, hModule): 
    buf = create_unicode_buffer(MAX_PATH) 
    nSize = DWORD() 
    if not Psapi.GetModuleFileNameExW(hProcess, hModule, 
             byref(buf), byref(nSize)): 
     raise OSError('GetModuleFileNameEx failed') 
    return buf.value 

def get_process_modules(pid): 
    hProcess = Kernel32.OpenProcess(
     PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, 
     False, pid) 
    if not hProcess: 
     raise OSError('Could not open PID %s' % pid) 
    try: 
     return [ 
      GetModuleFileNameEx(hProcess, hModule) 
      for hModule in EnumProcessModulesEx(hProcess)] 
    finally: 
     Kernel32.CloseHandle(hProcess) 

for pid in EnumProcesses(): 
    try: 
     dll_list = get_process_modules(pid) 
     print('dll_list: ', dll_list) 
    except OSError as ose: 
     print(str(ose)) 
    print('-' * 14)