直接上代码:
1、
my_debugger_defines.py
定义相关结构体(在后面创建进程及返回信息时,传参可用到)
1 from ctypes import * 2 # Let's map the Microsoft types to ctypes for clarity 3 WORD=c_ushort 4 DWORD=c_ulong 5 LPBYTE=POINTER(c_ubyte) 6 LPTSTR=POINTER(c_char) 7 HANDLE=c_void_p 8 #constants 9 DEBUG_PROCESS=0x00000001 10 CREATE_NEW_CONSOLE = 0x00000010 11 # Structures for CreateProcessA() function 12 class STARTUPINFO(Structure): 13 _fields_=[ 14 ("cb",DWORD), 15 ("lpReserved",LPTSTR), 16 ("lpDesktop",LPTSTR), 17 ("lpTitle",LPTSTR), 18 ("dwX",DWORD), 19 ("dwY",DWORD), 20 ("dwXSize",DWORD), 21 ("dwYSize",DWORD), 22 ("dwXCountChars",DWORD), 23 ("dwYCountChars",DWORD), 24 ("dwFlags",DWORD), 25 ("wShowWindow",WORD), 26 ("bcReserved2",WORD), 27 ("lpReserved2",LPBYTE), 28 ("hStdInput", HANDLE), 29 ("hStdOutput", HANDLE), 30 ("hStdError", HANDLE), 31 ] 32 33 class PROCESS_INFORMATION(Structure): 34 _fields_=[ 35 ("hProcess",HANDLE), 36 ("hThread", HANDLE), 37 ("dwProcessId", DWORD), 38 ("dwThreadId", DWORD), 39 ]
2、my_debugger.py
定义创建并跟踪进程的函数:
1 from ctypes import * 2 from my_debugger_defines import * 3 4 kernel32=windll.kernel32 5 6 class debugger(): 7 def _init_(self): 8 pass 9 def load(self,path_to_exe): 10 # dwCreation flag determines how to create the process 11 # set creation_flags = CREATE_NEW_CONSOLE if you want 12 # to see the calculator GUI 13 creation_flags = DEBUG_PROCESS 14 15 startupinfo=STARTUPINFO() 16 process_information=PROCESS_INFORMATION() 17 18 startupinfo.dwFlags=0x1 19 startupinfo.wShowWindow 20 startupinfo.cb=sizeof(startupinfo) 21 22 #win32api函数CreatProcess用来创建一个新的进程和他的主线程, 23 #这个新进程运行指定的可执行文件,由第一个参数指定 24 if kernel32.CreateProcessW(path_to_exe, #should be CreateProcessW ,not CreateProcessA ,it is UNICODE API 25 None, 26 None, 27 None, 28 None, 29 #指定附加的、用来控制优先类和进程的创建的标志。 30 creation_flags, 31 None, 32 None, 33 #该参数指向一个用于决定新进程的主窗体如何显示的STARTUPINFO结构体。 34 byref(startupinfo), #byref() 按地址传递 35 #该参数指向一个用来接收新进程的识别信息的PROCESS_INFORMATION结构体。 36 byref(process_information)#这里有个问题: 37 #结构体之间的赋值是如何进行的? 38 #因为这里定义的process_information跟 39 #creatprocess中process_information的参数数量一致 40 #而startupinfo是不一致的 41 ): 42 print("We have sucessfully lunched the process") 43 print("PID:%d"%process_information.dwProcessId) 44 45 else: 46 print("Error:0x%08x."%kernel32.GetLastError()) 47
尝试,调用函数:
1 import my_debugger 2 3 debugger=my_debugger.debugger() 4 5 debugger.load("C:WindowsSystem32calc.exe")
问题:
#结构体之间的赋值是如何进行的?按顺序?
#这里自己定义的process_information结构体跟
#win32函数中creatprocess中process_information的成员数量、位置是必须一致的吗?
#好像也不是这样,因为我process_information是一致的,成功传参了,而我startupinfo不一致,也成功了。
关于win32函数中creatprocess中process_information、startupinfo见http://baike.baidu.com/view/2421585.htm