Home

Trees

Indices

Help

Package winappdbg :: Module system :: Class ProcessContainer

[hide private]

[frames] | no frames]

Class ProcessContainer

Encapsulates the capability to contain Process objects.

Instance Methods

[hide private]

__init__(self)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature

bool

__contains__(self, anObject)
Returns: True if the snapshot contains a Process or Thread object with the same ID.

dictionary-valueiterator

__iter__(self)
Returns: Iterator of Process objects in this snapshot.

int

__len__(self)
Returns: Count of Process objects in this snapshot.

__add_process(self, aProcess)

__del_process(self, dwProcessId)

Inherited from object: __delattr__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __str__

Instrumentation

str

argv_to_cmdline(self, argv)
Convert a list of arguments to a single command line string.

list( str )

cmdline_to_argv(self, lpCmdLine)
Convert a single command line string to a list of arguments.

Process

start_process(self, lpCmdLine, bConsole=False, bDebug=False, bFollow=False, bSuspended=False)
Starts a new process for debugging.

Processes snapshot

bool

has_process(self, dwProcessId)
Returns: True if the snapshot contains a Process object with the given global ID.

Process

get_process(self, dwProcessId)
Returns: Process object with the given global ID.

dictionary-keyiterator

iter_process_ids(self)
Returns: Iterator of global process IDs in this snapshot.

dictionary-valueiterator

iter_processes(self)
Returns: Iterator of Process objects in this snapshot.

list( int )

get_process_ids(self)
Returns: List of global process IDs in this snapshot.

int

get_process_count(self)
Returns: Count of Process objects in this snapshot.

scan(self)
Populates the snapshot with running processes and threads, and loaded modules.

scan_processes(self)
Populates the snapshot with running processes.

scan_processes_fast(self)
Populates the snapshot with running processes.

clear_dead_processes(self)
Removes Process objects from the snapshot referring to processes no longer running.

clear_unattached_processes(self)
Removes Process objects from the snapshot referring to processes not being debugged.

close_process_handles(self)
Closes all open handles to processes in this snapshot.

close_process_and_thread_handles(self)
Closes all open handles to processes and threads in this snapshot.

clear_processes(self)
Removes all Process, Thread and Module objects in this snapshot.

clear(self)
Clears this snapshot.

list of tuple( Process, str )

find_processes_by_filename(self, filename)
Returns: List of processes matching the given main module filename.

Threads snapshots

scan_processes_and_threads(self)
Populates the snapshot with running processes and threads.

bool

has_thread(self, dwThreadId)
Returns: True if the snapshot contains a Thread object with the given global ID.

Thread

get_thread(self, dwThreadId)
Returns: Thread object with the given global ID.

list( int )

get_thread_ids(self)
Returns: List of global thread IDs in this snapshot.

int

get_thread_count(self)
Returns: Count of Thread objects in this snapshot.

Modules snapshots

scan_modules(self)
Populates the snapshot with loaded modules.

int

get_module_count(self)
Returns: Count of Module objects in this snapshot.

list( Module... )

find_modules_by_base(self, lpBaseOfDll)
Returns: List of Module objects with the given base address.

list( Module... )

find_modules_by_name(self, fileName)
Returns: List of Module objects that best match the given filename.

list( Module... )

find_modules_by_address(self, address)
Returns: List of Module objects that best match the given address.

Event notifications (private)

notify_create_process(self, event)
Notify the creation of a new process.

notify_exit_process(self, event)
Notify the termination of a process.

Properties

[hide private]

Inherited from object: __class__

Method Details

[hide private]

init(self)
(Constructor)

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Overrides: object.__init__: (inherited documentation)

contains(self, anObject)
(In operator)

Parameters:

anObject (Process, Thread, int) -
- int: Global ID of the process to look for.
- int: Global ID of the thread to look for.
- Process: Process object to look for.
- Thread: Thread object to look for.

Returns: bool

True if the snapshot contains a Process or Thread object with the same ID.

iter(self)

Returns: dictionary-valueiterator: Iterator of Process objects in this snapshot.

See Also: iter_processes

len(self)
(Length operator)

Returns: int: Count of Process objects in this snapshot.

See Also: get_process_count

has_process(self, dwProcessId)

Parameters:

dwProcessId (int) - Global ID of the process to look for.

Returns: bool

True if the snapshot contains a Process object with the given global ID.

get_process(self, dwProcessId)

Parameters:

dwProcessId (int) - Global ID of the process to look for.

Returns: Process

Process object with the given global ID.

iter_process_ids(self)

Returns: dictionary-keyiterator: Iterator of global process IDs in this snapshot.

See Also: iter_processes

iter_processes(self)

Returns: dictionary-valueiterator: Iterator of Process objects in this snapshot.

See Also: iter_process_ids

get_process_ids(self)

Returns: list( int ): List of global process IDs in this snapshot.

See Also: iter_process_ids

get_process_count(self)

Returns: int: Count of Process objects in this snapshot.

argv_to_cmdline(self, argv)

Convert a list of arguments to a single command line string.

Parameters:

argv (list( str )) - List of argument strings. The first element is the program to execute.

Returns: str

Command line string.

cmdline_to_argv(self, lpCmdLine)

Convert a single command line string to a list of arguments.

Parameters:

lpCmdLine (str) - Command line string. The first token is the program to execute.

Returns: list( str )

List of argument strings.

start_process(self, lpCmdLine, bConsole=False, bDebug=False, bFollow=False, bSuspended=False)

Starts a new process for debugging.

Parameters:

lpCmdLine (str) - Command line to execute. Can't be an empty string.
bConsole (bool) - True if the new process should inherit the console.
bDebug (bool) - True to attach to the new process. To debug a process it's best to use the Debug class instead.
bFollow (bool) - True to automatically attach to the child processes of the newly created process. Ignored unless bDebug is True.
bSuspended (bool) - True if the new process should be suspended.

Returns: Process

Process object.

scan_processes_fast(self)

Populates the snapshot with running processes. Only the PID is retrieved for each process.

Dead processes are removed. Threads and modules of living processes are ignored.

Note: This method may be faster for scanning, but some information may be missing, outdated or slower to obtain. This could be a good tradeoff under some circumstances.

clear(self)

Clears this snapshot.

See Also: clear_processes

has_thread(self, dwThreadId)

Parameters:

dwThreadId (int) - Global ID of the thread to look for.

Returns: bool

True if the snapshot contains a Thread object with the given global ID.

get_thread(self, dwThreadId)

Parameters:

dwThreadId (int) - Global ID of the thread to look for.

Returns: Thread

Thread object with the given global ID.

get_thread_ids(self)

Returns: list( int ): List of global thread IDs in this snapshot.

get_thread_count(self)

Returns: int: Count of Thread objects in this snapshot.

get_module_count(self)

Returns: int: Count of Module objects in this snapshot.

find_modules_by_base(self, lpBaseOfDll)

Returns: list( Module... ): List of Module objects with the given base address.

find_modules_by_name(self, fileName)

Returns: list( Module... ): List of Module objects that best match the given filename.

find_modules_by_address(self, address)

Returns: list( Module... ): List of Module objects that best match the given address.

find_processes_by_filename(self, filename)

Returns: list of tuple( Process, str ): List of processes matching the given main module filename. Each tuple contains a Process object and it's filename.

notify_create_process(self, event)

Notify the creation of a new process.

Parameters:

event (CreateProcessEvent) - Create process event.

notify_exit_process(self, event)

Notify the termination of a process.

Parameters:

event (ExitProcessEvent) - Exit process event.

Home

Trees

Indices

Help

Class ProcessContainer

__init__(self) (Constructor)

__contains__(self, anObject) (In operator)

__iter__(self)

__len__(self) (Length operator)

has_process(self, dwProcessId)

get_process(self, dwProcessId)

iter_process_ids(self)

iter_processes(self)

get_process_ids(self)

get_process_count(self)

argv_to_cmdline(self, argv)

cmdline_to_argv(self, lpCmdLine)

start_process(self, lpCmdLine, bConsole=False, bDebug=False, bFollow=False, bSuspended=False)

scan_processes_fast(self)

clear(self)

has_thread(self, dwThreadId)

get_thread(self, dwThreadId)

get_thread_ids(self)

get_thread_count(self)

get_module_count(self)

find_modules_by_base(self, lpBaseOfDll)

find_modules_by_name(self, fileName)

find_modules_by_address(self, address)

find_processes_by_filename(self, filename)

notify_create_process(self, event)

notify_exit_process(self, event)

init(self)
(Constructor)

contains(self, anObject)
(In operator)

iter(self)

len(self)
(Length operator)