Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module system :: Class ProcessContainer
[hide private]
[frames] | no frames]

Class ProcessContainer

source code

Encapsulates the capability to contain Process objects.

Instance Methods [hide private]
 
__init__(self)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature		 source code
 
__initialize_snapshot(self)
Private method to automatically initialize the snapshot when you try to use it without calling any of the scan_* methods first.		 source code
bool
__contains__(self, anObject)
Returns: True if the snapshot contains a Process or Thread object with the same ID.		 source code
dictionary-valueiterator
__iter__(self)
Returns: Iterator of Process objects in this snapshot.		 source code
int
__len__(self)
Returns: Count of Process objects in this snapshot.		 source code
 
get_windows(self) source code
 
__find_processes_by_filename(self, filename)
Internally used by find_processes_by_filename.		 source code
 
__add_process(self, aProcess) source code
 
__del_process(self, dwProcessId) source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

    Instrumentation
Process
start_process(self, lpCmdLine, bConsole=False, bDebug=False, bFollow=False, bSuspended=False, bInheritHandles=False, dwParentProcessId=None)
Starts a new process for instrumenting (or debugging).		 source code
    Processes snapshot
bool
has_process(self, dwProcessId)
Returns: True if the snapshot contains a Process object with the given global ID.		 source code
Process
get_process(self, dwProcessId)
Returns: Process object with the given global ID.		 source code
dictionary-keyiterator
iter_process_ids(self)
Returns: Iterator of global process IDs in this snapshot.		 source code
dictionary-valueiterator
iter_processes(self)
Returns: Iterator of Process objects in this snapshot.		 source code
list( int )
get_process_ids(self)
Returns: List of global process IDs in this snapshot.		 source code
int
get_process_count(self)
Returns: Count of Process objects in this snapshot.		 source code
int or None
get_pid_from_tid(self, dwThreadId)
Tries to retrieve the global ID of the process that owns the thread.		 source code
 
scan(self)
Populates the snapshot with running processes and threads, and loaded modules.		 source code
 
scan_processes(self)
Populates the snapshot with running processes.		 source code
 
scan_processes_fast(self)
Populates the snapshot with running processes.		 source code
 
clear_dead_processes(self)
Removes Process objects from the snapshot referring to processes no longer running.		 source code
 
clear_unattached_processes(self)
Removes Process objects from the snapshot referring to processes not being debugged.		 source code
 
close_process_handles(self)
Closes all open handles to processes in this snapshot.		 source code
 
close_process_and_thread_handles(self)
Closes all open handles to processes and threads in this snapshot.		 source code
 
clear_processes(self)
Removes all Process, Thread and Module objects in this snapshot.		 source code
 
clear(self)
Clears this snapshot.		 source code
list of tuple( Process, str )
find_processes_by_filename(self, fileName)
Returns: List of processes matching the given main module filename.		 source code
    Threads snapshots
 
scan_processes_and_threads(self)
Populates the snapshot with running processes and threads.		 source code
bool
has_thread(self, dwThreadId)
Returns: True if the snapshot contains a Thread object with the given global ID.		 source code
Thread
get_thread(self, dwThreadId)
Returns: Thread object with the given global ID.		 source code
list( int )
get_thread_ids(self)
Returns: List of global thread IDs in this snapshot.		 source code
int
get_thread_count(self)
Returns: Count of Thread objects in this snapshot.		 source code
    Modules snapshots
 
scan_modules(self)
Populates the snapshot with loaded modules.		 source code
int
get_module_count(self)
Returns: Count of Module objects in this snapshot.		 source code
list( Module... )
find_modules_by_base(self, lpBaseOfDll)
Returns: List of Module objects with the given base address.		 source code
list( Module... )
find_modules_by_name(self, fileName)
Returns: List of Module objects found.		 source code
list( Module... )
find_modules_by_address(self, address)
Returns: List of Module objects that best match the given address.		 source code
    Event notifications (private)
 
notify_create_process(self, event)
Notify the creation of a new process.		 source code
 
notify_exit_process(self, event)
Notify the termination of a process.		 source code
Static Methods [hide private]
    Instrumentation
str
argv_to_cmdline(argv)
Convert a list of arguments to a single command line string.		 source code
list( str )
cmdline_to_argv(lpCmdLine)
Convert a single command line string to a list of arguments.		 source code
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self)
(Constructor)

source code 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Overrides: object.__init__
(inherited documentation)

__initialize_snapshot(self)

source code 

Private method to automatically initialize the snapshot when you try to use it without calling any of the scan_* methods first. You don't need to call this yourself.

__contains__(self, anObject)
(In operator)

source code 
Parameters:
  • anObject (Process, Thread, int) -
    • int: Global ID of the process to look for.
    • int: Global ID of the thread to look for.
    • Process: Process object to look for.
    • Thread: Thread object to look for.
Returns: bool
True if the snapshot contains a Process or Thread object with the same ID.

__iter__(self)

source code 
Returns: dictionary-valueiterator
Iterator of Process objects in this snapshot.

See Also: iter_processes

__len__(self)
(Length operator)

source code 
Returns: int
Count of Process objects in this snapshot.

See Also: get_process_count

has_process(self, dwProcessId)

source code 
Parameters:
  • dwProcessId (int) - Global ID of the process to look for.
Returns: bool
True if the snapshot contains a Process object with the given global ID.

get_process(self, dwProcessId)

source code 
Parameters:
  • dwProcessId (int) - Global ID of the process to look for.
Returns: Process
Process object with the given global ID.

iter_process_ids(self)

source code 
Returns: dictionary-keyiterator
Iterator of global process IDs in this snapshot.

See Also: iter_processes

iter_processes(self)

source code 
Returns: dictionary-valueiterator
Iterator of Process objects in this snapshot.

See Also: iter_process_ids

get_process_ids(self)

source code 
Returns: list( int )
List of global process IDs in this snapshot.

See Also: iter_process_ids

get_process_count(self)

source code 
Returns: int
Count of Process objects in this snapshot.

get_pid_from_tid(self, dwThreadId)

source code 

Tries to retrieve the global ID of the process that owns the thread. If it's not possible, returns None.

Parameters:
  • dwThreadId (int) - Thread global ID.
Returns: int or None
Process global ID, or None.

argv_to_cmdline(argv)
Static Method

source code 

Convert a list of arguments to a single command line string.

Parameters:
  • argv (list( str )) - List of argument strings. The first element is the program to execute.
Returns: str
Command line string.

cmdline_to_argv(lpCmdLine)
Static Method

source code 

Convert a single command line string to a list of arguments.

Parameters:
  • lpCmdLine (str) - Command line string. The first token is the program to execute.
Returns: list( str )
List of argument strings.

start_process(self, lpCmdLine, bConsole=False, bDebug=False, bFollow=False, bSuspended=False, bInheritHandles=False, dwParentProcessId=None)

source code 

Starts a new process for instrumenting (or debugging).

Parameters:
  • lpCmdLine (str) - Command line to execute. Can't be an empty string.
  • bConsole (bool) - True if the new process should inherit the console. Defaults to False.
  • bDebug (bool) - True to attach to the new process. To debug a process it's best to use the Debug class instead. Defaults to False.
  • bFollow (bool) - True to automatically attach to the child processes of the newly created process. Ignored unless bDebug is True. Defaults to False.
  • bSuspended (bool) - True if the new process should be suspended. Defaults to False.
  • bInheritHandles (bool) - True if the new process should inherit it's parent process' handles. Defaults to False.
  • dwParentProcessId (int or None) - None if the debugger process should be the parent process (default), or a process ID to forcefully set as the debuguee's parent (only available for Windows Vista and above).
Returns: Process
Process object.

scan_processes_fast(self)

source code 

Populates the snapshot with running processes. Only the PID is retrieved for each process.

Dead processes are removed. Threads and modules of living processes are ignored.

Note: This method may be faster for scanning, but some information may be missing, outdated or slower to obtain. This could be a good tradeoff under some circumstances.

clear(self)

source code 

Clears this snapshot.

See Also: clear_processes

has_thread(self, dwThreadId)

source code 
Parameters:
  • dwThreadId (int) - Global ID of the thread to look for.
Returns: bool
True if the snapshot contains a Thread object with the given global ID.

get_thread(self, dwThreadId)

source code 
Parameters:
  • dwThreadId (int) - Global ID of the thread to look for.
Returns: Thread
Thread object with the given global ID.

get_thread_ids(self)

source code 
Returns: list( int )
List of global thread IDs in this snapshot.

get_thread_count(self)

source code 
Returns: int
Count of Thread objects in this snapshot.

get_module_count(self)

source code 
Returns: int
Count of Module objects in this snapshot.

find_modules_by_base(self, lpBaseOfDll)

source code 
Returns: list( Module... )
List of Module objects with the given base address.

find_modules_by_name(self, fileName)

source code 
Returns: list( Module... )
List of Module objects found.

find_modules_by_address(self, address)

source code 
Returns: list( Module... )
List of Module objects that best match the given address.

find_processes_by_filename(self, fileName)

source code 
Parameters:
  • fileName (str) - Filename to search for. If it's a full pathname, the match must be exact. If it's a base filename only, the file part is matched, regardless of the directory where it's located.
Returns: list of tuple( Process, str )
List of processes matching the given main module filename. Each tuple contains a Process object and it's filename.

Note: If the process is not found and the file extension is not given, this method will search again assuming a default extension (.exe).

notify_create_process(self, event)

source code 

Notify the creation of a new process.

This is done automatically by the Debug class, you shouldn't need to call it yourself.

Parameters:

notify_exit_process(self, event)

source code 

Notify the termination of a process.

This is done automatically by the Debug class, you shouldn't need to call it yourself.

Parameters:

   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri Feb 12 19:46:24 2010 http://epydoc.sourceforge.net