Created
June 13, 2022 04:59
-
-
Save Aetopia/eb11c1b0dd46893bd90b4d66a1265a76 to your computer and use it in GitHub Desktop.
Process Traceback + Detect if using Conhost.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from wmi import WMI | |
from os import getpid | |
pid = getpid() | |
Win32_Process = WMI().Win32_Process() | |
conhost = () | |
is_conhost = False | |
def process_traceback(pid: int): | |
processes, length = (), [None, None] | |
while True: | |
length[0] = len(processes) | |
for process in Win32_Process: | |
if process.ProcessID == pid: | |
pid = process.ParentProcessId | |
yield {'exe': process.name, 'pid': process.ProcessID} | |
processes += '', | |
length[1] = len(processes) | |
if length[0] is length[1]: | |
break | |
processes = tuple(process_traceback(pid)) | |
print(processes) | |
for x in Win32_Process: | |
if x.Name == 'conhost.exe': | |
conhost += x.ParentProcessID, | |
for a in processes: | |
for b in conhost: | |
if a['pid'] == b: | |
print(a['exe']) | |
is_conhost = True | |
break | |
if is_conhost: | |
print('Likely conhost.exe') | |
else: | |
print('Not conhost.exe') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from wmi import WMI | |
Win32_Process = WMI().Win32_Process() | |
def process_traceback(pid: int): | |
processes, length = (), [None, None] | |
while True: | |
length[0] = len(processes) | |
for process in Win32_Process: | |
if process.ProcessID == pid: | |
pid = process.ParentProcessId | |
yield {'exe': process.name, 'pid': process.ProcessID} | |
processes += '', | |
length[1] = len(processes) | |
if length[0] is length[1]: | |
break |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment