import win32security
import win32process
import win32api
import win32con
import win32event
import os
import subprocess
import shutil
'''
Python创建新进程的几种方式
1.父进程阻塞,且可以控制子进程,推荐用subprocess模块,替换了老的的os.system;os.spawn等,且可以传递startinfo等信息给子进程
2.父进程销毁,用子进程替换父进程,用os.exe**,如os.execv,os.exel等系列。注意在调用此函数之后,子进程即刻取得父进程的id,原进程之后的函数皆无法运行,且原父进程的资源,如文件等的所有人也变成了新的子进程。如有特殊必要,可在调用此函数前释放资源
3.异步启动新进程,父进程在子进程启动后,不阻塞,继续走自己的路。Windows下可用win32api.WinExec及win32api.ShellExec。win32api.WinExec不会有console窗口,不过如果启动的是bat文件,依然会生成console窗口
4.异步启动新进程,父进程在子进程启动后,不阻塞,继续走自己的路。在windows下,同3,可以用win32process.CreateProcess() 和 CreateProcessAsUser(),参数也通同系统API下的CreateProcess,比3好的一点是可以穿很多控制参数及信息,比如使得新启动bat文件也隐藏窗口等
5.用阻塞的方式创建一个新进程,如os.system,subprocess等,然后通过设置进程ID或销毁父进程的方法把新的子进程变成一个daemon进程,此方法应该用在linux系统环境中,未测试
'''
'''
CreateProcess(appName, commandLine , processAttributes ,
threadAttributes , bInheritHandles ,
dwCreationFlags , newEnvironment , currentDirectory , startupinfo
其参数含义如下。
appName:可执行的文件名。
commandLine:命令行参数。
processAttributes:进程安全属性,如果为None,则为默认的安全属性。
threadAttributes:线程安全属性,如果为None,则为默认的安全属性。
bInheritHandles:继承标志。
dwCreationFlags:创建标志。
newEnvironment:创建进程的环境变量。
currentDirectory:进程的当前目录。
startupinfo :创建进程的属性。
'''
def OpenProcess0(procPath, param = ""):
commandline = "\"" + procPath + "\" " + param
handle = win32process.CreateProcess(None,
commandline, None, None, 0,
win32process.CREATE_NO_WINDOW,
None ,
None,
win32process.STARTUPINFO())
rc = win32event.WaitForSingleObject(handle[0], 10000)
print rc
'''
win32process.CreateProcessAsUser
PyHANDLE, PyHANDLE, int, int = CreateProcessAsUser(hToken, appName , commandLine , processAttributes ,
threadAttributes , bInheritHandles , dwCreationFlags , newEnvironment , currentDirectory , startupinfo )
Creates a new process in the context of the specified user.
Parameters
hToken : PyHANDLE
Handle to a token that represents a logged-on user
appName : string
name of executable module, or None
commandLine : string
command line string, or None
processAttributes : PySECURITY_ATTRIBUTES
process security attributes, or None
threadAttributes : PySECURITY_ATTRIBUTES
thread security attributes, or None
bInheritHandles : int
handle inheritance flag
dwCreationFlags : int
creation flags
newEnvironment : None
A dictionary of stringor Unicode pairs to define the environment for the process, or None to inherit the current environment.
currentDirectory : string
current directory name, or None
startupinfo : PySTARTUPINFO
a STARTUPINFO object that specifies how the main window for the new process should appear.
'''
def OpenProcess1(procPath, param = "", securityLevel = ""):
try:
# 获取用户句柄
hToken = win32security.OpenProcessToken(win32api.GetCurrentProcess(), win32con.TOKEN_DUPLICATE | win32con.TOKEN_ADJUST_DEFAULT\
|win32con.TOKEN_QUERY | win32con.TOKEN_ASSIGN_PRIMARY)
hNewToken = hToken
if securityLevel != "":
authority = 0x0002000
if securityLevel.lower() == "low":
authority = 0x0001000
hNewToken = win32security.DuplicateTokenEx(hToken, win32security.SecurityImpersonation, 0, win32security.TokenPrimary, None)
# 构建相应级别的sid
sid = win32security.SID()
sid.Initialize((0, 0, 0, 0, 0, 16), 1)
sid.SetSubAuthority(0, authority)
# 将sid设置到用户句柄
win32security.SetTokenInformation(hNewToken, win32security.TokenIntegrityLevel,(sid, win32security.SE_GROUP_INTEGRITY))
commandline = "\"" + procPath + "\" " + param
# 启动程序
si = win32process.STARTUPINFO()
win32process.CreateProcessAsUser(None, None, commandline, None, None, False, win32process.CREATE_NO_WINDOW, None, None, si)
except:
print "dddddddddddddddddddddddddd"
def OpenProcess2(procPath, param = ""):
commandline = "\"" + procPath + "\" " + param
win32api.WinExec(commandline)
def OpenProcess4(procPath, param = ""):
commandline = "\"" + procPath + "\" " + param
os.popen(commandline).read()
def OpenProcess3(procPath, param = ""):
commandline = "\"" + procPath + "\" " + param
os.system(commandline)
def OpenProcess5(procPath, param = ""):
commandline = "\"" + procPath + "\" " + param
proc = subprocess.Popen(commandline)
print proc.communicate()[0]
## proc.wait()
exePath = "D:\\seqa\\qadev\\src\\CheckListTools\\ATF2.2\\case\\seSmoke\\SESQLiteDecrypt.exe"
para = "C:\\Users\\wangdehe\\AppData\\Roaming\\SogouExplorer\\Extension.db"
para1 = "C:\\Users\\wangdehe\\AppData\\Roaming\\SogouExplorer\\Extension_bak.db"
exePath1 = "C:\\Users\\wangdehe\\Desktop\\testinput.bat"
exePath2 = r"C:\Users\wangdehe\Documents\visual studio 2010\Projects\test\test\bin\Debug\test.exe"
shutil.copy(para1, para)
##OpenProcess0(exePath2, para) #可以
##OpenProcess1(exePath, para) #无效-未解密
##OpenProcess2(exePath, para) #无效-未解密
##OpenProcess3(exePath, para) #卡住
##OpenProcess4(exePath, para) #无效-未解密
##OpenProcess5(exePath2, para) #卡住
暂时定位到标红的部分,当第二个方法,标红部分修改为0-31任意值时,都会出现卡住的现象