o U h@sddlZddlZddlZddlmZmZmZmZmZm Z m Z m Z m Z ddl mZedjZdZdZdZdZejjZdd d Zd d ZGd ddejZegej_eej_eegej_eej_eeej_ee egej!_eej!_eeej!_ee egej"_eej"_eeej"_gej#_eej#_eeegej$_eej$_eeej$_eee e gej%_eej%_eeej%_ej&ddZ'ddZ(ddZ)dddZ*dS)N) BOOLCHARDWORDHANDLELONGLPWSTRMAX_PATHPDWORDULONG) SHELL_NAMESzicfdd}|S)Ncs|krt|SN)ctypesWinError)retfuncargs error_valb/var/www/html/construction_image-detection-poc/venv/lib/python3.10/site-packages/shellingham/nt.pychecksz_check_handle..checkr)rrrrr _check_handles rcr)Ncs&|rdSt}|krdSt|)NTF)r GetLastErrorr)rrrcodeexpectedrrr(s  z_check_expected..checkr)r rrrr_check_expected's r!c @sVeZdZdefdefdefdeefdefdefdefdefd efd ee ff Z d S) ProcessEntry32dwSizecntUsage th32ProcessIDth32DefaultHeapID th32ModuleID cntThreadsth32ParentProcessIDpcPriClassBasedwFlags szExeFileN) __name__ __module__ __qualname__rrPOINTERr rrr_fields_rrrrr"3s  r"c os4||i|}z |VWt|dSt|wr)kernel32 CloseHandle)frkwargshandlerrr_handlegs r7ccstj}t|td-}t}t||_t||}|r/|Vt ||}|sWddSWddS1s:wYdS)Nr) r2CreateToolhelp32Snapshotr7TH32CS_SNAPPROCESSr"rsizeofr#Process32First Process32Next)r4snapentryrrrr_iter_processesps   "r?cCs>tt} td|j}t|d||r|jS|jd9_q)NTrr)rrrcreate_unicode_buffervaluer2QueryFullProcessImageNameW)prochsize path_buffrrr_get_full_path{srG c CsddtD}|p t}td|dD]S}z||\}}Wn ty*YdSwt|tr6|dd}|dd }|t vrF|}qt }t t j|d|}|t|fWdS1scwYqdS)NcSsi|] }|j|j|jfqSr)r%r)r,).0procrrr szget_shell..rmbcsreplace.)r?osgetpidrangeKeyError isinstancebytesdecode rpartitionlowerr !PROCESS_QUERY_LIMITED_INFORMATIONr7r2 OpenProcessrG) pid max_depthproc_map_ppid executablenamekeyrDrrr get_shells,    &rc)r)NrH)+ contextlibrrPctypes.wintypesrrrrrrrr r shellingham._corer rBINVALID_HANDLE_VALUEERROR_NO_MORE_FILESERROR_INSUFFICIENT_BUFFERr9rYwindllr2rr! Structurer"r3argtypesrestyper8errcheckr0r;r<GetCurrentProcessIdrZrCcontextmanagerr7r?rGrcrrrrs`,