import sys, os sys.path.append(sys.prefix) os.environ['PATH'] += ';' + sys.prefix from win32con import PAGE_READWRITE, MEM_COMMIT, MEM_RESERVE, MEM_RELEASE,\ PROCESS_ALL_ACCESS, PROCESS_VM_OPERATION from commctrl import LVM_GETITEMTEXT, LVM_GETITEMCOUNT, LVM_SETITEMTEXTA import struct import ctypes import win32api import win32gui GetWindowThreadProcessId = ctypes.windll.user32.GetWindowThreadProcessId VirtualAllocEx = ctypes.windll.kernel32.VirtualAllocEx VirtualFreeEx = ctypes.windll.kernel32.VirtualFreeEx OpenProcess = ctypes.windll.kernel32.OpenProcess WriteProcessMemory = ctypes.windll.kernel32.WriteProcessMemory ReadProcessMemory = ctypes.windll.kernel32.ReadProcessMemory memcpy = ctypes.cdll.msvcrt.memcpy def readListViewItems(hwnd, item=0, subitem=0): # Allocate virtual memory inside target process pid = ctypes.create_string_buffer(4) p_pid = ctypes.addressof(pid) GetWindowThreadProcessId(hwnd, p_pid) # process owning the given hwnd hProcHnd = OpenProcess(PROCESS_ALL_ACCESS, False, struct.unpack("i",pid)[0]) pLVI = VirtualAllocEx(hProcHnd, 0, 4096, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE) pBuffer = VirtualAllocEx(hProcHnd, 0, 4096, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE) # Prepare an LVITEM record and write it to target process memory lvitem_str = struct.pack('iiiiiiiii', *[0,item,subitem,0,0,pBuffer,4096,0,0]) lvitem_buffer = ctypes.create_string_buffer(lvitem_str) copied = ctypes.create_string_buffer(4) p_copied = ctypes.addressof(copied) WriteProcessMemory(hProcHnd, pLVI, ctypes.addressof(lvitem_buffer), ctypes.sizeof(lvitem_buffer), p_copied) # iterate items in the SysListView32 control num_items = win32gui.SendMessage(hwnd, LVM_GETITEMCOUNT) #item_texts = [] item_text = '' #for item_index in range(num_items): # win32gui.SendMessage(hwnd, LVM_GETITEMTEXT, item_index, pLVI) # target_buff = ctypes.create_string_buffer(4096) # ReadProcessMemory(hProcHnd, pBuffer, ctypes.addressof(target_buff), 4096, p_copied) # item_texts.append(target_buff.value) win32gui.SendMessage(hwnd, LVM_GETITEMTEXT, item, pLVI) target_buff = ctypes.create_string_buffer(4096) ReadProcessMemory(hProcHnd, pBuffer, ctypes.addressof(target_buff), 4096, p_copied) item_text = target_buff.value VirtualFreeEx(hProcHnd, pBuffer, 0, MEM_RELEASE) VirtualFreeEx(hProcHnd, pLVI, 0, MEM_RELEASE) win32api.CloseHandle(hProcHnd) return item_text def SetItemText(Handle, pStr, Index , SubIndex = 0): # Allocate virtual memory inside target process pid = ctypes.create_string_buffer(4) p_pid = ctypes.addressof(pid) GetWindowThreadProcessId(Handle, p_pid) # process owning the given hwnd hProcHnd = OpenProcess(PROCESS_ALL_ACCESS, False, struct.unpack("i",pid)[0]) pLVI = VirtualAllocEx(hProcHnd, 0, 4096, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE) #c_string = pStr.encode('ascii') + '\x00' c_string = ctypes.c_wchar_p(pStr) strSize = ctypes.sizeof(c_string)+4 #alloc some shared memory for our string SharedProcMemString = VirtualAllocEx(hProcHnd, 0, strSize, MEM_RESERVE|MEM_COMMIT, PAGE_READWRITE) # Prepare an LVITEM record and write it to target process memory lvitem_str = struct.pack('iiiiiiiii', *[0,Index,SubIndex,0,0,SharedProcMemString,strSize,0,0]) lvitem_buffer = ctypes.create_string_buffer(lvitem_str) copied = ctypes.create_string_buffer(4) p_copied = ctypes.addressof(copied) print ctypes.sizeof(lvitem_buffer) print strSize print WriteProcessMemory(hProcHnd, SharedProcMemString, c_string, strSize , p_copied) print WriteProcessMemory(hProcHnd, pLVI, ctypes.addressof(lvitem_buffer), ctypes.sizeof(lvitem_buffer), p_copied) #set the text win32gui.SendMessage(Handle, LVM_SETITEMTEXTA, Index, pLVI) #'clean up #FreeMemSharedNT hProcess, SharedProcMem, LVISize #FreeMemSharedNT hProcess, SharedProcMemString, strSize VirtualFreeEx(hProcHnd, SharedProcMemString, 0, MEM_RELEASE) VirtualFreeEx(hProcHnd, pLVI, 0, MEM_RELEASE) win32api.CloseHandle(hProcHnd) import win32gui if __name__ == '__main__': print "starting main" RetVal0 = win32gui.FindWindow('#32770', 'Windows Task Manager') RetVal1 = win32gui.FindWindowEx(RetVal0, 0, '#32770', None) RetVal = win32gui.FindWindowEx(RetVal1, 0, 'SysListView32', 'Processes') pSource = 'pythonw.exe' pDest = 'myGui.exe' if RetVal: ii=0 i=0 while ii < 26: RetStr = readListViewItems(RetVal, i, ii) #print readListViewItems1(RetVal, i) #print RetStr if RetStr == '': # Then ' we've come to the end of the columns if i == 0: #'was the first loop thru i = 1 #'could be the correct column, but .exe not found so add +1 ii = -1 #'start the column count over else: break elif ".exe" in RetStr.lower(): #'we found the Process column #tCount = win32gui.GetItemCount(RetVal) # iterate items in the SysListView32 control tCount = win32gui.SendMessage(RetVal, LVM_GETITEMCOUNT) for i in range(i, tCount - 1): RetStr = readListViewItems(RetVal, i, ii) if RetStr.lower() == pSource.lower(): #If Delete Then # Call DeleteItem(RetVal, i) #'doesnt work as well #Else print 'calling SetItemText' print RetStr print pSource SetItemText(RetVal, pDest, i, ii) #End If #ModifyExe = True #'[EXIT DO] can be taken out if the app runs multiple instances #'the reason why i put it here is because i am trying to limit #' the amount of unneeded sendmessage calls to taskmanager #Exit Do #'should only find 1 instance of itself. #break ii = ii + 1