ó Î)Pc@sldZddlTddlTdZdZdZdZdZeeBeBeBZde fd „ƒYZ d e fd „ƒYZ d e fd „ƒYZ de fd„ƒYZ de fd„ƒYZde fd„ƒYZde fd„ƒYZde fd„ƒYZdZdZdZdZdZdZdZdZdZdZdZdZd Zd!ZdZ d"Z!dZ"d#Z#d$Z$d%Z%d&Z&d'Z'd(Z(d#Z)dZ*dZ+d)Z,d*Z-d+Z.dZ/d*Z0d,Z1d-Z2d,Z3d.Z4d/Z5d0Z6dZ7dZ8dZ9dZ:d&Z;d1Z<d2Z=d3Z>d*Z?d4Z@d5ZAd6ZBdZCdZDd7ZEd1ZFdZGd8ZHd&ZId9ZJdZKd:ZLdZMdZNd;S(<s™ @author: Pedram Amini @license: GNU General Public License 2.0 or later @contact: pedram.amini@gmail.com @organization: www.openrce.org iÿÿÿÿ(t*iiiilt THREADENTRY32cBsMeZdefdefdefdefdefdefdefgZRS(tdwSizetcntUsaget th32ThreadIDtth32OwnerProcessIDt tpBasePrit tpDeltaPritdwFlags(t__name__t __module__tDWORDt_fields_(((s defines.pyR2s      tPROCESSENTRY32c BsleZdefdefdefdefdefdefdefdefdefd ed fg ZRS( RRt th32ProcessIDtth32DefaultHeapIDt th32ModuleIDt cntThreadstth32ParentProcessIDtpcPriClassBaseRt szExeFilei(R R R tCHARR (((s defines.pyR =s         t MODULEENTRY32c BspeZdefdefdefdefdefdefdefdefded fd ed fg ZRS( RRRt GlblcntUsaget ProccntUsaget modBaseAddrt modBaseSizethModuletszModuleit szExePathi(R R R RR (((s defines.pyRKs         t_MIB_TCPROW_OWNER_PIDcBsDeZdefdefdefdefdefdefgZRS(tdwStatet dwLocalAddrt dwLocalPortt dwRemoteAddrt dwRemotePortt dwOwningPid(R R R R (((s defines.pyRYs      tMIB_TCPTABLE_OWNER_PIDcBs$eZdefdedfgZRS(t dwNumEntriesttablei(R R R RR (((s defines.pyR%cs t_MIB_UDPROW_OWNER_PIDcBs)eZdefdefdefgZRS(R R!R$(R R R R (((s defines.pyR(js  tMIB_UDPTABLE_OWNER_PIDcBs$eZdefdedfgZRS(R&R'i(R R R R(R (((s defines.pyR)qs t SYSDBG_MSRcBs eZdefdefgZRS(tAddresstData(R R tc_ulongt c_ulonglongR (((s defines.pyR*|s iiiii lï>[=lllliiiiiiliiiilÿÿi@ii€i i@i€iiiÿiÿi0iiN(Ot__doc__t my_ctypest windows_htTH32CS_SNAPHEAPLISTtTH32CS_SNAPPROCESStTH32CS_SNAPTHREADtTH32CS_SNAPMODULEtTH32CS_INHERITtTH32CS_SNAPALLt StructureRR RRR%R(R)R*tEXCEPTION_DEBUG_EVENTtCREATE_THREAD_DEBUG_EVENTtCREATE_PROCESS_DEBUG_EVENTtEXIT_THREAD_DEBUG_EVENTtEXIT_PROCESS_DEBUG_EVENTtLOAD_DLL_DEBUG_EVENTtUNLOAD_DLL_DEBUG_EVENTtOUTPUT_DEBUG_STRING_EVENTt RIP_EVENTtUSER_CALLBACK_DEBUG_EVENTtEXCEPTION_ACCESS_VIOLATIONtEXCEPTION_BREAKPOINTtEXCEPTION_GUARD_PAGEtEXCEPTION_SINGLE_STEPt HW_ACCESSt HW_EXECUTEtHW_WRITEtCONTEXT_CONTROLt CONTEXT_FULLtCONTEXT_DEBUG_REGISTERStCREATE_NEW_CONSOLEt DBG_CONTINUEtDBG_EXCEPTION_NOT_HANDLEDtDBG_EXCEPTION_HANDLEDt DEBUG_PROCESStDEBUG_ONLY_THIS_PROCESSt EFLAGS_RFt EFLAGS_TRAPtERROR_NO_MORE_FILESt FILE_MAP_READtFORMAT_MESSAGE_ALLOCATE_BUFFERtFORMAT_MESSAGE_FROM_SYSTEMtINVALID_HANDLE_VALUEt MEM_COMMITt MEM_DECOMMITt MEM_IMAGEt MEM_RELEASEt PAGE_NOACCESSt PAGE_READONLYtPAGE_READWRITEtPAGE_WRITECOPYt PAGE_EXECUTEtPAGE_EXECUTE_READtPAGE_EXECUTE_READWRITEtPAGE_EXECUTE_WRITECOPYt PAGE_GUARDt PAGE_NOCACHEtPAGE_WRITECOMBINEtPROCESS_ALL_ACCESStSE_PRIVILEGE_ENABLEDtSW_SHOWtTHREAD_ALL_ACCESStTOKEN_ADJUST_PRIVILEGEStUDP_TABLE_OWNER_PIDt VIRTUAL_MEMt SysDbgReadMsrtSysDbgWriteMsrtAF_INETtAF_INET6tMIB_TCP_STATE_LISTENtTCP_TABLE_OWNER_PID_ALL(((s defines.pyt"sš