python模块,用于扫描有关正在运行的进程的信息,包括映射、打开的文件描述符、进程所有者和其他信息
ProcessMappingScanner的Python项目详细描述
处理映射扫描仪
python模块,用于扫描正在运行的进程中的各种信息(映射、打开的文件、所有者、命令行等)
此模块仅适用于UNIX派生系统(Linux、BSD、cygwin等)
什么是映射?
映射可以包括正在运行的可执行文件(如python)、共享库(如libc)或其他内容(如locale存档文件或其他映射)。
例如,您可以使用此模块扫描正在运行的进程以查看使用libpython2.7的是什么,或者扫描特定进程以查看映射。
命令行工具
processmappingscanner的功能通过命令行工具findProcessesUsing公开。
功能
映射
下面是扫描正在运行的进程以查找映射的函数。
以下函数scanprocessformapping扫描单个进程的映射。使用searchpart的空字符串获取所有映射。
def scanProcessForMapping(pid, searchPortion, isExactMatch=False, ignoreCase=False):
‘’‘
scanProcessForMapping - Searches a given pid’s mappings for a certain pattern.
@param pid <int> - A running process ID on this system
@param searchPortion <str> - A mapping for which to search, example: libc or python or libz.so.1. Give empty string to return all mappings.
@param isExactMatch <bool> Default False - If match should be exact, otherwise a partial match is performed.
@param ignoreCase <bool> Default False - If True, search will be performed case-insensitively
@return <dict> - If result is found, the following dict is returned. If no match found on the given pid, or pid is not found running, None is returned.
{
‘searchPortion’ : The passed search pattern
‘pid’ : The passed pid (as an integer)
‘owner’ : String of process owner, or uid if no mapping can be found, or “unknown” if neither could be determined.
‘cmdline’ : Commandline string
‘matchedMappings’ : All mappings likes that matched the given search pattern
}
''
以下函数scanallprocesseformapping扫描所有正在运行的进程以查找映射。
def scanAllProcessesForMapping(searchPortion, isExactMatch=False, ignoreCase=False):
‘’‘
scanAllProcessesForMapping - Scans all processes on the system for a given search pattern.
@param searchPortion <str> - A mapping for which to search, example: libc or python or libz.so.1. Give empty string to return all mappings.
@param isExactMatch <bool> Default False - If match should be exact, otherwise a partial match is performed.
@param ignoreCase <bool> Default False - If True, search will be performed case-insensitively
@return-<;dict>;-匹配搜索模式的每个PID的PID映射结果字典。有关“映射结果”的格式,@请参见scanprocessformapping
''
所有者
下面是用于确定谁在运行进程的函数
以下函数返回有关给定进程所有者(uid、用户名)的信息:
def getProcessOwner(pid):
‘’‘
getProcessOwner - Get the process owner of a pid
@param pid <int> - process id
@return - None if process not found or can’t be determined. Otherwise, a dict:
{
uid - Owner UID
name - Owner name, or None if one cannot be determined
}
''
以下函数返回给定进程所有者的字符串:
def getProcessOwnerStr(pid):
‘’‘
getProcessOwner - Get Process owner of a pid as a string instead of components (#getProcessOwner)
@return - Returns username if it can be determined, otherwise uid, otherwise “unknown”
''
命令行
以下函数获取正在运行的进程的命令行(可执行文件和参数)。
以下函数返回正在运行的进程的命令行字符串:
def getProcessCommandLineStr(pid):
‘’‘
getProcessCommandLineStr - Gets a the commandline (program + arguments) of a given pid
@param pid <int> - Process ID
@return - None if process not found or can’t be determined. Otherwise a string of commandline.
@note Caution, args may have spaces in them, and you cannot surmise from this method. If you care (like trying to replay a command), use getProcessCommandLineList instead
''
以下函数返回表示进程“argv”的列表。
def getProcessCommandLineList(pid):
‘’‘
getProcessCommandLineList - Gets the commandline (program + argumentS) of a given pid as a list.
@param pid <int> - Process ID
@return - None if process not found or can’t be determined. Otherwise a list representing argv. First argument is process name, remainder are arguments.
@note - Use this if you care about whether a process had a space in the commands
''
文件
以下函数处理运行进程的打开文件描述符(FD)。
以下函数返回有关进程的信息
def scanProcessForOpenFile(pid, searchPortion, isExactMatch=True, ignoreCase=False):
‘’‘
scanProcessForOpenFile - Scans open FDs for a given pid to see if any are the provided searchPortion
@param searchPortion <str> - Filename to check
@param isExactMatch <bool> Default True - If match should be exact, otherwise a partial match is performed.
@param ignoreCase <bool> Default False - If True, search will be performed case-insensitively
@return-如果找到结果,则返回以下dict。如果在给定的pid上找不到匹配项,或者没有发现pid正在运行,则不返回任何匹配项。
{
‘searchPortion’ : The search portion provided
‘pid’ : The passed pid (as an integer)
‘owner’ : String of process owner, or “unknown” if one could not be determined
‘cmdline’ : Commandline string
‘fds’ : List of file descriptors assigned to this file (could be mapped several times)
‘filenames’ : List of the filenames matched
}
''
以下函数扫描系统上的所有进程以查找打开的文件:
def scanAllProcessesForOpenFile(searchPortion, isExactMatch=True, ignoreCase=False):
‘’‘
scanAllProcessessForOpenFile - Scans all processes on the system for a given filename
@param searchPortion <str> - Filename to check
@param isExactMatch <bool> Default True - If match should be exact, otherwise a partial match is performed.
@param ignoreCase <bool> Default False - If True, search will be performed case-insensitively
@return-<;dict>;-匹配搜索模式的每个PID的PID映射结果字典。有关“映射结果”的格式,@请参见scanprocessforopenfile
''
当前工作目录
进程的当前工作目录(CWD)可以通过以下路径找到:
def getProcessCwd(pid)
‘’‘
getProcessCwd - Gets the cwd (current working directory) of a given pid
@param pid <int> - Process ID
@return <str/None> - None if process not found or can’t be determined. Otherwise, a string of the CWD
''
还包含扫描函数,如上面所述,scanprocessforcwd和scanallprocessforcwd。
常规
以下是一般功能
以下函数返回系统上运行的所有PID的列表
def getAllRunningPids()
设计
所有“scan”系列函数都返回有关进程(owner/cmdline)的一些额外信息。这是因为进程可以快速开始和结束,因此获得完整的快照比以后无法获得快照要好。