python 管理windows客户端_Python管理Windows进程

用python获得正在的运行的windows进程的有几种方式:

方式一

通过 PyWin32包对Windows进行处理。

可以通过这个获取系统信息，但仅限于windows系统。

import win32com.client

wmi=win32com.client.GetObject('winmgmts:')

for p in wmi.InstancesOf('win32_process'):

print p.Name, p.Properties_('ProcessId'), \

int(p.Properties_('UserModeTime').Value)+int(p.Properties_('KernelModeTime').Value)

children=wmi.ExecQuery('Select * from win32_process where ParentProcessId=%s' %p.Properties_('ProcessId'))

for child in children:

print '\t',child.Name,child.Properties_('ProcessId'), \

int(child.Properties_('UserModeTime').Value)+int(child.Properties_('KernelModeTime').Value)

运行结果：

System Idle Process 0 11055150937500

System Idle Process 0 11055150937500

System 4 14906718750

System 4 14906718750

smss.exe 864 937500

smss.exe 864 937500

csrss.exe 916 1752187500

winlogon.exe 940 72812500

csrss.exe 916 1752187500

winlogon.exe 940 72812500

services.exe 1024 324236406250

lsass.exe 1044 10099062500

services.exe 1024 324236406250

svchost.exe 1236 35468750

svchost.exe 1304 6174687500

svchost.exe 1480 198943593750

svchost.exe 1524 35156250

svchost.exe 1636 1412656250

svchost.exe 1688 494843750

spoolsv.exe 1860 45312500

DhMachineSvc.exe 2040 23593750

jqs.exe 200 11605000000

NTFSWatcher.exe 248 15625000

OmniAddrService.exe 268 86406250

pcas.exe 396 172187500

nssm.exe 696 2968750

TeamViewer_Service.exe 772 172343750

winvnc4.exe 844 78750000

svchost.exe 880 151718750

alg.exe 3208 56093750

lsass.exe 1044 10099062500

svchost.exe 1236 35468750

wmiprvse.exe 5184 2500000

svchost.exe 1304 6174687500

svchost.exe 1480 198943125000

svchost.exe 1524 35156250

svchost.exe 1636 1412656250

svchost.exe 1688 494843750

spoolsv.exe 1860 45312500

DhMachineSvc.exe 2040 23593750

jqs.exe 200 11605000000

GoogleUpdate.exe 208 105312500

NTFSWatcher.exe 248 15625000

OmniAddrService.exe 268 86406250

pcas.exe 396 172187500

nssm.exe 696 2968750

salt-minion.exe 716 79062500

salt-minion.exe 716 79062500

TeamViewer_Service.exe 772 172343750

winvnc4.exe 844 78750000

svchost.exe 880 151718750

explorer.exe 1452 7501250000

TSVNCache.exe 2496 114531250

ctfmon.exe 2540 82343750

chrome.exe 2556 25053125000

RocketDock.exe 2564 411406250

Xshell.exe 5200 12957656250

mstsc.exe 8468 227500000

iexplore.exe 7672 13281250

cmd.exe 9404 312500

sublime_text.exe 8920 131093750

notepad.exe 2248 1718750

TSVNCache.exe 2496 114531250

ctfmon.exe 2540 82343750

chrome.exe 2556 25053125000

chrome.exe 3880 24531250

chrome.exe 3872 52500000

chrome.exe 2020 331093750

chrome.exe 1028 35937500

chrome.exe 196 37187500

chrome.exe 184 55625000

chrome.exe 2736 37656250

chrome.exe 2752 1755781250

chrome.exe 2772 83281250

chrome.exe 2976 258125000

SogouFlash.exe 3580 640468750

SogouCloud.exe 3488 115625000

SGImeGuard.exe 4300 24218750

chrome.exe 3700 40312500

chrome.exe 9148 3741406250

chrome.exe 8496 7201250000

chrome.exe 6840 200312500

SogouSmartInfo.exe 9852 468750

RocketDock.exe 2564 411406250

alg.exe 3208 56093750

chrome.exe 3880 24531250

chrome.exe 3872 52500000

chrome.exe 2020 331093750

chrome.exe 1028 35937500

chrome.exe 196 37187500

chrome.exe 184 55625000

chrome.exe 2736 37656250

chrome.exe 2752 1755781250

chrome.exe 2772 83281250

chrome.exe 2976 258125000

TaobaoProtect.exe 3772 27562812500

conime.exe 388 59218750

SogouFlash.exe 3580 640468750

SogouCloud.exe 3488 115625000

SGImeGuard.exe 4300 24218750

Xshell.exe 5200 12957656250

chrome.exe 3700 40312500

aliwssv.exe 7160 46875000

TM.exe 9144 2396250000

chrome.exe 9148 3741250000

Alipaybsm.exe 9536 73593750

chrome.exe 8496 7199843750

mstsc.exe 8468 227500000

iexplore.exe 7672 13281250

iexplore.exe 7256 148593750

iexplore.exe 7256 148437500

cmd.exe 9404 312500

python.exe 9048 1875000

sublime_text.exe 8920 127968750

plugin_host.exe 9840 32031250

plugin_host.exe 9840 30625000

cmd.exe 6384 156250

python.exe 9048 1875000

notepad.exe 2248 1718750

chrome.exe 6840 200312500

SogouSmartInfo.exe 9852 468750

cmd.exe 6384 156250

python.exe 9584 10312500

python.exe 9584 1093750

wmiprvse.exe 5184 781250

上面的从左到右分别是 进程名，pid,cpu的运行时间

方式二：

import win32pdh, string, win32api

def procids():

#each instance is a process, you can have multiple processes w/same name

junk, instances = win32pdh.EnumObjectItems(None,None,'process', win32pdh.PERF_DETAIL_WIZARD)

proc_ids=[]

proc_dict={}

for instance in instances:

if instance in proc_dict:

proc_dict[instance] = proc_dict[instance] + 1

else:

proc_dict[instance]=0

for instance, max_instances in proc_dict.items():

for inum in xrange(max_instances+1):

hq = win32pdh.OpenQuery() # initializes the query handle

path = win32pdh.MakeCounterPath( (None,'process',instance, None, inum,'ID Process') )

counter_handle=win32pdh.AddCounter(hq, path)

win32pdh.CollectQueryData(hq) #collects data for the counter

type, val = win32pdh.GetFormattedCounterValue(counter_handle, win32pdh.PDH_FMT_LONG)

proc_ids.append((instance,str(val)))

win32pdh.CloseQuery(hq)

proc_ids.sort()

return proc_ids

print procids()

运行结果：

[(u'Alipaybsm', '9536'), (u'DhMachineSvc', '2040'), (u'GoogleUpdate', '208'), (u'Idle', '0'), (u'NTFSWatcher', '248'), (u'OmniAddrService', '268'), (u'RocketDock', '2564'), (u'SGImeGuard', '4300'), (u'SogouCloud', '3488'), (u'SogouFlash', '3580'), (u'SogouSmartInfo', '9852'), (u'System', '4'), (u'TM', '9144'), (u'TSVNCache', '2496'), (u'TaobaoProtect', '3772'), (u'TeamViewer_Service', '772'), (u'Xshell', '5200'), (u'_Total', '0'), (u'alg', '3208'), (u'aliwssv', '7160'), (u'chrome', '1028'), (u'chrome', '184'), (u'chrome', '196'), (u'chrome', '2020'), (u'chrome', '2556'), (u'chrome', '2736'), (u'chrome', '2752'), (u'chrome', '2772'), (u'chrome', '2976'), (u'chrome', '3700'), (u'chrome', '3872'), (u'chrome', '3880'), (u'chrome', '6840'), (u'chrome', '8496'), (u'chrome', '9148'), (u'cmd', '9404'), (u'cmd', '9776'), (u'conime', '388'), (u'csrss', '916'), (u'ctfmon', '2540'), (u'explorer', '1452'), (u'iexplore', '7256'), (u'iexplore', '7672'), (u'jqs', '200'), (u'lsass', '1044'), (u'mstsc', '8468'), (u'notepad', '2248'), (u'nssm', '696'), (u'pcas', '396'), (u'plugin_host', '9840'), (u'python', '3540'), (u'python', '9048'), (u'salt-minion', '716'), (u'services', '1024'), (u'smss', '864'), (u'spoolsv', '1860'), (u'sublime_text', '8920'), (u'svchost', '1236'), (u'svchost', '1304'), (u'svchost', '1480'), (u'svchost', '1524'), (u'svchost', '1636'), (u'svchost', '1688'), (u'svchost', '880'), (u'winlogon', '940'), (u'winvnc4', '844')]

[Finished in 0.3s]

获得 一个进程名，进程Id元组的列表

方式三：

# http://code.activestate.com/recipes/305279/

"""

Enumerates active processes as seen under windows Task Manager on Win NT/2k/XP using PSAPI.dll

(new api for processes) and using ctypes.Use it as you please.

Based on information from http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q175030&ID=KB;EN-US;Q175030

By Eric Koome

email ekoome@yahoo.com

license GPL

"""

from ctypes import *

#PSAPI.DLL

psapi = windll.psapi

#Kernel32.DLL

kernel = windll.kernel32

def EnumProcesses():

arr = c_ulong * 256

lpidProcess= arr()

cb = sizeof(lpidProcess)

cbNeeded = c_ulong()

hModule = c_ulong()

count = c_ulong()

modname = c_buffer(30)

PROCESS_QUERY_INFORMATION = 0x0400

PROCESS_VM_READ = 0x0010

#Call Enumprocesses to get hold of process id's

psapi.EnumProcesses(byref(lpidProcess),

cb,

byref(cbNeeded))

#Number of processes returned

nReturned = cbNeeded.value/sizeof(c_ulong())

pidProcess = [i for i in lpidProcess][:nReturned]

for pid in pidProcess:

#Get handle to the process based on PID

hProcess = kernel.OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,

False, pid)

if hProcess:

psapi.EnumProcessModules(hProcess, byref(hModule), sizeof(hModule), byref(count))

psapi.GetModuleBaseNameA(hProcess, hModule.value, modname, sizeof(modname))

print "".join([ i for i in modname if i != '\x00'])

#-- Clean up

for i in range(modname._length_):

modname[i]='\x00'

kernel.CloseHandle(hProcess)

if __name__ == '__main__':

EnumProcesses()

运行结果：

smss.exe

winlogon.exe

services.exe

lsass.exe

svchost.exe

svchost.exe

svchost.exe

spoolsv.exe

DhMachineSvc.exe

jqs.exe

GoogleUpdate.exe

NTFSWatcher.exe

OmniAddrService.exe

pcas.exe

nssm.exe

salt-minion.exe

TeamViewer_Service.exe

WinVNC4.exe

svchost.exe

Explorer.EXE

TSVNCache.exe

ctfmon.exe

chrome.exe

RocketDock.exe

chrome.exe

chrome.exe

chrome.exe

chrome.exe

chrome.exe

chrome.exe

chrome.exe

chrome.exe

chrome.exe

chrome.exe

TaobaoProtect.exe

conime.exe

SogouFlash.exe

SogouCloud.exe

SGImeGuard.exe

Xshell.exe

chrome.exe

aliwssv.exe

TM.exe

chrome.exe

Alipaybsm.exe

chrome.exe

mstsc.exe

iexplore.exe

iexplore.exe

cmd.exe

sublime_text.exe

plugin_host.exe

python.exe

NOTEPAD.EXE

chrome.exe

chrome.exe

SogouSmartInfo.exe

cmd.exe

python.exe

通过交互模式，使用WMI取得进程：

# http://mail.python.org/pipermail/python-win32/2003-December/001482.html

>>> import wmi

>>> processes = wmi.WMI().InstancesOf('Win32_Process')

>>> len(processes)

41

>>> [process.Properties_('Name').Value for process in processes] # get

the process names

[u'System Idle Process', u'System', u'SMSS.EXE', u'CSRSS.EXE',

u'WINLOGON.EXE', u'SERVICES.EXE', u'LSASS.EXE', u'SVCHOST.EXE',

u'SVCHOST.EXE', u'SVCHOST.EXE', u'SVCHOST.EXE', u'SPOOLSV.EXE',

u'ati2evxx.exe', u'BAsfIpM.exe', u'defwatch.exe', u'inetinfo.exe',

u'mdm.exe', u'rtvscan.exe', u'SCARDSVR.EXE', u'WLTRYSVC.EXE',

u'BCMWLTRY.EXE', u'EXPLORER.EXE', u'Apoint.exe', u'carpserv.exe',

u'atiptaxx.exe', u'quickset.exe', u'DSentry.exe', u'Directcd.exe',

u'vptray.exe', u'ApntEx.exe', u'FaxCtrl.exe', u'digstream.exe',

u'CTFMON.EXE', u'wuauclt.exe', u'IEXPLORE.EXE', u'Pythonwin.exe',

u'MMC.EXE', u'OUTLOOK.EXE', u'LineMgr.exe', u'SAPISVR.EXE',

u'WMIPRVSE.EXE']

# Here is how to get a single process and get its PID.

>>> p = wmi.WMI().ExecQuery('select * from Win32_Process where

Name="Pythonwin.exe"')

>>> [prop.Name for prop in p[0].Properties_] # let's look at all the

process property names

[u'Caption', u'CommandLine', u'CreationClassName', u'CreationDate',

u'CSCreationClassName', u'CSName', u'Description', u'ExecutablePath',

u'ExecutionState', u'Handle', u'HandleCount', u'InstallDate',

u'KernelModeTime', u'MaximumWorkingSetSize', u'MinimumWorkingSetSize',

u'Name', u'OSCreationClassName', u'OSName', u'OtherOperationCount',

u'OtherTransferCount', u'PageFaults', u'PageFileUsage',

u'ParentProcessId', u'PeakPageFileUsage', u'PeakVirtualSize',

u'PeakWorkingSetSize', u'Priority', u'PrivatePageCount', u'ProcessId',

u'QuotaNonPagedPoolUsage', u'QuotaPagedPoolUsage',

u'QuotaPeakNonPagedPoolUsage', u'QuotaPeakPagedPoolUsage',

u'ReadOperationCount', u'ReadTransferCount', u'SessionId', u'Status',

u'TerminationDate', u'ThreadCount', u'UserModeTime', u'VirtualSize',

u'WindowsVersion', u'WorkingSetSize', u'WriteOperationCount',

u'WriteTransferCount']

>>> p[0].Properties_('ProcessId').Value # get our ProcessId

928

方式四:

此方法可以跨平台，不过需要在安装psutil包.

import os

import psutil

import time

logPath = r'some\path\proclogs'

if not os.path.exists(logPath):

os.mkdir(logPath)

separator = "-" * 80

format = "%7s %7s %12s %12s %30s, %s"

format2 = "%7.4f %7.2f %12s %12s %30s, %s"

while 1:

# psutil.get_process_list() 方法已经废弃，可以使用psutil.process_iter()迭代器

procs = psutil.get_process_list()

procs = sorted(procs, key=lambda proc: proc.name)

logPath = r'some\path\proclogs\procLog%i.log' % int(time.time())

f = open(logPath, 'w')

f.write(separator + "\n")

f.write(time.ctime() + "\n")

f.write(format % ("%CPU", "%MEM", "VMS", "RSS", "NAME", "PATH"))

f.write("\n")

for proc in procs:

cpu_percent = proc.get_cpu_percent()

mem_percent = proc.get_memory_percent()

rss, vms = proc.get_memory_info()

rss = str(rss)

vms = str(vms)

name = proc.name

path = proc.path

f.write(format2 % (cpu_percent, mem_percent, vms, rss, name, path))

f.write("\n\n")

f.close()

print "Finished log update!"

time.sleep(300)

print "writing new log data!"

以上实现一个类似top的工具。