一、监听系统目录
- import os
- import win32file
- import datetime
- import win32con
-
- """
- 监听某目录的文件,如果文件有增删改查,则输出变动文件路径
- """
-
- def jtwj(path_to_watch=None):
- if path_to_watch is None:
- path_to_watch = 'D:\\' # 要监听文件的路径, 默认为D盘
- ACTIONS = {
- 1: "Created",
- 2: "Deleted",
- 3: "Updated",
- 4: "Renamed from something",
- 5: "Renamed to something"
- }
-
-
- FILE_LIST_DIRECTORY = win32con.GENERIC_READ | win32con.GENERIC_WRITE
- hDir = win32file.CreateFile(
- path_to_watch,
- FILE_LIST_DIRECTORY,
- win32con.FILE_SHARE_READ | win32con.FILE_SHARE_WRITE,
- None,
- win32con.OPEN_EXISTING,
- win32con.FILE_FLAG_BACKUP_SEMANTICS,
- None
- )
-
- while 1:
- results = win32file.ReadDirectoryChangesW(
- hDir, # handle(句柄):要监视的目录的句柄。这个目录必须用 FILE_LIST_DIRECTORY 访问权限打开。
- 1024, # size(大小): 为结果分配的缓冲区大小。
- True, # bWatchSubtree: 指定 ReadDirectoryChangesW 函数是否监视目录或目录树。
- win32con.FILE_NOTIFY_CHANGE_FILE_NAME |
- win32con.FILE_NOTIFY_CHANGE_DIR_NAME |
- win32con.FILE_NOTIFY_CHANGE_ATTRIBUTES |
- win32con.FILE_NOTIFY_CHANGE_SIZE |
- win32con.FILE_NOTIFY_CHANGE_LAST_WRITE |
- win32con.FILE_NOTIFY_CHANGE_SECURITY,
- None,
- None)
- for action, file in results:
- full_filename = os.path.join(path_to_watch, file)
- status = ACTIONS.get(action, "Unknown")
- print(full_filename, status)
-
-
- if __name__ == '__main__':
- folders = "D:\\"
- jtwj(folders)
-
-
- 输出结果:D:\tools\Tools\June_2018\2018-6-6\2018-6-6.txt Updated
-
1.1、监控系统目录---并输出文件内容:
- import os
- import tempfile
- import threading
- import win32file
- import win32con
-
-
- # 这些是典型的临时文件所在的路径
- dirs_to_monitor = ["C:\\WINDOWS\\temp",tempfile.gettempdir()]
-
-
- # 文件修改行为对应的常量
- FILE_CREATED = 1
- FILE_DELETED = 2
- FILE_MODIFIED = 3
- FILE_RENAMED_FROM = 4
- FILE_RENAMED_T0 = 5
-
- def start_monitor(path_to_watch):
- # 为每一个监控起一个线程
- FILE_LIST_DIRECTORY = 0x0001
-
- h_directory = win32file.CreateFile(
- path_to_watch,
- FILE_LIST_DIRECTORY,
- win32con.FILE_SHARE_READ | win32con.FILE_SHARE_WRITE | win32con.FILE_SHARE_DELETE,
- None,
- win32con.OPEN_EXISTING,
- win32con.FILE_FLAG_BACKUP_SEMANTICS,
- None)
-
- while 1:
- try:
- results = win32file.ReadDirectoryChangesW(
- h_directory,
- 1024,
- True,
- win32con.FILE_NOTIFY_CHANGE_FILE_NAME |
- win32con.FILE_NOTIFY_CHANGE_DIR_NAME |
- win32con.FILE_NOTIFY_CHANGE_ATTRIBUTES |
- win32con.FILE_NOTIFY_CHANGE_SIZE |
- win32con.FILE_NOTIFY_CHANGE_LAST_WRITE |
- win32con.FILE_NOTIFY_CHANGE_SECURITY,
- None,
- None
- )
- for action,file_name in results:
- full_filename = os.path.join(path_to_watch,file_name)
-
- if action == FILE_CREATED:
- print('[ + ] Created %s'%full_filename)
- elif action == FILE_DELETED:
- print('[ - ] Deleted %s'%full_filename)
- elif action == FILE_MODIFIED:
- print('[ * ] Modified %s'%full_filename)
-
- # 输出文件内容
- print('[vvv] Dumping contents...')
-
- try:
- with open(full_filename,'rb') as f:
- contents = f.read()
- print(contents.decode('gbk'))
- print("[^^^] Dump complete.")
- except:
- print("[!!!] Failed.")
- elif action == FILE_RENAMED_FROM:
- print("[ > ] Renamed from: %s"%full_filename)
- elif action == FILE_RENAMED_T0:
- print("[ < ] Renamed to: %s"%full_filename)
- else:
- print("[???] Unknown: %s"%full_filename)
- except:
- pass
-
- if __name__ == '__main__':
- for path in dirs_to_monitor:
- monitor_thread = threading.Thread(target=start_monitor,args=(path,))
- print("Spawning monitoring thread for path: %s"%path)
- monitor_thread.start()
-
-
- 执行结果:
- Spawning monitoring thread for path: C:\WINDOWS\temp
- Spawning monitoring thread for path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
- >>> [ * ] Modified C:\WINDOWS\temp\秘密.txt
- [vvv] Dumping contents...
- 告诉你一个秘密
- [^^^] Dump complete.
- [ * ] Modified C:\WINDOWS\temp\秘密.txt
- [vvv] Dumping contents...
- 告诉你一个秘密
- [^^^] Dump complete.
- [ + ] Created C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_rhug6Wh45c6YmKL
- [ - ] Deleted C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\etilqs_rhug6Wh45c6YmKL
二、查询本机mac地址,本机名称,本机IP
- def get_mac_name_ip():
- """ 获得本机计算机名称,mac地址,内网IP地址 """
- import socket,uuid
- # 获取Mac地址
- mac = uuid.UUID(int = uuid.getnode()).hex[-12:]
- mac = ":".join([mac[e:e+2] for e in range(0,11,2)])
- #获取本机电脑名
- name = socket.getfqdn(socket.gethostname())
- #获取本机ip
- ip = socket.gethostbyname(name)
- return mac,name,ip
-
- print(get_mac_name_ip())
-
- 输出结果:('88:d8:f6:c8:b5:d2', 'computerName', '192.168.1.18')
三,查询局域网内的计算机名称与对应的IP地址
- import os
- import re
- import threading
-
- """
- 局域网内IP地址查询
- """
-
- NAME_IP = {}
-
- def get_local_name():
- n = os.popen('net view')
- n = n.read()
- n = n.split()
- name = [i.replace('\\','') for i in n if '\\' in i]
- return name
-
- def get_local_ip(name):
- a = os.popen('ping -4 %s'%name).read()
- ip = re.findall(r'\[(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\]',a)[0]
- global NAME_IP
- NAME_IP[name] = ip
-
- def get_local():
- names = get_local_name()
- name_tdg = []
- for i in names:
- name_tdg.append(threading.Thread(target=get_local_ip,args=(i,)))
- for i in range(len(name_tdg)):
- name_tdg[i].start()
- for i in range(len(name_tdg)):
- name_tdg[i].join()
- print(NAME_IP)
-
- if __name__ == '__main__':
- get_local()
-
- 输出结果:{'computerName': '192.168.1.18'}
四、利用 WMI 监视进程
- import win32con
- import win32api
- import win32security
- import os
- import sys
- import wmi
-
- def log_to_file(message):
- ''' 把信息写入到日志文件 '''
- with open('process_monitor_log.txt','ab') as f:
- f.write(('%s\r\n'%message).encode())
-
-
- def runs():
- ''' 开始监视我们系统的进程 '''
- # 创建一个日志文件的头部信息
- log_to_file("Time,User,Executable,CommandLine,PID,Parent PID,Privileges")
-
- # 初始化WMI接口
- c = wmi.WMI()
-
- # 创建进程监控器
- process_watcher = c.Win32_Process.watch_for('creation')
-
- while True:
- try:
- new_process = process_watcher()
- proc_owner = new_process.GetOwner()
- proc_owner = '%s\\%s'%(proc_owner[0],proc_owner[2])
- create_date = new_process.CreationDate
- executable = new_process.ExecutablePath
- cmdline = new_process.CommandLine
- pid = new_process.ProcessId
- parent_pid = new_process.ParentProcessId
- privileges = 'N/A'
- process_log_message = '%s,%s,%s,%s,%s,%s,%s\r\n'%(create_date,
- proc_owner,executable,cmdline,pid,parent_pid,privileges)
- print(process_log_message)
- log_to_file(process_log_message)
- except Exception as exc:
- print(exc)
-
- if __name__ == '__main__':
- runs()
-
-
- 执行本程序,打开某个记事本后,输出结果:
- 20180615163430.968750+480,PC1\Administrator,C:\WINDOWS\system32\NOTEPAD.EXE,"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Documents and Settings\Administrator\桌面\秘密.txt,10108,5600,N/A
-
-
五、关闭屏幕 与 锁屏
- from ctypes import *
- import time
-
-
- class User32:
-
- def __init__(self):
- self.user = windll.user32
-
- def box(self):
-
- """ 弹出确认框,是:6,否:7,取消:2 """
- return self.user.MessageBoxW(None,'现在已经12点了,该吃饭了!','消息提示',3)
-
- def close_screen(self):
- """ 关闭电脑屏幕 """
- wn_syscommand = 0x0112
- sc_monitorpower = 0xf170
- HWND_BROAOCAST = self.user.FindWindowExA(None,None,None,None)
- v=self.user.SendMessageA(HWND_BROAOCAST,wn_syscommand,sc_monitorpower,2)
- print(v)
-
- def lock_screen(self):
- """ 锁屏 """
- self.user.LockWorkStation()
-
- if __name__ == '__main__':
- u32 = User32()
- u32.box()
- for i in range(6):
- u32.close_screen()
- time.sleep(1)
- u32.lock_screen()
-
-
六、监听键盘与鼠标
- import pythoncom
- import pyHook
-
-
- def onMouseEvent(event):
- # 监听鼠标事件
- print("MessageName:", event.MessageName)
- print("Message:", event.Message)
- print("Time:", event.Time)
- print("Window:", event.Window)
- print("WindowName:", event.WindowName)
- print("Position:", event.Position)
- print("Wheel:", event.Wheel)
- print("Injected:", event.Injected)
- print("---")
- # 返回 True 以便将事件传给其它处理程序
- # 注意,这儿如果返回 False ,则鼠标事件将被全部拦截
- # 也就是说你的鼠标看起来会僵在那儿,似乎失去响应了
- return True
-
-
- def onKeyboardEvent(event):
- # 监听键盘事件
- print("MessageName:", event.MessageName)
- print("Message:", event.Message)
- print("Time:", event.Time)
- print("Window:", event.Window)
- print("WindowName:", event.WindowName)
- print("Ascii:", event.Ascii, chr(event.Ascii))
- print("Key:", event.Key)
- print("KeyID:", event.KeyID)
- print("ScanCode:", event.ScanCode)
- print("Extended:", event.Extended)
- print("Injected:", event.Injected)
- print("Alt", event.Alt)
- print("Transition", event.Transition)
- print("---")
- # 同鼠标事件监听函数的返回值
- return True
-
-
- def main():
- # 创建一个“钩子”管理对象
- hm = pyHook.HookManager()
- # 监听所有键盘事件
- hm.KeyDown = onKeyboardEvent
- # 设置键盘“钩子”
- hm.HookKeyboard()
-
- # 监听所有鼠标事件
- hm.MouseAll = onMouseEvent
- # 设置鼠标“钩子”
- hm.HookMouse()
- # 进入循环,如不手动关闭,程序将一直处于监听状态
- pythoncom.PumpMessages()
-
-
- if __name__ == "__main__":
- main()
-