Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
25 lines (21 sloc) 792 Bytes
#!/usr/bin/python
import subprocess
import pefile
result = subprocess.run(['wmic', 'service', 'where', 'state like "running" and startname like "LocalSystem" and not pathname like "%svchost.exe%"', 'get', 'pathname', '/format:csv'], stdout=subprocess.PIPE)
for i in str(result.stdout).split("\\r\\r\\n"):
for j in i.split(","):
if ".exe" in j:
binPath = ""
if len(j.split("\"")) > 1:
binPath = j.split("\"")[1]
else:
binPath = j
try:
pe = pefile.PE(binPath)
except:
continue
try:
if b"mscoree.dll" in [x.dll for x in pe.DIRECTORY_ENTRY_IMPORT]:
print(binPath)
except:
continue
You can’t perform that action at this time.