# *_* coding: euc_kr_*_
# Process Snapshot

try:
   from win32process import *
   from win32api import *
   from win32security import *
   from win32con import *
except:
   print "[-]python pywin32 module needed"
   print "Download:  http://sourceforge.net/projects/pywin32/"
   sys.exit(1)

try:
   import wmi
except:
   print "[-]python wmi module needed"
   print "Download:  http://tgolden.sc.sabren.com/python/wmi.html"
   sys.exit(1)

try:
   from ctypes import *
except:
   print "[-]python ctypes module needed"
   print "ctypes is a Python module allowing to create and manipulate C data types in Python."
   print "These can then be passed to C-functions loaded from dynamic link libraries."
   print "Download:  http://sourceforge.net/projects/ctypes/"
   sys.exit(1)

c = wmi.WMI ()
TH32CS_SNAPMODULE= '0x00000001'
TH32CS_INHERIT = '0x80000000'
TH32CS_SNAPMODULE = '0x00000008'
TH32CS_SNAPMODULE32 = '0x00000008'
TH32CS_SNAPPROCESS = '0x00000002'
TH32CS_SNAPTHREAD = '0x00000004'

hthSnapshot = windll.kernel32.CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,2612);
if (hthSnapshot == NULL): 
    exit
else:
    print "hthSnapshot = %d" %hthSnapshot

for process in c.Win32_Process ():
    if process.Name == 'notepad.exe':
         print process
        
# tagging
# Process SnapShot
# ÇÁ·Î¼¼½º ½º³À¼¦
# Win32 process Find, watcher
# process information
# ÇÁ·Î¼¼½º Á¤º¸ ¼öÁý