-
Notifications
You must be signed in to change notification settings - Fork 12
Expand file tree
/
Copy pathEventHandlers.py
More file actions
37 lines (29 loc) · 1.41 KB
/
EventHandlers.py
File metadata and controls
37 lines (29 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Event Handlers ======================================================================
import win32com.client
class NktSpyMgrEvents:
def OnProcessStarted(self, nktProcessAsPyIDispatch):
nktProcess = win32com.client.Dispatch(nktProcessAsPyIDispatch)
if (nktProcess.Name == "notepad.exe"):
print 'Notepad was started.'
def OnProcessTerminated(self, nktProcessAsPyIDispatch):
nktProcess = win32com.client.Dispatch(nktProcessAsPyIDispatch)
if (nktProcess.Name == "notepad.exe"):
print 'Notepad was terminated.'
def OnFunctionCalled(self, nktHookAsPyIDispatch, nktProcessAsPyIDispatch, nktHookCallInfoAsPyIDispatch):
nktHookCallInfo = win32com.client.Dispatch(nktHookCallInfoAsPyIDispatch)
nktProcess = win32com.client.Dispatch(nktProcessAsPyIDispatch)
if (nktHookCallInfo.IsPreCall):
fileName = self.GetFileNameParam(nktHookCallInfo.Params())
if (fileName.endswith('.txt')):
self.SkipCall(nktHookCallInfo, nktProcess)
# Aux Functions =========================================================================
def SkipCall(self, nktHookCallInfo, nktProcess):
nktHookCallInfo.SkipCall()
if (nktProcess.PlatformBits == 64):
nktHookCallInfo.Result().LongLongVal = -1
else:
nktHookCallInfo.Result().LongVal = -1
nktHookCallInfo.LastError = 5
def GetFileNameParam(self, nktParamsEnum):
nktParam = nktParamsEnum.First()
return nktParam.Value