OperatingSystemWinX86_64.process

OperatingSystemWinX86_64.process(pid=None, dtb=None)

Get a process running in the guest.

This function tries to retrieve a process running in the guest based on its PID or DTB.

Parameters

  • pid (int, optional) – The PID of the process to find. Either the PID or the DTB must be specified.

  • dtb (int, optional) – The directory table base (DTB) of the process to fund. Either the PID or the DTB must be specified.

Returns

A presentation of the process or None if the process cannot be found.

Return type

object

Raises

ValueError – If neither PID nor DTB was specified.