atomicshop 2.12.26__py3-none-any.whl → 2.13.1__py3-none-any.whl

atomicshop/__init__.py

@@ -1,4 +1,4 @@
 """Atomic Basic functions and classes to make developer life easier"""
 
 __author__ = "Den Kras"
-__version__ = '2.12.26'
+__version__ = '2.13.1'

atomicshop/basics/dicts.py

@@ -24,6 +24,18 @@ def get_first_key_and_value_dict(input_dict: dict) -> dict:
     return {first_key: input_dict[first_key]}
 
 
+def get_last_added_key_value(input_dict: dict) -> dict:
+    """
+    The function will return the last added key and value in a dictionary.
+
+    :param input_dict: dict, the dictionary to get the last added key and value.
+    :return: dict, the last added key and value in the dictionary.
+    """
+
+    last_key = list(input_dict.keys())[-1]
+    return {last_key: input_dict[last_key]}
+
+
 def remove_keys(input_dict: dict, key_list: list) -> None:
     """
     The function will remove a key from dictionary without raising an exception if it doesn't exist.

atomicshop/basics/package_module.py

@@ -0,0 +1,10 @@
+"""
+# Add static files to your package / module pyproject.toml:
+[tool.setuptools.package-data]
+"atomicshop.addons" = ["**"]
+
+# Read relative path of your module inside your package / module script:
+from importlib.resources import files
+PACKAGE_DLL_PATH = 'addons/process_list/compiled/Win10x64/process_list.dll'
+FULL_DLL_PATH = str(files(__package__).joinpath(PACKAGE_DLL_PATH))
+"""

atomicshop/diff_check.py

@@ -314,10 +314,10 @@ class DiffChecker:
                 try:
                     if self.save_as == 'txt':
                         self.previous_content = file_io.read_file(
-                            self.input_file_path, stderr=False, **(print_kwargs or {}))
+                            self.input_file_path, stdout=False, stderr=False, **(print_kwargs or {}))
                     elif self.save_as == 'json':
                         self.previous_content = jsons.read_json_file(
-                            self.input_file_path, stderr=False, **(print_kwargs or {}))
+                            self.input_file_path, stdout=False, stderr=False, **(print_kwargs or {}))
                 except FileNotFoundError as except_object:
                     message = f"Input File [{Path(except_object.filename).name}] doesn't exist - Will create new one."
                     print_api(message, color='yellow', **(print_kwargs or {}))
@@ -433,10 +433,11 @@ class DiffChecker:
         if self.input_file_path:
             if self.save_as == 'txt':
                 # noinspection PyTypeChecker
-                file_io.write_file(self.previous_content, self.input_file_path, **(print_kwargs or {}))
+                file_io.write_file(self.previous_content, self.input_file_path, stdout=False, **(print_kwargs or {}))
             elif self.save_as == 'json':
                 jsons.write_json_file(
-                    self.previous_content, self.input_file_path, use_default_indent=True, **(print_kwargs or {}))
+                    self.previous_content, self.input_file_path, use_default_indent=True, stdout=False,
+                    **(print_kwargs or {}))
 
         return result, message
 

atomicshop/dns.py

@@ -18,15 +18,6 @@ TYPES_DICT = {
     '255': 'ANY'
 }
 
-# Event Tracing DNS info.
-ETW_DNS_INFO = {
-    'provider_name': 'Microsoft-Windows-DNS-Client',
-    'provider_guid': '{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}',
-    # Event ID 3008 got DNS Queries and DNS Answers. Meaning, that information in ETW will arrive after DNS Response
-    # is received and not After DNS Query is sent.
-    'event_id': 3008
-}
-
 
 def resolve_dns_localhost(domain_name: str, dns_servers_list: list = None, print_kwargs: dict = None) -> str:
     """

atomicshop/etws/const.py

@@ -0,0 +1,38 @@
+ETW_DNS = {
+    'provider_name': 'Microsoft-Windows-DNS-Client',
+    'provider_guid': '{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}',
+    'event_ids': {
+        # Event ID 3008 got DNS Queries and DNS Answers. Meaning, that information in ETW will arrive after DNS Response
+        # is received and not after DNS Query Request is sent.
+        'dns_request_response': 3008
+    }
+}
+
+
+# Event Tracing Kernel-Process.
+ETW_KERNEL_PROCESS = {
+    'provider_name': 'Microsoft-Windows-Kernel-Process',
+    'provider_guid': '{22FB2CD6-0E7B-422B-A0C7-2FAD1FD0E716}',
+    'event_ids': {
+        'process_create': 1  # Emits all the processes that are started.
+    }
+}
+
+
+# You need SYSTEM privileges to execute this one. Try with psexec -s -i
+ETW_SECURITY_AUDITING = {
+    'provider_name': 'Microsoft-Windows-Security-Auditing',
+    'provider_guid': '{54849625-5478-4994-A5BA-3E3B0328C30D}',
+    'event_ids': {
+        'process_create': 4688      # Emits all the processes that are started.
+    }
+}
+
+
+ETW_SYSMON = {
+    'provider_name': 'Microsoft-Windows-Sysmon',
+    'provider_guid': '{5770385F-C22A-43E0-BF4C-06F5698FFBD9}',
+    'event_ids': {
+        'process_create': 1         # Emits all the processes that are started.
+    }
+}

atomicshop/{etw → etws/traces}/trace_dns.py

@@ -1,18 +1,31 @@
-from . import trace
-from .. import dns
-from ..wrappers.psutilw import psutilw
-from ..basics import dicts
-from ..process_poller import ProcessPollerPool
-from ..print_api import print_api
+import time
 
+from .. import trace, const
+from ...wrappers.psutilw import psutilw
+from ...basics import dicts
+from ...process_poller import ProcessPollerPool
+from ...print_api import print_api
+from ... import dns
 
-class DnsTrace:
+
+ETW_DEFAULT_SESSION_NAME: str = 'AtomicShopDnsTrace'
+
+PROVIDER_NAME: str = const.ETW_DNS['provider_name']
+PROVIDER_GUID: str = const.ETW_DNS['provider_guid']
+REQUEST_RESP_EVENT_ID: int = const.ETW_DNS['event_ids']['dns_request_response']
+
+WAIT_FOR_PROCESS_POLLER_PID_SECONDS: int = 3
+WAIT_FOR_PROCESS_POLLER_PID_COUNTS: int = WAIT_FOR_PROCESS_POLLER_PID_SECONDS * 10
+
+
+class DnsRequestResponseTrace:
     def __init__(
             self,
-            enable_process_poller: bool = False,
             attrs: list = None,
             session_name: str = None,
-            close_existing_session_name: bool = True
+            close_existing_session_name: bool = True,
+            enable_process_poller: bool = False,
+            process_poller_etw_session_name: str = None
     ):
         """
         DnsTrace class use to trace DNS events from Windows Event Tracing for EventId 3008.
@@ -28,6 +41,7 @@ class DnsTrace:
             False: if ETW session with 'session_name' exists, you will be notified and the new session will not be
                 created. Instead, the existing session will be used. If there is a buffer from the previous session,
                 you will get the events from the buffer.
+        :param process_poller_etw_session_name: The name of the ETW session for tracing process creation.
 
         -------------------------------------------------
 
@@ -35,7 +49,13 @@ class DnsTrace:
             from atomicshop.etw import dns_trace
 
 
-            dns_trace_w = dns_trace.DnsTrace(enable_process_poller=True, attrs=['pid', 'name', 'cmdline', 'domain', 'query_type'])
+            dns_trace_w = dns_trace.DnsTrace(
+                attrs=['pid', 'name', 'cmdline', 'domain', 'query_type'],
+                session_name='MyDnsTrace',
+                close_existing_session_name=True,
+                enable_process_poller=True,
+                process_poller_etw_session_name='MyProcessTrace'
+            )
             dns_trace_w.start()
             while True:
                 dns_dict = dns_trace_w.emit()
@@ -46,16 +66,21 @@ class DnsTrace:
         self.enable_process_poller = enable_process_poller
         self.attrs = attrs
 
+        if not session_name:
+            session_name = ETW_DEFAULT_SESSION_NAME
+
         self.event_trace = trace.EventTrace(
-            providers=[(dns.ETW_DNS_INFO['provider_name'], dns.ETW_DNS_INFO['provider_guid'])],
+            providers=[(PROVIDER_NAME, PROVIDER_GUID)],
             # lambda x: self.event_queue.put(x),
-            event_id_filters=[dns.ETW_DNS_INFO['event_id']],
+            event_id_filters=[REQUEST_RESP_EVENT_ID],
             session_name=session_name,
             close_existing_session_name=close_existing_session_name
         )
 
         if self.enable_process_poller:
-            self.process_poller = ProcessPollerPool(store_cycles=200, operation='process', poller_method='process_dll')
+            self.process_poller = ProcessPollerPool(
+                operation='process', poller_method='sysmon_etw',
+                sysmon_etw_session_name=process_poller_etw_session_name)
 
     def start(self):
         if self.enable_process_poller:
@@ -82,6 +107,11 @@ class DnsTrace:
         :return: Dictionary with the event data.
         """
 
+        # Get the processes first, since we need the process name and command line.
+        # If they're not ready, we will get just pids from DNS tracing.
+        if self.enable_process_poller:
+            self._get_processes_from_poller()
+
         event = self.event_trace.emit()
 
         event_dict: dict = {
@@ -92,12 +122,6 @@ class DnsTrace:
             'query_type': dns.TYPES_DICT[str(event[1]['QueryType'])]
         }
 
-        # # Get process name only from psutil, just in case.
-        # try:
-        #     process_name = psutilw.get_process_name_by_pid(event_dict['pid'])
-        # except psutil.NoSuchProcess:
-        #     process_name = str(event_dict['pid'])
-
         # Defining list if ips and other answers, which aren't IPs.
         list_of_ips = list()
         list_of_other_domains = list()
@@ -135,10 +159,19 @@ class DnsTrace:
             event_dict['status'] = 'Error'
 
         if self.enable_process_poller:
-            processes = self.process_poller.processes
-
-            if isinstance(processes, BaseException):
-                raise processes
+            processes = self.process_poller.get_processes()
+            if event_dict['pid'] not in processes:
+                counter = 0
+                while counter < WAIT_FOR_PROCESS_POLLER_PID_COUNTS:
+                    processes = self.process_poller.get_processes()
+                    if event_dict['pid'] not in processes:
+                        time.sleep(0.1)
+                        counter += 1
+                    else:
+                        break
+
+                if counter == WAIT_FOR_PROCESS_POLLER_PID_COUNTS:
+                    print_api(f"Error: Couldn't get the process name for PID: {event_dict['pid']}.", color='red')
 
             event_dict = psutilw.cross_single_connection_with_processes(event_dict, processes)
             # If it was impossible to get the process name from the process poller, get it from psutil.
@@ -150,3 +183,13 @@ class DnsTrace:
                 event_dict, self.attrs, skip_keys_not_in_list=True)
 
         return event_dict
+
+    def _get_processes_from_poller(self):
+        processes: dict = {}
+        while not processes:
+            processes = self.process_poller.get_processes()
+
+            if isinstance(processes, BaseException):
+                raise processes
+
+        return processes

atomicshop/etws/traces/trace_sysmon_process_creation.py

@@ -0,0 +1,116 @@
+from .. import trace, const
+from ...wrappers.psutilw import psutilw
+from ...wrappers import sysmonw
+from ...basics import dicts
+from ...print_api import print_api
+
+
+PROVIDER_NAME: str = const.ETW_SYSMON['provider_name']
+PROVIDER_GUID: str = const.ETW_SYSMON['provider_guid']
+PROCESS_CREATION_EVENT_ID: int = const.ETW_SYSMON['event_ids']['process_create']
+
+
+class SysmonProcessCreationTrace:
+    def __init__(
+            self,
+            attrs: list = None,
+            session_name: str = None,
+            close_existing_session_name: bool = True,
+            sysmon_directory: str = None
+    ):
+        """
+        DnsTrace class use to trace DNS events from Windows Event Tracing for EventId 3008.
+
+        :param attrs: List of attributes to return. If None, all attributes will be returned.
+        :param session_name: The name of the session to create. If not provided, a UUID will be generated.
+        :param close_existing_session_name: Boolean to close existing session names.
+            True: if ETW session with 'session_name' exists, you will be notified and the session will be closed.
+                Then the new session with this name will be created.
+            False: if ETW session with 'session_name' exists, you will be notified and the new session will not be
+                created. Instead, the existing session will be used. If there is a buffer from the previous session,
+                you will get the events from the buffer.
+        :param sysmon_directory: The directory where Sysmon is located. If not provided, "C:\\Windows\\Sysmon" will be
+            used. If 'Sysmon.exe' is not found in the directory, it will be downloaded from the internet.
+
+        -------------------------------------------------
+
+        Usage Example:
+            from atomicshop.etw import dns_trace
+
+
+            dns_trace_w = dns_trace.DnsTrace(
+                attrs=['pid', 'name', 'cmdline', 'domain', 'query_type'],
+                session_name='MyDnsTrace',
+                close_existing_session_name=True,
+                enable_process_poller=True,
+                process_poller_etw_session_name='MyProcessTrace'
+            )
+            dns_trace_w.start()
+            while True:
+                dns_dict = dns_trace_w.emit()
+                print(dns_dict)
+            dns_trace_w.stop()
+        """
+
+        self.attrs = attrs
+        self.sysmon_directory: str = sysmon_directory
+
+        self.event_trace = trace.EventTrace(
+            providers=[(PROVIDER_NAME, PROVIDER_GUID)],
+            # lambda x: self.event_queue.put(x),
+            event_id_filters=[PROCESS_CREATION_EVENT_ID],
+            session_name=session_name,
+            close_existing_session_name=close_existing_session_name
+        )
+
+    def start(self):
+        sysmonw.start_as_service(
+            installation_path=self.sysmon_directory, download_sysmon_if_not_found=True, skip_if_running=True)
+        self.event_trace.start()
+
+    def stop(self):
+        self.event_trace.stop()
+
+    def emit(self):
+        """
+        Function that will return the next event from the queue.
+        The queue is blocking, so if there is no event in the queue, the function will wait until there is one.
+
+        Usage Example:
+            while True:
+                dns_dict = dns_trace.emit()
+                print(dns_dict)
+
+        :return: Dictionary with the event data.
+        """
+
+        event = self.event_trace.emit()
+
+        event_dict: dict = {
+            'etw_id': event[0],
+            'pid': event[1]['ProcessId'],
+            'process_guid': event[1]['ProcessGuid'],
+            'image': event[1]['Image'],
+            'file_version': event[1]['FileVersion'],
+            'product': event[1]['Product'],
+            'company': event[1]['Company'],
+            'original_file_name': event[1]['OriginalFileName'],
+            'command_line': event[1]['CommandLine'],
+            'current_directory': event[1]['CurrentDirectory'],
+            'user': event[1]['User'],
+            'logon_id': event[1]['LogonId'],
+            'logon_guid': event[1]['LogonGuid'],
+            'terminal_session_id': event[1]['TerminalSessionId'],
+            'integrity_level': event[1]['IntegrityLevel'],
+            'hashes': event[1]['Hashes'],
+            'parent_process_guid': event[1]['ParentProcessGuid'],
+            'parent_process_id': event[1]['ParentProcessId'],
+            'parent_image': event[1]['ParentImage'],
+            'parent_command_line': event[1]['ParentCommandLine']
+        }
+
+        if self.attrs:
+            event_dict = dicts.reorder_keys(
+                event_dict, self.attrs, skip_keys_not_in_list=True)
+
+        return event_dict

atomicshop/monitor/change_monitor.py

@@ -41,7 +41,8 @@ class ChangeMonitor:
                     'url_playwright_jpeg'],
                 None] = None,
             object_type_settings: dict = None,
-            etw_session_name: str = None
+            etw_session_name: str = None,
+            etw_process_session_name: str = None
     ):
         """
         :param object_type: string, type of object to check. The type must be one of the following:
@@ -88,6 +89,8 @@ class ChangeMonitor:
             with logman and other tools: logman query -ets
             If not provided, a default name will be generated.
             'dns': 'AtomicShopDnsTrace'
+        :param etw_process_session_name: string, the name of the ETW session for tracing process creation.
+            This is needed to correlate the process cmd with the DNS requests PIDs.
 
         If 'input_directory' is not specified, the 'input_file_name' is not specified, and
         'generate_input_file_name' is False, then the input file will not be used and the object will be stored
@@ -104,6 +107,7 @@ class ChangeMonitor:
         self.object_type = object_type
         self.object_type_settings: dict = object_type_settings
         self.etw_session_name: str = etw_session_name
+        self.etw_process_session_name: str = etw_process_session_name
 
         # === Additional variables ========================================
 

atomicshop/monitor/checks/dns.py

@@ -1,14 +1,13 @@
 from pathlib import Path
 from typing import Union
 
-from ...etw.trace_dns import DnsTrace
+from ...etws.traces import trace_dns
 from ...print_api import print_api
 from ...import diff_check
 
 
 INPUT_FILE_DEFAULT_NAME: str = 'known_domains.json'
 INPUT_STATISTICS_FILE_DEFAULT_NAME: str = 'dns_statistics.json'
-ETW_DEFAULT_SESSION_NAME: str = 'AtomicShopDnsTrace'
 
 
 class DnsCheck:
@@ -22,15 +21,16 @@ class DnsCheck:
         self.diff_checker_statistics: Union[diff_check.DiffChecker, None] = None
         self.settings: dict = change_monitor_instance.object_type_settings
 
-        if change_monitor_instance.etw_session_name:
-            self.etw_session_name: str = change_monitor_instance.etw_session_name
-        else:
-            self.etw_session_name: str = ETW_DEFAULT_SESSION_NAME
+        self.etw_session_name: str = change_monitor_instance.etw_session_name
 
-        self.fetch_engine: DnsTrace = (
-            DnsTrace(
-                enable_process_poller=True, attrs=['name', 'cmdline', 'domain', 'query_type'],
-                session_name=self.etw_session_name, close_existing_session_name=True)
+        self.fetch_engine: trace_dns.DnsRequestResponseTrace = (
+            trace_dns.DnsRequestResponseTrace(
+                attrs=['name', 'cmdline', 'domain', 'query_type'],
+                session_name=self.etw_session_name,
+                close_existing_session_name=True,
+                enable_process_poller=True,
+                process_poller_etw_session_name=change_monitor_instance.etw_process_session_name
+            )
         )
 
         if self.settings['alert_always'] and self.settings['alert_about_missing_entries_after_learning']:
@@ -106,7 +106,7 @@ class DnsCheck:
 
     def _aggregation_process(self, event_dict: dict, return_list: list, print_kwargs: dict = None):
         self.diff_checker_aggregation.check_object = [event_dict]
-    
+
         # Check if 'known_domains' list was updated from previous cycle.
         result, message = self.diff_checker_aggregation.check_list_of_dicts(
             sort_by_keys=['cmdline', 'name'], print_kwargs=print_kwargs)

atomicshop/process.py

@@ -11,7 +11,7 @@ from .basics import strings
 from .wrappers import ubuntu_terminal
 
 if os.name == 'nt':
-    from .process_poller import GetProcessList
+    from . import process_poller
 
 
 def is_command_exists(cmd: str) -> bool:
@@ -265,7 +265,7 @@ def match_pattern_against_running_processes_cmdlines(
     """
 
     # Get the list of all the currently running processes.
-    get_process_list = GetProcessList(get_method='pywin32', connect_on_init=True)
+    get_process_list = process_poller.GetProcessList(get_method='pywin32', connect_on_init=True)
     processes = get_process_list.get_processes(as_dict=False)
 
     # Iterate through all the current process, while fetching executable file 'name' and the command line.

atomicshop/process_poller.py

@@ -5,8 +5,10 @@ from typing import Literal, Union
 
 from .wrappers.pywin32w import wmi_win32process
 from .wrappers.psutilw import psutilw
+from .etws.traces import trace_sysmon_process_creation
 from .basics import list_of_dicts, dicts
 from .process_name_cmd import ProcessNameCmdline
+from .print_api import print_api
 
 
 def get_process_time_tester(
@@ -40,16 +42,24 @@ test = get_process_list.get_processes()
 
 
 class GetProcessList:
+    """
+    The class is responsible for getting the list of running processes.
+
+    Example of one time polling with 'pywin32' method:
+    from atomicshop import process_poller
+    process_list: dict = \
+        process_poller.GetProcessList(get_method='pywin32', connect_on_init=True).get_processes(as_dict=True)
+    """
     def __init__(
             self,
-            get_method: Literal['psutil', 'pywin32', 'process_dll'] = 'process_dll',
+            get_method: Literal['psutil', 'pywin32', 'process_dll', 'sysmon_etw'] = 'process_dll',
             connect_on_init: bool = False
     ):
         """
         :param get_method: str, The method to get the list of processes. Default is 'process_list_dll'.
             'psutil': Get the list of processes by 'psutil' library. Resource intensive and slow.
             'pywin32': Get the list of processes by 'pywin32' library, using WMI. Not resource intensive, but slow.
-            'process_dll'. Not resource intensive and fast. Probably works only in Windows 10 x64
+            'process_dll'. Not resource intensive and fast. Probably works only in Windows 10 x64.
         :param connect_on_init: bool, if True, will connect to the service on init. 'psutil' don't need to connect.
         """
         self.get_method = get_method
@@ -86,7 +96,7 @@ class GetProcessList:
         """
         The function will get the list of opened processes and return it as a list of dicts.
 
-        :return: list of dicts, of opened processes.
+        :return: dict while key is pid or list of dicts, of opened processes (depending on 'as_dict' setting).
         """
 
         if as_dict:
@@ -132,19 +142,14 @@ class ProcessPollerPool:
     Later, I'll find a solution to make it more efficient.
     """
     def __init__(
-            self, store_cycles: int = 200,
+            self,
             interval_seconds: Union[int, float] = 0,
             operation: Literal['thread', 'process'] = 'thread',
-            poller_method: Literal['psutil', 'pywin32', 'process_dll'] = 'process_dll',
+            poller_method: Literal['psutil', 'pywin32', 'process_dll', 'sysmon_etw'] = 'sysmon_etw',
+            sysmon_etw_session_name: str = None,
+            sysmon_directory: str = None
     ):
         """
-        :param store_cycles: int, how many cycles to store. Each cycle is polling processes.
-            Example: Specifying 3 will store last 3 polled cycles of processes.
-
-            Default is 200, which means that 200 latest cycles original PIDs and their process names will be stored.
-
-            You can execute the 'get_process_time_tester' function in order to find the optimal number of cycles
-            and how much time it will take.
         :param interval_seconds: float, how many seconds to wait between each cycle.
             Default is 0, which means that the polling will be as fast as possible.
 
@@ -162,6 +167,18 @@ class ProcessPollerPool:
             'psutil': Get the list of processes by 'psutil' library. Resource intensive and slow.
             'pywin32': Get the list of processes by 'pywin32' library, using WMI. Not resource intensive, but slow.
             'process_dll'. Not resource intensive and fast. Probably works only in Windows 10 x64.
+            'sysmon_etw': Get the list of processes with running SysMon by ETW - Event Tracing for Windows.
+                In this case 'store_cycles' and 'interval_seconds' are irrelevant, since the ETW is real-time.
+                Steps we take:
+                    1. Check if SysMon is Running. If not, check if the executable exists in specified
+                        location and start it as a service.
+                    2. Start the "Microsoft-Windows-Sysmon" ETW session.
+                    3. Take a snapshot of current processes and their CMDs with psutil and store it in a dict.
+                    4. Each new process creation from ETW updates the dict.
+        :param sysmon_etw_session_name: str, only for 'sysmon_etw' get_method.
+            The name of the ETW session for tracing process creation.
+        :param sysmon_directory: str, only for 'sysmon_etw' get_method.
+            The directory where the SysMon executable is located. If non-existed will be downloaded.
         ---------------------------------------------
         If there is an exception, ProcessPollerPool.processes will be set to the exception.
         While getting the processes you can use this to execute the exception:
@@ -172,20 +189,20 @@ class ProcessPollerPool:
             raise processes
         """
 
-        self.store_cycles: int = store_cycles
         self.interval_seconds: float = interval_seconds
         self.operation: str = operation
         self.poller_method = poller_method
-
-        self.get_processes_list = GetProcessList(get_method=self.poller_method)
+        self.sysmon_etw_session_name: str = sysmon_etw_session_name
+        self.sysmon_directory: str = sysmon_directory
 
         # Current process pool.
-        self.processes: dict = dict()
+        self._processes: dict = dict()
 
         # The variable is responsible to stop the thread if it is running.
-        self.running: bool = False
+        self._running: bool = False
 
-        self.queue = multiprocessing.Queue()
+        self._process_queue = multiprocessing.Queue()
+        self._running_state_queue = multiprocessing.Queue()
 
     def start(self):
         if self.operation == 'thread':
@@ -195,66 +212,116 @@ class ProcessPollerPool:
         else:
             raise ValueError(f'Invalid operation type [{self.operation}]')
 
-    def stop(self):
-        self.running = False
-
-    def _start_thread(self):
-        self.running = True
-        # threading.Thread(target=self._worker, args=(self.process_polling_instance,)).start()
-        thread = threading.Thread(target=self._worker)
+        thread = threading.Thread(target=self._thread_get_queue)
         thread.daemon = True
         thread.start()
 
-    def _start_process(self):
-        self.running = True
-        multiprocessing.Process(target=self._worker).start()
+    def stop(self):
+        self._running = False
+        self._running_state_queue.put(False)
 
-        thread = threading.Thread(target=self._thread_get_queue)
+    def get_processes(self):
+        return self._processes
+
+    def _start_thread(self):
+        self._running = True
+
+        thread = threading.Thread(
+            target=_worker, args=(
+                self.poller_method, self._running_state_queue, self.interval_seconds,
+                self._process_queue, self.sysmon_etw_session_name, self.sysmon_directory,
+            )
+        )
         thread.daemon = True
         thread.start()
 
-    def _worker(self):
-        # We must initiate the connection inside the thread/process, because it is not thread-safe.
-        self.get_processes_list.connect()
-
-        exception = None
-        list_of_processes: list = list()
-        while self.running:
-            try:
-                # If the list is full (to specified 'store_cycles'), remove the first element.
-                if len(list_of_processes) == self.store_cycles:
-                    del list_of_processes[0]
-
-                # Get the current processes and reinitialize the instance of the dict.
-                current_processes: dict = dict(self.get_processes_list.get_processes())
+    def _start_process(self):
+        self._running = True
+        multiprocessing.Process(
+            target=_worker, args=(
+                self.poller_method, self._running_state_queue, self.interval_seconds,
+                self._process_queue, self.sysmon_etw_session_name, self.sysmon_directory,
+            )).start()
 
-                # Remove Command lines that contains only numbers, since they are useless.
-                for pid, process_info in current_processes.items():
-                    if process_info['cmdline'].isnumeric():
-                        current_processes[pid]['cmdline'] = str()
-                    elif process_info['cmdline'] == 'Error':
-                        current_processes[pid]['cmdline'] = str()
+    def _thread_get_queue(self):
+        while True:
+            self._processes = self._process_queue.get()
 
-                # Append the current processes to the list.
-                list_of_processes.append(current_processes)
 
-                # Merge all dicts in the list to one dict, updating with most recent PIDs.
-                self.processes = list_of_dicts.merge_to_dict(list_of_processes)
+def _worker(
+        poller_method, running_state_queue, interval_seconds, process_queue, sysmon_etw_session_name, sysmon_directory):
+    def _worker_to_get_running_state():
+        nonlocal running_state
+        running_state = running_state_queue.get()
 
-                if self.operation == 'process':
-                    self.queue.put(self.processes)
+    running_state: bool = True
 
-                time.sleep(self.interval_seconds)
-            except KeyboardInterrupt as e:
-                self.running = False
-                exception = e
-            except Exception as e:
-                self.running = False
-                exception = e
+    thread = threading.Thread(target=_worker_to_get_running_state)
+    thread.daemon = True
+    thread.start()
 
-        if not self.running:
-            self.queue.put(exception)
+    if poller_method == 'sysmon_etw':
+        poller_instance = trace_sysmon_process_creation.SysmonProcessCreationTrace(
+            attrs=['pid', 'original_file_name', 'command_line'],
+            session_name=sysmon_etw_session_name,
+            close_existing_session_name=True,
+            sysmon_directory=sysmon_directory
+        )
 
-    def _thread_get_queue(self):
-        while True:
-            self.processes = self.queue.get()
+        # We must initiate the connection inside the thread/process, because it is not thread-safe.
+        poller_instance.start()
+
+        processes = GetProcessList(get_method='pywin32', connect_on_init=True).get_processes(as_dict=True)
+        process_queue.put(processes)
+    else:
+        poller_instance = GetProcessList(get_method=poller_method)
+        poller_instance.connect()
+        processes = {}
+
+    exception = None
+    list_of_processes: list = list()
+    while running_state:
+        try:
+            if poller_method == 'sysmon_etw':
+                # Get the current processes and reinitialize the instance of the dict.
+                current_cycle: dict = poller_instance.emit()
+                current_processes: dict = {int(current_cycle['pid']): {
+                    'name': current_cycle['original_file_name'],
+                    'cmdline': current_cycle['command_line']}
+                }
+            else:
+                # Get the current processes and reinitialize the instance of the dict.
+                current_processes: dict = dict(poller_instance.get_processes())
+
+            # Remove Command lines that contains only numbers, since they are useless.
+            for pid, process_info in current_processes.items():
+                if process_info['cmdline'].isnumeric():
+                    current_processes[pid]['cmdline'] = str()
+                elif process_info['cmdline'] == 'Error':
+                    current_processes[pid]['cmdline'] = str()
+
+            # This loop is essential for keeping the command lines.
+            # When the process unloads from memory, the last polling will have only pid and executable name, but not
+            # the command line. This loop will keep the command line from the previous polling if this happens.
+            for pid, process_info in current_processes.items():
+                if pid in processes:
+                    if processes[pid]['name'] == current_processes[pid]['name']:
+                        if current_processes[pid]['cmdline'] == '':
+                            current_processes[pid]['cmdline'] = processes[pid]['cmdline']
+            processes.update(current_processes)
+
+            process_queue.put(processes)
+
+            # Since ETW is a blocking operation, we don't need to sleep.
+            if poller_method != 'sysmon_etw':
+                time.sleep(interval_seconds)
+        except KeyboardInterrupt as e:
+            running_state = False
+            exception = e
+        except Exception as e:
+            running_state = False
+            exception = e
+            print_api(f'Exception in ProcessPollerPool: {e}', color='red')
+
+    if not running_state:
+        process_queue.put(exception)

atomicshop/wrappers/psutilw/psutilw.py

@@ -164,6 +164,15 @@ def filter_processes_with_present_connections(processes) -> list:
 
 
 class PsutilProcesses:
+    """
+    Class to get all the current processes.
+
+    Example get current running processes as dicts as
+    {'<pid'>: {'name': '<process_name>', 'cmdline': '<process_cmdline>'}}:
+        from atomicshop.wrappers.psutilw import psutilw
+        processes = psutilw.PsutilProcesses().get_processes_as_dict(
+            attrs=['pid', 'name', 'cmdline'], cmdline_to_string=True)
+    """
     def __init__(self):
         self.processes = None
 

atomicshop/wrappers/sysmonw.py

@@ -0,0 +1,157 @@
+import os
+import subprocess
+
+from .. import filesystem, web, process
+
+
+# Define paths and configuration
+DEFAULT_INSTALLATION_PATH: str = 'C:\\Sysmon'
+SYSMON_FILE_NAME: str = 'Sysmon.exe'
+SYSINTERNALS_SYSMON_URL: str = 'https://download.sysinternals.com/files/Sysmon.zip'
+SYSMON_CONFIG_FILE_NAME: str = 'sysmonconfig.xml'
+SYSMON_CONFIG_FILE_PATH: str = os.path.join(DEFAULT_INSTALLATION_PATH, SYSMON_CONFIG_FILE_NAME)
+
+
+class ConfigFileNotFoundError(Exception):
+    pass
+
+
+class SymonExecutableNotFoundError(Exception):
+    pass
+
+
+class SysmonAlreadyRunningError(Exception):
+    pass
+
+
+def download_sysmon(installation_path: str = None):
+    """
+    Install Sysmon on the system.
+
+    :param installation_path: string, full path where to put the Sysmon executable.
+    """
+
+    if not installation_path:
+        installation_path = DEFAULT_INSTALLATION_PATH
+
+    # Check if the file exists
+    if not os.path.exists(installation_path):
+        filesystem.create_directory(installation_path)
+
+    web.download_and_extract_file(SYSINTERNALS_SYSMON_URL, installation_path)
+
+
+def is_sysmon_running():
+    """
+    Check if Sysmon is running.
+
+    :return: boolean, True if Sysmon is running, False otherwise.
+    """
+
+    process_list: list = process.match_pattern_against_running_processes_cmdlines(
+        pattern=SYSMON_FILE_NAME, first=True, process_name_case_insensitive=True)
+
+    if process_list:
+        return True
+    else:
+        return False
+
+
+def start_as_service(
+        installation_path: str = None,
+        config_file_path: str = None,
+        use_config_in_same_directory: bool = False,
+        download_sysmon_if_not_found: bool = False,
+        skip_if_running: bool = False
+):
+    """
+    Start Sysmon as a service. Besides starting, it installs itself as a service, meaning that on the next boot,
+    it will start automatically.
+
+    :param installation_path: string, full path where to put the Sysmon executable.
+    :param config_file_path: string, full path to the configuration file.
+    :param use_config_in_same_directory: boolean, if True, the function will use the configuration file in the same
+        directory as the Sysmon executable.
+    :param download_sysmon_if_not_found: boolean, if True, the function will download Sysmon if it is not
+        found in the 'installation_path'.
+    :param skip_if_running: boolean,
+        True, the function will not start Sysmon if it is already running.
+        False, the function will raise 'SysmonAlreadyRunningError' exception if it is already running.
+    """
+
+    # Check if sysmon already running.
+    if is_sysmon_running():
+        if skip_if_running:
+            return
+        else:
+            raise SysmonAlreadyRunningError("Sysmon is already running.")
+
+    if config_file_path and use_config_in_same_directory:
+        raise ValueError("You cannot use both 'config_file_path' and 'use_config_in_same_directory'.")
+
+    if use_config_in_same_directory:
+        config_file_path = SYSMON_CONFIG_FILE_PATH
+
+    if config_file_path:
+        # Check if the file exists
+        if not os.path.exists(config_file_path):
+            raise ConfigFileNotFoundError(f"Configuration file '{config_file_path}' not found.")
+
+    if not installation_path:
+        installation_path = DEFAULT_INSTALLATION_PATH
+
+    sysmon_file_path: str = os.path.join(installation_path, SYSMON_FILE_NAME)
+
+    # Check if the file exists
+    if not os.path.exists(sysmon_file_path):
+        if download_sysmon_if_not_found:
+            download_sysmon(installation_path)
+        else:
+            raise SymonExecutableNotFoundError(f"Sysmon executable '{sysmon_file_path}' not found.")
+
+    # Start Sysmon as a service.
+    if config_file_path:
+        subprocess.run([sysmon_file_path, '-accepteula', '-i', config_file_path])
+    else:
+        subprocess.run([sysmon_file_path, '-accepteula', '-i'])
+
+
+def stop_service(installation_path: str = None):
+    """
+    Stop Sysmon service.
+
+    :param installation_path: string, full path where to put the Sysmon executable.
+    """
+
+    if not installation_path:
+        installation_path = DEFAULT_INSTALLATION_PATH
+
+    sysmon_file_path: str = os.path.join(installation_path, SYSMON_FILE_NAME)
+
+    # Check if the file exists
+    if not os.path.exists(sysmon_file_path):
+        raise SymonExecutableNotFoundError(f"Sysmon executable '{sysmon_file_path}' not found.")
+
+    # Stop Sysmon service.
+    subprocess.run([sysmon_file_path, '-u'])
+
+
+def change_config_on_the_fly(config_file_path: str, installation_path: str = None):
+    """
+    Change the Sysmon configuration on the fly.
+
+    :param config_file_path: string, full path to the configuration file.
+    :param installation_path: string, full path where to put the Sysmon executable.
+    """
+
+    if not installation_path:
+        installation_path = DEFAULT_INSTALLATION_PATH
+
+    sysmon_file_path: str = os.path.join(installation_path, SYSMON_FILE_NAME)
+
+    # Check if the file exists
+    if not os.path.exists(sysmon_file_path):
+        raise SymonExecutableNotFoundError(f"Sysmon executable '{sysmon_file_path}' not found.")
+
+    # Change the configuration on the fly.
+    subprocess.run([sysmon_file_path, '-c', config_file_path])

{atomicshop-2.12.26.dist-info → atomicshop-2.13.1.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: atomicshop
-Version: 2.12.26
+Version: 2.13.1
 Summary: Atomic functions and classes to make developer life easier
 Author: Denis Kras
 License: MIT License

{atomicshop-2.12.26.dist-info → atomicshop-2.13.1.dist-info}/RECORD

@@ -1,4 +1,4 @@
-atomicshop/__init__.py,sha256=Wq0bf4jFBHfU0lsKuJb7kZ5yruxZGg3_luyY2rWwPss,124
+atomicshop/__init__.py,sha256=aqwPLStJUJ8YnGq3I420Yccvy8q9JIXVsivcavrcOtM,123
 atomicshop/_basics_temp.py,sha256=6cu2dd6r2dLrd1BRNcVDKTHlsHs_26Gpw8QS6v32lQ0,3699
 atomicshop/_create_pdf_demo.py,sha256=Yi-PGZuMg0RKvQmLqVeLIZYadqEZwUm-4A9JxBl_vYA,3713
 atomicshop/_patch_import.py,sha256=ENp55sKVJ0e6-4lBvZnpz9PQCt3Otbur7F6aXDlyje4,6334
@@ -9,8 +9,8 @@ atomicshop/config_init.py,sha256=z2RXD_mw9nQlAOpuGry1h9QT-2LhNscXgGAktN3dCVQ,249
 atomicshop/console_output.py,sha256=AOSJjrRryE97PAGtgDL03IBtWSi02aNol8noDnW3k6M,4667
 atomicshop/console_user_response.py,sha256=31HIy9QGXa7f-GVR8MzJauQ79E_ZqAeagF3Ks4GGdDU,3234
 atomicshop/datetimes.py,sha256=olsL01S5tkXk4WPzucxujqgLOh198BLgJntDnGYukRU,15533
-atomicshop/diff_check.py,sha256=0H4OeRxJodFIubpAoy2dFY9hixzLbkJ8NNlH6K3Xdus,27033
-atomicshop/dns.py,sha256=bNZOo5jVPzq7OT2qCPukXoK3zb1oOsyaelUwQEyK1SA,2500
+atomicshop/diff_check.py,sha256=RJvzJhyYAZyRPKVDk1dS7UwZCx0kq__WDZ6N0rNfZUY,27110
+atomicshop/dns.py,sha256=h4uZKoz4wbBlLOOduL1GtRcTm-YpiPnGOEGxUm7hhOI,2140
 atomicshop/domains.py,sha256=Rxu6JhhMqFZRcoFs69IoEd1PtYca0lMCG6F1AomP7z4,3197
 atomicshop/emails.py,sha256=I0KyODQpIMEsNRi9YWSOL8EUPBiWyon3HRdIuSj3AEU,1410
 atomicshop/file_types.py,sha256=-0jzQMRlmU1AP9DARjk-HJm1tVE22E6ngP2mRblyEjY,763
@@ -25,9 +25,9 @@ atomicshop/on_exit.py,sha256=Wf1iy2e0b0Zu7oRxrct3VkLdQ_x9B32-z_JerKTt9Z0,5493
 atomicshop/pbtkmultifile_argparse.py,sha256=aEk8nhvoQVu-xyfZosK3ma17CwIgOjzO1erXXdjwtS4,4574
 atomicshop/permissions.py,sha256=P6tiUKV-Gw-c3ePEVsst9bqWaHJbB4ZlJB4xbDYVpEs,4436
 atomicshop/print_api.py,sha256=DhbCQd0MWZZ5GYEk4oTu1opRFC-b31g1VWZgTGewG2Y,11568
-atomicshop/process.py,sha256=Zgb4CUjy9gIBaawvtCOEcxGUCqvqPyARk0lpBjRzxWE,15950
+atomicshop/process.py,sha256=R1BtXWjG2g2Q3WlsyhbIlXZz0UkQeagY7fQyBOIX_DM,15951
 atomicshop/process_name_cmd.py,sha256=CtaSp3mgxxJKCCVW8BLx6BJNx4giCklU_T7USiCEwfc,5162
-atomicshop/process_poller.py,sha256=naqoq-gJN1kkaOm_MfoM7teIkh5OniXromVR4pb0pjY,11680
+atomicshop/process_poller.py,sha256=sEuuFu3gmUrp4tY1LVxE27L0eK5LIwNKjTbV7KtzeRM,15029
 atomicshop/python_file_patcher.py,sha256=kd3rBWvTcosLEk-7TycNdfKW9fZbe161iVwmH4niUo0,5515
 atomicshop/python_functions.py,sha256=zJg4ogUwECxrDD7xdDN5JikIUctITM5lsyabr_ZNsRw,4435
 atomicshop/question_answer_engine.py,sha256=DuOn7QEgKKfqZu2cR8mVeFIfFgayfBHiW-jY2VPq_Fo,841
@@ -83,7 +83,7 @@ atomicshop/basics/argparse_template.py,sha256=horwgSf3MX1ZgRnYxtmmQuz9OU_vKrKggF
 atomicshop/basics/booleans.py,sha256=va3LYIaSOhjdifW4ZEesnIQxBICNHyQjUAkYelzchhE,2047
 atomicshop/basics/bytes_arrays.py,sha256=WvSRDhIGt1ywF95t-yNgpxLm1nlZUbM1Dz6QckcyE8Y,5915
 atomicshop/basics/classes.py,sha256=EijW_g4EhdNBnKPMG3nT3HjFspTchtM7to6zm9Ad_Mk,9771
-atomicshop/basics/dicts.py,sha256=JevEkLsQdH4Tqn8rspSey40jW6h8pJ2SP5fcuFBR4dU,13651
+atomicshop/basics/dicts.py,sha256=DeYHIh940pMMBrFhpXt4dsigFVYzTrlqWymNo4Pq_Js,14049
 atomicshop/basics/dicts_nested.py,sha256=StYxYnYPa0SEJr1lmEwAv5zfERWWqoULeyG8e0zRAwE,4107
 atomicshop/basics/enumerations.py,sha256=41VVQYh_vnVapggxKg2IRU5e_EiMpZzX1n1mtxvoSzM,1364
 atomicshop/basics/enums.py,sha256=CeV8MfqWHihK7vvV6Mbzq7rD9JykeQfrJeFdLVzfHI4,3547
@@ -96,16 +96,20 @@ atomicshop/basics/list_of_dicts.py,sha256=qI2uoYIcHjR8RSD5vtkqhpMgL6XTYRGJDcr9cb
 atomicshop/basics/lists.py,sha256=I0C62vrDrNwCTNl0EjUZNa1Jsd8l0rTkp28GEx9QoEI,4258
 atomicshop/basics/multiprocesses.py,sha256=nSskxJSlEdalPM_Uf8cc9kAYYlVwYM1GonBLAhCL2mM,18831
 atomicshop/basics/numbers.py,sha256=ESX0z_7o_ok3sOmCKAUBoZinATklgMy2v-4RndqXlVM,1837
+atomicshop/basics/package_module.py,sha256=fBd0uVgFce25ZCVtLq83iyowRlbwdWYFj_t4Ml7LU14,391
 atomicshop/basics/randoms.py,sha256=DmYLtnIhDK29tAQrGP1Nt-A-v8WC7WIEB8Edi-nk3N4,282
 atomicshop/basics/strings.py,sha256=T4MpEpwxqsiOSnXcwYkqMKB5okHiJfvUCO7t5kcRtBg,18316
 atomicshop/basics/threads.py,sha256=xvgdDJdmgN0wmmARoZ-H7Kvl1GOcEbvgaeGL4M3Hcx8,2819
 atomicshop/basics/timeit_template.py,sha256=fYLrk-X_dhdVtnPU22tarrhhvlggeW6FdKCXM8zkX68,405
 atomicshop/basics/tracebacks.py,sha256=cNfh_oAwF55kSIdqtv3boHZQIoQI8TajxkTnwJwpweI,535
-atomicshop/etw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/etw/providers.py,sha256=fVmWi-uGdtnsQTDpu_ty6dzx0GMhGokiST73LNBEJ38,129
-atomicshop/etw/sessions.py,sha256=k3miewU278xn829cqDbsuH_bmZHPQE9-Zn-hINbxUSE,1330
-atomicshop/etw/trace.py,sha256=tjBvV4RxCSn8Aoxj8NVxmqHekdECne_y4Zv2lbh11ak,5341
-atomicshop/etw/trace_dns.py,sha256=f4homrWp4qMrmjC9UrEWjr9p9MrUg7SwOVbE22_IYgw,6728
+atomicshop/etws/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+atomicshop/etws/const.py,sha256=v3x_IdCYeSKbCGywiZFOZln80ldpwKW5nuMDuUe51Jg,1257
+atomicshop/etws/providers.py,sha256=fVmWi-uGdtnsQTDpu_ty6dzx0GMhGokiST73LNBEJ38,129
+atomicshop/etws/sessions.py,sha256=k3miewU278xn829cqDbsuH_bmZHPQE9-Zn-hINbxUSE,1330
+atomicshop/etws/trace.py,sha256=tjBvV4RxCSn8Aoxj8NVxmqHekdECne_y4Zv2lbh11ak,5341
+atomicshop/etws/traces/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+atomicshop/etws/traces/trace_dns.py,sha256=wRFwfFgVgMbYJu1Sf0Yy9LPoMrf9kXejl2Xjk3PNELQ,8430
+atomicshop/etws/traces/trace_sysmon_process_creation.py,sha256=pjb0qzNZttucEWOKv2j_BGVqaSeKjBL4O8oCsAteiGU,4785
 atomicshop/file_io/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/file_io/csvs.py,sha256=y8cJtnlN-NNxNupzJgSeGq9aQ4wNxYLFPX9vNNlUiIc,5830
 atomicshop/file_io/docxs.py,sha256=6tcYFGp0vRsHR47VwcRqwhdt2DQOwrAUYhrwN996n9U,5117
@@ -135,9 +139,9 @@ atomicshop/mitm/engines/__reference_general/parser___reference_general.py,sha256
 atomicshop/mitm/engines/__reference_general/recorder___reference_general.py,sha256=KENDVf9OwXD9gwSh4B1XxACCe7iHYjrvnW1t6F64wdE,695
 atomicshop/mitm/engines/__reference_general/responder___reference_general.py,sha256=1AM49UaFTKA0AHw-k3SV3uH3QbG-o6ux0c-GoWkKNU0,6993
 atomicshop/monitor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/monitor/change_monitor.py,sha256=dGhk5bJPxLCHa2FOVkort99E7vjVojra9GlvhpcKSqE,7551
+atomicshop/monitor/change_monitor.py,sha256=eJRP7NBnA-Y_n6Ofm_jKrR5XguJV6gEmxFdtdGMBF3k,7866
 atomicshop/monitor/checks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/monitor/checks/dns.py,sha256=YLCFoolq35dnzdnBnfUA2ag-4HfvzcHfRdm3mzX8R8o,7184
+atomicshop/monitor/checks/dns.py,sha256=_DxInUSiiMa8Bx1sYJ6fRzRl7n_eAsoaGHhUk9XgF7w,7182
 atomicshop/monitor/checks/file.py,sha256=2tIDSlX2KZNc_9i9ji1tcOqupbFTIOj7cKXLyBEDWMk,3263
 atomicshop/monitor/checks/network.py,sha256=CGZWl4WlQrxayZeVF9JspJXwYA-zWx8ECWTVGSlXc98,3825
 atomicshop/monitor/checks/process_running.py,sha256=x66wd6-l466r8sbRQaIli0yswyGt1dH2DVXkGDL6O0Q,1891
@@ -163,6 +167,7 @@ atomicshop/wrappers/pipw.py,sha256=mu4jnHkSaYNfpBiLZKMZxEX_E2LqW5BVthMZkblPB_c,1
 atomicshop/wrappers/process_wrapper_pbtk.py,sha256=ycPmBRnv627RWks6N8OhxJQe8Gu3h3Vwj-4HswPOw0k,599
 atomicshop/wrappers/pycharmw.py,sha256=OHcaVlyhIqhgRioPhkeS5krDZ_NezZjpBCvyRiLjWwI,2723
 atomicshop/wrappers/pyopensslw.py,sha256=OBWxA6EJ2vU_Qlf4M8m6ilcG3hyYB4yB0EsXUf7NhEU,6804
+atomicshop/wrappers/sysmonw.py,sha256=impveU8MhbD2oizBoGLuj00wuyB8l_EiRRGIESdFESs,5359
 atomicshop/wrappers/ubuntu_terminal.py,sha256=BBZD3EH6KSDORd5IZBZM-ti4U6Qh1sZwftx42s7hqB4,10917
 atomicshop/wrappers/wslw.py,sha256=AKphiHLSddL7ErevUowr3f9Y1AgGz_R3KZ3NssW07h8,6959
 atomicshop/wrappers/certauthw/certauth.py,sha256=hKedW0DOWlEigSNm8wu4SqHkCQsGJ1tJfH7s4nr3Bk0,12223
@@ -239,7 +244,7 @@ atomicshop/wrappers/playwrightw/waits.py,sha256=308fdOu6YDqQ7K7xywj7R27sSmFanPBQ
 atomicshop/wrappers/psutilw/cpus.py,sha256=w6LPBMINqS-T_X8vzdYkLS2Wzuve28Ydp_GafTCngrc,236
 atomicshop/wrappers/psutilw/disks.py,sha256=3ZSVoommKH1TWo37j_83frB-NqXF4Nf5q5mBCX8G4jE,9221
 atomicshop/wrappers/psutilw/memories.py,sha256=_S0aL8iaoIHebd1vOFrY_T9aROM5Jx2D5CvDh_4j0Vc,528
-atomicshop/wrappers/psutilw/psutilw.py,sha256=G22ZQfGnqX15-feD8KUXfEZO4pFkIEnB8zgPzJ2jc7M,20868
+atomicshop/wrappers/psutilw/psutilw.py,sha256=q3EwgprqyrR4zLCjl4l5DHFOQoukEvQMIPjNB504oQ0,21262
 atomicshop/wrappers/psycopgw/psycopgw.py,sha256=XJvVf0oAUjCHkrYfKeFuGCpfn0Oxj3u4SbKMKA1508E,7118
 atomicshop/wrappers/pywin32w/console.py,sha256=LstHajPLgXp9qQxFNR44QfH10nOnNp3bCJquxaTquns,1175
 atomicshop/wrappers/pywin32w/winshell.py,sha256=i2bKiMldPU7_azsD5xGQDdMwjaM7suKJd3k0Szmcs6c,723
@@ -260,8 +265,8 @@ atomicshop/wrappers/socketw/socket_server_tester.py,sha256=AhpurHJmP2kgzHaUbq5ey
 atomicshop/wrappers/socketw/socket_wrapper.py,sha256=aXBwlEIJhFT0-c4i8iNlFx2It9VpCEpsv--5Oqcpxao,11624
 atomicshop/wrappers/socketw/ssl_base.py,sha256=k4V3gwkbq10MvOH4btU4onLX2GNOsSfUAdcHmL1rpVE,2274
 atomicshop/wrappers/socketw/statistics_csv.py,sha256=t3dtDEfN47CfYVi0CW6Kc2QHTEeZVyYhc57IYYh5nmA,826
-atomicshop-2.12.26.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
-atomicshop-2.12.26.dist-info/METADATA,sha256=HYm5lvYyf77XdD_MWANy8aWX2kpFD7kD-EmOZg19yOQ,10479
-atomicshop-2.12.26.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-atomicshop-2.12.26.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
-atomicshop-2.12.26.dist-info/RECORD,,
+atomicshop-2.13.1.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
+atomicshop-2.13.1.dist-info/METADATA,sha256=yOVvRROyXl4BM9Qr9EzI5BTZgvEo0OG3-uCo9Ryni2Y,10478
+atomicshop-2.13.1.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+atomicshop-2.13.1.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
+atomicshop-2.13.1.dist-info/RECORD,,