('nFileSizeHigh', ctypes.c_uint32), ('nFileSizeLow', ctypes.c_uint32), ('cFileName', ctypes.c_uint8 * MAX_PATH), ] # Realistically, at least two chars for most fields. _regex_ = { 'cFileName': "[a-zA-Z_0-9\.]{10}[\x00a-zA-Z_0-9\..]{250}", } # TODO: To build the list of structures, list all derived classes from this module. lstStructs = [ struct_SAFEARRAY, struct_SAFEARRAYBOUND, struct_IP_ADDRESS_STRING, struct_DISPLAY_DEVICE, struct_FILETIME, struct_GUID, struct_FILEDESCRIPTOR, struct_MODULEENTRY32, struct_FILE_SYSTEM_RECOGNITION_STRUCTURE ] # This was tried with all running processes: No result. # lstStructs = [ struct_FILE_SYSTEM_RECOGNITION_STRUCTURE ] # OK lstStructs = [struct_IP_ADDRESS_STRING] # Pas clair. lstStructs = [struct_MODULEENTRY32] lstStructs = [struct_FILEDESCRIPTOR] ctypes_scanner.DoAll(lstStructs)
# }; class struct_addrinfo(ctypes.Structure): _pack_ = True # source:False _fields_ = [ ('ai_flags', ctypes.c_int32), # AI_PASSIVE ('ai_family', ctypes.c_int32), # AF_PROTO_TCP ('ai_socktype', ctypes.c_int32), # SOCK_DGRAM ('ai_protocol', ctypes.c_int32), # 0 # ('ai_addrlen', ctypes.c_int64), # In fact, size_t ('ai_addrlen', ctypes.c_int32), # In fact, size_t ('ai_canonname', POINTER_T(ctypes.c_char)), ('ai_addr', POINTER_T(None)), ('ai_next', POINTER_T(None)), ] _regex_ = { 'ai_family': "[\\x00\\x06\\x11\\x84]\\x00\\x00\\x00", 'ai_socktype': "[\\x01-\\x06\\x0A]\\x00\\x00\\x00", 'ai_addrlen': "[\\x00-\\x0F][\\x00-\\xFF]\\x00\\x00", # Should not be very big. } lstStructs = [ struct_time_t, struct_FixedString, struct_Url_http, struct_addrinfo, struct_time_t ] lstStructs = [struct_Url_http, struct_Url_https] ctypes_scanner.DoAll(lstStructs, verbose=False)