('nFileSizeHigh', ctypes.c_uint32),
('nFileSizeLow', ctypes.c_uint32),
('cFileName', ctypes.c_uint8 * MAX_PATH),
]
# Realistically, at least two chars for most fields.
_regex_ = {
'cFileName': "[a-zA-Z_0-9\.]{10}[\x00a-zA-Z_0-9\..]{250}",
}
# TODO: To build the list of structures, list all derived classes from this module.
lstStructs = [
struct_SAFEARRAY, struct_SAFEARRAYBOUND, struct_IP_ADDRESS_STRING,
struct_DISPLAY_DEVICE, struct_FILETIME, struct_GUID, struct_FILEDESCRIPTOR,
struct_MODULEENTRY32, struct_FILE_SYSTEM_RECOGNITION_STRUCTURE
]
# This was tried with all running processes: No result.
# lstStructs = [ struct_FILE_SYSTEM_RECOGNITION_STRUCTURE ]
# OK
lstStructs = [struct_IP_ADDRESS_STRING]
# Pas clair.
lstStructs = [struct_MODULEENTRY32]
lstStructs = [struct_FILEDESCRIPTOR]
ctypes_scanner.DoAll(lstStructs)
# };
class struct_addrinfo(ctypes.Structure):
_pack_ = True # source:False
_fields_ = [
('ai_flags', ctypes.c_int32), # AI_PASSIVE
('ai_family', ctypes.c_int32), # AF_PROTO_TCP
('ai_socktype', ctypes.c_int32), # SOCK_DGRAM
('ai_protocol', ctypes.c_int32), # 0
# ('ai_addrlen', ctypes.c_int64), # In fact, size_t
('ai_addrlen', ctypes.c_int32), # In fact, size_t
('ai_canonname', POINTER_T(ctypes.c_char)),
('ai_addr', POINTER_T(None)),
('ai_next', POINTER_T(None)),
]
_regex_ = {
'ai_family': "[\\x00\\x06\\x11\\x84]\\x00\\x00\\x00",
'ai_socktype': "[\\x01-\\x06\\x0A]\\x00\\x00\\x00",
'ai_addrlen':
"[\\x00-\\x0F][\\x00-\\xFF]\\x00\\x00", # Should not be very big.
}
lstStructs = [
struct_time_t, struct_FixedString, struct_Url_http, struct_addrinfo,
struct_time_t
]
lstStructs = [struct_Url_http, struct_Url_https]
ctypes_scanner.DoAll(lstStructs, verbose=False)