Beispiel #1
0
    def __enter__(self):
        self.context = gdef.PVOID()
        self.session = gdef.PVOID()

        if AmsiInitialize("TestEngine", self.context) != 0:
            print("AmsiInitialize failed!")

        if AmsiOpenSession(self.context, self.session) != 0:
            print("AmsiOpenSession failed!")
        return self
Beispiel #2
0
    def get_ace(self, i):
        """Retrieve ``ACE`` number ``i``

        :return: :class:`Ace`
        """
        ace = gdef.PVOID()
        winproxy.GetAce(self, i, ace)
        # TODO: subclass ACL
        return AceHeader.from_address(ace.value).subclass()
Beispiel #3
0
    def get_file_version(self, name):
        size = winproxy.GetFileVersionInfoSizeA(name)
        buf = ctypes.c_buffer(size)
        winproxy.GetFileVersionInfoA(name, 0, size, buf)

        bufptr = gdef.PVOID()
        bufsize = gdef.UINT()
        winproxy.VerQueryValueA(buf, "\\VarFileInfo\\Translation", ctypes.byref(bufptr), ctypes.byref(bufsize))
        bufstr = ctypes.cast(bufptr, gdef.LPCSTR)
        tup = struct.unpack("<HH", bufstr.value[:4])
        req = "{0:04x}{1:04x}".format(*tup)
        winproxy.VerQueryValueA(buf, "\\StringFileInfo\\{0}\\ProductVersion".format(req), ctypes.byref(bufptr), ctypes.byref(bufsize))
        bufstr = ctypes.cast(bufptr, gdef.LPCSTR)
        return bufstr.value
def Wow64RevertWow64FsRedirection(OldValue=None):
    if OldValue is None:
        OldValue = gdef.PVOID()
    return Wow64RevertWow64FsRedirection.ctypes_function(OldValue)