Example #1
0
def is_aarch64_host():
    from ctypes import wintypes

    kernel32 = ctypes.windll.kernel32
    IMAGE_FILE_MACHINE_UNKNOWN = 0
    IMAGE_FILE_MACHINE_ARM64 = 0xAA64

    try:
        iswow64process2 = kernel32.IsWow64Process2
    except Exception:
        # If we can't access the symbol, we know we're not on aarch64.
        return False

    currentProcess = kernel32.GetCurrentProcess()
    processMachine = wintypes.USHORT(IMAGE_FILE_MACHINE_UNKNOWN)
    nativeMachine = wintypes.USHORT(IMAGE_FILE_MACHINE_UNKNOWN)

    gotValue = iswow64process2(
        currentProcess, ctypes.byref(processMachine), ctypes.byref(nativeMachine)
    )
    # If this call fails, we have no idea.
    if not gotValue:
        return False

    return nativeMachine.value == IMAGE_FILE_MACHINE_ARM64
Example #2
0
def pack_file_lznt (buffer_data, buffer_length):
	format_and_engine = wintypes.USHORT (FORMATS["COMPRESSION_FORMAT_LZNT1"].value | ENGINES["COMPRESSION_ENGINE_MAXIMUM"].value)

	workspace_buffer_size = wintypes.ULONG()
	workspace_fragment_size = wintypes.ULONG()

	# RtlGetCompressionWorkSpaceSize
	ctypes.windll.ntdll.RtlGetCompressionWorkSpaceSize.restype = wintypes.LONG
	ctypes.windll.ntdll.RtlGetCompressionWorkSpaceSize.argtypes = (
		wintypes.USHORT,
		wintypes.PULONG,
		wintypes.PULONG
	)

	status = ctypes.windll.ntdll.RtlGetCompressionWorkSpaceSize (
		format_and_engine,
		ctypes.byref(workspace_buffer_size),
		ctypes.byref(workspace_fragment_size)
	)

	if status != 0:
		print ('RtlGetCompressionWorkSpaceSize failed: 0x{0:X} {0:d} ({1:s})'.format(status, ctypes.FormatError(status)))
		return None, 0

	# Allocate memory
	compressed_buffer = ctypes.create_string_buffer (buffer_length)
	compressed_length = wintypes.ULONG()

	workspace = ctypes.create_string_buffer (workspace_fragment_size.value)

	# RtlCompressBuffer
	ctypes.windll.ntdll.RtlCompressBuffer.restype = wintypes.LONG
	ctypes.windll.ntdll.RtlCompressBuffer.argtypes = (
		wintypes.USHORT,
		wintypes.LPVOID,
		wintypes.ULONG,
		wintypes.LPVOID,
		wintypes.ULONG,
		wintypes.ULONG,
		wintypes.PULONG,
		wintypes.LPVOID
	)

	status = ctypes.windll.ntdll.RtlCompressBuffer (
		format_and_engine,
		ctypes.addressof (buffer_data),
		ctypes.sizeof (buffer_data),
		ctypes.addressof (compressed_buffer),
		ctypes.sizeof (compressed_buffer),
		wintypes.ULONG (4096),
		ctypes.byref (compressed_length),
		ctypes.addressof (workspace)
	)

	if status != 0:
		print ('RtlCompressBuffer failed: 0x{0:X} {0:d} ({1:s})'.format (status, ctypes.FormatError(status)))
		return None, 0

	return compressed_buffer, compressed_length
Example #3
0
    def set_options(self, mount_point: str, thread: int = 1):
        """设置dokan配置

        Args:
            
            mount_point: 挂载点, 如k, 代表挂载成k盘
        """
        self.dokan_options = dokan_structure.Builder().build_DOKAN_OPTIONS()
        self.dokan_options.ThreadCount = wintypes.USHORT(thread)
        self.dokan_options.MountPoint = wintypes.LPCWSTR(mount_point)
Example #4
0
    def __init__(self, filter_in, events):
        struct_size = len(events) * ct.sizeof(
            wt.USHORT) + ct.sizeof(EVENT_FILTER_EVENT_ID)
        self._buf = (ct.c_char * struct_size)()
        self._props = ct.cast(ct.pointer(self._buf),
                              ct.POINTER(EVENT_FILTER_EVENT_ID))
        self._props.contents.FilterIn = filter_in
        self._props.contents.Reserved = 0
        self._props.contents.Count = len(events)

        for i in range(len(events)):
            ct.memmove(
                ct.cast(
                    ct.addressof(self._buf) +
                    ct.sizeof(EVENT_FILTER_EVENT_ID) +
                    (ct.sizeof(wt.WCHAR) * i), ct.c_void_p),
                ct.byref(wt.USHORT(events[i])), ct.sizeof(wt.WCHAR))