Exemple #1
0
 def info(self):
     # Need other stuff ?
     nb_key = gdef.DWORD()
     nb_values = gdef.DWORD()
     last_modif = gdef.FILETIME()
     winproxy.RegQueryInfoKeyW(self.phkey, None, None, None, nb_key, None,
                               None, nb_values, None, None, None,
                               last_modif)
     return nb_key.value, nb_values.value, int(last_modif)
Exemple #2
0
    def process(self, callback, begin=None, end=None, context=None):
        """Process the event retrieved by the trace.
        This function will call ``callback`` with any :class:`EventRecord` in the trace.
        ``begin/end`` allow to filter and only process events in a given timeframe.

        .. warning::

            If the trace if ``REALTIME`` (no logfile) this function will hang/process new event until the trace is stopped.

            Using ``logman -ets stop TRACE_NAME`` for exemple.

        """
        if end == "now":
            end = gdef.FILETIME()
            windows.winproxy.GetSystemTimeAsFileTime(end)
            windows.utils.sprint(end)

        logfile = gdef.EVENT_TRACE_LOGFILEW()
        logfile.LoggerName = windows.pycompat.raw_decode(self.name)
        # logfile.ProcessTraceMode = gdef.PROCESS_TRACE_MODE_EVENT_RECORD | gdef.PROCESS_TRACE_MODE_RAW_TIMESTAMP
        logfile.ProcessTraceMode = gdef.PROCESS_TRACE_MODE_EVENT_RECORD
        if not self.logfile:
            logfile.ProcessTraceMode |= gdef.PROCESS_TRACE_MODE_REAL_TIME
        else:
            # logfile.ProcessTraceMode |= gdef.PROCESS_TRACE_MODE_REAL_TIME
            logfile.LogFileName = self.logfile

        if context:
            context_ptr = ctypes.pointer(ctypes.py_object(context))
            logfile.Context = ctypes.cast(context_ptr, ctypes.c_void_p)

        @ctypes.WINFUNCTYPE(gdef.PVOID, PEventRecord)
        def real_callback(record_ptr):
            try:
                x = callback(record_ptr[0])
            except Exception as e:
                print("CALLBACK ERROR: {0}".format(e))
                return 1
            if x is None:
                x = 1
            return x

        @ctypes.WINFUNCTYPE(gdef.PVOID, gdef.PEVENT_TRACE_LOGFILEW)
        def buffer_callback(trace):
            print("Buffer-callback: event-lost={0}".format(
                trace[0].LogfileHeader.EventsLost))
            print("Buffer-callback: buffer-lost={0}".format(
                trace[0].LogfileHeader.BuffersLost))
            return True

        logfile.EventRecordCallback = ctypes.cast(real_callback, gdef.PVOID)
        # logfile.BufferCallback  = ctypes.cast(buffer_callback, gdef.PVOID)
        r = windows.winproxy.OpenTraceW(logfile)
        rh = gdef.TRACEHANDLE(r)
        return windows.winproxy.ProcessTrace(rh, 1, begin, end)
Exemple #3
0
    def process(self, callback, begin=None, end=None, context=None):
        if end == "now":
            end = gdef.FILETIME()
            windows.winproxy.GetSystemTimeAsFileTime(end)
            windows.utils.sprint(end)

        logfile = gdef.EVENT_TRACE_LOGFILEW()
        logfile.LoggerName = windows.pycompat.raw_decode(self.name)
        # logfile.ProcessTraceMode = gdef.PROCESS_TRACE_MODE_EVENT_RECORD | gdef.PROCESS_TRACE_MODE_RAW_TIMESTAMP
        logfile.ProcessTraceMode = gdef.PROCESS_TRACE_MODE_EVENT_RECORD
        if not self.logfile:
            logfile.ProcessTraceMode |= gdef.PROCESS_TRACE_MODE_REAL_TIME
        else:
            # logfile.ProcessTraceMode |= gdef.PROCESS_TRACE_MODE_REAL_TIME
            logfile.LogFileName = self.logfile

        if context:
            context_ptr = ctypes.pointer(ctypes.py_object(context))
            logfile.Context = ctypes.cast(context_ptr, ctypes.c_void_p)

        @ctypes.WINFUNCTYPE(gdef.PVOID, PEventRecord)
        def real_callback(record_ptr):
            try:
                x = callback(record_ptr[0])
            except Exception as e:
                print("CALLBACK ERROR: {0}".format(e))
                return 1
            if x is None:
                x = 1
            return x

        @ctypes.WINFUNCTYPE(gdef.PVOID, gdef.PEVENT_TRACE_LOGFILEW)
        def buffer_callback(trace):
            print("Buffer-callback: event-lost={0}".format(trace[0].LogfileHeader.EventsLost))
            print("Buffer-callback: buffer-lost={0}".format(trace[0].LogfileHeader.BuffersLost))
            return True

        logfile.EventRecordCallback  = ctypes.cast(real_callback, gdef.PVOID)
        # logfile.BufferCallback  = ctypes.cast(buffer_callback, gdef.PVOID)
        r = windows.winproxy.OpenTraceW(logfile)
        rh = gdef.TRACEHANDLE(r)
        return windows.winproxy.ProcessTrace(rh, 1, begin, end)
Exemple #4
0
 def _get_time(self):
     now = gdef.FILETIME()
     windows.winproxy.GetSystemTimeAsFileTime(now)
     return now