def __enter__(self):
self.context = gdef.PVOID()
self.session = gdef.PVOID()
if AmsiInitialize("TestEngine", self.context) != 0:
print("AmsiInitialize failed!")
if AmsiOpenSession(self.context, self.session) != 0:
print("AmsiOpenSession failed!")
return self
def get_ace(self, i):
"""Retrieve ``ACE`` number ``i``
:return: :class:`Ace`
"""
ace = gdef.PVOID()
winproxy.GetAce(self, i, ace)
# TODO: subclass ACL
return AceHeader.from_address(ace.value).subclass()
def get_file_version(self, name):
size = winproxy.GetFileVersionInfoSizeA(name)
buf = ctypes.c_buffer(size)
winproxy.GetFileVersionInfoA(name, 0, size, buf)
bufptr = gdef.PVOID()
bufsize = gdef.UINT()
winproxy.VerQueryValueA(buf, "\\VarFileInfo\\Translation", ctypes.byref(bufptr), ctypes.byref(bufsize))
bufstr = ctypes.cast(bufptr, gdef.LPCSTR)
tup = struct.unpack("<HH", bufstr.value[:4])
req = "{0:04x}{1:04x}".format(*tup)
winproxy.VerQueryValueA(buf, "\\StringFileInfo\\{0}\\ProductVersion".format(req), ctypes.byref(bufptr), ctypes.byref(bufsize))
bufstr = ctypes.cast(bufptr, gdef.LPCSTR)
return bufstr.value
def Wow64RevertWow64FsRedirection(OldValue=None):
if OldValue is None:
OldValue = gdef.PVOID()
return Wow64RevertWow64FsRedirection.ctypes_function(OldValue)