def get_root_hub_name(handle): buf = win32file.DeviceIoControl(handle, IOCTL_USB_GET_ROOT_HUB_NAME, None, 6, None) act_len, _ = struct.unpack('LH', buf) buf = win32file.DeviceIoControl(handle, IOCTL_USB_GET_ROOT_HUB_NAME, None, act_len, None) return buf[4:].decode('utf-16le')
def openTunTap(self): guid = self.get_device_guid() tun_handle = win32file.CreateFile( r'\\.\Global\%s.tap' % guid, win32file.GENERIC_READ | win32file.GENERIC_WRITE, win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE, None, win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_SYSTEM|win32file.FILE_FLAG_OVERLAPPED, None) win32file.DeviceIoControl(tun_handle, self.TAP_IOCTL_SET_MEDIA_STATUS, '\x01\x00\x00\x00', None) configTunParam = [] configTunParam += self.tun_ipv4_address configTunParam += self.tun_ipv4_network configTunParam += self.tun_ipv4_netmask configTunParam = ''.join([chr(b) for b in configTunParam]) win32file.DeviceIoControl( tun_handle, self.TAP_IOCTL_CONFIG_TUN, configTunParam, None) return tun_handle
def get_device_size(self, name, partition=0): assert partition == 0 import win32file import win32con import winioctlcon import win32api import struct hFile = win32file.CreateFile(name, win32con.GENERIC_READ, 0, None, win32con.OPEN_EXISTING, 0, None) buffer = " " * 1024 data = win32file.DeviceIoControl( hFile, winioctlcon.IOCTL_DISK_GET_DRIVE_GEOMETRY, buffer, 1024) tup = struct.unpack("qiiii", data) if tup[1] in (winioctlcon.FixedMedia, winioctlcon.RemovableMedia): size = reduce(int.__mul__, tup[:1] + tup[2:]) logging.debug("Found FixedMedia or RemovableMedia of size " + str(size)) data = win32file.DeviceIoControl( hFile, winioctlcon.IOCTL_DISK_GET_LENGTH_INFO, buffer, 1024) win32api.CloseHandle(hFile) if data: tup = struct.unpack("q", data) size = tup[0] logging.debug("Found regular device of size " + str(size)) return size >> 9
def freeDrive(drive): try: hVol = msvcrt.get_osfhandle(drive.fileno()) win32file.DeviceIoControl(hVol, winioctlcon.FSCTL_DISMOUNT_VOLUME,None, None) win32file.DeviceIoControl(hVol, winioctlcon.FSCTL_UNLOCK_VOLUME,None, None) except: #no operations performed exit
def get_ext_hub_name(handle, index): hub_name = chr(index) + '\0' * 9 buf = win32file.DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_NAME, hub_name, 10, None) _, act_len, _ = struct.unpack('LLH', buf) buf = win32file.DeviceIoControl(handle, IOCTL_USB_GET_NODE_CONNECTION_NAME, hub_name, act_len, None) return buf[8:].decode('utf-16le')
def demo(): """ Definition of buffer used with FSCTL_TXFS_CREATE_MINIVERSION: typedef struct _TXFS_CREATE_MINIVERSION_INFO{ USHORT StructureVersion; USHORT StructureLength; ULONG BaseVersion; USHORT MiniVersion;} """ buf_fmt='HHLH0L' ## buffer size must include struct padding buf_size=struct.calcsize(buf_fmt) tempdir=win32api.GetTempPath() tempfile=win32api.GetTempFileName(tempdir,'cft')[0] print("Demonstrating transactions on tempfile", tempfile) f=open(tempfile,'w') f.write('This is original file.\n') f.close() trans=win32transaction.CreateTransaction(Description='Test creating miniversions of a file') hfile=win32file.CreateFileW(tempfile, win32con.GENERIC_READ|win32con.GENERIC_WRITE, win32con.FILE_SHARE_READ|win32con.FILE_SHARE_WRITE, None, win32con.OPEN_EXISTING, 0 , None, Transaction=trans) win32file.WriteFile(hfile, str2bytes('This is first miniversion.\n')) buf=win32file.DeviceIoControl(hfile, winioctlcon.FSCTL_TXFS_CREATE_MINIVERSION,None,buf_size,None) struct_ver, struct_len, base_ver, ver_1=struct.unpack(buf_fmt, buf) win32file.SetFilePointer(hfile, 0, win32con.FILE_BEGIN) win32file.WriteFile(hfile, str2bytes('This is second miniversion!\n')) buf=win32file.DeviceIoControl(hfile, winioctlcon.FSCTL_TXFS_CREATE_MINIVERSION,None,buf_size,None) struct_ver, struct_len, base_ver, ver_2=struct.unpack(buf_fmt, buf) hfile.Close() ## miniversions can't be opened with write access hfile_0=win32file.CreateFileW(tempfile, win32con.GENERIC_READ, win32con.FILE_SHARE_READ|win32con.FILE_SHARE_WRITE, None, win32con.OPEN_EXISTING, 0 , None, Transaction=trans, MiniVersion=base_ver) print('version:',base_ver,win32file.ReadFile(hfile_0, 100)) hfile_0.Close() hfile_1=win32file.CreateFileW(tempfile, win32con.GENERIC_READ, win32con.FILE_SHARE_READ|win32con.FILE_SHARE_WRITE, None, win32con.OPEN_EXISTING, 0 , None, Transaction=trans, MiniVersion=ver_1) print('version:',ver_1,win32file.ReadFile(hfile_1, 100)) hfile_1.Close() hfile_2=win32file.CreateFileW(tempfile, win32con.GENERIC_READ, win32con.FILE_SHARE_READ|win32con.FILE_SHARE_WRITE, None, win32con.OPEN_EXISTING, 0 , None, Transaction=trans, MiniVersion=ver_2) print('version:',ver_2,win32file.ReadFile(hfile_2, 100)) hfile_2.Close() ## MiniVersions are destroyed when transaction is committed or rolled back win32transaction.CommitTransaction(trans) os.unlink(tempfile)
def lock_volume(vol): hVol = msvcrt.get_osfhandle(vol.fileno()) win32file.DeviceIoControl(hVol, winioctlcon.FSCTL_LOCK_VOLUME, None, None) try: yield vol finally: try: vol.flush() finally: win32file.DeviceIoControl(hVol, winioctlcon.FSCTL_UNLOCK_VOLUME, None, None)
def _createTunIf(self): ''' Open a TUN/TAP interface and switch it to TUN mode. :returns: The handler of the interface, which can be used for later read/write operations. ''' # retrieve the ComponentId from the TUN/TAP interface componentId = self._get_tuntap_ComponentId() # create a win32file for manipulating the TUN/TAP interface tunIf = win32file.CreateFile( r'\\.\Global\%s.tap' % componentId, win32file.GENERIC_READ | win32file.GENERIC_WRITE, win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE, None, win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_SYSTEM | win32file.FILE_FLAG_OVERLAPPED, None ) # have Windows consider the interface now connected win32file.DeviceIoControl( tunIf, TAP_IOCTL_SET_MEDIA_STATUS, '\x01\x00\x00\x00', None ) # prepare the parameter passed to the TAP_IOCTL_CONFIG_TUN commmand. # This needs to be a 12-character long string representing # - the tun interface's IPv4 address (4 characters) # - the tun interface's IPv4 network address (4 characters) # - the tun interface's IPv4 network mask (4 characters) configTunParam = [] configTunParam += TUN_IPv4_ADDRESS configTunParam += TUN_IPv4_NETWORK configTunParam += TUN_IPv4_NETMASK configTunParam = ''.join([chr(b) for b in configTunParam]) # switch to TUN mode (by default the interface runs in TAP mode) win32file.DeviceIoControl( tunIf, TAP_IOCTL_CONFIG_TUN, configTunParam, None ) # return the handler of the TUN interface return tunIf
def get_driverkey_name(handle, index): key_name = chr(index) + '\0' * 9 try: buf = win32file.DeviceIoControl( handle, IOCTL_USB_GET_NODE_CONNECTION_DRIVERKEY_NAME, key_name, 10, None) except pywintypes.error as e: print(e.strerror, index) sys.exit(1) _, act_len, _ = struct.unpack('LLH', buf) buf = win32file.DeviceIoControl( handle, IOCTL_USB_GET_NODE_CONNECTION_DRIVERKEY_NAME, key_name, act_len, None) return buf[8:].decode('utf-16le')
def lockPhysicalDrive(handle, logfunc=lambda s: None): try: win32file.DeviceIoControl(handle, winioctlcon.FSCTL_ALLOW_EXTENDED_DASD_IO, None, 0, None) except pywintypes.error as e: logfunc('IO boundary checks diabled.') for retry in range(20): try: win32file.DeviceIoControl(handle, winioctlcon.FSCTL_LOCK_VOLUME, None, 0, None) return except pywintypes.error as e: logfunc(str(e)) time.sleep(1) raise RuntimeError("Couldn't lock the Volume.")
def updateMAC(self): #The following command can not have an overlapped structure passed to it (throws invalid command exception) self.myMACaddr = win32file.DeviceIoControl(self.myInterface, self.TAP_IOCTL_GET_MAC, None, 16) alert("MAC address updated: " + str(self.myMACaddr)) return self.myMACaddr
def main(): parser = argparse.ArgumentParser() parser.add_argument('-v', '--verbose', action='store_true', help="Increase output verbosity.") args = parser.parse_args() for i in range(10): name = r"\\.\HCD{}".format(i) handle = open_dev(name) if not handle: continue root = get_root_hub_name(handle) print('{}RootHub: {}'.format('\n' if i != 0 else '', root)) dev_name = r'\\.\{}'.format(root) dev_handle = open_dev(dev_name) if not dev_handle: print('Failed to open device {}'.format(dev_name)) continue buf = win32file.DeviceIoControl(dev_handle, IOCTL_USB_GET_NODE_INFORMATION, None, 76, None) print_hub_ports(dev_handle, ord(buf[6]), args.verbose, 0) dev_handle.close() handle.close()
def ParseMemoryRuns(self): result = win32file.DeviceIoControl(self.fhandle, INFO_IOCTRL, "", 102400, None) fmt_string = "Q" * len(self.FIELDS) self.memory_parameters = dict( zip(self.FIELDS, struct.unpack_from(fmt_string, result))) if not self.get_config().dtb: self.dtb = self.memory_parameters["CR3"] self.get_config().dtb = self.dtb else: self.dtb = self.get_config().dtb if not self.get_config().process_id: self.process_id = 0 self.get_config().process_id = 0 else: self.process_id = self.get_config().process_id logging.debug("PmemAddressSpace dtb:{0} process_id:{1}".format( self.dtb, self.process_id)) #rajesh #self.session.SetParameter("dtb", int(self.dtb)) offset = struct.calcsize(fmt_string) for x in xrange(self.memory_parameters["NumberOfRuns"]): start, length = struct.unpack_from("QQ", result, x * 16 + offset) #print "FileAddressSpace inserting run start:{0} start:{1} length:{2}".format(start, start, length) self.runs.append((start, start, length))
def get_allocated_regions(path, f=None, begin=0, length=None): supported = get_sparse_files_support(path) if not supported: return if os.name == 'nt': if not os.path.exists(path): return False if f is None: f = file(path, 'r') handle = win32file._get_osfhandle(f.fileno()) if length is None: length = os.path.getsize(path) - begin a = SparseSet() interval = 10000000 i = begin end = begin + length while i < end: d = struct.pack("<QQ", i, interval) try: r = win32file.DeviceIoControl(handle, FSCTL_QUERY_ALLOCATED_RANGES, d, interval, None) except pywintypes.error, e: # I've seen: # error: (1784, 'DeviceIoControl', 'The supplied user buffer is not valid for the requested operation.') return for c in xrange(0, len(r), 16): qq = struct.unpack("<QQ", r[c:c + 16]) b = qq[0] e = b + qq[1] a.add(b, e) i += interval return a
def property(self, property, value=None): ''' Get or set property @type property: string @param property: Name of method to invoke @type value: object @param value: Value to set. If None, return property instead ''' win32file.DeviceIoControl(self.hDevice, self.IOCTL_PEACH_METHOD_PROPERTY, property, 1) win32file.DeviceIoControl(self.hDevice, self.IOCTL_PEACH_METHOD_DATA, value, 1)
def _ioctl(self, ioctlCode, buffer="", outSize=0): self.log("Sending ioctl %s: '%s'" % ( hex(ioctlCode), buffer.encode("hex"), )) return win32file.DeviceIoControl(self._driverHandle, ioctlCode, buffer, outSize)
def Run(self, args): """Run.""" # This action might crash the box so we need to flush the transaction log. self.SyncTransactionLog() # Do any initialization we need to do. logging.debug("Querying device %s", args.path) fd = win32file.CreateFile( args.path, win32file.GENERIC_READ | win32file.GENERIC_WRITE, win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE, None, win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_NORMAL, None) data = win32file.DeviceIoControl(fd, INFO_IOCTRL, "", 1024, None) fmt_string = "QQl" cr3, _, number_of_runs = struct.unpack_from(fmt_string, data) result = rdfvalue.MemoryInformation( cr3=cr3, device=rdfvalue.PathSpec( path=args.path, pathtype=rdfvalue.PathSpec.PathType.MEMORY)) offset = struct.calcsize(fmt_string) for x in range(number_of_runs): start, length = struct.unpack_from("QQ", data, x * 16 + offset) result.runs.Append(offset=start, length=length) self.SendReply(result)
def make_reparse_point(dest, link): if dest[-1] == '/' or dest[-1] == '\\': dest = dest[:len(dest) - 1] link = os.path.abspath(link) if link[-1] == '/' or link[-1] == '\\': link = link[:len(link) - 1] os.mkdir(dest) dirh = win32file.CreateFile( dest, win32file.GENERIC_READ | win32file.GENERIC_WRITE, 0, None, win32file.OPEN_EXISTING, win32file.FILE_FLAG_OPEN_REPARSE_POINT | win32file.FILE_FLAG_BACKUP_SEMANTICS, None) tag = 0xA0000003L link = '\\??\\' + link link = link.encode('utf-16')[2:] datalen = len(link) inp = struct.pack('LHHHHHH', tag, datalen + 8 + 4, 0, 0, datalen, datalen + 2, 0) + link + '\0\0\0\0' try: win32file.DeviceIoControl(dirh, winioctlcon.FSCTL_SET_REPARSE_POINT, inp, None) except: os.rmdir(dest) raise finally: win32file.CloseHandle(dirh)
def readlink(fpath): """ Windows readlink implementation. """ # This wouldn't return true if the file didn't exist, as far as I know. if not islink(fpath): return None try: # Open the file correctly depending on the string type. if type(fpath) == unicode: handle = win32file.CreateFileW(fpath, win32file.GENERIC_READ, 0, None, win32file.OPEN_EXISTING, win32file.FILE_FLAG_OPEN_REPARSE_POINT | win32file.FILE_FLAG_BACKUP_SEMANTICS, 0) else: handle = win32file.CreateFile(fpath, win32file.GENERIC_READ, 0, None, win32file.OPEN_EXISTING, win32file.FILE_FLAG_OPEN_REPARSE_POINT | win32file.FILE_FLAG_BACKUP_SEMANTICS, 0) # MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 16384 = (16*1024) buffer = win32file.DeviceIoControl(handle, winioctlcon.FSCTL_GET_REPARSE_POINT, None, 16*1024) # Above will return an ugly string (byte array), so we'll need to parse it. # But first, we'll close the handle to our file so we're not locking it anymore. win32file.CloseHandle(handle) # Minimum possible length (assuming that the length of the target is bigger than 0) if len(buffer) < 9: return None # Parse and return our result. result = _parse_reparse_buffer(buffer) offset = result[SYMBOLIC_LINK]['substitute_name_offset'] ending = offset + result[SYMBOLIC_LINK]['substitute_name_length'] rpath = result[SYMBOLIC_LINK]['buffer'][offset:ending].replace('\x00','') if len(rpath) > 4 and rpath[0:4] == '\\??\\': rpath = rpath[4:] return rpath except pywintypes.error, e: raise OSError(e.winerror, e.strerror, fpath)
def map_phys_to_lin(self, PhysStruct): if (not win32file.DeviceIoControl( self.hDriver, IOCTL_WINIO_MAPPHYSTOLIN, memoryview(PhysStruct), memoryview(PhysStruct))): raise DeviceIoControlError("Failed on IOCTL_WINIO_MAPPHYSTOLIN") return PhysStruct.pvPhysMemLin
def __get_port_value(self, wPortAddr, bSize): if bSize not in [1, 2, 4]: raise InvalidArgumentError( 'Argument "bSize" only accept 1, 2, 4. Current value : %s!' % (str(bSize))) # If this is a 64 bit OS, we must use the driver to access I/O ports # even if the application is 32 bit if self.__is_64bit_os(): PortStruct = tagPortStruct() PortStruct.bSize = bSize PortStruct.wPortAddr = wPortAddr return struct.unpack( '@L', win32file.DeviceIoControl(self.hDriver, IOCTL_WINIO_READPORT, memoryview(PortStruct), 4))[0] else: if bSize == 1: return ctypes.c_ubyte( ctypes.cdll.msvcrt._inp(ctypes.c_ushort(wPortAddr))).value elif bSize == 2: return ctypes.c_ushort( ctypes.cdll.msvcrt._inpw(ctypes.c_ushort(wPortAddr))).value elif bSize == 4: return ctypes.c_ulong( ctypes.cdll.msvcrt._inpd(ctypes.c_ushort(wPortAddr))).value
def _sparse_magic(handle, length=0): win32file.DeviceIoControl(handle, FSCTL_SET_SPARSE, '', 0, None) win32file.SetFilePointer(handle, length, win32file.FILE_BEGIN) win32file.SetEndOfFile(handle) win32file.SetFilePointer(handle, 0, win32file.FILE_BEGIN)
def setMediaConnectionStatus(self, toConnected): #In most TunTap examples, the following line omits an overlapped structure. However, the windows documentation says it should be used #if the handle is created with the overlapped flag set. The offsets should be initialized to zero, then left unused. win32file.DeviceIoControl(self.myInterface, self.TAP_IOCTL_SET_MEDIA_STATUS, toConnected.to_bytes(4, "little"), None, self.overlapped)
def GetSystemEncryptionState(): status = BootEncryptionStatus() hDevice = win32file.CreateFile(VERACRYPT_DRIVER_STR, 0, 0, None, win32file.OPEN_EXISTING, 0, None) try: win32file.DeviceIoControl(hDevice, VC_IOCTL_GET_BOOT_ENCRYPTION_STATUS, None, status) except pywintypes.error as e: print "Call to VeraCrypt driver (GET_BOOT_ENCRYPTION_STATUS) failed with error '%s'" % str( e[2]) finally: hDevice.close() if status.DriveMounted or status.DriveEncrypted: if (not status.SetupInProgress and status.ConfiguredEncryptedAreaEnd != 0 and status.ConfiguredEncryptedAreaEnd != -1 and status.ConfiguredEncryptedAreaStart == status.EncryptedAreaStart and status.ConfiguredEncryptedAreaEnd == status.EncryptedAreaEnd): return SYSENC_FULL if (status.EncryptedAreaEnd < 0 or status.EncryptedAreaStart < 0 or status.EncryptedAreaEnd <= status.EncryptedAreaStart): return SYSENC_NONE return SYSENC_PARTIAL else: return SYSENC_NONE
def __initialize(self): # Try to open the winio device. hDriver = None try: hDriver = win32file.CreateFile( r"\\.\WINIO", win32con.GENERIC_READ | win32con.GENERIC_WRITE, 0, None, win32con.OPEN_EXISTING, win32con.FILE_ATTRIBUTE_NORMAL, None) # Driver already installed in system as service by user, we must # not uninstall it. self.__is_need_uninstall_driver = False except pywintypes.error as e: if e.winerror != EC_FILE_NOT_FOUND: raise e # If the driver is not running, install it if hDriver is None: self.install_driver(self.__get_driver_file_path(), True) self.__start_driver() hDriver = win32file.CreateFile( r"\\.\WINIO", win32con.GENERIC_READ | win32con.GENERIC_WRITE, win32con.FILE_SHARE_READ | win32con.FILE_SHARE_WRITE, None, win32con.OPEN_EXISTING, win32con.FILE_ATTRIBUTE_NORMAL, None) # Enable I/O port access for this process if running on a 32 bit OS if not self.__is_64bit_os(): win32file.DeviceIoControl(hDriver, IOCTL_WINIO_ENABLEDIRECTIO, None, 4) self.hDriver = hDriver self.dll_is_initialized = True
def getblkdevsize(dev): """report the size for a block device""" size = 0 if sys.platform == "darwin": # mac os x ioctl from sys/disk.h import fcntl DKIOCGETBLOCKSIZE = 0x40046418 # _IOR('d', 24, uint32_t) DKIOCGETBLOCKCOUNT = 0x40086419 # _IOR('d', 25, uint64_t) fh = open(dev, "r") buf = array.array("B", list(range(0, 4))) # uint32 r = fcntl.ioctl(fh.fileno(), DKIOCGETBLOCKSIZE, buf, 1) blocksize = struct.unpack("I", buf)[0] buf = array.array("B", list(range(0, 8))) # uint64 r = fcntl.ioctl(fh.fileno(), DKIOCGETBLOCKCOUNT, buf, 1) blockcount = struct.unpack("Q", buf)[0] fh.close() size = blocksize * blockcount elif sys.platform.startswith("freebsd"): # freebsd ioctl from sys/disk.h import fcntl DIOCGMEDIASIZE = 0x40086481 # _IOR('d', 129, uint64_t) fh = open(dev, "r") buf = array.array("B", list(range(0, 8))) # off_t / int64 r = fcntl.ioctl(fh.fileno(), DIOCGMEDIASIZE, buf, 1) size = struct.unpack("q", buf)[0] fh.close() elif sys.platform == "win32": # win32 ioctl from winioctl.h, requires pywin32 try: import win32file except ImportError: raise SystemExit( "Package pywin32 not found, see http://sf.net/projects/pywin32/" ) IOCTL_DISK_GET_DRIVE_GEOMETRY = 0x00070000 dh = win32file.CreateFile(dev, 0, win32file.FILE_SHARE_READ, None, win32file.OPEN_EXISTING, 0, None) info = win32file.DeviceIoControl(dh, IOCTL_DISK_GET_DRIVE_GEOMETRY, "", 24) win32file.CloseHandle(dh) (cyl_lo, cyl_hi, media_type, tps, spt, bps) = struct.unpack("6L", info) size = ((cyl_hi << 32) + cyl_lo) * tps * spt * bps else: # linux or compat # linux 2.6 lseek from fcntl.h fh = open(dev, "r") fh.seek(0, os.SEEK_END) size = fh.tell() fh.close() if not size: raise Exception("getblkdevsize: Unsupported platform") return size
def win_tun_alloc(self, dev, flags): TAP_IOCTL_SET_MEDIA_STATUS = self.WIN_TAP_CONTROL_CODE(6, 0) import pywintypes guid = self.WIN_get_device_guid() if not guid: common.internal_print( "Please install OpenVPN's Windows TAP driver (NDIS 6) to use XFLTReaT\r\nhttps://openvpn.net/index.php/open-source/downloads.html", -1) sys.exit(-1) # create a win32file for manipulating the TUN/TAP interface try: self.wintun = win32file.CreateFile( "\\\\.\\Global\\{0}.tap".format(guid), win32file.GENERIC_READ | win32file.GENERIC_WRITE, win32file.FILE_SHARE_READ | win32file.FILE_SHARE_WRITE, None, win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_SYSTEM | win32file.FILE_FLAG_NO_BUFFERING | win32file.FILE_FLAG_OVERLAPPED, None) except pywintypes.error as e: if e.args[ 0] == 31: # A device attached to the system is not functioning. common.internal_print( "The TUN device is already in use. Maybe another XFLTReaT is running.", -1) sys.exit(-1) # have Windows consider the interface now connected win32file.DeviceIoControl(self.wintun, TAP_IOCTL_SET_MEDIA_STATUS, '\x01\x00\x00\x00', 1, None) return self.wintun
def __init__(self, device, mode='r'): if 'w' in mode or '+' in mode: modes = win32file.GENERIC_READ|win32file.GENERIC_WRITE else: modes = win32file.GENERIC_READ try: self.iohandle = win32file.CreateFile( device, modes, win32file.FILE_SHARE_READ|win32file.FILE_SHARE_WRITE, None, win32file.OPEN_EXISTING, win32file.FILE_ATTRIBUTE_READONLY|win32file.FILE_FLAG_RANDOM_ACCESS, None ) diskGeometry = win32file.DeviceIoControl( self.iohandle, IOCTL_DISK_GET_DRIVE_GEOMETRY, '', 24, None ) #~ win32file.GetDiskFreeSpaceEx(device) except pywintypes.error, e: #convert exceptions raise IOError(str(e))
def recover(drive): hVol = msvcrt.get_osfhandle(drive.fileno()) win32file.DeviceIoControl(hVol, winioctlcon.FSCTL_LOCK_VOLUME,None, None) index = 0 for sector in delSecs: #Seek to sector, copy 512 bytes of sector drive.seek((sector*SECTOR_SIZE)) data = drive.read(512) arr = [] count = 0 #Copy all bytes, flip bit at offset 22 (flag) for i in data: if(count == 22): arr.append(1) else: arr.append(i) count+=1 print("["+str(delNames[index])+"] set for recovery.") index+=1 #Re-seek to beginning, lock+dismount drive for writing drive.seek((sector*SECTOR_SIZE)) drive.write(bytes(arr))
def _ioctl(self, ioctl_code, in_buf, out_length): if not self.driver_loaded: _handle_error( "chipsec kernel driver is not loaded (in native API mode?)") out_buf = (c_char * out_length)() self.get_driver_handle() if logger().DEBUG: print_buffer(bytestostring(in_buf)) try: out_buf = win32file.DeviceIoControl(self.driver_handle, ioctl_code, in_buf, out_length, None) except pywintypes.error as _err: err_status = _err.args[0] + 0x100000000 if STATUS_PRIVILEGED_INSTRUCTION == err_status: err_msg = "HW Access Violation: DeviceIoControl returned STATUS_PRIVILEGED_INSTRUCTION (0x{:X})".format( err_status) if logger().DEBUG: logger().error(err_msg) raise HWAccessViolationError(err_msg, err_status) else: _handle_error( "HW Access Error: DeviceIoControl returned status 0x{:X} ({})" .format(err_status, _err.args[2]), err_status) return out_buf