def QueryValueEx(key, value_name): """This calls the Windows QueryValueEx function in a Unicode safe way.""" regqueryvalueex = advapi32["RegQueryValueExW"] regqueryvalueex.restype = ctypes.c_long regqueryvalueex.argtypes = [ ctypes.c_void_p, ctypes.c_wchar_p, LPDWORD, LPDWORD, LPBYTE, LPDWORD ] size = 256 data_type = ctypes.wintypes.DWORD() while True: tmp_size = ctypes.wintypes.DWORD(size) buf = ctypes.create_string_buffer(size) rc = regqueryvalueex(key.handle, value_name, LPDWORD(), ctypes.byref(data_type), ctypes.cast(buf, LPBYTE), ctypes.byref(tmp_size)) if rc != ERROR_MORE_DATA: break # We limit the size here to ~10 MB so the response doesn't get too big. if size > 10 * 1024 * 1024: raise exceptions.WindowsError("Value too big to be read by GRR.") size *= 2 if rc != ERROR_SUCCESS: raise ctypes.WinError(2) return (Reg2Py(buf, tmp_size.value, data_type.value), data_type.value)
def RtlGetVersion(os_version_info_struct): """Wraps the lowlevel RtlGetVersion routine. Args: os_version_info_struct: instance of either a RTL_OSVERSIONINFOW structure or a RTL_OSVERSIONINFOEXW structure, ctypes.Structure-wrapped, with the dwOSVersionInfoSize field preset to ctypes.sizeof(self). Raises: WindowsError: if the underlaying routine fails. See: https://msdn.microsoft.com/en-us/library/ windows/hardware/ff561910(v=vs.85).aspx . """ rc = ctypes.windll.Ntdll.RtlGetVersion(ctypes.byref(os_version_info_struct)) if rc != 0: raise exceptions.WindowsError("Getting Windows version failed.")
def CheckTraceHandle(result, func, arguments): if result == ct.c_ulong(-1).value: raise exceptions.WindowsError(ct.GetLastError()) return result
def CheckWinError(result, func, arguments): if result != winerror.ERROR_SUCCESS: raise exceptions.WindowsError(result)