def notify_cmdline(self): path = gdef.LPWSTR() params = gdef.LPWSTR() self.GetNotifyCmdLine(path, params) strpath, strparams = path.value, params.value windows.winproxy.CoTaskMemFree(path) windows.winproxy.CoTaskMemFree(params) return strpath, strparams
def proxy_settings(self): ProxyUsage = gdef.BG_JOB_PROXY_USAGE() ProxyList = gdef.LPWSTR() ProxyBypassList = gdef.LPWSTR() self.GetProxySettings(ProxyUsage, ProxyList, ProxyBypassList) result = ProxyUsage.value, ProxyList.value, ProxyBypassList.value windows.winproxy.CoTaskMemFree(ProxyList) windows.winproxy.CoTaskMemFree(ProxyBypassList) return result
def __init__(self, filename, content_type=gdef.CERT_QUERY_CONTENT_FLAG_ALL): # No other API than filename for now.. self.filename = filename dwEncoding = gdef.DWORD() dwContentType = gdef.DWORD() dwFormatType = gdef.DWORD() hStore = CertificateStore() hMsg = windows.crypto.CryptMessage() winproxy.CryptQueryObject( gdef.CERT_QUERY_OBJECT_FILE, gdef.LPWSTR(filename), # filename, content_type, gdef.CERT_QUERY_FORMAT_FLAG_BINARY, 0, dwEncoding, dwContentType, dwFormatType, hStore, hMsg, None) self.cert_store = hStore if hStore else None """The :class:`CertificateStore` that includes all of the certificates, CRLs, and CTLs in the object""" self.crypt_msg = hMsg if hMsg else None #: yolo """The :class:`CryptMessage` for any ``PKCS7`` content in the object""" self.encoding = dwEncoding self.content_type = CRYPT_OBJECT_FORMAT_TYPE_DICT[dwContentType.value] """The type of the opened message"""
def __init__(self, filename, content_type=gdef.CERT_QUERY_CONTENT_FLAG_ALL): # No other API than filename for now.. self.filename = filename dwEncoding = gdef.DWORD() dwContentType = gdef.DWORD() dwFormatType = gdef.DWORD() hStore = EHCERTSTORE() hMsg = windows.crypto.cryptmsg.CryptMessage() winproxy.CryptQueryObject( gdef.CERT_QUERY_OBJECT_FILE, gdef.LPWSTR(filename), # filename, content_type, gdef.CERT_QUERY_FORMAT_FLAG_BINARY, 0, dwEncoding, dwContentType, dwFormatType, hStore, hMsg, None) self.cert_store = hStore if hStore else None self.crypt_msg = hMsg if hMsg else None self.encoding = dwEncoding self.content_type = CRYPT_OBJECT_FORMAT_TYPE_DICT.get( dwContentType.value, dwContentType)
def condition(self): buff = windows.utils.BUFFER(gdef.BYTE).from_buffer_copy( self.application_data) resstr = gdef.LPWSTR() winproxy.GetStringConditionFromBinary(buff, StringAceCondition=resstr) condition = resstr.value winproxy.LocalFree(resstr) return condition
def get_raw_values(self, values, flags=gdef.EvtRenderContextValues): nbelt = len(values) pwstr_values = tuple(gdef.LPWSTR(v) for v in values) pwstr_rarray = (gdef.LPWSTR * nbelt)(*pwstr_values) # https://msdn.microsoft.com/en-us/library/windows/desktop/aa385352(v=vs.85).aspx # An array of XPath expressions that uniquely identify a node or attribute in the event that you want to render. # Each value will return 1 node :) ctx = windows.winproxy.EvtCreateRenderContext(nbelt, pwstr_rarray, gdef.EvtRenderContextValues) result = self.render(ctx, gdef.EvtRenderEventValues) return list(result)
def name(self): return gdef.LPWSTR( ctypes.addressof(self) + type(self).StreamName.offset).value
def name(self): return gdef.LPWSTR(ctypes.addressof(self) + self.Name).value
def retrieve_wstr_from_addr(addr): return gdef.LPWSTR(addr).value
def temporary_name(self): name = gdef.LPWSTR() self.GetTemporaryName(name) data = name.value windows.winproxy.CoTaskMemFree(name) return data
def remote_name(self): name = gdef.LPWSTR() self.GetRemoteName(name) data = name.value windows.winproxy.CoTaskMemFree(name) return data
def local_name(self): name = gdef.LPWSTR() self.GetLocalName(name) data = name.value windows.winproxy.CoTaskMemFree(name) return data
def description(self): descr = gdef.LPWSTR() self.GetDescription(descr) data = descr.value windows.winproxy.CoTaskMemFree(descr) return data
def name(self): descr = gdef.LPWSTR() self.GetDisplayName(descr) data = descr.value windows.winproxy.CoTaskMemFree(descr) return data
def owner(self): owner = gdef.LPWSTR() self.GetOwner(owner) data = owner.value windows.winproxy.CoTaskMemFree(owner) return data