def _directory_query_generator(self): handle = self._open_directory() size = 0x1000 buf = ctypes.c_buffer(size) rres = gdef.ULONG() ctx = gdef.ULONG() while True: try: # Restart == True has we don't save the buffer when resizing it for next call winproxy.NtQueryDirectoryObject(handle, buf, size, False, True, ctypes.byref(ctx), rres) break except gdef.NtStatusException as e: if e.code == gdef.STATUS_NO_MORE_ENTRIES: return if e.code == gdef.STATUS_MORE_ENTRIES: # If the call did not extrack all data: retry with bigger buffer size *= 2 buf = ctypes.c_buffer(size) continue raise # Function -> _extract_objects ? t = gdef.OBJECT_DIRECTORY_INFORMATION.from_buffer(buf) t = gdef.POBJECT_DIRECTORY_INFORMATION(t) res = {} for v in t: if v.Name.Buffer is None: break yield v.Name.str, v.TypeName.str
def files(self): enum = IEnumBackgroundCopyFiles() self.EnumFiles(enum) count = gdef.ULONG() enum.GetCount(count) if not count: return [] res_size = gdef.ULONG() array = (BitsFile * count.value)() enum.Next(count.value, array, res_size) return array[:res_size.value]
def compress_buffer(buffer, comptype=gdef.COMPRESSION_FORMAT_LZNT1): uncompress_size = len(buffer) CompressedBufferSize = uncompress_size + 0x1000 CompressedBuffer = ctypes.c_buffer(CompressedBufferSize) chunk = 4096 final_size = gdef.DWORD() work_space_size = gdef.ULONG() ignore_data = gdef.ULONG() windows.winproxy.RtlGetCompressionWorkSpaceSize(comptype, work_space_size, ignore_data) work_space = ctypes.c_buffer(work_space_size.value) windows.winproxy.RtlCompressBuffer(comptype, buffer, uncompress_size, CompressedBuffer, CompressedBufferSize, chunk, final_size, work_space) return CompressedBuffer[:final_size.value]
def rules(self): """The rules of the firewall :type: [:class:`FirewallRule`] -- A list of rule """ ifw_rules = cominterfaces.INetFwRules() self.get_Rules(ifw_rules) nb_rules = gdef.LONG() ifw_rules.get_Count(nb_rules) unknw = cominterfaces.IUnknown() ifw_rules.get__NewEnum(unknw) pVariant = cominterfaces.IEnumVARIANT() unknw.QueryInterface(pVariant.IID, pVariant) count = gdef.ULONG() var = windows.com.ImprovedVariant() rules = [] for i in range(nb_rules.value): pVariant.Next(1, var, count) if not count.value: break rule = FirewallRule() idisp = var.asdispatch idisp.QueryInterface(rule.IID, rule) rules.append(rule) return rules
def NtQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength=0, ReturnLength=None): if ProcessInformation is not None and ProcessInformationLength == 0: ProcessInformationLength = ctypes.sizeof(ProcessInformation) if type(ProcessInformation) == gdef.PROCESS_BASIC_INFORMATION: ProcessInformation = ctypes.byref(ProcessInformation) if ReturnLength is None: ReturnLength = ctypes.byref(gdef.ULONG()) return NtQueryInformationProcess.ctypes_function(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength)
def NtQueryVirtualMemory(ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation=NeededParameter, MemoryInformationLength=0, ReturnLength=None): if ReturnLength is None: ReturnLength = ctypes.byref(gdef.ULONG()) if MemoryInformation is not None and MemoryInformationLength == 0: ProcessInformationLength = ctypes.sizeof(MemoryInformation) if type(MemoryInformation) == gdef.MEMORY_BASIC_INFORMATION64: MemoryInformation = ctypes.byref(MemoryInformation) return NtQueryVirtualMemory.ctypes_function(ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation=NeededParameter, MemoryInformationLength=0, ReturnLength=None)
def connect(cls, addr): """Connect to the named pipe ``addr`` :returns type: :class:`PipeConnection` """ addr = full_pipe_address(addr) pipehandle = winproxy.CreateFileA(addr, gdef.GENERIC_READ | gdef.GENERIC_WRITE, 0, None, gdef.OPEN_EXISTING, 0, None) winproxy.SetNamedPipeHandleState(pipehandle, gdef.ULONG(gdef.PIPE_READMODE_MESSAGE), None, None) return cls.from_handle(pipehandle, name=addr, server=False)
def GetExtendedTcpTable(pTcpTable, pdwSize=None, bOrder=True, ulAf=NeededParameter, TableClass=gdef.TCP_TABLE_OWNER_PID_ALL, Reserved=0): if pdwSize is None: pdwSize = gdef.ULONG(ctypes.sizeof(pTcpTable)) return GetExtendedTcpTable.ctypes_function(pTcpTable, pdwSize, bOrder, ulAf, TableClass, Reserved)
def rawdata(self): """The raw data describing the resource""" data_size = gdef.ULONG() winproxy.CM_Get_Res_Des_Data_Size(data_size, self) if not self: return None data_size = data_size.value buffer = ctypes.create_string_buffer(data_size) winproxy.CM_Get_Res_Des_Data(self, buffer, data_size) return bytearray(buffer[:data_size])
def enumerate_handles_syswow64(): size_needed = gdef.ULONG() # Should at least be sizeof(gdef.SYSTEM_HANDLE_INFORMATION) tmp_buffer = windows.utils.BUFFER(gdef.SYSTEM_HANDLE_INFORMATION64)() try: windows.syswow64.NtQuerySystemInformation_32_to_64(gdef.SystemHandleInformation, tmp_buffer, tmp_buffer.real_size, ReturnLength=ctypes.byref(size_needed)) except WindowsError as e: pass size = size_needed.value + 0x1000 # In case we have some more handle created buf = windows.utils.BUFFER(gdef.SYSTEM_HANDLE_INFORMATION64)(size=size) size_needed.value = 0 windows.syswow64.NtQuerySystemInformation_32_to_64(gdef.SystemHandleInformation, buf, buf.real_size, ReturnLength=ctypes.byref(size_needed)) handle_array = windows.utils.resized_array(buf[0].Handles, buf[0].HandleCount, HandleWow64) return list(handle_array)
def NtQueryInformationThread(ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength=0, ReturnLength=None): if ReturnLength is None: ReturnLength = ctypes.byref(gdef.ULONG()) if ThreadInformation is not None and ThreadInformationLength == 0: ThreadInformationLength = ctypes.sizeof(ThreadInformation) return NtQueryInformationThread.ctypes_function(ThreadHandle, ThreadInformationClass, ThreadInformation, ThreadInformationLength, ReturnLength)
def next(self, timeout=None): """Return the next object in the enumeration with `timeout`. :raises: ``WindowsError(WBEM_S_TIMEDOUT)`` if timeout expire :returns: :class:`WmiObject` """ timeout = self.DEFAULT_TIMEOUT if timeout is None else timeout # For now the count is hardcoded to 1 obj = WmiObject() return_count = gdef.ULONG(0) error = self.Next(timeout, 1, obj, return_count) if error == gdef.WBEM_S_TIMEDOUT: raise WindowsError(gdef.WBEM_S_TIMEDOUT, "Wmi timeout") elif error == WBEM_S_FALSE: return None else: return obj
def query_link(linkpath): """Resolve the link object with path ``linkpath``""" obj_attr = gdef.OBJECT_ATTRIBUTES() obj_attr.Length = ctypes.sizeof(obj_attr) obj_attr.RootDirectory = 0 obj_attr.ObjectName = ctypes.pointer( gdef.LSA_UNICODE_STRING.from_string(linkpath)) obj_attr.Attributes = gdef.OBJ_CASE_INSENSITIVE obj_attr.SecurityDescriptor = 0 obj_attr.SecurityQualityOfService = 0 res = gdef.HANDLE() x = winproxy.NtOpenSymbolicLinkObject( res, gdef.DIRECTORY_QUERY | gdef.READ_CONTROL, obj_attr) v = gdef.LSA_UNICODE_STRING.from_string("\x00" * 1000) s = gdef.ULONG() winproxy.NtQuerySymbolicLinkObject(res, v, s) # Handle Buffer-too-small ? return v.str
def query_link(linkpath): """Resolve the link object with path ``linkpath``""" obj_attr = gdef.OBJECT_ATTRIBUTES() obj_attr.Length = ctypes.sizeof(obj_attr) obj_attr.RootDirectory = 0 obj_attr.ObjectName = ctypes.pointer(gdef.LSA_UNICODE_STRING.from_string(linkpath)) obj_attr.Attributes = gdef.OBJ_CASE_INSENSITIVE obj_attr.SecurityDescriptor = 0 obj_attr.SecurityQualityOfService = 0 res = gdef.HANDLE() x = winproxy.NtOpenSymbolicLinkObject(res, gdef.DIRECTORY_QUERY | gdef.READ_CONTROL , obj_attr) v = gdef.LSA_UNICODE_STRING.from_size(1000) s = gdef.ULONG() try: winproxy.NtQuerySymbolicLinkObject(res, v, s) except WindowsError as e: if not (e.winerror & 0xffffffff) == gdef.STATUS_BUFFER_TOO_SMALL: raise # If our initial 1000 buffer is not enought (improbable) retry with correct size v = gdef.LSA_UNICODE_STRING.from_size(s.value) winproxy.NtQuerySymbolicLinkObject(res, v, s) return v.str
def GetInterfaceInfo(pIfTable, dwOutBufLen=None): if dwOutBufLen is None: dwOutBufLen = gdef.ULONG(ctypes.sizeof(pIfTable)) return GetInterfaceInfo.ctypes_function(pIfTable, dwOutBufLen)
def minimum_retry_delay(self): retry_delay = gdef.ULONG() self.GetMinimumRetryDelay(retry_delay) return retry_delay.value