def _directory_query_generator(self):
handle = self._open_directory()
size = 0x1000
buf = ctypes.c_buffer(size)
rres = gdef.ULONG()
ctx = gdef.ULONG()
while True:
try:
# Restart == True has we don't save the buffer when resizing it for next call
winproxy.NtQueryDirectoryObject(handle, buf, size, False, True, ctypes.byref(ctx), rres)
break
except gdef.NtStatusException as e:
if e.code == gdef.STATUS_NO_MORE_ENTRIES:
return
if e.code == gdef.STATUS_MORE_ENTRIES:
# If the call did not extrack all data: retry with bigger buffer
size *= 2
buf = ctypes.c_buffer(size)
continue
raise
# Function -> _extract_objects ?
t = gdef.OBJECT_DIRECTORY_INFORMATION.from_buffer(buf)
t = gdef.POBJECT_DIRECTORY_INFORMATION(t)
res = {}
for v in t:
if v.Name.Buffer is None:
break
yield v.Name.str, v.TypeName.str
def files(self):
enum = IEnumBackgroundCopyFiles()
self.EnumFiles(enum)
count = gdef.ULONG()
enum.GetCount(count)
if not count:
return []
res_size = gdef.ULONG()
array = (BitsFile * count.value)()
enum.Next(count.value, array, res_size)
return array[:res_size.value]
def compress_buffer(buffer, comptype=gdef.COMPRESSION_FORMAT_LZNT1):
uncompress_size = len(buffer)
CompressedBufferSize = uncompress_size + 0x1000
CompressedBuffer = ctypes.c_buffer(CompressedBufferSize)
chunk = 4096
final_size = gdef.DWORD()
work_space_size = gdef.ULONG()
ignore_data = gdef.ULONG()
windows.winproxy.RtlGetCompressionWorkSpaceSize(comptype, work_space_size,
ignore_data)
work_space = ctypes.c_buffer(work_space_size.value)
windows.winproxy.RtlCompressBuffer(comptype, buffer, uncompress_size,
CompressedBuffer, CompressedBufferSize,
chunk, final_size, work_space)
return CompressedBuffer[:final_size.value]
def rules(self):
"""The rules of the firewall
:type: [:class:`FirewallRule`] -- A list of rule
"""
ifw_rules = cominterfaces.INetFwRules()
self.get_Rules(ifw_rules)
nb_rules = gdef.LONG()
ifw_rules.get_Count(nb_rules)
unknw = cominterfaces.IUnknown()
ifw_rules.get__NewEnum(unknw)
pVariant = cominterfaces.IEnumVARIANT()
unknw.QueryInterface(pVariant.IID, pVariant)
count = gdef.ULONG()
var = windows.com.ImprovedVariant()
rules = []
for i in range(nb_rules.value):
pVariant.Next(1, var, count)
if not count.value:
break
rule = FirewallRule()
idisp = var.asdispatch
idisp.QueryInterface(rule.IID, rule)
rules.append(rule)
return rules
def NtQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength=0, ReturnLength=None):
if ProcessInformation is not None and ProcessInformationLength == 0:
ProcessInformationLength = ctypes.sizeof(ProcessInformation)
if type(ProcessInformation) == gdef.PROCESS_BASIC_INFORMATION:
ProcessInformation = ctypes.byref(ProcessInformation)
if ReturnLength is None:
ReturnLength = ctypes.byref(gdef.ULONG())
return NtQueryInformationProcess.ctypes_function(ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength)
def NtQueryVirtualMemory(ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation=NeededParameter, MemoryInformationLength=0, ReturnLength=None):
if ReturnLength is None:
ReturnLength = ctypes.byref(gdef.ULONG())
if MemoryInformation is not None and MemoryInformationLength == 0:
ProcessInformationLength = ctypes.sizeof(MemoryInformation)
if type(MemoryInformation) == gdef.MEMORY_BASIC_INFORMATION64:
MemoryInformation = ctypes.byref(MemoryInformation)
return NtQueryVirtualMemory.ctypes_function(ProcessHandle, BaseAddress, MemoryInformationClass, MemoryInformation=NeededParameter, MemoryInformationLength=0, ReturnLength=None)
def connect(cls, addr):
"""Connect to the named pipe ``addr``
:returns type: :class:`PipeConnection`
"""
addr = full_pipe_address(addr)
pipehandle = winproxy.CreateFileA(addr, gdef.GENERIC_READ | gdef.GENERIC_WRITE, 0, None, gdef.OPEN_EXISTING, 0, None)
winproxy.SetNamedPipeHandleState(pipehandle, gdef.ULONG(gdef.PIPE_READMODE_MESSAGE), None, None)
return cls.from_handle(pipehandle, name=addr, server=False)
def GetExtendedTcpTable(pTcpTable,
pdwSize=None,
bOrder=True,
ulAf=NeededParameter,
TableClass=gdef.TCP_TABLE_OWNER_PID_ALL,
Reserved=0):
if pdwSize is None:
pdwSize = gdef.ULONG(ctypes.sizeof(pTcpTable))
return GetExtendedTcpTable.ctypes_function(pTcpTable, pdwSize, bOrder,
ulAf, TableClass, Reserved)
def rawdata(self):
"""The raw data describing the resource"""
data_size = gdef.ULONG()
winproxy.CM_Get_Res_Des_Data_Size(data_size, self)
if not self:
return None
data_size = data_size.value
buffer = ctypes.create_string_buffer(data_size)
winproxy.CM_Get_Res_Des_Data(self, buffer, data_size)
return bytearray(buffer[:data_size])
def enumerate_handles_syswow64():
size_needed = gdef.ULONG()
# Should at least be sizeof(gdef.SYSTEM_HANDLE_INFORMATION)
tmp_buffer = windows.utils.BUFFER(gdef.SYSTEM_HANDLE_INFORMATION64)()
try:
windows.syswow64.NtQuerySystemInformation_32_to_64(gdef.SystemHandleInformation, tmp_buffer, tmp_buffer.real_size, ReturnLength=ctypes.byref(size_needed))
except WindowsError as e:
pass
size = size_needed.value + 0x1000 # In case we have some more handle created
buf = windows.utils.BUFFER(gdef.SYSTEM_HANDLE_INFORMATION64)(size=size)
size_needed.value = 0
windows.syswow64.NtQuerySystemInformation_32_to_64(gdef.SystemHandleInformation, buf, buf.real_size, ReturnLength=ctypes.byref(size_needed))
handle_array = windows.utils.resized_array(buf[0].Handles, buf[0].HandleCount, HandleWow64)
return list(handle_array)
def NtQueryInformationThread(ThreadHandle,
ThreadInformationClass,
ThreadInformation,
ThreadInformationLength=0,
ReturnLength=None):
if ReturnLength is None:
ReturnLength = ctypes.byref(gdef.ULONG())
if ThreadInformation is not None and ThreadInformationLength == 0:
ThreadInformationLength = ctypes.sizeof(ThreadInformation)
return NtQueryInformationThread.ctypes_function(ThreadHandle,
ThreadInformationClass,
ThreadInformation,
ThreadInformationLength,
ReturnLength)
def next(self, timeout=None):
"""Return the next object in the enumeration with `timeout`.
:raises: ``WindowsError(WBEM_S_TIMEDOUT)`` if timeout expire
:returns: :class:`WmiObject`
"""
timeout = self.DEFAULT_TIMEOUT if timeout is None else timeout
# For now the count is hardcoded to 1
obj = WmiObject()
return_count = gdef.ULONG(0)
error = self.Next(timeout, 1, obj, return_count)
if error == gdef.WBEM_S_TIMEDOUT:
raise WindowsError(gdef.WBEM_S_TIMEDOUT, "Wmi timeout")
elif error == WBEM_S_FALSE:
return None
else:
return obj
def query_link(linkpath):
"""Resolve the link object with path ``linkpath``"""
obj_attr = gdef.OBJECT_ATTRIBUTES()
obj_attr.Length = ctypes.sizeof(obj_attr)
obj_attr.RootDirectory = 0
obj_attr.ObjectName = ctypes.pointer(
gdef.LSA_UNICODE_STRING.from_string(linkpath))
obj_attr.Attributes = gdef.OBJ_CASE_INSENSITIVE
obj_attr.SecurityDescriptor = 0
obj_attr.SecurityQualityOfService = 0
res = gdef.HANDLE()
x = winproxy.NtOpenSymbolicLinkObject(
res, gdef.DIRECTORY_QUERY | gdef.READ_CONTROL, obj_attr)
v = gdef.LSA_UNICODE_STRING.from_string("\x00" * 1000)
s = gdef.ULONG()
winproxy.NtQuerySymbolicLinkObject(res, v, s) # Handle Buffer-too-small ?
return v.str
def query_link(linkpath):
"""Resolve the link object with path ``linkpath``"""
obj_attr = gdef.OBJECT_ATTRIBUTES()
obj_attr.Length = ctypes.sizeof(obj_attr)
obj_attr.RootDirectory = 0
obj_attr.ObjectName = ctypes.pointer(gdef.LSA_UNICODE_STRING.from_string(linkpath))
obj_attr.Attributes = gdef.OBJ_CASE_INSENSITIVE
obj_attr.SecurityDescriptor = 0
obj_attr.SecurityQualityOfService = 0
res = gdef.HANDLE()
x = winproxy.NtOpenSymbolicLinkObject(res, gdef.DIRECTORY_QUERY | gdef.READ_CONTROL , obj_attr)
v = gdef.LSA_UNICODE_STRING.from_size(1000)
s = gdef.ULONG()
try:
winproxy.NtQuerySymbolicLinkObject(res, v, s)
except WindowsError as e:
if not (e.winerror & 0xffffffff) == gdef.STATUS_BUFFER_TOO_SMALL:
raise
# If our initial 1000 buffer is not enought (improbable) retry with correct size
v = gdef.LSA_UNICODE_STRING.from_size(s.value)
winproxy.NtQuerySymbolicLinkObject(res, v, s)
return v.str
def GetInterfaceInfo(pIfTable, dwOutBufLen=None):
if dwOutBufLen is None:
dwOutBufLen = gdef.ULONG(ctypes.sizeof(pIfTable))
return GetInterfaceInfo.ctypes_function(pIfTable, dwOutBufLen)
def minimum_retry_delay(self):
retry_delay = gdef.ULONG()
self.GetMinimumRetryDelay(retry_delay)
return retry_delay.value
