def p16(i): """p16(i) -> str Pack 16 bits integer (little endian) """ return struct.pack('<H', i) def u16(s): """u16(s) -> int Unpack 16 bits integer from a little endian str representation """ return struct.unpack('<H', s)[0] CreatePipePrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.PHANDLE, gdef.PHANDLE, gdef.LPSECURITY_ATTRIBUTES, gdef.DWORD) CreatePipeParams = ((1, 'hReadPipe'), (1, 'hReadPipe'), (1, 'lpPipeAttributes'), (1, 'nSize')) @windows.winproxy.Kernel32Proxy('CreatePipe', deffunc_module=sys.modules[__name__]) def CreatePipe(lpPipeAttributes=None, nSize=0): hReadPipe = gdef.HANDLE() hWritePipe = gdef.HANDLE() CreatePipe.ctypes_function(hReadPipe, hWritePipe, lpPipeAttributes, nSize) return hReadPipe.value, hWritePipe.value PeekNamedPipePrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.HANDLE, gdef.LPVOID, gdef.DWORD, gdef.LPDWORD, gdef.LPDWORD, gdef.LPDWORD) PeekNamedPipeParams = ((1, 'hNamedPipe'), (1, 'lpBuffer'), (1, 'nBufferSize'), (1, 'lpBytesRead'), (1, 'lpTotalBytesAvail'), (1, 'lpBytesLeftThisMessage')) @windows.winproxy.Kernel32Proxy('PeekNamedPipe', deffunc_module=sys.modules[__name__]) def PeekNamedPipe(hNamedPipe): lpTotalBytesAvail = gdef.DWORD()
VERSION = "1.0.2" class AMSIProxy(windows.winproxy.ApiProxy): APIDLL = "Amsi" default_error_check = staticmethod(windows.winproxy.no_error_check) """ HRESULT WINAPI AmsiInitialize( _In_ LPCWSTR appName, /*_In_ DWORD coInit, REMOVED */ _Out_ HAMSICONTEXT *amsiContext ); """ AmsiInitializePrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.LPCWSTR, gdef.POINTER(gdef.PVOID)) AmsiInitializeParams = ((1, 'appName'), (1, 'amsiContext')) @AMSIProxy('AmsiInitialize', deffunc_module=sys.modules[__name__]) def AmsiInitialize(appName, amsiContext): return AmsiInitialize.ctypes_function(appName, amsiContext) """ HRESULT WINAPI AmsiOpenSession( _In_ HAMSICONTEXT amsiContext, _Out_ HAMSISESSION *session ); """ AmsiOpenSessionPrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.PVOID,