def p16(i):
"""p16(i) -> str
Pack 16 bits integer (little endian)
"""
return struct.pack('<H', i)
def u16(s):
"""u16(s) -> int
Unpack 16 bits integer from a little endian str representation
"""
return struct.unpack('<H', s)[0]
CreatePipePrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.PHANDLE, gdef.PHANDLE, gdef.LPSECURITY_ATTRIBUTES, gdef.DWORD)
CreatePipeParams = ((1, 'hReadPipe'), (1, 'hReadPipe'), (1, 'lpPipeAttributes'), (1, 'nSize'))
@windows.winproxy.Kernel32Proxy('CreatePipe', deffunc_module=sys.modules[__name__])
def CreatePipe(lpPipeAttributes=None, nSize=0):
hReadPipe = gdef.HANDLE()
hWritePipe = gdef.HANDLE()
CreatePipe.ctypes_function(hReadPipe, hWritePipe, lpPipeAttributes, nSize)
return hReadPipe.value, hWritePipe.value
PeekNamedPipePrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.HANDLE, gdef.LPVOID, gdef.DWORD, gdef.LPDWORD, gdef.LPDWORD, gdef.LPDWORD)
PeekNamedPipeParams = ((1, 'hNamedPipe'), (1, 'lpBuffer'), (1, 'nBufferSize'), (1, 'lpBytesRead'), (1, 'lpTotalBytesAvail'), (1, 'lpBytesLeftThisMessage'))
@windows.winproxy.Kernel32Proxy('PeekNamedPipe', deffunc_module=sys.modules[__name__])
def PeekNamedPipe(hNamedPipe):
lpTotalBytesAvail = gdef.DWORD()
VERSION = "1.0.2"
class AMSIProxy(windows.winproxy.ApiProxy):
APIDLL = "Amsi"
default_error_check = staticmethod(windows.winproxy.no_error_check)
"""
HRESULT WINAPI AmsiInitialize(
_In_ LPCWSTR appName,
/*_In_ DWORD coInit, REMOVED */
_Out_ HAMSICONTEXT *amsiContext
);
"""
AmsiInitializePrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.LPCWSTR,
gdef.POINTER(gdef.PVOID))
AmsiInitializeParams = ((1, 'appName'), (1, 'amsiContext'))
@AMSIProxy('AmsiInitialize', deffunc_module=sys.modules[__name__])
def AmsiInitialize(appName, amsiContext):
return AmsiInitialize.ctypes_function(appName, amsiContext)
"""
HRESULT WINAPI AmsiOpenSession(
_In_ HAMSICONTEXT amsiContext,
_Out_ HAMSISESSION *session
);
"""
AmsiOpenSessionPrototype = gdef.WINFUNCTYPE(gdef.BOOL, gdef.PVOID,