def __receive_loop(self):
with self.handle as hDevice:
if self.use_alternate_receive:
port = self.__get_first_rx_port()
if port is None:
del self._process_queue[:]
self._process_event.set()
self._process_thread.join(1.0)
self._receive_thread = None
return
with self._learn_lock:
inBuffer = IOCTL_IR_ENTER_PRIORITY_RECEIVE_PARAMS()
inBuffer.Receiver = port
inBuffer.TimeOut = self._packet_timeout
_io_control(IOCTL_IR_ENTER_PRIORITY_RECEIVE, hDevice,
inBuffer, NULL)
self._process_thread = threading.Thread(target=self.__process_loop)
self._process_thread.daemon = True
self._process_thread.start()
while not self._end_event.is_set():
with self._learn_lock:
if self.use_alternate_receive:
dwIoControlCode = IOCTL_IR_PRIORITY_RECEIVE
outBuffer = IR_PRIORITY_RECEIVE_PARAMS()
outBuffer.ByteCount = 36
outBufferSize = ctypes.sizeof(
IR_PRIORITY_RECEIVE_PARAMS)
offset = ctypes.sizeof(ULONG)
else:
dwIoControlCode = IOCTL_IR_RECEIVE
outBuffer = IR_RECEIVE_PARAMS()
outBuffer.ByteCount = 36
outBufferSize = ctypes.sizeof(IR_RECEIVE_PARAMS)
offset = 0
offset += ctypes.sizeof(IR_ULONG_PTR) * 2
lpNumberOfBytesTransferred = DWORD()
lpOverlapped = OVERLAPPED()
lpEventAttributes = NULL
bManualReset = BOOL(False)
bInitialState = BOOL(False)
lpName = NULL
lpOverlapped.hEvent = CreateEvent(lpEventAttributes,
bManualReset,
bInitialState, lpName)
if not DeviceIoControl(
hDevice, DWORD(dwIoControlCode), NULL, INT(0),
ctypes.byref(outBuffer), INT(outBufferSize),
ctypes.byref(lpNumberOfBytesTransferred),
ctypes.byref(lpOverlapped)):
err = ctypes.GetLastError()
if err != ERROR_IO_PENDING:
CancelIo(hDevice)
CloseHandle(lpOverlapped.hEvent)
raise ctypes.WinError()
bWaitAll = BOOL(False)
dwMilliseconds = DWORD(INFINITE)
if dwIoControlCode == IOCTL_IR_PRIORITY_RECEIVE:
lpEventAttributes = NULL
bManualReset = BOOL(False)
bInitialState = BOOL(False)
lpName = NULL
hEvent = self.hEvent = CreateEvent(
lpEventAttributes, bManualReset, bInitialState,
lpName)
nCount = DWORD(2)
lpHandles = (HANDLE * 2)(lpOverlapped.hEvent,
hEvent)
else:
nCount = DWORD(1)
lpHandles = (HANDLE * 1)(lpOverlapped.hEvent)
response = WaitForMultipleObjects(
nCount, lpHandles, bWaitAll, dwMilliseconds)
if response == WAIT_OBJECT_0:
bWait = BOOL(True)
if not GetOverlappedResult(
hDevice, ctypes.byref(lpOverlapped),
ctypes.byref(lpNumberOfBytesTransferred),
bWait):
err = ctypes.GetLastError()
if self.hEvent is not None:
CloseHandle(self.hEvent)
self.hEvent = None
CancelIo(hDevice)
CloseHandle(lpOverlapped.hEvent)
raise ctypes.WinError(err)
else:
if self.hEvent is not None:
CloseHandle(self.hEvent)
self.hEvent = None
CancelIo(hDevice)
CloseHandle(lpOverlapped.hEvent)
if self.hEvent is not None:
CloseHandle(self.hEvent)
self.hEvent = None
break
if self.hEvent is not None:
CloseHandle(self.hEvent)
self.hEvent = None
CloseHandle(lpOverlapped.hEvent)
byte_count = lpNumberOfBytesTransferred.value
data = []
byte_count -= offset
byte_count //= ctypes.sizeof(LONG)
if not byte_count:
continue
if dwIoControlCode == IOCTL_IR_PRIORITY_RECEIVE:
freq = outBuffer.CarrierFrequency
else:
freq = None
for i in range(byte_count):
data += [outBuffer.Data[i]]
self._process_queue.append((freq, data[:]))
self._process_event.set()
if self.use_alternate_receive:
_io_control(IOCTL_IR_EXIT_PRIORITY_RECEIVE, hDevice, NULL,
NULL)
del self._process_queue[:]
self._process_event.set()
self._process_thread.join(1.0)
self._receive_thread = None
def _io_control(ioControlCode,
hDevice,
inBuffer,
outBuffer,
outBufferSize=None):
dwIoControlCode = DWORD(ioControlCode)
if inBuffer is NULL:
lpInBuffer = NULL
nInBufferSize = INT(0)
elif 'PyCPointerType' in str(type(inBuffer)):
lpInBuffer = inBuffer
nInBufferSize = INT(ctypes.sizeof(inBuffer.contents.__class__))
else:
lpInBuffer = ctypes.byref(inBuffer)
nInBufferSize = INT(ctypes.sizeof(inBuffer.__class__))
if outBuffer is NULL:
lpOutBuffer = NULL
nOutBufferSize = INT(0)
elif 'PyCPointerType' in str(type(outBuffer)):
lpOutBuffer = outBuffer
if outBufferSize is None:
nOutBufferSize = INT(ctypes.sizeof(outBuffer.contents.__class__))
else:
nOutBufferSize = INT(outBufferSize)
else:
lpOutBuffer = ctypes.byref(outBuffer)
if outBufferSize is None:
nOutBufferSize = INT(ctypes.sizeof(outBuffer.__class__))
else:
nOutBufferSize = INT(outBufferSize)
lpNumberOfBytesTransferred = DWORD()
lpOverlapped = OVERLAPPED()
lpEventAttributes = NULL
bManualReset = BOOL(False)
bInitialState = BOOL(False)
lpName = NULL
lpOverlapped.hEvent = CreateEvent(lpEventAttributes, bManualReset,
bInitialState, lpName)
if not DeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize,
lpOutBuffer, nOutBufferSize,
ctypes.byref(lpNumberOfBytesTransferred),
ctypes.byref(lpOverlapped)):
err = ctypes.GetLastError()
if err != ERROR_IO_PENDING:
CancelIo(hDevice)
CloseHandle(lpOverlapped.hEvent)
return 0
nCount = DWORD(1)
bWaitAll = BOOL(False)
dwMilliseconds = DWORD(INFINITE)
lpHandles = (HANDLE * 1)(lpOverlapped.hEvent)
response = WaitForMultipleObjects(nCount, lpHandles, bWaitAll,
dwMilliseconds)
if response == WAIT_OBJECT_0:
bWait = BOOL(True)
lpNumberOfBytesTransferred = DWORD()
if not GetOverlappedResult(
hDevice, ctypes.byref(lpOverlapped),
ctypes.byref(lpNumberOfBytesTransferred), bWait):
CancelIo(hDevice)
CloseHandle(lpOverlapped.hEvent)
raise ctypes.WinError()
CloseHandle(lpOverlapped.hEvent)
return lpNumberOfBytesTransferred.value
CancelIo(hDevice)
CloseHandle(lpOverlapped.hEvent)
raise ctypes.WinError()
CloseHandle(lpOverlapped.hEvent)
return lpNumberOfBytesTransferred.value
print('Lookup privilege {0} successfully!!'.format(lpName))
'''
BOOL PrivilegeCheck(
HANDLE ClientToken,
PPRIVILEGE_SET RequiredPrivileges,
LPBOOL pfResult
);
'''
# PrivilegeCheck
print('[+] PrivilegeCheck')
ClientToken = TokenHandle
RequiredPrivileges = PRIVILEGE_SET()
RequiredPrivileges.PrivilegeCount = 1
RequiredPrivileges.Privilege.Luid = lpLuid
RequiredPrivileges.Privilege.Attributes = SE_PRIVILEGE_ENABLED
pfResult = BOOL()
response = adv_handle.PrivilegeCheck(ClientToken,
ctypes.byref(RequiredPrivileges),
ctypes.byref(pfResult))
if response == 0:
print('Error code {0} - PrivilegeCheck failed.'.format(
k_handle.GetLastError()))
else:
print('PrivilegeCheck successfully!!')
if pfResult.value == 0:
print('Privilege {0} is DISABLED'.format(lpName))
else:
print('Privilege {0} is ENABLED'.format(lpName))
def open_pipe():
security_attributes = SECURITY_ATTRIBUTES()
security_descriptor = PSECURITY_DESCRIPTOR()
advapi32.SetSecurityDescriptorDacl(
ctypes.byref(security_descriptor),
BOOL(1),
NULL,
BOOL(0)
)
DEFAULT_SECURITY_ATTRIBUTES.lpSecurityDescriptor = (
security_descriptor
)
security_attributes.nLength = (
ctypes.sizeof(security_attributes)
)
if len(self._pipes) == 0:
self.__debug('creating pipe')
self.__debug('creating entry point')
pipe_handle = CreateNamedPipe(
pipe_name,
(
PIPE_ACCESS_DUPLEX |
FILE_FLAG_OVERLAPPED |
FILE_FLAG_FIRST_PIPE_INSTANCE
),
(
PIPE_TYPE_MESSAGE |
PIPE_READMODE_MESSAGE |
PIPE_WAIT
),
PIPE_UNLIMITED_INSTANCES,
self._packet_size,
self._packet_size,
self._time_out,
ctypes.byref(security_attributes)
)
else:
self.__debug('creating entry point')
pipe_handle = CreateNamedPipe(
pipe_name,
PIPE_ACCESS_DUPLEX | FILE_FLAG_OVERLAPPED,
(
PIPE_TYPE_MESSAGE |
PIPE_READMODE_MESSAGE |
PIPE_WAIT
),
PIPE_UNLIMITED_INSTANCES,
self._packet_size,
self._packet_size,
self._time_out,
ctypes.byref(security_attributes)
)
err = GetLastError()
if err and err != ERROR_ALREADY_EXISTS:
DisconnectNamedPipe(pipe_handle)
CloseHandle(pipe_handle)
raise PipeError(err)
self.__debug('entry point {0} created', pipe_handle)
return pipe_handle
SECURITY_ATTRIBUTES = _SECURITY_ATTRIBUTES
PSECURITY_ATTRIBUTES = ctypes.POINTER(_SECURITY_ATTRIBUTES)
LPSECURITY_ATTRIBUTES = ctypes.POINTER(_SECURITY_ATTRIBUTES)
DEFAULT_INSTANCES = 0x0000000A
DEFAULT_PACKET_SIZE = 0x00001000
DEFAULT_TIMEOUT = 0x000001F4
DEFAULT_SECURITY_ATTRIBUTES = SECURITY_ATTRIBUTES()
DEFAULT_SECURITY_DESCRIPTOR = PSECURITY_DESCRIPTOR()
advapi32.SetSecurityDescriptorDacl(
ctypes.byref(DEFAULT_SECURITY_DESCRIPTOR),
BOOL(1),
NULL,
BOOL(0)
)
DEFAULT_SECURITY_ATTRIBUTES.lpSecurityDescriptor = (
DEFAULT_SECURITY_DESCRIPTOR
)
DEFAULT_SECURITY_ATTRIBUTES.nLength = (
ctypes.sizeof(DEFAULT_SECURITY_ATTRIBUTES)
)
def _decl(name, ret=None, args=()):
fn = getattr(kernel32, name)
fn.restype = ret
def savePng(w, h, fmt, data):
if type(data) == bytearray:
data = create_string_buffer(bytes(data), len(data))
elif type(data) == bytes:
data = create_string_buffer(data, len(data))
else:
raise RuntimeError("Must pass bytes or bytearray to savePng")
stream = POINTER(IStream)()
hr = ole32.CreateStreamOnHGlobal(None, BOOL(1), byref(stream))
if hr != 0:
raise RuntimeError("Could not create HGlobal stream")
try:
encoder = POINTER(IWICBitmapEncoder)()
hr = factory.contents.lpVtbl.contents.CreateEncoder(
factory, (c_ubyte * 16)(*GUID_PNG), c_void_p(0),
byref(encoder))
if hr != 0:
raise RuntimeError("Could not create encoder")
try:
#2=no cache
hr = encoder.contents.lpVtbl.contents.Initialize(
encoder, stream, 2)
if hr != 0:
raise RuntimeError("Could not create encoder")
frame = POINTER(IWICBitmapFrameEncode)()
props = c_void_p()
hr = encoder.contents.lpVtbl.contents.CreateNewFrame(
encoder, byref(frame), byref(props))
if hr != 0:
raise RuntimeError("Could not create encoder")
try:
hr = frame.contents.lpVtbl.contents.Initialize(
frame, props)
if hr != 0:
raise RuntimeError("Could not initialize frame")
hr = frame.contents.lpVtbl.contents.SetSize(frame, w, h)
if hr != 0:
raise RuntimeError("Could not set size")
if fmt == "RGB8":
stride = w * 3
pf = (GUID_RGBA8)
elif fmt == "RGBA8":
stride = w * 4
pf = (GUID_RGBA8)
elif fmt == "RGB16":
stride = w * 6
pf = (GUID_RGBA16)
elif fmt == "RGBA16":
stride = w * 8
pf = (GUID_RGBA16)
else:
raise RuntimeError(
"Unknown pixel format: Must be RGB8, RGBA8, RGB16, or RGBA16"
)
bmp = POINTER(IWICBitmap)()
tmp = (c_ubyte * 16)()
for i in range(len(pf)):
tmp[i] = pf[i]
pf = tmp
hr = factory.contents.lpVtbl.contents.CreateBitmapFromMemory(
factory, w, h, pf, stride, h * stride, data,
byref(bmp))
if hr != 0:
raise RuntimeError("Cannot create bitmap")
try:
hr = frame.contents.lpVtbl.contents.SetPixelFormat(
frame, pf)
if hr != 0:
raise RuntimeError("Cannot set pixel format")
conv = POINTER(IWICFormatConverter)()
hr = factory.contents.lpVtbl.contents.CreateFormatConverter(
factory, byref(conv))
if hr != 0:
raise RuntimeError("Cannot create converter")
try:
hr = conv.contents.lpVtbl.contents.Initialize(
conv, bmp, pf, 0, c_void_p(0), 0.0, 0)
if hr != 0:
raise RuntimeError(
"Cannot initialize converter")
hr = frame.contents.lpVtbl.contents.WriteSource(
frame, bmp, c_void_p(0))
if hr != 0:
raise RuntimeError("Cannot write source")
hr = frame.contents.lpVtbl.contents.Commit(frame)
if hr != 0:
raise RuntimeError("Cannot commit frame")
hr = encoder.contents.lpVtbl.contents.Commit(
encoder)
if hr != 0:
raise RuntimeError("Cannot commit encoder")
pos = ULARGE_INTEGER(0)
zero = LARGE_INTEGER(0)
hr = stream.contents.lpVtbl.contents.Seek(
stream, zero, 1, byref(pos))
if hr != 0:
raise RuntimeError("Cannot seek end")
buffSize = pos.value
numLeft = buffSize
pngDataBuffer = (c_byte * numLeft)()
p = addressof(pngDataBuffer)
hr = stream.contents.lpVtbl.contents.Seek(
stream, zero, 0, byref(pos))
if hr != 0:
raise RuntimeError("Cannot seek start")
while numLeft > 0:
numRead = ULONG()
hr = stream.contents.lpVtbl.contents.Read(
stream, p, numLeft, byref(numRead))
if hr != 0:
raise RuntimeError("Could not read")
numLeft -= numRead.value
p += numRead.value
return string_at(pngDataBuffer, buffSize)
finally:
conv.contents.lpVtbl.contents.Release(conv)
finally:
bmp.contents.lpVtbl.contents.Release(bmp)
finally:
frame.contents.lpVtbl.contents.Release(frame)
finally:
encoder.contents.lpVtbl.contents.Release(encoder)
finally:
stream.contents.lpVtbl.contents.Release(stream)