def QueryValueEx(key, value_name):
"""This calls the Windows QueryValueEx function in a Unicode safe way."""
regqueryvalueex = advapi32["RegQueryValueExW"]
regqueryvalueex.restype = ctypes.c_long
regqueryvalueex.argtypes = [
ctypes.c_void_p, ctypes.c_wchar_p, LPDWORD, LPDWORD, LPBYTE, LPDWORD
]
size = 256
data_type = ctypes.wintypes.DWORD()
while True:
tmp_size = ctypes.wintypes.DWORD(size)
buf = ctypes.create_string_buffer(size)
rc = regqueryvalueex(key.handle, value_name, LPDWORD(),
ctypes.byref(data_type), ctypes.cast(buf, LPBYTE),
ctypes.byref(tmp_size))
if rc != ERROR_MORE_DATA:
break
# We limit the size here to ~10 MB so the response doesn't get too big.
if size > 10 * 1024 * 1024:
raise exceptions.WindowsError("Value too big to be read by GRR.")
size *= 2
if rc != ERROR_SUCCESS:
raise ctypes.WinError(2)
return (Reg2Py(buf, tmp_size.value, data_type.value), data_type.value)
def RtlGetVersion(os_version_info_struct):
"""Wraps the lowlevel RtlGetVersion routine.
Args:
os_version_info_struct: instance of either a RTL_OSVERSIONINFOW structure
or a RTL_OSVERSIONINFOEXW structure,
ctypes.Structure-wrapped, with the
dwOSVersionInfoSize field preset to
ctypes.sizeof(self).
Raises:
WindowsError: if the underlaying routine fails.
See: https://msdn.microsoft.com/en-us/library/
windows/hardware/ff561910(v=vs.85).aspx .
"""
rc = ctypes.windll.Ntdll.RtlGetVersion(ctypes.byref(os_version_info_struct))
if rc != 0:
raise exceptions.WindowsError("Getting Windows version failed.")
def CheckTraceHandle(result, func, arguments):
if result == ct.c_ulong(-1).value:
raise exceptions.WindowsError(ct.GetLastError())
return result
def CheckWinError(result, func, arguments):
if result != winerror.ERROR_SUCCESS:
raise exceptions.WindowsError(result)
