Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Module system :: Class System
[hide private]
[frames] | no frames]

Class System

source code

Interface to a batch of processes, plus some system wide settings. Contains a snapshot of processes.

Instance Methods [hide private]
 
_ProcessContainer__find_processes_by_filename(self, filename)
Internally used by find_processes_by_filename. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
_ProcessContainer__initialize_snapshot(self)
Private method to automatically initialize the snapshot when you try to use it without calling any of the scan_* methods first. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
__contains__(self, anObject)
Returns: True if the snapshot contains a Process or Thread object with the same ID. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
__init__(self)
x.__init__(...) initializes x; see help(type(x)) for signature (Inherited from winappdbg.process._ProcessContainer)		 source code
dictionary-valueiterator
__iter__(self)
Returns: Iterator of Process objects in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
int
__len__(self)
Returns: Count of Process objects in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
_add_process(self, aProcess)
Private method to add a process object to the snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
_del_process(self, dwProcessId)
Private method to remove a process object from the snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
_notify_create_process(self, event)
Notify the creation of a new process. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
_notify_exit_process(self, event)
Notify the termination of a process. (Inherited from winappdbg.process._ProcessContainer)		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

    Instrumentation
int or None
get_explorer_pid(self)
Tries to find the process ID for "explorer.exe". (Inherited from winappdbg.process._ProcessContainer)		 source code
Process
start_process(self, lpCmdLine, **kwargs)
Starts a new process for instrumenting (or debugging). (Inherited from winappdbg.process._ProcessContainer)		 source code
    Processes snapshot
 
clear(self)
Clears this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
clear_dead_processes(self)
Removes Process objects from the snapshot referring to processes no longer running. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
clear_processes(self)
Removes all Process, Thread and Module objects in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
clear_unattached_processes(self)
Removes Process objects from the snapshot referring to processes not being debugged. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
close_process_and_thread_handles(self)
Closes all open handles to processes and threads in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
close_process_handles(self)
Closes all open handles to processes in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
list of tuple( Process, str )
find_processes_by_filename(self, fileName)
Returns: List of processes matching the given main module filename. (Inherited from winappdbg.process._ProcessContainer)		 source code
int
get_pid_from_tid(self, dwThreadId)
Retrieves the global ID of the process that owns the thread. (Inherited from winappdbg.process._ProcessContainer)		 source code
Process
get_process(self, dwProcessId)
Returns: Process object with the given global ID. (Inherited from winappdbg.process._ProcessContainer)		 source code
int
get_process_count(self)
Returns: Count of Process objects in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
list( int )
get_process_ids(self)
Returns: List of global process IDs in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
list of Window
get_windows(self)
Returns: Returns a list of windows handled by all processes in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
has_process(self, dwProcessId)
Returns: True if the snapshot contains a Process object with the given global ID. (Inherited from winappdbg.process._ProcessContainer)		 source code
dictionary-keyiterator
iter_process_ids(self)
Returns: Iterator of global process IDs in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
dictionary-valueiterator
iter_processes(self)
Returns: Iterator of Process objects in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
scan(self)
Populates the snapshot with running processes and threads, and loaded modules. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
scan_process_filenames(self)
Update the filename for each process in the snapshot when possible. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
scan_processes(self)
Populates the snapshot with running processes. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
scan_processes_fast(self)
Populates the snapshot with running processes. (Inherited from winappdbg.process._ProcessContainer)		 source code
    Threads snapshots
Thread
get_thread(self, dwThreadId)
Returns: Thread object with the given global ID. (Inherited from winappdbg.process._ProcessContainer)		 source code
int
get_thread_count(self)
Returns: Count of Thread objects in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
list( int )
get_thread_ids(self)
Returns: List of global thread IDs in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
has_thread(self, dwThreadId)
Returns: True if the snapshot contains a Thread object with the given global ID. (Inherited from winappdbg.process._ProcessContainer)		 source code
 
scan_processes_and_threads(self)
Populates the snapshot with running processes and threads. (Inherited from winappdbg.process._ProcessContainer)		 source code
    Modules snapshots
list( Module... )
find_modules_by_address(self, address)
Returns: List of Module objects that best match the given address. (Inherited from winappdbg.process._ProcessContainer)		 source code
list( Module... )
find_modules_by_base(self, lpBaseOfDll)
Returns: List of Module objects with the given base address. (Inherited from winappdbg.process._ProcessContainer)		 source code
list( Module... )
find_modules_by_name(self, fileName)
Returns: List of Module objects found. (Inherited from winappdbg.process._ProcessContainer)		 source code
int
get_module_count(self)
Returns: Count of Module objects in this snapshot. (Inherited from winappdbg.process._ProcessContainer)		 source code
bool
scan_modules(self)
Populates the snapshot with loaded modules. (Inherited from winappdbg.process._ProcessContainer)		 source code
Class Methods [hide private]
tuple(str, str, bool, bool, str, str)
get_file_version_info(cls, filename)
Get the program version from an executable file, if available.		 source code
    Debugging
bool
request_debug_privileges(cls, bIgnoreExceptions=False)
Requests debug privileges.		 source code
bool
drop_debug_privileges(cls, bIgnoreExceptions=False)
Drops debug privileges.		 source code
ctypes.WinDLL
load_dbghelp(cls, pathname=None)
Load the specified version of the dbghelp.dll library.		 source code
    Postmortem debugging
tuple( str, bool, int )
get_postmortem_debugger(cls, bits=None)
Returns the postmortem debugging settings from the Registry.		 source code
list( str )
get_postmortem_exclusion_list(cls, bits=None)
Returns the exclusion list for the postmortem debugger.		 source code
tuple( str, bool, int )
set_postmortem_debugger(cls, cmdline, auto=None, hotkey=None, bits=None)
Sets the postmortem debugging settings in the Registry.		 source code
 
add_to_postmortem_exclusion_list(cls, pathname, bits=None)
Adds the given filename to the exclusion list for postmortem debugging.		 source code
 
remove_from_postmortem_exclusion_list(cls, pathname, bits=None)
Removes the given filename to the exclusion list for postmortem debugging from the Registry.		 source code
    Permissions and privileges
 
request_privileges(cls, *privileges)
Requests privileges.		 source code
 
drop_privileges(cls, *privileges)
Drops privileges.		 source code
    Miscellaneous global settings
 
enable_step_on_branch_mode(cls)
When tracing, call this on every single step event for step on branch mode.		 source code
tuple( int, int )
get_last_branch_location(cls)
Returns the source and destination addresses of the last taken branch.		 source code
Static Methods [hide private]
win32.ServiceStatusProcess
get_service(name)
Get the service descriptor for the given service name.		 source code
    Instrumentation
Window or None
find_window(className=None, windowName=None)
Find the first top-level window in the current desktop to match the given class name and/or window name.		 source code
Window
get_window_at(x, y)
Get the window located at the given coordinates in the desktop.		 source code
Window
get_foreground_window()
Returns: Returns the foreground window.		 source code
Window
get_desktop_window()
Returns: Returns the desktop window.		 source code
Window
get_shell_window()
Returns: Returns the shell window.		 source code
str
argv_to_cmdline(argv)
Convert a list of arguments to a single command line string. (Inherited from winappdbg.process._ProcessContainer)		 source code
list( str )
cmdline_to_argv(lpCmdLine)
Convert a single command line string to a list of arguments. (Inherited from winappdbg.process._ProcessContainer)		 source code
    Debugging
str or None
fix_symbol_store_path(symbol_store_path=None, remote=True, force=False)
Fix the symbol store path.		 source code
    System services
list( win32.ServiceStatusProcessEntry )
get_services()
Retrieve a list of all system services.		 source code
list( win32.ServiceStatusProcessEntry )
get_active_services()
Retrieve a list of all active system services.		 source code
str
get_service_display_name(name)
Get the service display name for the given service name.		 source code
str
get_service_from_display_name(displayName)
Get the service unique name given its display name.		 source code
 
start_service(name, argv=None)
Start the service given by name.		 source code
 
stop_service(name)
Stop the service given by name.		 source code
 
pause_service(name)
Pause the service given by name.		 source code
 
resume_service(name)
Resume the service given by name.		 source code
    Permissions and privileges
 
adjust_privileges(state, privileges)
Requests or drops privileges.		 source code
bool
is_admin()
Returns: True if the current user as Administrator privileges, False otherwise.		 source code
    Miscellaneous global settings
bool
set_kill_on_exit_mode(bKillOnExit=False)
Defines the behavior of the debugged processes when the debugging thread dies.		 source code
int
read_msr(address)
Read the contents of the specified MSR (Machine Specific Register).		 source code
 
write_msr(address, value)
Set the contents of the specified MSR (Machine Specific Register).		 source code
Class Variables [hide private]
Registry registry = <Local Registry>
Windows Registry for this machine.
  __binary_types = {1: 'application', 2: 'dynamic link library',...
  __driver_types = {1: 'printer driver', 2: 'keyboard driver', 3...
  __font_types = {1: 'raster font', 2: 'vector font', 3: 'TrueTy...
  __months = ('January', 'February', 'March', 'April', 'May', 'J...
  __days_of_the_week = ('Sunday', 'Monday', 'Tuesday', 'Wednesda...
  __dbghelp_locations = {'amd64': set(['C:\\Program Files (x86)\...
    Platform settings
str arch = 'amd64'
Name of the processor architecture we're running on.
int bits = 32
Size of the machine word in bits for the current architecture.
str os = 'Windows 7 (64 bits)'
Name of the Windows version we're runing on.
bool wow64 = True
True if the debugger is a 32 bits process running in a 64 bits version of Windows, False otherwise.
Properties [hide private]

Inherited from object: __class__

    Platform settings
int pageSize
Page size in bytes.
Method Details [hide private]

find_window(className=None, windowName=None)
Static Method

source code 

Find the first top-level window in the current desktop to match the given class name and/or window name. If neither are provided any top-level window will match.

Parameters:
  • className (str) - (Optional) Class name of the window to find. If None or not used any class name will match the search.
  • windowName (str) - (Optional) Caption text of the window to find. If None or not used any caption text will match the search.
Returns: Window or None
A window that matches the request. There may be more matching windows, but this method only returns one. If no matching window is found, the return value is None.
Raises:
  • WindowsError - An error occured while processing this request.

See Also: get_window_at

get_window_at(x, y)
Static Method

source code 

Get the window located at the given coordinates in the desktop. If no such window exists an exception is raised.

Parameters:
  • x (int) - Horizontal coordinate.
  • y (int) - Vertical coordinate.
Returns: Window
Window at the requested position. If no such window exists a WindowsError exception is raised.
Raises:
  • WindowsError - An error occured while processing this request.

See Also: find_window

get_foreground_window()
Static Method

source code 
Returns: Window
Returns the foreground window.
Raises:
  • WindowsError - An error occured while processing this request.

get_desktop_window()
Static Method

source code 
Returns: Window
Returns the desktop window.
Raises:
  • WindowsError - An error occured while processing this request.

get_shell_window()
Static Method

source code 
Returns: Window
Returns the shell window.
Raises:
  • WindowsError - An error occured while processing this request.

request_debug_privileges(cls, bIgnoreExceptions=False)
Class Method

source code 

Requests debug privileges.

This may be needed to debug processes running as SYSTEM (such as services) since Windows XP.

Parameters:
  • bIgnoreExceptions (bool) - True to ignore any exceptions that may be raised when requesting debug privileges.
Returns: bool
True on success, False on failure.
Raises:
  • WindowsError - Raises an exception on error, unless bIgnoreExceptions is True.

drop_debug_privileges(cls, bIgnoreExceptions=False)
Class Method

source code 

Drops debug privileges.

This may be needed to avoid being detected by certain anti-debug tricks.

Parameters:
  • bIgnoreExceptions (bool) - True to ignore any exceptions that may be raised when dropping debug privileges.
Returns: bool
True on success, False on failure.
Raises:
  • WindowsError - Raises an exception on error, unless bIgnoreExceptions is True.

request_privileges(cls, *privileges)
Class Method

source code 

Requests privileges.

Parameters:
  • privileges (int...) - Privileges to request.
Raises:
  • WindowsError - Raises an exception on error.

drop_privileges(cls, *privileges)
Class Method

source code 

Drops privileges.

Parameters:
  • privileges (int...) - Privileges to drop.
Raises:
  • WindowsError - Raises an exception on error.

adjust_privileges(state, privileges)
Static Method

source code 

Requests or drops privileges.

Parameters:
  • state (bool) - True to request, False to drop.
  • privileges (list(int)) - Privileges to request or drop.
Raises:
  • WindowsError - Raises an exception on error.

is_admin()
Static Method

source code 
Returns: bool
True if the current user as Administrator privileges, False otherwise. Since Windows Vista and above this means if the current process is running with UAC elevation or not.

get_file_version_info(cls, filename)
Class Method

source code 

Get the program version from an executable file, if available.

Parameters:
  • filename (str) - Pathname to the executable file to query.
Returns: tuple(str, str, bool, bool, str, str)
Tuple with version information extracted from the executable file metadata, containing the following:
  • File version number ("major.minor").
  • Product version number ("major.minor").
  • True for debug builds, False for production builds.
  • True for legacy OS builds (DOS, OS/2, Win16), False for modern OS builds.
  • Binary file type. May be one of the following values:
    • "application"
    • "dynamic link library"
    • "static link library"
    • "font"
    • "raster font"
    • "TrueType font"
    • "vector font"
    • "driver"
    • "communications driver"
    • "display driver"
    • "installable driver"
    • "keyboard driver"
    • "language driver"
    • "legacy driver"
    • "mouse driver"
    • "network driver"
    • "printer driver"
    • "sound driver"
    • "system driver"
    • "versioned printer driver"
  • Binary creation timestamp.

Any of the fields may be None if not available.

Raises:
  • WindowsError - Raises an exception on error.

load_dbghelp(cls, pathname=None)
Class Method

source code 

Load the specified version of the dbghelp.dll library.

This library is shipped with the Debugging Tools for Windows, and it's required to load debug symbols.

Normally you don't need to call this method, as WinAppDbg already tries to load the latest version automatically - but it may come in handy if the Debugging Tools are installed in a non standard folder.

Example:

   from winappdbg import Debug

   def simple_debugger( argv ):

       # Instance a Debug object, passing it the event handler callback
       debug = Debug( my_event_handler )
       try:

           # Load a specific dbghelp.dll file
           debug.system.load_dbghelp("C:\Some folder\dbghelp.dll")

           # Start a new process for debugging
           debug.execv( argv )

           # Wait for the debugee to finish
           debug.loop()

       # Stop the debugger
       finally:
           debug.stop()
Parameters:
  • pathname (str) - (Optional) Full pathname to the dbghelp.dll library. If not provided this method will try to autodetect it.
Returns: ctypes.WinDLL
Loaded instance of dbghelp.dll.
Raises:
  • NotImplementedError - This feature was not implemented for the current architecture.
  • WindowsError - An error occured while processing this request.

See Also: http://msdn.microsoft.com/en-us/library/ms679294(VS.85).aspx

fix_symbol_store_path(symbol_store_path=None, remote=True, force=False)
Static Method

source code 

Fix the symbol store path. Equivalent to the .symfix command in Microsoft WinDbg.

If the symbol store path environment variable hasn't been set, this method will provide a default one.

Parameters:
  • symbol_store_path (str or None) - (Optional) Symbol store path to set.
  • remote (bool) - (Optional) Defines the symbol store path to set when the symbol_store_path is None.

    If True the default symbol store path is set to the Microsoft symbol server. Debug symbols will be downloaded through HTTP. This gives the best results but is also quite slow.

    If False the default symbol store path is set to the local cache only. This prevents debug symbols from being downloaded and is faster, but unless you've installed the debug symbols on this machine or downloaded them in a previous debugging session, some symbols may be missing.

    If the symbol_store_path argument is not None, this argument is ignored entirely.

  • force (bool) - (Optional) If True the new symbol store path is set always. If False the new symbol store path is only set if missing.

    This allows you to call this method preventively to ensure the symbol server is always set up correctly when running your script, but without messing up whatever configuration the user has.

    Example:

       from winappdbg import Debug, System

   def simple_debugger( argv ):

       # Instance a Debug object
       debug = Debug( MyEventHandler() )
       try:

           # Make sure the remote symbol store is set
           System.fix_symbol_store_path(remote = True,
                                         force = False)

           # Start a new process for debugging
           debug.execv( argv )

           # Wait for the debugee to finish
           debug.loop()

       # Stop the debugger
       finally:
           debug.stop()
Returns: str or None
The previously set symbol store path if any, otherwise returns None.

set_kill_on_exit_mode(bKillOnExit=False)
Static Method

source code 

Defines the behavior of the debugged processes when the debugging thread dies. This method only affects the calling thread.

Works on the following platforms:

  • Microsoft Windows XP and above.
  • Wine (Windows Emulator).

Fails on the following platforms:

  • Microsoft Windows 2000 and below.
  • ReactOS.
Parameters:
  • bKillOnExit (bool) - True to automatically kill processes when the debugger thread dies. False to automatically detach from processes when the debugger thread dies.
Returns: bool
True on success, False on error.

Note: This call will fail if a debug port was not created. That is, if the debugger isn't attached to at least one process. For more info see: http://msdn.microsoft.com/en-us/library/ms679307.aspx

read_msr(address)
Static Method

source code 

Read the contents of the specified MSR (Machine Specific Register).

Parameters:
  • address (int) - MSR to read.
Returns: int
Value of the specified MSR.
Raises:
  • WindowsError - Raises an exception on error.
  • NotImplementedError - Current architecture is not i386 or amd64.

Warning: It could potentially brick your machine. It works on my machine, but your mileage may vary.

write_msr(address, value)
Static Method

source code 

Set the contents of the specified MSR (Machine Specific Register).

Parameters:
  • address (int) - MSR to write.
  • value (int) - Contents to write on the MSR.
Raises:
  • WindowsError - Raises an exception on error.
  • NotImplementedError - Current architecture is not i386 or amd64.

Warning: It could potentially brick your machine. It works on my machine, but your mileage may vary.

enable_step_on_branch_mode(cls)
Class Method

source code 

When tracing, call this on every single step event for step on branch mode.

Raises:
  • WindowsError - Raises ERROR_DEBUGGER_INACTIVE if the debugger is not attached to least one process.
  • NotImplementedError - Current architecture is not i386 or amd64.

Warning: This method uses the processor's machine specific registers (MSR). It could potentially brick your machine. It works on my machine, but your mileage may vary.

Note: It doesn't seem to work in VMWare or VirtualBox machines. Maybe it fails in other virtualization/emulation environments, no extensive testing was made so far.

get_last_branch_location(cls)
Class Method

source code 

Returns the source and destination addresses of the last taken branch.

Returns: tuple( int, int )
Source and destination addresses of the last taken branch.
Raises:
  • WindowsError - Raises an exception on error.
  • NotImplementedError - Current architecture is not i386 or amd64.

Warning: This method uses the processor's machine specific registers (MSR). It could potentially brick your machine. It works on my machine, but your mileage may vary.

Note: It doesn't seem to work in VMWare or VirtualBox machines. Maybe it fails in other virtualization/emulation environments, no extensive testing was made so far.

get_postmortem_debugger(cls, bits=None)
Class Method

source code 

Returns the postmortem debugging settings from the Registry.

Parameters:
  • bits (int) - Set to 32 for the 32 bits debugger, or 64 for the 64 bits debugger. Set to {None} for the default (System.bits.
Returns: tuple( str, bool, int )
A tuple containing the command line string to the postmortem debugger, a boolean specifying if user interaction is allowed before attaching, and an integer specifying a user defined hotkey. Any member of the tuple may be None. See set_postmortem_debugger for more details.
Raises:
  • WindowsError - Raises an exception on error.

See Also: set_postmortem_debugger

get_postmortem_exclusion_list(cls, bits=None)
Class Method

source code 

Returns the exclusion list for the postmortem debugger.

Parameters:
  • bits (int) - Set to 32 for the 32 bits debugger, or 64 for the 64 bits debugger. Set to {None} for the default (System.bits).
Returns: list( str )
List of excluded application filenames.
Raises:
  • WindowsError - Raises an exception on error.

See Also: get_postmortem_debugger

set_postmortem_debugger(cls, cmdline, auto=None, hotkey=None, bits=None)
Class Method

source code 

Sets the postmortem debugging settings in the Registry.

Parameters:
  • cmdline (str) - Command line to the new postmortem debugger. When the debugger is invoked, the first "%ld" is replaced with the process ID and the second "%ld" is replaced with the event handle. Don't forget to enclose the program filename in double quotes if the path contains spaces.
  • auto (bool) - Set to True if no user interaction is allowed, False to prompt a confirmation dialog before attaching. Use None to leave this value unchanged.
  • hotkey (int) - Virtual key scan code for the user defined hotkey. Use 0 to disable the hotkey. Use None to leave this value unchanged.
  • bits (int) - Set to 32 for the 32 bits debugger, or 64 for the 64 bits debugger. Set to {None} for the default (System.bits).
Returns: tuple( str, bool, int )
Previously defined command line and auto flag.
Raises:
  • WindowsError - Raises an exception on error.

Warning: This method requires administrative rights.

See Also: get_postmortem_debugger

add_to_postmortem_exclusion_list(cls, pathname, bits=None)
Class Method

source code 

Adds the given filename to the exclusion list for postmortem debugging.

Parameters:
  • pathname (str) - Application pathname to exclude from postmortem debugging.
  • bits (int) - Set to 32 for the 32 bits debugger, or 64 for the 64 bits debugger. Set to {None} for the default (System.bits).
Raises:
  • WindowsError - Raises an exception on error.

Warning: This method requires administrative rights.

See Also: get_postmortem_exclusion_list

remove_from_postmortem_exclusion_list(cls, pathname, bits=None)
Class Method

source code 

Removes the given filename to the exclusion list for postmortem debugging from the Registry.

Parameters:
  • pathname (str) - Application pathname to remove from the postmortem debugging exclusion list.
  • bits (int) - Set to 32 for the 32 bits debugger, or 64 for the 64 bits debugger. Set to {None} for the default (System.bits).
Raises:
  • WindowsError - Raises an exception on error.
Warnings:
  • This method requires administrative rights.
  • Don't ever delete entries you haven't created yourself! Some entries are set by default for your version of Windows. Deleting them might deadlock your system under some circumstances.

    For more details see: http://msdn.microsoft.com/en-us/library/bb204634(v=vs.85).aspx

See Also: get_postmortem_exclusion_list

get_services()
Static Method

source code 

Retrieve a list of all system services.

Returns: list( win32.ServiceStatusProcessEntry )
List of service status descriptors.

See Also: get_active_services, start_service, stop_service, pause_service, resume_service

get_active_services()
Static Method

source code 

Retrieve a list of all active system services.

Returns: list( win32.ServiceStatusProcessEntry )
List of service status descriptors.

See Also: get_services, start_service, stop_service, pause_service, resume_service

get_service(name)
Static Method

source code 

Get the service descriptor for the given service name.

Parameters:
  • name (str) - Service unique name. You can get this value from the ServiceName member of the service descriptors returned by get_services or get_active_services.
Returns: win32.ServiceStatusProcess
Service status descriptor.

See Also: start_service, stop_service, pause_service, resume_service

get_service_display_name(name)
Static Method

source code 

Get the service display name for the given service name.

Parameters:
  • name (str) - Service unique name. You can get this value from the ServiceName member of the service descriptors returned by get_services or get_active_services.
Returns: str
Service display name.

See Also: get_service

get_service_from_display_name(displayName)
Static Method

source code 

Get the service unique name given its display name.

Parameters:
  • displayName (str) - Service display name. You can get this value from the DisplayName member of the service descriptors returned by get_services or get_active_services.
Returns: str
Service unique name.

See Also: get_service

start_service(name, argv=None)
Static Method

source code 

Start the service given by name.

Parameters:
  • name (str) - Service unique name. You can get this value from the ServiceName member of the service descriptors returned by get_services or get_active_services.

Warning: This method requires UAC elevation in Windows Vista and above.

See Also: stop_service, pause_service, resume_service

stop_service(name)
Static Method

source code 

Stop the service given by name.

Warning: This method requires UAC elevation in Windows Vista and above.

See Also: get_services, get_active_services, start_service, pause_service, resume_service

pause_service(name)
Static Method

source code 

Pause the service given by name.

Warning: This method requires UAC elevation in Windows Vista and above.

Note: Not all services support this.

See Also: get_services, get_active_services, start_service, stop_service, resume_service

resume_service(name)
Static Method

source code 

Resume the service given by name.

Warning: This method requires UAC elevation in Windows Vista and above.

Note: Not all services support this.

See Also: get_services, get_active_services, start_service, stop_service, pause_service


Class Variable Details [hide private]

arch

Name of the processor architecture we're running on. For more details see win32.version._get_arch.
Type:
str
Value:
'amd64'

bits

Size of the machine word in bits for the current architecture. For more details see win32.version._get_bits.
Type:
int
Value:
32

os

Name of the Windows version we're runing on. For more details see win32.version._get_os.
Type:
str
Value:
'Windows 7 (64 bits)'

__binary_types

Value:
{1: 'application',
 2: 'dynamic link library',
 3: 'driver',
 4: 'font',
 5: 'legacy driver',
 7: 'static link library'}

__driver_types

Value:
{1: 'printer driver',
 2: 'keyboard driver',
 3: 'language driver',
 4: 'display driver',
 5: 'mouse driver',
 6: 'network driver',
 7: 'system driver',
 8: 'installable driver',
...

__font_types

Value:
{1: 'raster font', 2: 'vector font', 3: 'TrueType font'}

__months

Value:
('January',
 'February',
 'March',
 'April',
 'May',
 'June',
 'July',
 'August',
...

__days_of_the_week

Value:
('Sunday',
 'Monday',
 'Tuesday',
 'Wednesday',
 'Thursday',
 'Friday',
 'Saturday')

__dbghelp_locations

Value:
{'amd64': set(['C:\\Program Files (x86)\\Debugging Tools for Windows (\
x64)\\dbghelp.dll',
               'C:\\Program Files (x86)\\Windows Kits\\8.0\\Debuggers\\
\x64\\dbghelp.dll',
               'C:\\Program Files\\Windows Kits\\8.0\\Debuggers\\x64\\\
dbghelp.dll']),
 'i386': set(['C:\\Program Files (x86)\\Debugging Tools for Windows (x\
86)\\dbghelp.dll',
...

Property Details [hide private]

pageSize

Page size in bytes. Defaults to 0x1000 but it's automatically updated on runtime when importing the module.
Get Method:
unreachable(cls)

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Fri Dec 20 17:54:55 2013 http://epydoc.sourceforge.net