winappdbg.win32.defines

Source Code for Module winappdbg.win32.defines

1 # Copyright (c) 2009, Mario Vilas 2 # All rights reserved. 3 # 4 # Redistribution and use in source and binary forms, with or without 5 # modification, are permitted provided that the following conditions are met: 6 # 7 # * Redistributions of source code must retain the above copyright notice, 8 # this list of conditions and the following disclaimer. 9 # * Redistributions in binary form must reproduce the above copyright 10 # notice,this list of conditions and the following disclaimer in the 11 # documentation and/or other materials provided with the distribution. 12 # * Neither the name of the copyright holder nor the names of its 13 # contributors may be used to endorse or promote products derived from 14 # this software without specific prior written permission. 15 # 16 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 20 # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 # POSSIBILITY OF SUCH DAMAGE. 27 28 """ 29 Debugging API wrappers in ctypes. 30 31 @see: U{http://apps.sourceforge.net/trac/winappdbg/wiki/Win32APIWrappers} 32 """ 33 34 __revision__ = "$Id: defines.py 478 2009-11-28 04:19:09Z qvasimodo $" 35 36 import time 37 import struct 38 import ctypes 39 40 sizeof = ctypes.sizeof 41 POINTER = ctypes.POINTER 42 Structure = ctypes.Structure 43 Union = ctypes.Union 44 45 try: 46 from ctypes import windll 47 except ImportError:

48 - class FakeWinDll(object):

49 - def __getattr__(self, name):

50 return self

51 - def __call__(self, *argv, **argd):

52 raise ctypes.WinError(50) # ERROR_NOT_SUPPORTED

53 windll = FakeWinDll() 54 55 try: 56 WINFUNCTYPE = ctypes.WINFUNCTYPE 57 except AttributeError:

58 - class WINFUNCTYPE(object):

59 - def __init__(self, restype, *argtypes):

60 self.restype = restype 61 self.argtypes = argtypes

62 - def __call__(self, *argv):

63 return ctypes.WINFUNCTYPE(self.restype, *self.argtypes)(*argv)

64 65 try: 66 callable 67 except NameError:

68 - def callable(obj):

69 return hasattr(obj, '__call__')

70 71 ### XXX DEBUG 72 ##class WinDllHook(object): 73 ## def __getattr__(self, name): 74 ## if name.startswith('_'): 75 ## return object.__getattr__(self, name) 76 ## return WinFuncHook(name) 77 ##class WinFuncHook(object): 78 ## def __init__(self, name): 79 ## self.__name = name 80 ## def __getattr__(self, name): 81 ## if name.startswith('_'): 82 ## return object.__getattr__(self, name) 83 ## return WinCallHook(self.__name, name) 84 ##class WinCallHook(object): 85 #### def __new__(typ, dllname, funcname): 86 #### print dllname, funcname 87 #### return getattr(getattr(ctypes.windll, dllname), funcname) 88 ## def __init__(self, dllname, funcname): 89 ## self.__dllname = dllname 90 ## self.__funcname = funcname 91 ## self.__func = getattr(getattr(ctypes.windll, dllname), funcname) 92 ## def __copy_attribute(self, attribute): 93 ## try: 94 ## value = getattr(self, attribute) 95 ## setattr(self.__func, attribute, value) 96 ## except AttributeError: 97 ## try: 98 ## delattr(self.__func, attribute) 99 ## except AttributeError: 100 ## pass 101 ## def __call__(self, *argv): 102 ## self.__copy_attribute('argtypes') 103 ## self.__copy_attribute('restype') 104 ## self.__copy_attribute('errcheck') 105 ## print "-"*10 106 ## print "%s ! %s %r" % (self.__dllname, self.__funcname, argv) 107 ## retval = self.__func(*argv) 108 ## print "== %r" % (retval,) 109 ## return retval 110 ##windll = WinDllHook() 111

112 -def RaiseIfZero(result, func = None, arguments = ()):

113 """ 114 Error checking for most Win32 API calls. 115 116 The function is assumed to return an integer, which is C{0} on error. 117 In that case the C{WindowsError} exception is raised. 118 """ 119 if not result: 120 raise ctypes.WinError() 121 return result

122

123 -class GuessStringType(object):

124 """ 125 Decorator that guesses the correct version (A or W) to call 126 based on the types of the strings passed as parameters. 127 128 Defaults to B{ANSI} if no string arguments are passed. 129 130 Defaults to B{Unicode} if mixed string types are passed. 131 132 @type fn_ansi: function 133 @ivar fn_ansi: ANSI version of the API function to call. 134 @type fn_unicode: function 135 @ivar fn_unicode: Unicode (wide) version of the API function to call. 136 """ 137

138 - def __init__(self, fn_ansi, fn_unicode):

139 """ 140 @type fn_ansi: function 141 @param fn_ansi: ANSI version of the API function to call. 142 @type fn_unicode: function 143 @param fn_unicode: Unicode (wide) version of the API function to call. 144 """ 145 self.fn_ansi = fn_ansi 146 self.fn_unicode = fn_unicode

147

148 - def __call__(self, *argv, **argd):

149 guessed = None 150 t_ansi = type('') 151 t_unicode = type(u'') 152 v_types = [ type(item) for item in argv ] 153 v_types.extend( [ type(value) for (key, value) in argd.iteritems() ] ) 154 if t_unicode in v_types: 155 if t_ansi in v_types: 156 argv = list(argv) 157 for index in xrange(len(argv)): 158 if v_types[index] == t_ansi: 159 argv[index] = unicode(argv[index]) 160 for key, value in argd.items(): 161 if type(value) == t_ansi: 162 argd[key] = unicode(value) 163 return self.fn_unicode(*argv, **argd) 164 return self.fn_ansi(*argv, **argd)

165

166 -class MakeANSIVersion(object):

167 """ 168 Decorator that generates an ANSI version of a Unicode (wide) only API call. 169 170 @type fn: function 171 @ivar fn: Unicode (wide) version of the API function to call. 172 """ 173

174 - def __init__(self, fn):

175 """ 176 @type fn: function 177 @param fn: Unicode (wide) version of the API function to call. 178 """ 179 self.fn = fn

180

181 - def __call__(self, *argv, **argd):

182 t_ansi = type('') 183 v_types = [ type(item) for item in argv ] 184 v_types.extend( [ type(value) for (key, value) in argd.iteritems() ] ) 185 if t_ansi in v_types: 186 argv = list(argv) 187 for index in xrange(len(argv)): 188 if v_types[index] == t_ansi: 189 argv[index] = unicode(argv[index]) 190 for key, value in argd.items(): 191 if type(value) == t_ansi: 192 argd[key] = unicode(value) 193 return self.fn(*argv, **argd)

194 195 #--- Types -------------------------------------------------------------------- 196 197 LPVOID = ctypes.c_void_p 198 CHAR = ctypes.c_char 199 WCHAR = ctypes.c_wchar 200 BYTE = ctypes.c_ubyte 201 SBYTE = ctypes.c_byte 202 WORD = ctypes.c_ushort 203 SWORD = ctypes.c_short 204 DWORD = ctypes.c_uint 205 SDWORD = ctypes.c_int 206 QWORD = ctypes.c_ulonglong 207 SQWORD = ctypes.c_longlong 208 SHORT = ctypes.c_short 209 USHORT = ctypes.c_ushort 210 INT = ctypes.c_int 211 UINT = ctypes.c_uint 212 LONG = ctypes.c_long 213 ULONG = ctypes.c_ulong 214 LONGLONG = ctypes.c_longlong 215 ULONGLONG = ctypes.c_ulonglong 216 LPSTR = ctypes.c_char_p 217 LPWSTR = ctypes.c_wchar_p 218 219 try: 220 SIZE_T = ctypes.c_size_t 221 except AttributeError: 222 # Size of a pointer 223 SIZE_T = {1:BYTE, 2:WORD, 4:DWORD, 8:QWORD}[sizeof(LPVOID)] 224 PSIZE_T = POINTER(SIZE_T) 225 226 PVOID = LPVOID 227 PPVOID = POINTER(PVOID) 228 PSTR = LPSTR 229 PWSTR = LPWSTR 230 PCHAR = LPSTR 231 PWCHAR = LPWSTR 232 LPBYTE = POINTER(BYTE) 233 LPSBYTE = POINTER(SBYTE) 234 LPWORD = POINTER(WORD) 235 LPSWORD = POINTER(SWORD) 236 LPDWORD = POINTER(DWORD) 237 LPSDWORD = POINTER(SDWORD) 238 DWORD_PTR = POINTER(DWORD) 239 ULONG_PTR = POINTER(ULONG) 240 LONG_PTR = POINTER(LONG) 241 PDWORD = DWORD_PTR 242 PULONG = ULONG_PTR 243 PLONG = LONG_PTR 244 BOOL = DWORD 245 BOOLEAN = BYTE 246 PBOOL = POINTER(BOOL) 247 LPBOOL = PBOOL 248 TCHAR = CHAR # XXX ANSI by default? 249 UCHAR = BYTE 250 ULONG32 = DWORD 251 DWORD32 = DWORD 252 ULONG64 = QWORD 253 DWORD64 = QWORD 254 DWORDLONG = ULONGLONG 255 HANDLE = LPVOID 256 PHANDLE = POINTER(HANDLE) 257 LPHANDLE = PHANDLE 258 HMODULE = HANDLE 259 HINSTANCE = HANDLE 260 HRGN = HANDLE 261 HTASK = HANDLE 262 HKEY = HANDLE 263 HDESK = HANDLE 264 HMF = HANDLE 265 HEMF = HANDLE 266 HPEN = HANDLE 267 HRSRC = HANDLE 268 HSTR = HANDLE 269 HWINSTA = HANDLE 270 HKL = HANDLE 271 HGDIOBJ = HANDLE 272 HDWP = HANDLE 273 HFILE = HANDLE 274 HRESULT = LONG 275 HGLOBAL = HANDLE 276 HLOCAL = HANDLE 277 HBITMAP = HANDLE 278 HPALETTE = HANDLE 279 HENHMETAFILE = HANDLE 280 HMETAFILE = HANDLE 281 HMETAFILEPICT = HANDLE 282 HWND = HANDLE 283 NTSTATUS = LONG 284 PNTSTATUS = POINTER(NTSTATUS) 285 KAFFINITY = PVOID # ULONG_PTR 286 RVA = DWORD 287 RVA64 = QWORD 288 WPARAM = DWORD 289 LPARAM = LPVOID 290 LRESULT = LPVOID 291 292 # typedef union _LARGE_INTEGER { 293 # struct { 294 # DWORD LowPart; 295 # LONG HighPart; 296 # } ; 297 # struct { 298 # DWORD LowPart; 299 # LONG HighPart; 300 # } u; 301 # LONGLONG QuadPart; 302 # } LARGE_INTEGER, 303 # *PLARGE_INTEGER; 304 305 # XXX TODO 306 307 # typedef struct _FLOAT128 { 308 # __int64 LowPart; 309 # __int64 HighPart; 310 # } FLOAT128;

311 -class FLOAT128 (Structure):

312 _fields_ = [ 313 ("LowPart", QWORD), 314 ("HighPart", QWORD), 315 ]

316 PFLOAT128 = POINTER(FLOAT128) 317 318 # typedef struct DECLSPEC_ALIGN(16) _M128A { 319 # ULONGLONG Low; 320 # LONGLONG High; 321 # } M128A, *PM128A;

322 -class M128A(Structure):

323 _fields_ = [ 324 ("Low", ULONGLONG), 325 ("High", LONGLONG), 326 ]

327 PM128A = POINTER(M128A) 328 329 #--- Constants ---------------------------------------------------------------- 330 331 NULL = None 332 INFINITE = -1 333 TRUE = 1 334 FALSE = 0 335 336 # http://blogs.msdn.com/oldnewthing/archive/2004/08/26/220873.aspx 337 ANYSIZE_ARRAY = 1 338 339 INVALID_HANDLE_VALUE = ctypes.c_void_p(-1).value #-1 #0xFFFFFFFF 340 341 MAX_MODULE_NAME32 = 255 342 MAX_PATH = 260 343 344 # Error codes 345 # TODO maybe add more error codes? 346 ERROR_SUCCESS = 0 347 ERROR_INVALID_FUNCTION = 1 348 ERROR_FILE_NOT_FOUND = 2 349 ERROR_PATH_NOT_FOUND = 3 350 ERROR_ACCESS_DENIED = 5 351 ERROR_INVALID_HANDLE = 6 352 ERROR_NOT_ENOUGH_MEMORY = 8 353 ERROR_INVALID_DRIVE = 15 354 ERROR_NO_MORE_FILES = 18 355 ERROR_BAD_LENGTH = 24 356 ERROR_HANDLE_EOF = 38 357 ERROR_HANDLE_DISK_FULL = 39 358 ERROR_NOT_SUPPORTED = 50 359 ERROR_FILE_EXISTS = 80 360 ERROR_INVALID_PARAMETER = 87 361 ERROR_BUFFER_OVERFLOW = 111 362 ERROR_DISK_FULL = 112 363 ERROR_CALL_NOT_IMPLEMENTED = 120 364 ERROR_SEM_TIMEOUT = 121 365 ERROR_INSUFFICIENT_BUFFER = 122 366 ERROR_INVALID_NAME = 123 367 ERROR_MOD_NOT_FOUND = 126 368 ERROR_PROC_NOT_FOUND = 127 369 ERROR_DIR_NOT_EMPTY = 145 370 ERROR_BAD_THREADID_ADDR = 159 371 ERROR_BAD_ARGUMENTS = 160 372 ERROR_BAD_PATHNAME = 161 373 ERROR_ALREADY_EXISTS = 183 374 ERROR_INVALID_FLAG_NUMBER = 186 375 ERROR_FILENAME_EXCED_RANGE = 206 376 WAIT_TIMEOUT = 258 377 ERROR_NO_MORE_ITEMS = 259 378 ERROR_PARTIAL_COPY = 299 379 ERROR_INVALID_ADDRESS = 487 380 ERROR_THREAD_NOT_IN_PROCESS = 566 381 ERROR_CONTROL_C_EXIT = 572 382 ERROR_UNHANDLED_EXCEPTION = 574 383 ERROR_ASSERTION_FAILURE = 668 384 ERROR_WOW_ASSERTION = 670 385 386 ERROR_DBG_EXCEPTION_NOT_HANDLED = 688 387 ERROR_DBG_REPLY_LATER = 689 388 ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 690 389 ERROR_DBG_TERMINATE_THREAD = 691 390 ERROR_DBG_TERMINATE_PROCESS = 692 391 ERROR_DBG_CONTROL_C = 693 392 ERROR_DBG_PRINTEXCEPTION_C = 694 393 ERROR_DBG_RIPEXCEPTION = 695 394 ERROR_DBG_CONTROL_BREAK = 696 395 ERROR_DBG_COMMAND_EXCEPTION = 697 396 ERROR_DBG_EXCEPTION_HANDLED = 766 397 ERROR_DBG_CONTINUE = 767 398 399 ERROR_DEBUGGER_INACTIVE = 1284 400 401 #--- Structures --------------------------------------------------------------- 402 403 # typedef struct _LSA_UNICODE_STRING { 404 # USHORT Length; 405 # USHORT MaximumLength; 406 # PWSTR Buffer; 407 # } LSA_UNICODE_STRING, 408 # *PLSA_UNICODE_STRING, 409 # UNICODE_STRING, 410 # *PUNICODE_STRING;

411 -class UNICODE_STRING(Structure):

412 _fields_ = [ 413 ("Length", USHORT), 414 ("MaximumLength", USHORT), 415 ("Buffer", PVOID), 416 ]

417 418 # From MSDN: 419 # 420 # typedef struct _GUID { 421 # DWORD Data1; 422 # WORD Data2; 423 # WORD Data3; 424 # BYTE Data4[8]; 425 # } GUID;

426 -class GUID(Structure):

427 _fields_ = [ 428 ("Data1", DWORD), 429 ("Data2", WORD), 430 ("Data3", WORD), 431 ("Data4", BYTE * 8), 432 ]

433 434 # From MSDN: 435 # 436 # typedef struct _LIST_ENTRY { 437 # struct _LIST_ENTRY *Flink; 438 # struct _LIST_ENTRY *Blink; 439 # } LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY;

440 -class LIST_ENTRY(Structure):

441 pass

442 LIST_ENTRY._fields_ = [ 443 ("Flink", PVOID), # POINTER(LIST_ENTRY) 444 ("Blink", PVOID), # POINTER(LIST_ENTRY) 445 ] 446