Package winappdbg :: Package win32 :: Module psapi
[hide private]
[frames] | no frames]

Source Code for Module winappdbg.win32.psapi

  1  # Copyright (c) 2009, Mario Vilas 
  2  # All rights reserved. 
  3  # 
  4  # Redistribution and use in source and binary forms, with or without 
  5  # modification, are permitted provided that the following conditions are met: 
  6  # 
  7  #     * Redistributions of source code must retain the above copyright notice, 
  8  #       this list of conditions and the following disclaimer. 
  9  #     * Redistributions in binary form must reproduce the above copyright 
 10  #       notice,this list of conditions and the following disclaimer in the 
 11  #       documentation and/or other materials provided with the distribution. 
 12  #     * Neither the name of the copyright holder nor the names of its 
 13  #       contributors may be used to endorse or promote products derived from 
 14  #       this software without specific prior written permission. 
 15  # 
 16  # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
 17  # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 18  # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 19  # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
 20  # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
 21  # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 22  # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 23  # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 24  # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
 25  # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 26  # POSSIBILITY OF SUCH DAMAGE. 
 27   
 28  """ 
 29  Debugging API wrappers in ctypes. 
 30   
 31  @see: U{http://apps.sourceforge.net/trac/winappdbg/wiki/Win32APIWrappers} 
 32  """ 
 33   
 34  __revision__ = "$Id: psapi.py 550 2009-12-13 23:52:46Z qvasimodo $" 
 35   
 36  from defines import * 
 37   
 38  #--- PSAPI structures and constants ------------------------------------------- 
 39   
 40  LIST_MODULES_DEFAULT    = 0x00 
 41  LIST_MODULES_32BIT      = 0x01 
 42  LIST_MODULES_64BIT      = 0x02 
 43  LIST_MODULES_ALL        = 0x03 
 44   
 45  # typedef struct _MODULEINFO { 
 46  #   LPVOID lpBaseOfDll; 
 47  #   DWORD  SizeOfImage; 
 48  #   LPVOID EntryPoint; 
 49  # } MODULEINFO, *LPMODULEINFO; 
50 -class MODULEINFO(Structure):
51 _fields_ = [ 52 ("lpBaseOfDll", LPVOID), # remote pointer 53 ("SizeOfImage", DWORD), 54 ("EntryPoint", LPVOID), # remote pointer 55 ]
56 LPMODULEINFO = POINTER(MODULEINFO) 57 58 #--- psapi.dll ---------------------------------------------------------------- 59 60 # BOOL WINAPI EnumDeviceDrivers( 61 # __out LPVOID *lpImageBase, 62 # __in DWORD cb, 63 # __out LPDWORD lpcbNeeded 64 # );
65 -def EnumDeviceDrivers():
66 _EnumDeviceDrivers = windll.psapi.EnumDeviceDrivers 67 _EnumDeviceDrivers.argtypes = [LPVOID, DWORD, LPDWORD] 68 _EnumDeviceDrivers.restype = bool 69 _EnumDeviceDrivers.errcheck = RaiseIfZero 70 71 size = 0x1000 72 lpcbNeeded = DWORD(size) 73 unit = sizeof(LPVOID) 74 while 1: 75 lpImageBase = (LPVOID * (size // unit))() 76 _EnumDeviceDrivers(ctypes.byref(lpImageBase), lpcbNeeded, ctypes.byref(lpcbNeeded)) 77 needed = lpcbNeeded.value 78 if needed <= size: 79 break 80 size = needed 81 return [ lpImageBase[index] for index in xrange(0, (needed // unit)) ]
82 83 # BOOL WINAPI EnumProcesses( 84 # __out DWORD *pProcessIds, 85 # __in DWORD cb, 86 # __out DWORD *pBytesReturned 87 # );
88 -def EnumProcesses():
89 _EnumProcesses = windll.psapi.EnumProcesses 90 _EnumProcesses.argtypes = [LPVOID, DWORD, LPDWORD] 91 _EnumProcesses.restype = bool 92 _EnumProcesses.errcheck = RaiseIfZero 93 94 size = 0x1000 95 cbBytesReturned = DWORD() 96 unit = sizeof(DWORD) 97 while 1: 98 ProcessIds = (DWORD * (size // unit))() 99 cbBytesReturned.value = size 100 _EnumProcesses(ctypes.byref(ProcessIds), cbBytesReturned, ctypes.byref(cbBytesReturned)) 101 returned = cbBytesReturned.value 102 if returned < size: 103 break 104 size = size + 0x1000 105 ProcessIdList = list() 106 for ProcessId in ProcessIds: 107 if ProcessId is None: 108 break 109 ProcessIdList.append(ProcessId) 110 return ProcessIdList
111 112 # BOOL WINAPI EnumProcessModules( 113 # __in HANDLE hProcess, 114 # __out HMODULE *lphModule, 115 # __in DWORD cb, 116 # __out LPDWORD lpcbNeeded 117 # );
118 -def EnumProcessModules(hProcess):
119 _EnumProcessModules = windll.psapi.EnumProcessModules 120 _EnumProcessModules.argtypes = [HANDLE, LPVOID, DWORD, LPDWORD] 121 _EnumProcessModules.restype = bool 122 _EnumProcessModules.errcheck = RaiseIfZero 123 124 size = 0x1000 125 lpcbNeeded = DWORD(size) 126 unit = sizeof(HMODULE) 127 while 1: 128 lphModule = (HMODULE * (size // unit))() 129 _EnumProcessModules(hProcess, ctypes.byref(lphModule), lpcbNeeded, ctypes.byref(lpcbNeeded)) 130 needed = lpcbNeeded.value 131 if needed <= size: 132 break 133 size = needed 134 return [ lphModule[index] for index in xrange(0, int(needed // unit)) ]
135 136 # BOOL WINAPI EnumProcessModulesEx( 137 # __in HANDLE hProcess, 138 # __out HMODULE *lphModule, 139 # __in DWORD cb, 140 # __out LPDWORD lpcbNeeded, 141 # __in DWORD dwFilterFlag 142 # );
143 -def EnumProcessModulesEx(hProcess, dwFilterFlag = LIST_MODULES_DEFAULT):
144 _EnumProcessModulesEx = windll.psapi.EnumProcessModulesEx 145 _EnumProcessModulesEx.argtypes = [HANDLE, LPVOID, DWORD, LPDWORD, DWORD] 146 _EnumProcessModulesEx.restype = bool 147 _EnumProcessModulesEx.errcheck = RaiseIfZero 148 149 size = 0x1000 150 lpcbNeeded = DWORD(size) 151 unit = sizeof(HMODULE) 152 while 1: 153 lphModule = (HMODULE * (size // unit))() 154 _EnumProcessModulesEx(hProcess, ctypes.byref(lphModule), lpcbNeeded, ctypes.byref(lpcbNeeded), dwFilterFlag) 155 needed = lpcbNeeded.value 156 if needed <= size: 157 break 158 size = needed 159 return [ lphModule[index] for index in xrange(0, (needed // unit)) ]
160 161 # DWORD WINAPI GetDeviceDriverBaseName( 162 # __in LPVOID ImageBase, 163 # __out LPTSTR lpBaseName, 164 # __in DWORD nSize 165 # );
166 -def GetDeviceDriverBaseNameA(ImageBase):
167 _GetDeviceDriverBaseNameA = windll.psapi.GetDeviceDriverBaseNameA 168 _GetDeviceDriverBaseNameA.argtypes = [LPVOID, LPSTR, DWORD] 169 _GetDeviceDriverBaseNameA.restype = DWORD 170 171 nSize = MAX_PATH 172 while 1: 173 lpBaseName = ctypes.create_string_buffer("", nSize) 174 nCopied = _GetDeviceDriverBaseNameA(ImageBase, lpBaseName, nSize) 175 if nCopied == 0: 176 raise ctypes.WinError() 177 if nCopied < (nSize - 1): 178 break 179 nSize = nSize + MAX_PATH 180 return lpBaseName.value
181
182 -def GetDeviceDriverBaseNameW(ImageBase):
183 _GetDeviceDriverBaseNameW = windll.psapi.GetDeviceDriverBaseNameW 184 _GetDeviceDriverBaseNameW.argtypes = [LPVOID, LPWSTR, DWORD] 185 _GetDeviceDriverBaseNameW.restype = DWORD 186 187 nSize = MAX_PATH 188 while 1: 189 lpBaseName = ctypes.create_unicode_buffer(u"", nSize) 190 nCopied = _GetDeviceDriverBaseNameW(ImageBase, lpBaseName, nSize) 191 if nCopied == 0: 192 raise ctypes.WinError() 193 if nCopied < (nSize - 1): 194 break 195 nSize = nSize + MAX_PATH 196 return lpBaseName.value
197 198 GetDeviceDriverBaseName = GuessStringType(GetDeviceDriverBaseNameA, GetDeviceDriverBaseNameW) 199 200 # DWORD WINAPI GetDeviceDriverFileName( 201 # __in LPVOID ImageBase, 202 # __out LPTSTR lpFilename, 203 # __in DWORD nSize 204 # );
205 -def GetDeviceDriverFileNameA(ImageBase):
206 _GetDeviceDriverFileNameA = windll.psapi.GetDeviceDriverFileNameA 207 _GetDeviceDriverFileNameA.argtypes = [LPVOID, LPSTR, DWORD] 208 _GetDeviceDriverFileNameA.restype = DWORD 209 210 nSize = MAX_PATH 211 while 1: 212 lpFilename = ctypes.create_string_buffer("", nSize) 213 nCopied = ctypes.windll.psapi.GetDeviceDriverFileNameA(ImageBase, lpFilename, nSize) 214 if nCopied == 0: 215 raise ctypes.WinError() 216 if nCopied < (nSize - 1): 217 break 218 nSize = nSize + MAX_PATH 219 return lpFilename.value
220
221 -def GetDeviceDriverFileNameW(ImageBase):
222 _GetDeviceDriverFileNameW = windll.psapi.GetDeviceDriverFileNameW 223 _GetDeviceDriverFileNameW.argtypes = [LPVOID, LPWSTR, DWORD] 224 _GetDeviceDriverFileNameW.restype = DWORD 225 226 nSize = MAX_PATH 227 while 1: 228 lpFilename = ctypes.create_unicode_buffer(u"", nSize) 229 nCopied = ctypes.windll.psapi.GetDeviceDriverFileNameW(ImageBase, lpFilename, nSize) 230 if nCopied == 0: 231 raise ctypes.WinError() 232 if nCopied < (nSize - 1): 233 break 234 nSize = nSize + MAX_PATH 235 return lpFilename.value
236 237 GetDeviceDriverFileName = GuessStringType(GetDeviceDriverFileNameA, GetDeviceDriverFileNameW) 238 239 # DWORD WINAPI GetMappedFileName( 240 # __in HANDLE hProcess, 241 # __in LPVOID lpv, 242 # __out LPTSTR lpFilename, 243 # __in DWORD nSize 244 # );
245 -def GetMappedFileNameA(hProcess, lpv):
246 _GetMappedFileNameA = ctypes.windll.psapi.GetMappedFileNameA 247 _GetMappedFileNameA.argtypes = [HANDLE, LPVOID, LPSTR, DWORD] 248 _GetMappedFileNameA.restype = DWORD 249 250 nSize = MAX_PATH 251 while 1: 252 lpFilename = ctypes.create_string_buffer("", nSize) 253 nCopied = _GetMappedFileNameA(hProcess, lpv, lpFilename, nSize) 254 if nCopied == 0: 255 raise ctypes.WinError() 256 if nCopied < (nSize - 1): 257 break 258 nSize = nSize + MAX_PATH 259 return lpFilename.value
260
261 -def GetMappedFileNameW(hProcess, lpv):
262 _GetMappedFileNameW = ctypes.windll.psapi.GetMappedFileNameW 263 _GetMappedFileNameW.argtypes = [HANDLE, LPVOID, LPWSTR, DWORD] 264 _GetMappedFileNameW.restype = DWORD 265 266 nSize = MAX_PATH 267 while 1: 268 lpFilename = ctypes.create_unicode_buffer(u"", nSize) 269 nCopied = _GetMappedFileNameW(hProcess, lpv, lpFilename, nSize) 270 if nCopied == 0: 271 raise ctypes.WinError() 272 if nCopied < (nSize - 1): 273 break 274 nSize = nSize + MAX_PATH 275 return lpFilename.value
276 277 GetMappedFileName = GuessStringType(GetMappedFileNameA, GetMappedFileNameW) 278 279 # DWORD WINAPI GetModuleFileNameEx( 280 # __in HANDLE hProcess, 281 # __in_opt HMODULE hModule, 282 # __out LPTSTR lpFilename, 283 # __in DWORD nSize 284 # );
285 -def GetModuleFileNameExA(hProcess, hModule):
286 _GetModuleFileNameExA = ctypes.windll.psapi.GetModuleFileNameExA 287 _GetModuleFileNameExA.argtypes = [HANDLE, HMODULE, LPSTR, DWORD] 288 _GetModuleFileNameExA.restype = DWORD 289 290 nSize = MAX_PATH 291 while 1: 292 lpFilename = ctypes.create_string_buffer("", nSize) 293 nCopied = _GetModuleFileNameExA(hProcess, hModule, lpFilename, nSize) 294 if nCopied == 0: 295 raise ctypes.WinError() 296 if nCopied < (nSize - 1): 297 break 298 nSize = nSize + MAX_PATH 299 return lpFilename.value
300
301 -def GetModuleFileNameExW(hProcess, hModule):
302 _GetModuleFileNameExW = ctypes.windll.psapi.GetModuleFileNameExW 303 _GetModuleFileNameExW.argtypes = [HANDLE, HMODULE, LPWSTR, DWORD] 304 _GetModuleFileNameExW.restype = DWORD 305 306 nSize = MAX_PATH 307 while 1: 308 lpFilename = ctypes.create_unicode_buffer(u"", nSize) 309 nCopied = _GetModuleFileNameExW(hProcess, hModule, lpFilename, nSize) 310 if nCopied == 0: 311 raise ctypes.WinError() 312 if nCopied < (nSize - 1): 313 break 314 nSize = nSize + MAX_PATH 315 return lpFilename.value
316 317 GetModuleFileNameEx = GuessStringType(GetModuleFileNameExA, GetModuleFileNameExW) 318 319 # BOOL WINAPI GetModuleInformation( 320 # __in HANDLE hProcess, 321 # __in HMODULE hModule, 322 # __out LPMODULEINFO lpmodinfo, 323 # __in DWORD cb 324 # );
325 -def GetModuleInformation(hProcess, hModule, lpmodinfo = None):
326 _GetModuleInformation = windll.psapi.GetModuleInformation 327 _GetModuleInformation.argtypes = [HANDLE, HMODULE, LPMODULEINFO, DWORD] 328 _GetModuleInformation.restype = bool 329 _GetModuleInformation.errcheck = RaiseIfZero 330 331 if lpmodinfo is None: 332 lpmodinfo = MODULEINFO() 333 _GetModuleInformation(hProcess, hModule, ctypes.byref(lpmodinfo), sizeof(lpmodinfo)) 334 return lpmodinfo
335 336 # DWORD WINAPI GetProcessImageFileName( 337 # __in HANDLE hProcess, 338 # __out LPTSTR lpImageFileName, 339 # __in DWORD nSize 340 # );
341 -def GetProcessImageFileNameA(hProcess):
342 _GetProcessImageFileNameA = windll.psapi.GetProcessImageFileNameA 343 _GetProcessImageFileNameA.argtypes = [HANDLE, LPSTR, DWORD] 344 _GetProcessImageFileNameA.restype = DWORD 345 346 nSize = MAX_PATH 347 while 1: 348 lpFilename = ctypes.create_string_buffer("", nSize) 349 nCopied = _GetProcessImageFileNameA(hProcess, lpFilename, nSize) 350 if nCopied == 0: 351 raise ctypes.WinError() 352 if nCopied < (nSize - 1): 353 break 354 nSize = nSize + MAX_PATH 355 return lpFilename.value
356
357 -def GetProcessImageFileNameW(hProcess):
358 _GetProcessImageFileNameW = windll.psapi.GetProcessImageFileNameW 359 _GetProcessImageFileNameW.argtypes = [HANDLE, LPWSTR, DWORD] 360 _GetProcessImageFileNameW.restype = DWORD 361 362 nSize = MAX_PATH 363 while 1: 364 lpFilename = ctypes.create_unicode_buffer(u"", nSize) 365 nCopied = _GetProcessImageFileNameW(hProcess, lpFilename, nSize) 366 if nCopied == 0: 367 raise ctypes.WinError() 368 if nCopied < (nSize - 1): 369 break 370 nSize = nSize + MAX_PATH 371 return lpFilename.value
372 373 GetProcessImageFileName = GuessStringType(GetProcessImageFileNameA, GetProcessImageFileNameW) 374