winappdbg.win32.kernel32

Source Code for Module winappdbg.win32.kernel32

1 # Copyright (c) 2009-2010, Mario Vilas 2 # All rights reserved. 3 # 4 # Redistribution and use in source and binary forms, with or without 5 # modification, are permitted provided that the following conditions are met: 6 # 7 # * Redistributions of source code must retain the above copyright notice, 8 # this list of conditions and the following disclaimer. 9 # * Redistributions in binary form must reproduce the above copyright 10 # notice,this list of conditions and the following disclaimer in the 11 # documentation and/or other materials provided with the distribution. 12 # * Neither the name of the copyright holder nor the names of its 13 # contributors may be used to endorse or promote products derived from 14 # this software without specific prior written permission. 15 # 16 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 17 # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 20 # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 # POSSIBILITY OF SUCH DAMAGE. 27 28 """ 29 Wrapper for kernel32.dll in ctypes. 30 """ 31 32 __revision__ = "$Id: kernel32.py 720 2010-07-11 12:38:14Z qvasimodo $" 33 34 from defines import * 35 from version import * 36 37 #--- CONTEXT structure and constants ------------------------------------------ 38 39 import context_i386 40 import context_amd64 41 import context_ia64 42 43 from context_i386 import CONTEXT_i386, CONTEXT_i486 44 from context_amd64 import CONTEXT_AMD64 45 from context_ia64 import CONTEXT_IA64 46 47 ContextArchMask = context_i386.CONTEXT_i386 48 ##ContextArchMask = ContextArchMask | context_amd64.CONTEXT_i486 49 ContextArchMask = ContextArchMask | context_amd64.CONTEXT_AMD64 50 ContextArchMask = ContextArchMask | context_ia64.CONTEXT_IA64 51 52 if arch == 'i386': 53 from context_i386 import * 54 elif arch == 'amd64': 55 if sizeof(SIZE_T) == sizeof(DWORD64): 56 from context_amd64 import * 57 else: 58 from context_i386 import * 59 elif arch == 'ia64': 60 if sizeof(SIZE_T) == sizeof(DWORD64): 61 from context_ia64 import * 62 else: 63 from context_i386 import * 64 else: 65 print "Warning, unknown or unsupported architecture" 66 67 #--- Constants ---------------------------------------------------------------- 68 69 STILL_ACTIVE = 259 70 71 WAIT_TIMEOUT = 0x102 72 WAIT_FAILED = -1 73 WAIT_OBJECT_0 = 0 74 75 EXCEPTION_NONCONTINUABLE = 0x1 # Noncontinuable exception 76 EXCEPTION_MAXIMUM_PARAMETERS = 15 # maximum number of exception parameters 77 MAXIMUM_WAIT_OBJECTS = 64 # Maximum number of wait objects 78 MAXIMUM_SUSPEND_COUNT = 0x7f # Maximum times thread can be suspended 79 80 FORMAT_MESSAGE_ALLOCATE_BUFFER = 0x00000100 81 FORMAT_MESSAGE_FROM_SYSTEM = 0x00001000 82 83 GR_GDIOBJECTS = 0 84 GR_USEROBJECTS = 1 85 86 PROCESS_NAME_NATIVE = 1 87 88 MAXINTATOM = 0xC000 89 90 # LoadLibraryEx constants 91 DONT_RESOLVE_DLL_REFERENCES = 0x00000001 92 LOAD_LIBRARY_AS_DATAFILE = 0x00000002 93 LOAD_WITH_ALTERED_SEARCH_PATH = 0x00000008 94 LOAD_IGNORE_CODE_AUTHZ_LEVEL = 0x00000010 95 LOAD_LIBRARY_AS_IMAGE_RESOURCE = 0x00000020 96 LOAD_LIBRARY_AS_DATAFILE_EXCLUSIVE = 0x00000040 97 98 # SetSearchPathMode flags 99 # TODO I couldn't find these constants :( 100 ##BASE_SEARCH_PATH_ENABLE_SAFE_SEARCHMODE = ??? 101 ##BASE_SEARCH_PATH_DISABLE_SAFE_SEARCHMODE = ??? 102 ##BASE_SEARCH_PATH_PERMANENT = ??? 103 104 # Console control events 105 CTRL_C_EVENT = 0 106 CTRL_BREAK_EVENT = 1 107 CTRL_CLOSE_EVENT = 2 108 CTRL_LOGOFF_EVENT = 5 109 CTRL_SHUTDOWN_EVENT = 6 110 111 # Heap flags 112 HEAP_NO_SERIALIZE = 0x00000001 113 HEAP_GENERATE_EXCEPTIONS = 0x00000004 114 HEAP_ZERO_MEMORY = 0x00000008 115 HEAP_CREATE_ENABLE_EXECUTE = 0x00040000 116 117 # Standard access rights 118 DELETE = (0x00010000L) 119 READ_CONTROL = (0x00020000L) 120 WRITE_DAC = (0x00040000L) 121 WRITE_OWNER = (0x00080000L) 122 SYNCHRONIZE = (0x00100000L) 123 STANDARD_RIGHTS_REQUIRED = (0x000F0000L) 124 STANDARD_RIGHTS_READ = (READ_CONTROL) 125 STANDARD_RIGHTS_WRITE = (READ_CONTROL) 126 STANDARD_RIGHTS_EXECUTE = (READ_CONTROL) 127 STANDARD_RIGHTS_ALL = (0x001F0000L) 128 SPECIFIC_RIGHTS_ALL = (0x0000FFFFL) 129 130 # Process access rights for OpenProcess 131 PROCESS_TERMINATE = (0x0001) 132 PROCESS_CREATE_THREAD = (0x0002) 133 PROCESS_SET_SESSIONID = (0x0004) 134 PROCESS_VM_OPERATION = (0x0008) 135 PROCESS_VM_READ = (0x0010) 136 PROCESS_VM_WRITE = (0x0020) 137 PROCESS_DUP_HANDLE = (0x0040) 138 PROCESS_CREATE_PROCESS = (0x0080) 139 PROCESS_SET_QUOTA = (0x0100) 140 PROCESS_SET_INFORMATION = (0x0200) 141 PROCESS_QUERY_INFORMATION = (0x0400) 142 PROCESS_SUSPEND_RESUME = (0x0800) 143 PROCESS_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF) 144 145 # Process priority classes 146 147 IDLE_PRIORITY_CLASS = 0x00000040 148 BELOW_NORMAL_PRIORITY_CLASS = 0x00004000 149 NORMAL_PRIORITY_CLASS = 0x00000020 150 ABOVE_NORMAL_PRIORITY_CLASS = 0x00008000 151 HIGH_PRIORITY_CLASS = 0x00000080 152 REALTIME_PRIORITY_CLASS = 0x00000100 153 154 PROCESS_MODE_BACKGROUND_BEGIN = 0x00100000 155 PROCESS_MODE_BACKGROUND_END = 0x00200000 156 157 # dwCreationFlag values 158 159 DEBUG_PROCESS = 0x00000001 160 DEBUG_ONLY_THIS_PROCESS = 0x00000002 161 CREATE_SUSPENDED = 0x00000004 # Threads and processes 162 DETACHED_PROCESS = 0x00000008 163 CREATE_NEW_CONSOLE = 0x00000010 164 NORMAL_PRIORITY_CLASS = 0x00000020 165 IDLE_PRIORITY_CLASS = 0x00000040 166 HIGH_PRIORITY_CLASS = 0x00000080 167 REALTIME_PRIORITY_CLASS = 0x00000100 168 CREATE_NEW_PROCESS_GROUP = 0x00000200 169 CREATE_UNICODE_ENVIRONMENT = 0x00000400 170 CREATE_SEPARATE_WOW_VDM = 0x00000800 171 CREATE_SHARED_WOW_VDM = 0x00001000 172 CREATE_FORCEDOS = 0x00002000 173 BELOW_NORMAL_PRIORITY_CLASS = 0x00004000 174 ABOVE_NORMAL_PRIORITY_CLASS = 0x00008000 175 INHERIT_PARENT_AFFINITY = 0x00010000 176 STACK_SIZE_PARAM_IS_A_RESERVATION = 0x00010000 # Threads only 177 INHERIT_CALLER_PRIORITY = 0x00020000 # Deprecated 178 CREATE_PROTECTED_PROCESS = 0x00040000 179 EXTENDED_STARTUPINFO_PRESENT = 0x00080000 180 PROCESS_MODE_BACKGROUND_BEGIN = 0x00100000 181 PROCESS_MODE_BACKGROUND_END = 0x00200000 182 CREATE_BREAKAWAY_FROM_JOB = 0x01000000 183 CREATE_PRESERVE_CODE_AUTHZ_LEVEL = 0x02000000 184 CREATE_DEFAULT_ERROR_MODE = 0x04000000 185 CREATE_NO_WINDOW = 0x08000000 186 PROFILE_USER = 0x10000000 187 PROFILE_KERNEL = 0x20000000 188 PROFILE_SERVER = 0x40000000 189 CREATE_IGNORE_SYSTEM_DEFAULT = 0x80000000 190 191 # Thread priority values 192 193 THREAD_BASE_PRIORITY_LOWRT = 15 # value that gets a thread to LowRealtime-1 194 THREAD_BASE_PRIORITY_MAX = 2 # maximum thread base priority boost 195 THREAD_BASE_PRIORITY_MIN = (-2) # minimum thread base priority boost 196 THREAD_BASE_PRIORITY_IDLE = (-15) # value that gets a thread to idle 197 198 THREAD_PRIORITY_LOWEST = THREAD_BASE_PRIORITY_MIN 199 THREAD_PRIORITY_BELOW_NORMAL = (THREAD_PRIORITY_LOWEST+1) 200 THREAD_PRIORITY_NORMAL = 0 201 THREAD_PRIORITY_HIGHEST = THREAD_BASE_PRIORITY_MAX 202 THREAD_PRIORITY_ABOVE_NORMAL = (THREAD_PRIORITY_HIGHEST-1) 203 THREAD_PRIORITY_ERROR_RETURN = (0xFFFFFFFFL) 204 205 THREAD_PRIORITY_TIME_CRITICAL = THREAD_BASE_PRIORITY_LOWRT 206 THREAD_PRIORITY_IDLE = THREAD_BASE_PRIORITY_IDLE 207 208 # Memory access 209 SECTION_QUERY = 0x0001 210 SECTION_MAP_WRITE = 0x0002 211 SECTION_MAP_READ = 0x0004 212 SECTION_MAP_EXECUTE = 0x0008 213 SECTION_EXTEND_SIZE = 0x0010 214 SECTION_MAP_EXECUTE_EXPLICIT = 0x0020 # not included in SECTION_ALL_ACCESS 215 216 SECTION_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\ 217 SECTION_MAP_WRITE | \ 218 SECTION_MAP_READ | \ 219 SECTION_MAP_EXECUTE | \ 220 SECTION_EXTEND_SIZE) 221 PAGE_NOACCESS = 0x01 222 PAGE_READONLY = 0x02 223 PAGE_READWRITE = 0x04 224 PAGE_WRITECOPY = 0x08 225 PAGE_EXECUTE = 0x10 226 PAGE_EXECUTE_READ = 0x20 227 PAGE_EXECUTE_READWRITE = 0x40 228 PAGE_EXECUTE_WRITECOPY = 0x80 229 PAGE_GUARD = 0x100 230 PAGE_NOCACHE = 0x200 231 PAGE_WRITECOMBINE = 0x400 232 MEM_COMMIT = 0x1000 233 MEM_RESERVE = 0x2000 234 MEM_DECOMMIT = 0x4000 235 MEM_RELEASE = 0x8000 236 MEM_FREE = 0x10000 237 MEM_PRIVATE = 0x20000 238 MEM_MAPPED = 0x40000 239 MEM_RESET = 0x80000 240 MEM_TOP_DOWN = 0x100000 241 MEM_WRITE_WATCH = 0x200000 242 MEM_PHYSICAL = 0x400000 243 MEM_LARGE_PAGES = 0x20000000 244 MEM_4MB_PAGES = 0x80000000 245 SEC_FILE = 0x800000 246 SEC_IMAGE = 0x1000000 247 SEC_RESERVE = 0x4000000 248 SEC_COMMIT = 0x8000000 249 SEC_NOCACHE = 0x10000000 250 SEC_LARGE_PAGES = 0x80000000 251 MEM_IMAGE = SEC_IMAGE 252 WRITE_WATCH_FLAG_RESET = 0x01 253 FILE_MAP_ALL_ACCESS = 0xF001F 254 255 SECTION_QUERY = 0x0001 256 SECTION_MAP_WRITE = 0x0002 257 SECTION_MAP_READ = 0x0004 258 SECTION_MAP_EXECUTE = 0x0008 259 SECTION_EXTEND_SIZE = 0x0010 260 SECTION_MAP_EXECUTE_EXPLICIT = 0x0020 # not included in SECTION_ALL_ACCESS 261 262 SECTION_ALL_ACCESS = (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\ 263 SECTION_MAP_WRITE | \ 264 SECTION_MAP_READ | \ 265 SECTION_MAP_EXECUTE | \ 266 SECTION_EXTEND_SIZE) 267 268 FILE_MAP_COPY = SECTION_QUERY 269 FILE_MAP_WRITE = SECTION_MAP_WRITE 270 FILE_MAP_READ = SECTION_MAP_READ 271 FILE_MAP_ALL_ACCESS = SECTION_ALL_ACCESS 272 FILE_MAP_EXECUTE = SECTION_MAP_EXECUTE_EXPLICIT # not included in FILE_MAP_ALL_ACCESS 273 274 GENERIC_READ = 0x80000000 275 GENERIC_WRITE = 0x40000000 276 GENERIC_EXECUTE = 0x20000000 277 GENERIC_ALL = 0x10000000 278 279 FILE_SHARE_READ = 0x00000001 280 FILE_SHARE_WRITE = 0x00000002 281 FILE_SHARE_DELETE = 0x00000004 282 283 CREATE_NEW = 1 284 CREATE_ALWAYS = 2 285 OPEN_EXISTING = 3 286 OPEN_ALWAYS = 4 287 TRUNCATE_EXISTING = 5 288 289 FILE_ATTRIBUTE_READONLY = 0x00000001 290 FILE_ATTRIBUTE_NORMAL = 0x00000080 291 FILE_ATTRIBUTE_TEMPORARY = 0x00000100 292 293 FILE_FLAG_WRITE_THROUGH = 0x80000000 294 FILE_FLAG_NO_BUFFERING = 0x20000000 295 FILE_FLAG_RANDOM_ACCESS = 0x10000000 296 FILE_FLAG_SEQUENTIAL_SCAN = 0x08000000 297 FILE_FLAG_DELETE_ON_CLOSE = 0x04000000 298 FILE_FLAG_OVERLAPPED = 0x40000000 299 300 FILE_ATTRIBUTE_READONLY = 0x00000001 301 FILE_ATTRIBUTE_HIDDEN = 0x00000002 302 FILE_ATTRIBUTE_SYSTEM = 0x00000004 303 FILE_ATTRIBUTE_DIRECTORY = 0x00000010 304 FILE_ATTRIBUTE_ARCHIVE = 0x00000020 305 FILE_ATTRIBUTE_DEVICE = 0x00000040 306 FILE_ATTRIBUTE_NORMAL = 0x00000080 307 FILE_ATTRIBUTE_TEMPORARY = 0x00000100 308 309 # Debug events 310 EXCEPTION_DEBUG_EVENT = 1 311 CREATE_THREAD_DEBUG_EVENT = 2 312 CREATE_PROCESS_DEBUG_EVENT = 3 313 EXIT_THREAD_DEBUG_EVENT = 4 314 EXIT_PROCESS_DEBUG_EVENT = 5 315 LOAD_DLL_DEBUG_EVENT = 6 316 UNLOAD_DLL_DEBUG_EVENT = 7 317 OUTPUT_DEBUG_STRING_EVENT = 8 318 RIP_EVENT = 9 319 320 # Debug status codes 321 DBG_CONTINUE = 0x00010002L 322 DBG_EXCEPTION_HANDLED = 0x00010001L 323 DBG_EXCEPTION_NOT_HANDLED = 0x80010001L 324 DBG_TERMINATE_THREAD = 0x40010003L 325 DBG_TERMINATE_PROCESS = 0x40010004L 326 DBG_CONTROL_C = 0x40010005L 327 DBG_CONTROL_BREAK = 0x40010008L 328 DBG_COMMAND_EXCEPTION = 0x40010009L 329 330 # Status codes 331 STATUS_WAIT_0 = 0x00000000L 332 STATUS_ABANDONED_WAIT_0 = 0x00000080L 333 STATUS_USER_APC = 0x000000C0L 334 STATUS_TIMEOUT = 0x00000102L 335 STATUS_PENDING = 0x00000103L 336 STATUS_SEGMENT_NOTIFICATION = 0x40000005L 337 STATUS_GUARD_PAGE_VIOLATION = 0x80000001L 338 STATUS_DATATYPE_MISALIGNMENT = 0x80000002L 339 STATUS_BREAKPOINT = 0x80000003L 340 STATUS_SINGLE_STEP = 0x80000004L 341 STATUS_INVALID_INFO_CLASS = 0xC0000003L 342 STATUS_ACCESS_VIOLATION = 0xC0000005L 343 STATUS_IN_PAGE_ERROR = 0xC0000006L 344 STATUS_INVALID_HANDLE = 0xC0000008L 345 STATUS_NO_MEMORY = 0xC0000017L 346 STATUS_ILLEGAL_INSTRUCTION = 0xC000001DL 347 STATUS_NONCONTINUABLE_EXCEPTION = 0xC0000025L 348 STATUS_INVALID_DISPOSITION = 0xC0000026L 349 STATUS_ARRAY_BOUNDS_EXCEEDED = 0xC000008CL 350 STATUS_FLOAT_DENORMAL_OPERAND = 0xC000008DL 351 STATUS_FLOAT_DIVIDE_BY_ZERO = 0xC000008EL 352 STATUS_FLOAT_INEXACT_RESULT = 0xC000008FL 353 STATUS_FLOAT_INVALID_OPERATION = 0xC0000090L 354 STATUS_FLOAT_OVERFLOW = 0xC0000091L 355 STATUS_FLOAT_STACK_CHECK = 0xC0000092L 356 STATUS_FLOAT_UNDERFLOW = 0xC0000093L 357 STATUS_INTEGER_DIVIDE_BY_ZERO = 0xC0000094L 358 STATUS_INTEGER_OVERFLOW = 0xC0000095L 359 STATUS_PRIVILEGED_INSTRUCTION = 0xC0000096L 360 STATUS_STACK_OVERFLOW = 0xC00000FDL 361 STATUS_CONTROL_C_EXIT = 0xC000013AL 362 STATUS_FLOAT_MULTIPLE_FAULTS = 0xC00002B4L 363 STATUS_FLOAT_MULTIPLE_TRAPS = 0xC00002B5L 364 STATUS_REG_NAT_CONSUMPTION = 0xC00002C9L 365 STATUS_SXS_EARLY_DEACTIVATION = 0xC015000FL 366 STATUS_SXS_INVALID_DEACTIVATION = 0xC0150010L 367 368 STATUS_STACK_BUFFER_OVERRUN = 0xC0000409L 369 STATUS_WX86_BREAKPOINT = 0x4000001FL 370 STATUS_HEAP_CORRUPTION = 0xC0000374L 371 372 STATUS_POSSIBLE_DEADLOCK = 0xC0000194L 373 374 STATUS_UNWIND_CONSOLIDATE = 0x80000029L 375 376 # Exception codes 377 378 EXCEPTION_ACCESS_VIOLATION = STATUS_ACCESS_VIOLATION 379 EXCEPTION_ARRAY_BOUNDS_EXCEEDED = STATUS_ARRAY_BOUNDS_EXCEEDED 380 EXCEPTION_BREAKPOINT = STATUS_BREAKPOINT 381 EXCEPTION_DATATYPE_MISALIGNMENT = STATUS_DATATYPE_MISALIGNMENT 382 EXCEPTION_FLT_DENORMAL_OPERAND = STATUS_FLOAT_DENORMAL_OPERAND 383 EXCEPTION_FLT_DIVIDE_BY_ZERO = STATUS_FLOAT_DIVIDE_BY_ZERO 384 EXCEPTION_FLT_INEXACT_RESULT = STATUS_FLOAT_INEXACT_RESULT 385 EXCEPTION_FLT_INVALID_OPERATION = STATUS_FLOAT_INVALID_OPERATION 386 EXCEPTION_FLT_OVERFLOW = STATUS_FLOAT_OVERFLOW 387 EXCEPTION_FLT_STACK_CHECK = STATUS_FLOAT_STACK_CHECK 388 EXCEPTION_FLT_UNDERFLOW = STATUS_FLOAT_UNDERFLOW 389 EXCEPTION_ILLEGAL_INSTRUCTION = STATUS_ILLEGAL_INSTRUCTION 390 EXCEPTION_IN_PAGE_ERROR = STATUS_IN_PAGE_ERROR 391 EXCEPTION_INT_DIVIDE_BY_ZERO = STATUS_INTEGER_DIVIDE_BY_ZERO 392 EXCEPTION_INT_OVERFLOW = STATUS_INTEGER_OVERFLOW 393 EXCEPTION_INVALID_DISPOSITION = STATUS_INVALID_DISPOSITION 394 EXCEPTION_NONCONTINUABLE_EXCEPTION = STATUS_NONCONTINUABLE_EXCEPTION 395 EXCEPTION_PRIV_INSTRUCTION = STATUS_PRIVILEGED_INSTRUCTION 396 EXCEPTION_SINGLE_STEP = STATUS_SINGLE_STEP 397 EXCEPTION_STACK_OVERFLOW = STATUS_STACK_OVERFLOW 398 399 EXCEPTION_GUARD_PAGE = STATUS_GUARD_PAGE_VIOLATION 400 EXCEPTION_INVALID_HANDLE = STATUS_INVALID_HANDLE 401 EXCEPTION_POSSIBLE_DEADLOCK = STATUS_POSSIBLE_DEADLOCK 402 EXCEPTION_WX86_BREAKPOINT = STATUS_WX86_BREAKPOINT 403 404 CONTROL_C_EXIT = STATUS_CONTROL_C_EXIT 405 406 DBG_CONTROL_C = 0x40010005L 407 MS_VC_EXCEPTION = 0x406D1388L 408 409 # Access violation types 410 ACCESS_VIOLATION_TYPE_READ = EXCEPTION_READ_FAULT 411 ACCESS_VIOLATION_TYPE_WRITE = EXCEPTION_WRITE_FAULT 412 ACCESS_VIOLATION_TYPE_DEP = EXCEPTION_EXECUTE_FAULT 413 414 # DuplicateHandle constants 415 DUPLICATE_CLOSE_SOURCE = 0x00000001 416 DUPLICATE_SAME_ACCESS = 0x00000002 417 418 # GetFinalPathNameByHandle constants 419 FILE_NAME_NORMALIZED = 0x0 420 FILE_NAME_OPENED = 0x8 421 VOLUME_NAME_DOS = 0x0 422 VOLUME_NAME_GUID = 0x1 423 VOLUME_NAME_NONE = 0x4 424 VOLUME_NAME_NT = 0x2 425 426 # GetProductInfo constants 427 PRODUCT_BUSINESS = 0x00000006 428 PRODUCT_BUSINESS_N = 0x00000010 429 PRODUCT_CLUSTER_SERVER = 0x00000012 430 PRODUCT_DATACENTER_SERVER = 0x00000008 431 PRODUCT_DATACENTER_SERVER_CORE = 0x0000000C 432 PRODUCT_DATACENTER_SERVER_CORE_V = 0x00000027 433 PRODUCT_DATACENTER_SERVER_V = 0x00000025 434 PRODUCT_ENTERPRISE = 0x00000004 435 PRODUCT_ENTERPRISE_E = 0x00000046 436 PRODUCT_ENTERPRISE_N = 0x0000001B 437 PRODUCT_ENTERPRISE_SERVER = 0x0000000A 438 PRODUCT_ENTERPRISE_SERVER_CORE = 0x0000000E 439 PRODUCT_ENTERPRISE_SERVER_CORE_V = 0x00000029 440 PRODUCT_ENTERPRISE_SERVER_IA64 = 0x0000000F 441 PRODUCT_ENTERPRISE_SERVER_V = 0x00000026 442 PRODUCT_HOME_BASIC = 0x00000002 443 PRODUCT_HOME_BASIC_E = 0x00000043 444 PRODUCT_HOME_BASIC_N = 0x00000005 445 PRODUCT_HOME_PREMIUM = 0x00000003 446 PRODUCT_HOME_PREMIUM_E = 0x00000044 447 PRODUCT_HOME_PREMIUM_N = 0x0000001A 448 PRODUCT_HYPERV = 0x0000002A 449 PRODUCT_MEDIUMBUSINESS_SERVER_MANAGEMENT = 0x0000001E 450 PRODUCT_MEDIUMBUSINESS_SERVER_MESSAGING = 0x00000020 451 PRODUCT_MEDIUMBUSINESS_SERVER_SECURITY = 0x0000001F 452 PRODUCT_PROFESSIONAL = 0x00000030 453 PRODUCT_PROFESSIONAL_E = 0x00000045 454 PRODUCT_PROFESSIONAL_N = 0x00000031 455 PRODUCT_SERVER_FOR_SMALLBUSINESS = 0x00000018 456 PRODUCT_SERVER_FOR_SMALLBUSINESS_V = 0x00000023 457 PRODUCT_SERVER_FOUNDATION = 0x00000021 458 PRODUCT_SMALLBUSINESS_SERVER = 0x00000009 459 PRODUCT_STANDARD_SERVER = 0x00000007 460 PRODUCT_STANDARD_SERVER_CORE = 0x0000000D 461 PRODUCT_STANDARD_SERVER_CORE_V = 0x00000028 462 PRODUCT_STANDARD_SERVER_V = 0x00000024 463 PRODUCT_STARTER = 0x0000000B 464 PRODUCT_STARTER_E = 0x00000042 465 PRODUCT_STARTER_N = 0x0000002F 466 PRODUCT_STORAGE_ENTERPRISE_SERVER = 0x00000017 467 PRODUCT_STORAGE_EXPRESS_SERVER = 0x00000014 468 PRODUCT_STORAGE_STANDARD_SERVER = 0x00000015 469 PRODUCT_STORAGE_WORKGROUP_SERVER = 0x00000016 470 PRODUCT_UNDEFINED = 0x00000000 471 PRODUCT_UNLICENSED = 0xABCDABCD 472 PRODUCT_ULTIMATE = 0x00000001 473 PRODUCT_ULTIMATE_E = 0x00000047 474 PRODUCT_ULTIMATE_N = 0x0000001C 475 PRODUCT_WEB_SERVER = 0x00000011 476 PRODUCT_WEB_SERVER_CORE = 0x0000001D

477 478 #--- Handle wrappers ---------------------------------------------------------- 479 480 -class Handle (object):

481 """ 482 Encapsulates Win32 handles to avoid leaking them. 483 484 @see: 485 L{ProcessHandle}, L{ThreadHandle}, L{FileHandle}, L{SnapshotHandle} 486 """ 487 488 # XXX DEBUG 489 # When this private flag is True each Handle will print a message to 490 # standard output when it's created and destroyed. This is useful for 491 # detecting handle leaks within WinAppDbg itself. 492 __bLeakDetection = False 493

494 - def __init__(self, aHandle = None, bOwnership = True):

495 """ 496 @type aHandle: int 497 @param aHandle: Win32 handle value. 498 499 @type bOwnership: bool 500 @param bOwnership: 501 C{True} if we own the handle and we need to close it. 502 C{False} if someone else will be calling L{CloseHandle}. 503 """ 504 super(Handle, self).__init__() 505 self.value = self._normalize(aHandle) 506 self.bOwnership = bOwnership 507 if Handle.__bLeakDetection: # XXX DEBUG 508 print "INIT HANDLE (%r) %r" % (self.value, self)

509

510 - def __del__(self):

511 """ 512 Closes the Win32 handle when the Python object is destroyed. 513 """ 514 if Handle.__bLeakDetection: # XXX DEBUG 515 print "DEL HANDLE %r" % self 516 try: 517 self.close() 518 except Exception: 519 pass

520

521 - def __enter__(self):

522 """ 523 Compatibility with the "C{with}" Python statement. 524 """ 525 if Handle.__bLeakDetection: # XXX DEBUG 526 print "ENTER HANDLE %r" % self 527 return self

528

529 - def __exit__(self, type, value, traceback):

530 """ 531 Compatibility with the "C{with}" Python statement. 532 """ 533 if Handle.__bLeakDetection: # XXX DEBUG 534 print "EXIT HANDLE %r" % self 535 try: 536 self.close() 537 except Exception: 538 pass

539

540 - def __copy__(self):

541 """ 542 Duplicates the Win32 handle when copying the Python object. 543 544 @rtype: L{Handle} 545 @return: A new handle to the same Win32 object. 546 """ 547 return self.dup()

548

549 - def __deepcopy__(self):

550 """ 551 Duplicates the Win32 handle when copying the Python object. 552 553 @rtype: L{Handle} 554 @return: A new handle to the same win32 object. 555 """ 556 return self.dup()

557 558 @property

559 - def _as_parameter_(self):

560 """ 561 Compatibility with ctypes. 562 Allows passing transparently a Handle object to an API call. 563 """ 564 return HANDLE(self.value)

565 566 @staticmethod

567 - def from_param(value):

568 """ 569 Compatibility with ctypes. 570 Allows passing transparently a Handle object to an API call. 571 572 @type value: int 573 @param value: Numeric handle value. 574 """ 575 return HANDLE(value)

576

577 - def close(self):

578 """ 579 Closes the Win32 handle. 580 """ 581 if self.bOwnership and self.value not in (None, INVALID_HANDLE_VALUE): 582 if Handle.__bLeakDetection: # XXX DEBUG 583 print "CLOSE HANDLE (%d) %r" % (self.value, self) 584 try: 585 CloseHandle(self.value) 586 finally: 587 self.value = None

588

589 - def dup(self):

590 """ 591 @rtype: L{Handle} 592 @return: A new handle to the same Win32 object. 593 """ 594 new_value = DuplicateHandle(self.value) 595 if Handle.__bLeakDetection: # XXX DEBUG 596 print "DUP HANDLE (%d -> %d) %r" % (self.value, new_value, self) 597 return new_value

598 599 @staticmethod

600 - def _normalize(value):

601 """ 602 Normalize handle values. 603 """ 604 if value is None: 605 value = 0 606 elif hasattr(value, 'value'): 607 value = value.value 608 else: 609 value = long(value) 610 return value

611

612 - def wait(self, dwMilliseconds = None):

613 """ 614 Wait for the Win32 object to be signaled. 615 616 @type dwMilliseconds: int 617 @param dwMilliseconds: (Optional) Timeout value in milliseconds. 618 Use C{INFINITE} or C{None} for no timeout. 619 """ 620 if dwMilliseconds is None: 621 dwMilliseconds = INFINITE 622 r = WaitForSingleObject(self.value, dwMilliseconds) 623 if r != WAIT_OBJECT_0: 624 raise ctypes.WinError(r)

625

626 -class ProcessHandle (Handle):

627 """ 628 Win32 process handle. 629 630 @see: L{Handle} 631 """ 632

633 - def get_pid(self):

634 """ 635 @rtype: int 636 @return: Process global ID. 637 """ 638 return GetProcessId(self.value)

639

640 -class ThreadHandle (Handle):

641 """ 642 Win32 thread handle. 643 644 @see: L{Handle} 645 """ 646

647 - def get_tid(self):

648 """ 649 @rtype: int 650 @return: Thread global ID. 651 """ 652 return GetThreadId(self.value)

653

654 -class FileHandle (Handle):

655 """ 656 Win32 file handle. 657 658 @see: L{Handle} 659 """ 660

661 - def get_filename(self):

662 """ 663 @rtype: None or str 664 @return: Name of the open file, or C{None} if unavailable. 665 """ 666 # 667 # XXX BUG 668 # 669 # This code truncates the first two bytes of the path. 670 # It seems to be the expected behavior of NtQueryInformationFile. 671 # 672 # My guess is it only returns the NT pathname, without the device name. 673 # It's like dropping the drive letter in a Win32 pathname. 674 # 675 # Note that using the "official" GetFileInformationByHandleEx 676 # API introduced in Vista doesn't change the results! 677 # 678 dwBufferSize = 0x1004 679 lpFileInformation = ctypes.create_string_buffer(dwBufferSize) 680 try: 681 GetFileInformationByHandleEx(self.value, 682 FILE_INFO_BY_HANDLE_CLASS.FileNameInfo, 683 lpFileInformation, dwBufferSize) 684 except AttributeError: 685 from ntdll import NtQueryInformationFile, \ 686 FileNameInformation, \ 687 FILE_NAME_INFORMATION 688 NtQueryInformationFile(self.value, 689 FileNameInformation, 690 lpFileInformation, 691 dwBufferSize) 692 FileName = unicode(lpFileInformation.raw[sizeof(DWORD):], 'U16') 693 FileName = ctypes.create_unicode_buffer(FileName).value 694 if not FileName: 695 FileName = None 696 elif FileName[1:2] != ':': 697 # When the drive letter is missing, we'll assume SYSTEMROOT. 698 # Not a good solution but it could be worse. 699 import os 700 FileName = os.environ['SYSTEMROOT'][:2] + FileName 701 return FileName

702

703 -class FileMappingHandle (Handle):

704 """ 705 File mapping handle. 706 707 @see: L{Handle} 708 """ 709 pass

710

711 # XXX maybe add functions related to the toolhelp snapshots here? 712 -class SnapshotHandle (Handle):

713 """ 714 Toolhelp32 snapshot handle. 715 716 @see: L{Handle} 717 """ 718

719 - def dup(self):

720 "This method is meaningless for Toolhelp32 snaphots." 721 raise NotImplementedError, \ 722 "This method is meaningless for Toolhelp32 snaphots."

723

724 - def wait(self, dwMilliseconds = None):

725 "This method is meaningless for Toolhelp32 snaphots." 726 raise NotImplementedError, \ 727 "This method is meaningless for Toolhelp32 snaphots."

728

729 #--- Structure wrappers ------------------------------------------------------- 730 731 -class ProcessInformation (object):

732 """ 733 Process information object returned by L{CreateProcess}. 734 """ 735

736 - def __init__(self, pi):

737 self.hProcess = ProcessHandle(pi.hProcess) 738 self.hThread = ThreadHandle(pi.hThread) 739 self.dwProcessId = pi.dwProcessId 740 self.dwThreadId = pi.dwThreadId

741

742 -class MemoryBasicInformation (object):

743 """ 744 Memory information object returned by L{VirtualQueryEx}. 745 """ 746 747 READABLE = ( 748 PAGE_EXECUTE_READ | 749 PAGE_EXECUTE_READWRITE | 750 PAGE_EXECUTE_WRITECOPY | 751 PAGE_READONLY | 752 PAGE_READWRITE | 753 PAGE_WRITECOPY 754 ) 755 756 WRITEABLE = ( 757 PAGE_EXECUTE_READWRITE | 758 PAGE_EXECUTE_WRITECOPY | 759 PAGE_READWRITE | 760 PAGE_WRITECOPY 761 ) 762 763 COPY_ON_WRITE = ( 764 PAGE_EXECUTE_WRITECOPY | 765 PAGE_WRITECOPY 766 ) 767 768 EXECUTABLE = ( 769 PAGE_EXECUTE | 770 PAGE_EXECUTE_READ | 771 PAGE_EXECUTE_READWRITE | 772 PAGE_EXECUTE_WRITECOPY 773 ) 774 775 EXECUTABLE_AND_WRITEABLE = ( 776 PAGE_EXECUTE_READWRITE | 777 PAGE_EXECUTE_WRITECOPY 778 ) 779

780 - def __init__(self, mbi):

781 """ 782 @type mbi: L{MEMORY_BASIC_INFORMATION} or L{MemoryBasicInformation} 783 @param mbi: Either a L{MEMORY_BASIC_INFORMATION} structure or another 784 L{MemoryBasicInformation} instance. 785 """ 786 787 self.BaseAddress = mbi.BaseAddress 788 self.AllocationBase = mbi.AllocationBase 789 self.AllocationProtect = mbi.AllocationProtect 790 self.RegionSize = mbi.RegionSize 791 self.State = mbi.State 792 self.Protect = mbi.Protect 793 self.Type = mbi.Type 794 795 # Only used when copying MemoryBasicInformation objects, instead of 796 # instancing them from a MEMORY_BASIC_INFORMATION structure. 797 if hasattr(mbi, 'content'): 798 self.content = mbi.content 799 if hasattr(mbi, 'filename'): 800 self.content = mbi.filename

801

802 - def __contains__(self, address):

803 """ 804 Test if the given memory address falls within this memory region. 805 806 @type address: int 807 @param address: Memory address to test. 808 809 @rtype: bool 810 @return: C{True} if the given memory address falls within this memory 811 region, C{False} otherwise. 812 """ 813 return self.BaseAddress <= address < (self.BaseAddress + self.RegionSize)

814

815 - def is_free(self):

816 """ 817 @rtype: bool 818 @return: C{True} if the memory in this region is free. 819 """ 820 return self.State == MEM_FREE

821

822 - def is_reserved(self):

823 """ 824 @rtype: bool 825 @return: C{True} if the memory in this region is reserved. 826 """ 827 return self.State == MEM_RESERVE

828

829 - def is_commited(self):

830 """ 831 @rtype: bool 832 @return: C{True} if the memory in this region is commited. 833 """ 834 return self.State == MEM_COMMIT

835

836 - def is_image(self):

837 """ 838 @rtype: bool 839 @return: C{True} if the memory in this region belongs to an executable 840 image. 841 """ 842 return self.Type == MEM_IMAGE

843

844 - def is_mapped(self):

845 """ 846 @rtype: bool 847 @return: C{True} if the memory in this region belongs to a mapped file. 848 """ 849 return self.Type == MEM_MAPPED

850

851 - def is_private(self):

852 """ 853 @rtype: bool 854 @return: C{True} if the memory in this region is private. 855 """ 856 return self.Type == MEM_PRIVATE

857

858 - def is_guard(self):

859 """ 860 @rtype: bool 861 @return: C{True} if all pages in this region are guard pages. 862 """ 863 return self.is_commited() and bool(self.Protect & PAGE_GUARD)

864

865 - def has_content(self):

866 """ 867 @rtype: bool 868 @return: C{True} if the memory in this region has any data in it. 869 """ 870 return self.is_commited() and not bool(self.Protect & (PAGE_GUARD | PAGE_NOACCESS))

871

872 - def is_readable(self):

873 """ 874 @rtype: bool 875 @return: C{True} if all pages in this region are readable. 876 """ 877 return self.has_content() and bool(self.Protect & self.READABLE)

878

879 - def is_writeable(self):

880 """ 881 @rtype: bool 882 @return: C{True} if all pages in this region are writeable. 883 """ 884 return self.has_content() and bool(self.Protect & self.WRITEABLE)

885

886 - def is_copy_on_write(self):

887 """ 888 @rtype: bool 889 @return: C{True} if all pages in this region are marked as 890 copy-on-write. This means the pages are writeable, but changes 891 are not propagated to disk. 892 @note: 893 Tipically data sections in executable images are marked like this. 894 """ 895 return self.has_content() and bool(self.Protect & self.COPY_ON_WRITE)

896

897 - def is_executable(self):

898 """ 899 @rtype: bool 900 @return: C{True} if all pages in this region are executable. 901 @note: Executable pages are always readable. 902 """ 903 return self.has_content() and bool(self.Protect & self.EXECUTABLE)

904

905 - def is_executable_and_writeable(self):

906 """ 907 @rtype: bool 908 @return: C{True} if all pages in this region are executable and 909 writeable. 910 @note: The presence of such pages make memory corruption 911 vulnerabilities much easier to exploit. 912 """ 913 return self.has_content() and bool(self.Protect & self.EXECUTABLE_AND_WRITEABLE)

914

915 -class ProcThreadAttributeList (object):

916 """ 917 Extended process and thread attribute support. 918 919 To be used with L{STARTUPINFOEX}. 920 Only available for Windows Vista and above. 921 922 @type AttributeList: list of tuple( int, ctypes-compatible object ) 923 @ivar AttributeList: List of (Attribute, Value) pairs. 924 925 @type AttributeListBuffer: L{LPPROC_THREAD_ATTRIBUTE_LIST} 926 @ivar AttributeListBuffer: Memory buffer used to store the attribute list. 927 L{InitializeProcThreadAttributeList}, 928 L{UpdateProcThreadAttribute}, 929 L{DeleteProcThreadAttributeList} and 930 L{STARTUPINFOEX}. 931 """ 932

933 - def __init__(self, AttributeList):

934 """ 935 @type AttributeList: list of tuple( int, ctypes-compatible object ) 936 @param AttributeList: List of (Attribute, Value) pairs. 937 """ 938 self.AttributeList = AttributeList 939 self.AttributeListBuffer = InitializeProcThreadAttributeList( 940 len(AttributeList)) 941 try: 942 for Attribute, Value in AttributeList: 943 UpdateProcThreadAttribute(self.AttributeListBuffer, 944 Attribute, Value) 945 except: 946 ProcThreadAttributeList.__del__(self) 947 raise

948

949 - def __del__(self):

950 try: 951 DeleteProcThreadAttributeList(self.AttributeListBuffer) 952 del self.AttributeListBuffer 953 except Exception: 954 pass

955

956 - def __copy__(self):

957 return self.__deepcopy__()

958

959 - def __deepcopy__(self):

960 return self.__class__(self.AttributeList)

961 962 @property

963 - def value(self):

964 return ctypes.cast(ctypes.pointer(self.AttributeListBuffer), LPVOID)

965 966 @property

967 - def _as_parameter_(self):

968 return self.value

969 970 # XXX TODO 971 @staticmethod

972 - def from_param(value):

973 raise NotImplementedError

974

975 #--- OVERLAPPED structure ----------------------------------------------------- 976 977 # typedef struct _OVERLAPPED { 978 # ULONG_PTR Internal; 979 # ULONG_PTR InternalHigh; 980 # union { 981 # struct { 982 # DWORD Offset; 983 # DWORD OffsetHigh; 984 # } ; 985 # PVOID Pointer; 986 # } ; 987 # HANDLE hEvent; 988 # }OVERLAPPED, *LPOVERLAPPED; 989 -class _OVERLAPPED_STRUCT(Structure):

990 _fields_ = [ 991 ('Offset', DWORD), 992 ('OffsetHigh', DWORD), 993 ]

994 -class _OVERLAPPED_UNION(Union):

995 _fields_ = [ 996 ('s', _OVERLAPPED_STRUCT), 997 ('Pointer', PVOID), 998 ]

999 -class OVERLAPPED(Structure):

1000 _fields_ = [ 1001 ('Internal', ULONG_PTR), 1002 ('InternalHigh', ULONG_PTR), 1003 ('u', _OVERLAPPED_UNION), 1004 ('hEvent', HANDLE), 1005 ]

1006 LPOVERLAPPED = POINTER(OVERLAPPED)

1007 1008 #--- SECURITY_ATTRIBUTES structure -------------------------------------------- 1009 1010 # typedef struct _SECURITY_ATTRIBUTES { 1011 # DWORD nLength; 1012 # LPVOID lpSecurityDescriptor; 1013 # BOOL bInheritHandle; 1014 # } SECURITY_ATTRIBUTES, *PSECURITY_ATTRIBUTES, *LPSECURITY_ATTRIBUTES; 1015 -class SECURITY_ATTRIBUTES(Structure):

1016 _fields_ = [ 1017 ('nLength', DWORD), 1018 ('lpSecurityDescriptor', LPVOID), 1019 ('bInheritHandle', BOOL), 1020 ]

1021 LPSECURITY_ATTRIBUTES = POINTER(SECURITY_ATTRIBUTES) 1022 1023 # --- Extended process and thread attribute support --------------------------- 1024 1025 PPROC_THREAD_ATTRIBUTE_LIST = LPVOID 1026 LPPROC_THREAD_ATTRIBUTE_LIST = PPROC_THREAD_ATTRIBUTE_LIST 1027 1028 PROC_THREAD_ATTRIBUTE_NUMBER = 0x0000FFFF 1029 PROC_THREAD_ATTRIBUTE_THREAD = 0x00010000 # Attribute may be used with thread creation 1030 PROC_THREAD_ATTRIBUTE_INPUT = 0x00020000 # Attribute is input only 1031 PROC_THREAD_ATTRIBUTE_ADDITIVE = 0x00040000 # Attribute may be "accumulated," e.g. bitmasks, counters, etc. 1032 1033 # PROC_THREAD_ATTRIBUTE_NUM 1034 ProcThreadAttributeParentProcess = 0 1035 ProcThreadAttributeExtendedFlags = 1 1036 ProcThreadAttributeHandleList = 2 1037 ProcThreadAttributeGroupAffinity = 3 1038 ProcThreadAttributePreferredNode = 4 1039 ProcThreadAttributeIdealProcessor = 5 1040 ProcThreadAttributeUmsThread = 6 1041 ProcThreadAttributeMitigationPolicy = 7 1042 ProcThreadAttributeMax = 8 1043 1044 PROC_THREAD_ATTRIBUTE_PARENT_PROCESS = ProcThreadAttributeParentProcess | PROC_THREAD_ATTRIBUTE_INPUT 1045 PROC_THREAD_ATTRIBUTE_EXTENDED_FLAGS = ProcThreadAttributeExtendedFlags | PROC_THREAD_ATTRIBUTE_INPUT | PROC_THREAD_ATTRIBUTE_ADDITIVE 1046 PROC_THREAD_ATTRIBUTE_HANDLE_LIST = ProcThreadAttributeHandleList | PROC_THREAD_ATTRIBUTE_INPUT 1047 PROC_THREAD_ATTRIBUTE_GROUP_AFFINITY = ProcThreadAttributeGroupAffinity | PROC_THREAD_ATTRIBUTE_THREAD | PROC_THREAD_ATTRIBUTE_INPUT 1048 PROC_THREAD_ATTRIBUTE_PREFERRED_NODE = ProcThreadAttributePreferredNode | PROC_THREAD_ATTRIBUTE_INPUT 1049 PROC_THREAD_ATTRIBUTE_IDEAL_PROCESSOR = ProcThreadAttributeIdealProcessor | PROC_THREAD_ATTRIBUTE_THREAD | PROC_THREAD_ATTRIBUTE_INPUT 1050 PROC_THREAD_ATTRIBUTE_UMS_THREAD = ProcThreadAttributeUmsThread | PROC_THREAD_ATTRIBUTE_THREAD | PROC_THREAD_ATTRIBUTE_INPUT 1051 PROC_THREAD_ATTRIBUTE_MITIGATION_POLICY = ProcThreadAttributeMitigationPolicy | PROC_THREAD_ATTRIBUTE_INPUT 1052 1053 PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE = 0x01 1054 PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE = 0x02 1055 PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE = 0x04

1056 1057 #--- VS_FIXEDFILEINFO structure ----------------------------------------------- 1058 1059 # struct VS_FIXEDFILEINFO { 1060 # DWORD dwSignature; 1061 # DWORD dwStrucVersion; 1062 # DWORD dwFileVersionMS; 1063 # DWORD dwFileVersionLS; 1064 # DWORD dwProductVersionMS; 1065 # DWORD dwProductVersionLS; 1066 # DWORD dwFileFlagsMask; 1067 # DWORD dwFileFlags; 1068 # DWORD dwFileOS; 1069 # DWORD dwFileType; 1070 # DWORD dwFileSubtype; 1071 # DWORD dwFileDateMS; 1072 # DWORD dwFileDateLS; 1073 # }; 1074 -class VS_FIXEDFILEINFO (Structure):

1075 _fields_ = [ 1076 ("dwSignature", DWORD), # 0xFEEF04BD 1077 ("dwStrucVersion", DWORD), 1078 ("dwFileVersionMS", DWORD), 1079 ("dwFileVersionLS", DWORD), 1080 ("dwProductVersionMS", DWORD), 1081 ("dwProductVersionLS", DWORD), 1082 ("dwFileFlagsMask", DWORD), 1083 ("dwFileFlags", DWORD), 1084 ("dwFileOS", DWORD), 1085 ("dwFileType", DWORD), 1086 ("dwFileSubtype", DWORD), 1087 ("dwFileDateMS", DWORD), 1088 ("dwFileDateLS", DWORD), 1089 ]

1090

1091 #--- THREADNAME_INFO structure ------------------------------------------------ 1092 1093 # typedef struct tagTHREADNAME_INFO 1094 # { 1095 # DWORD dwType; // Must be 0x1000. 1096 # LPCSTR szName; // Pointer to name (in user addr space). 1097 # DWORD dwThreadID; // Thread ID (-1=caller thread). 1098 # DWORD dwFlags; // Reserved for future use, must be zero. 1099 # } THREADNAME_INFO; 1100 -class THREADNAME_INFO(Structure):

1101 _fields_ = [ 1102 ("dwType", DWORD), # 0x1000 1103 ("szName", LPVOID), # remote pointer 1104 ("dwThreadID", DWORD), # -1 usually 1105 ("dwFlags", DWORD), # 0 1106 ]

1107

1108 #--- MEMORY_BASIC_INFORMATION structure --------------------------------------- 1109 1110 # typedef struct _MEMORY_BASIC_INFORMATION32 { 1111 # DWORD BaseAddress; 1112 # DWORD AllocationBase; 1113 # DWORD AllocationProtect; 1114 # DWORD RegionSize; 1115 # DWORD State; 1116 # DWORD Protect; 1117 # DWORD Type; 1118 # } MEMORY_BASIC_INFORMATION32, *PMEMORY_BASIC_INFORMATION32; 1119 -class MEMORY_BASIC_INFORMATION32(Structure):

1120 _fields_ = [ 1121 ('BaseAddress', DWORD), # remote pointer 1122 ('AllocationBase', DWORD), # remote pointer 1123 ('AllocationProtect', DWORD), 1124 ('RegionSize', DWORD), 1125 ('State', DWORD), 1126 ('Protect', DWORD), 1127 ('Type', DWORD), 1128 ]

1129

1130 # typedef struct DECLSPEC_ALIGN(16) _MEMORY_BASIC_INFORMATION64 { 1131 # ULONGLONG BaseAddress; 1132 # ULONGLONG AllocationBase; 1133 # DWORD AllocationProtect; 1134 # DWORD __alignment1; 1135 # ULONGLONG RegionSize; 1136 # DWORD State; 1137 # DWORD Protect; 1138 # DWORD Type; 1139 # DWORD __alignment2; 1140 # } MEMORY_BASIC_INFORMATION64, *PMEMORY_BASIC_INFORMATION64; 1141 -class MEMORY_BASIC_INFORMATION64(Structure):

1142 _fields_ = [ 1143 ('BaseAddress', ULONGLONG), # remote pointer 1144 ('AllocationBase', ULONGLONG), # remote pointer 1145 ('AllocationProtect', DWORD), 1146 ('__alignment1', DWORD), 1147 ('RegionSize', ULONGLONG), 1148 ('State', DWORD), 1149 ('Protect', DWORD), 1150 ('Type', DWORD), 1151 ('__alignment2', DWORD), 1152 ]

1153 1154 # typedef struct _MEMORY_BASIC_INFORMATION { 1155 # PVOID BaseAddress; 1156 # PVOID AllocationBase; 1157 # DWORD AllocationProtect; 1158 # SIZE_T RegionSize; 1159 # DWORD State; 1160 # DWORD Protect; 1161 # DWORD Type; 1162 # } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION; 1163 if sizeof(SIZE_T) == sizeof(DWORD):

1164 - class MEMORY_BASIC_INFORMATION(MEMORY_BASIC_INFORMATION32):

1165 pass

1166 elif sizeof(SIZE_T) == sizeof(DWORD64):

1167 - class MEMORY_BASIC_INFORMATION(MEMORY_BASIC_INFORMATION64):

1168 pass

1169 else:

1170 - class MEMORY_BASIC_INFORMATION(Structure):

1171 _fields_ = [ 1172 ('BaseAddress', SIZE_T), # remote pointer 1173 ('AllocationBase', SIZE_T), # remote pointer 1174 ('AllocationProtect', DWORD), 1175 ('RegionSize', SIZE_T), 1176 ('State', DWORD), 1177 ('Protect', DWORD), 1178 ('Type', DWORD), 1179 ]

1180 PMEMORY_BASIC_INFORMATION = POINTER(MEMORY_BASIC_INFORMATION)

1181 1182 #--- BY_HANDLE_FILE_INFORMATION structure ------------------------------------- 1183 1184 # typedef struct _FILETIME { 1185 # DWORD dwLowDateTime; 1186 # DWORD dwHighDateTime; 1187 # } FILETIME, *PFILETIME; 1188 -class FILETIME(Structure):

1189 _fields_ = [ 1190 ('dwLowDateTime', DWORD), 1191 ('dwHighDateTime', DWORD), 1192 ]

1193 LPFILETIME = POINTER(FILETIME)

1194 1195 # typedef struct _SYSTEMTIME { 1196 # WORD wYear; 1197 # WORD wMonth; 1198 # WORD wDayOfWeek; 1199 # WORD wDay; 1200 # WORD wHour; 1201 # WORD wMinute; 1202 # WORD wSecond; 1203 # WORD wMilliseconds; 1204 # }SYSTEMTIME, *PSYSTEMTIME; 1205 -class SYSTEMTIME(Structure):

1206 _fields_ = [ 1207 ('wYear', WORD), 1208 ('wMonth', WORD), 1209 ('wDayOfWeek', WORD), 1210 ('wDay', WORD), 1211 ('wHour', WORD), 1212 ('wMinute', WORD), 1213 ('wSecond', WORD), 1214 ('wMilliseconds', WORD), 1215 ]

1216 LPSYSTEMTIME = POINTER(SYSTEMTIME)

1217 1218 # typedef struct _BY_HANDLE_FILE_INFORMATION { 1219 # DWORD dwFileAttributes; 1220 # FILETIME ftCreationTime; 1221 # FILETIME ftLastAccessTime; 1222 # FILETIME ftLastWriteTime; 1223 # DWORD dwVolumeSerialNumber; 1224 # DWORD nFileSizeHigh; 1225 # DWORD nFileSizeLow; 1226 # DWORD nNumberOfLinks; 1227 # DWORD nFileIndexHigh; 1228 # DWORD nFileIndexLow; 1229 # } BY_HANDLE_FILE_INFORMATION, *PBY_HANDLE_FILE_INFORMATION; 1230 -class BY_HANDLE_FILE_INFORMATION(Structure):

1231 _fields_ = [ 1232 ('dwFileAttributes', DWORD), 1233 ('ftCreationTime', FILETIME), 1234 ('ftLastAccessTime', FILETIME), 1235 ('ftLastWriteTime', FILETIME), 1236 ('dwVolumeSerialNumber', DWORD), 1237 ('nFileSizeHigh', DWORD), 1238 ('nFileSizeLow', DWORD), 1239 ('nNumberOfLinks', DWORD), 1240 ('nFileIndexHigh', DWORD), 1241 ('nFileIndexLow', DWORD), 1242 ]

1243 LPBY_HANDLE_FILE_INFORMATION = ctypes.POINTER(BY_HANDLE_FILE_INFORMATION)

1244 1245 # typedef enum _FILE_INFO_BY_HANDLE_CLASS { 1246 # FileBasicInfo = 0, 1247 # FileStandardInfo = 1, 1248 # FileNameInfo = 2, 1249 # FileRenameInfo = 3, 1250 # FileDispositionInfo = 4, 1251 # FileAllocationInfo = 5, 1252 # FileEndOfFileInfo = 6, 1253 # FileStreamInfo = 7, 1254 # FileCompressionInfo = 8, 1255 # FileAttributeTagInfo = 9, 1256 # FileIdBothDirectoryInfo = 10, 1257 # FileIdBothDirectoryRestartInfo = 11, 1258 # FileIoPriorityHintInfo = 12, 1259 # MaximumFileInfoByHandlesClass = 13 1260 # } FILE_INFO_BY_HANDLE_CLASS, *PFILE_INFO_BY_HANDLE_CLASS; 1261 -class FILE_INFO_BY_HANDLE_CLASS(object):

1262 FileBasicInfo = 0 1263 FileStandardInfo = 1 1264 FileNameInfo = 2 1265 FileRenameInfo = 3 1266 FileDispositionInfo = 4 1267 FileAllocationInfo = 5 1268 FileEndOfFileInfo = 6 1269 FileStreamInfo = 7 1270 FileCompressionInfo = 8 1271 FileAttributeTagInfo = 9 1272 FileIdBothDirectoryInfo = 10 1273 FileIdBothDirectoryRestartInfo = 11 1274 FileIoPriorityHintInfo = 12 1275 MaximumFileInfoByHandlesClass = 13

1276

1277 # typedef struct _FILE_NAME_INFO { 1278 # DWORD FileNameLength; 1279 # WCHAR FileName[1]; 1280 # } FILE_NAME_INFO, *PFILE_NAME_INFO; 1281 ##class FILE_NAME_INFO(Structure): 1282 ## _fields_ = [ 1283 ## ('FileNameLength', DWORD), 1284 ## ('FileName', WCHAR * 1), 1285 ## ] 1286 1287 # TO DO: add more structures used by GetFileInformationByHandleEx() 1288 1289 #--- PROCESS_INFORMATION structure -------------------------------------------- 1290 1291 # typedef struct _PROCESS_INFORMATION { 1292 # HANDLE hProcess; 1293 # HANDLE hThread; 1294 # DWORD dwProcessId; 1295 # DWORD dwThreadId; 1296 # } PROCESS_INFORMATION, *PPROCESS_INFORMATION, *LPPROCESS_INFORMATION; 1297 -class PROCESS_INFORMATION(Structure):

1298 _fields_ = [ 1299 ('hProcess', HANDLE), 1300 ('hThread', HANDLE), 1301 ('dwProcessId', DWORD), 1302 ('dwThreadId', DWORD), 1303 ]

1304 LPPROCESS_INFORMATION = POINTER(PROCESS_INFORMATION)

1305 1306 #--- STARTUPINFO and STARTUPINFOEX structures --------------------------------- 1307 1308 # typedef struct _STARTUPINFO { 1309 # DWORD cb; 1310 # LPTSTR lpReserved; 1311 # LPTSTR lpDesktop; 1312 # LPTSTR lpTitle; 1313 # DWORD dwX; 1314 # DWORD dwY; 1315 # DWORD dwXSize; 1316 # DWORD dwYSize; 1317 # DWORD dwXCountChars; 1318 # DWORD dwYCountChars; 1319 # DWORD dwFillAttribute; 1320 # DWORD dwFlags; 1321 # WORD wShowWindow; 1322 # WORD cbReserved2; 1323 # LPBYTE lpReserved2; 1324 # HANDLE hStdInput; 1325 # HANDLE hStdOutput; 1326 # HANDLE hStdError; 1327 # }STARTUPINFO, *LPSTARTUPINFO; 1328 -class STARTUPINFO(Structure):

1329 _fields_ = [ 1330 ('cb', DWORD), 1331 ('lpReserved', LPSTR), 1332 ('lpDesktop', LPSTR), 1333 ('lpTitle', LPSTR), 1334 ('dwX', DWORD), 1335 ('dwY', DWORD), 1336 ('dwXSize', DWORD), 1337 ('dwYSize', DWORD), 1338 ('dwXCountChars', DWORD), 1339 ('dwYCountChars', DWORD), 1340 ('dwFillAttribute', DWORD), 1341 ('dwFlags', DWORD), 1342 ('wShowWindow', WORD), 1343 ('cbReserved2', WORD), 1344 ('lpReserved2', LPVOID), # LPBYTE 1345 ('hStdInput', HANDLE), 1346 ('hStdOutput', HANDLE), 1347 ('hStdError', HANDLE), 1348 ]

1349 LPSTARTUPINFO = POINTER(STARTUPINFO)

1350 1351 # typedef struct _STARTUPINFOEX { 1352 # STARTUPINFO StartupInfo; 1353 # PPROC_THREAD_ATTRIBUTE_LIST lpAttributeList; 1354 # } STARTUPINFOEX, *LPSTARTUPINFOEX; 1355 -class STARTUPINFOEX(Structure):

1356 _fields_ = [ 1357 ('StartupInfo', STARTUPINFO), 1358 ('lpAttributeList', PPROC_THREAD_ATTRIBUTE_LIST), 1359 ]

1360 LPSTARTUPINFOEX = POINTER(STARTUPINFOEX)

1361 1362 #--- JIT_DEBUG_INFO structure ------------------------------------------------- 1363 1364 # typedef struct _JIT_DEBUG_INFO { 1365 # DWORD dwSize; 1366 # DWORD dwProcessorArchitecture; 1367 # DWORD dwThreadID; 1368 # DWORD dwReserved0; 1369 # ULONG64 lpExceptionAddress; 1370 # ULONG64 lpExceptionRecord; 1371 # ULONG64 lpContextRecord; 1372 # } JIT_DEBUG_INFO, *LPJIT_DEBUG_INFO; 1373 -class JIT_DEBUG_INFO(Structure):

1374 _fields_ = [ 1375 ('dwSize', DWORD), 1376 ('dwProcessorArchitecture', DWORD), 1377 ('dwThreadID', DWORD), 1378 ('dwReserved0', DWORD), 1379 ('lpExceptionAddress', ULONG64), 1380 ('lpExceptionRecord', ULONG64), 1381 ('lpContextRecord', ULONG64), 1382 ]

1383 JIT_DEBUG_INFO32 = JIT_DEBUG_INFO 1384 JIT_DEBUG_INFO64 = JIT_DEBUG_INFO 1385 1386 LPJIT_DEBUG_INFO = ctypes.POINTER(JIT_DEBUG_INFO) 1387 LPJIT_DEBUG_INFO32 = ctypes.POINTER(JIT_DEBUG_INFO32) 1388 LPJIT_DEBUG_INFO64 = ctypes.POINTER(JIT_DEBUG_INFO64)

1389 1390 #--- DEBUG_EVENT structure ---------------------------------------------------- 1391 1392 # typedef struct _EXCEPTION_RECORD32 { 1393 # DWORD ExceptionCode; 1394 # DWORD ExceptionFlags; 1395 # DWORD ExceptionRecord; 1396 # DWORD ExceptionAddress; 1397 # DWORD NumberParameters; 1398 # DWORD ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; 1399 # } EXCEPTION_RECORD32, *PEXCEPTION_RECORD32; 1400 -class EXCEPTION_RECORD32(Structure):

1401 _fields_ = [ 1402 ('ExceptionCode', DWORD), 1403 ('ExceptionFlags', DWORD), 1404 ('ExceptionRecord', DWORD), 1405 ('ExceptionAddress', DWORD), 1406 ('NumberParameters', DWORD), 1407 ('ExceptionInformation', DWORD * EXCEPTION_MAXIMUM_PARAMETERS), 1408 ]

1409 1410 PEXCEPTION_RECORD32 = POINTER(EXCEPTION_RECORD32)

1411 1412 # typedef struct _EXCEPTION_RECORD64 { 1413 # DWORD ExceptionCode; 1414 # DWORD ExceptionFlags; 1415 # DWORD64 ExceptionRecord; 1416 # DWORD64 ExceptionAddress; 1417 # DWORD NumberParameters; 1418 # DWORD __unusedAlignment; 1419 # DWORD64 ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; 1420 # } EXCEPTION_RECORD64, *PEXCEPTION_RECORD64; 1421 -class EXCEPTION_RECORD64(Structure):

1422 _fields_ = [ 1423 ('ExceptionCode', DWORD), 1424 ('ExceptionFlags', DWORD), 1425 ('ExceptionRecord', DWORD64), 1426 ('ExceptionAddress', DWORD64), 1427 ('NumberParameters', DWORD), 1428 ('__unusedAlignment', DWORD), 1429 ('ExceptionInformation', DWORD64 * EXCEPTION_MAXIMUM_PARAMETERS), 1430 ]

1431 1432 PEXCEPTION_RECORD64 = POINTER(EXCEPTION_RECORD64)

1433 1434 # typedef struct _EXCEPTION_RECORD { 1435 # DWORD ExceptionCode; 1436 # DWORD ExceptionFlags; 1437 # LPVOID ExceptionRecord; 1438 # LPVOID ExceptionAddress; 1439 # DWORD NumberParameters; 1440 # LPVOID ExceptionInformation[EXCEPTION_MAXIMUM_PARAMETERS]; 1441 # } EXCEPTION_RECORD, *PEXCEPTION_RECORD; 1442 -class EXCEPTION_RECORD(Structure):

1443 pass

1444 PEXCEPTION_RECORD = POINTER(EXCEPTION_RECORD) 1445 EXCEPTION_RECORD._fields_ = [ 1446 ('ExceptionCode', DWORD), 1447 ('ExceptionFlags', DWORD), 1448 ('ExceptionRecord', PEXCEPTION_RECORD), 1449 ('ExceptionAddress', LPVOID), 1450 ('NumberParameters', DWORD), 1451 ('ExceptionInformation', LPVOID * EXCEPTION_MAXIMUM_PARAMETERS), 1452 ]

1453 1454 # typedef struct _EXCEPTION_DEBUG_INFO { 1455 # EXCEPTION_RECORD ExceptionRecord; 1456 # DWORD dwFirstChance; 1457 # } EXCEPTION_DEBUG_INFO; 1458 -class EXCEPTION_DEBUG_INFO(Structure):

1459 _fields_ = [ 1460 ('ExceptionRecord', EXCEPTION_RECORD), 1461 ('dwFirstChance', DWORD), 1462 ]

1463

1464 # typedef struct _CREATE_THREAD_DEBUG_INFO { 1465 # HANDLE hThread; 1466 # LPVOID lpThreadLocalBase; 1467 # LPTHREAD_START_ROUTINE lpStartAddress; 1468 # } CREATE_THREAD_DEBUG_INFO; 1469 -class CREATE_THREAD_DEBUG_INFO(Structure):

1470 _fields_ = [ 1471 ('hThread', HANDLE), 1472 ('lpThreadLocalBase', LPVOID), 1473 ('lpStartAddress', LPVOID), 1474 ]

1475

1476 # typedef struct _CREATE_PROCESS_DEBUG_INFO { 1477 # HANDLE hFile; 1478 # HANDLE hProcess; 1479 # HANDLE hThread; 1480 # LPVOID lpBaseOfImage; 1481 # DWORD dwDebugInfoFileOffset; 1482 # DWORD nDebugInfoSize; 1483 # LPVOID lpThreadLocalBase; 1484 # LPTHREAD_START_ROUTINE lpStartAddress; 1485 # LPVOID lpImageName; 1486 # WORD fUnicode; 1487 # } CREATE_PROCESS_DEBUG_INFO; 1488 -class CREATE_PROCESS_DEBUG_INFO(Structure):

1489 _fields_ = [ 1490 ('hFile', HANDLE), 1491 ('hProcess', HANDLE), 1492 ('hThread', HANDLE), 1493 ('lpBaseOfImage', LPVOID), 1494 ('dwDebugInfoFileOffset', DWORD), 1495 ('nDebugInfoSize', DWORD), 1496 ('lpThreadLocalBase', LPVOID), 1497 ('lpStartAddress', LPVOID), 1498 ('lpImageName', LPVOID), 1499 ('fUnicode', WORD), 1500 ]

1501

1502 # typedef struct _EXIT_THREAD_DEBUG_INFO { 1503 # DWORD dwExitCode; 1504 # } EXIT_THREAD_DEBUG_INFO; 1505 -class EXIT_THREAD_DEBUG_INFO(Structure):

1506 _fields_ = [ 1507 ('dwExitCode', DWORD), 1508 ]

1509

1510 # typedef struct _EXIT_PROCESS_DEBUG_INFO { 1511 # DWORD dwExitCode; 1512 # } EXIT_PROCESS_DEBUG_INFO; 1513 -class EXIT_PROCESS_DEBUG_INFO(Structure):

1514 _fields_ = [ 1515 ('dwExitCode', DWORD), 1516 ]

1517

1518 # typedef struct _LOAD_DLL_DEBUG_INFO { 1519 # HANDLE hFile; 1520 # LPVOID lpBaseOfDll; 1521 # DWORD dwDebugInfoFileOffset; 1522 # DWORD nDebugInfoSize; 1523 # LPVOID lpImageName; 1524 # WORD fUnicode; 1525 # } LOAD_DLL_DEBUG_INFO; 1526 -class LOAD_DLL_DEBUG_INFO(Structure):

1527 _fields_ = [ 1528 ('hFile', HANDLE), 1529 ('lpBaseOfDll', LPVOID), 1530 ('dwDebugInfoFileOffset', DWORD), 1531 ('nDebugInfoSize', DWORD), 1532 ('lpImageName', LPVOID), 1533 ('fUnicode', WORD), 1534 ]

1535

1536 # typedef struct _UNLOAD_DLL_DEBUG_INFO { 1537 # LPVOID lpBaseOfDll; 1538 # } UNLOAD_DLL_DEBUG_INFO; 1539 -class UNLOAD_DLL_DEBUG_INFO(Structure):

1540 _fields_ = [ 1541 ('lpBaseOfDll', LPVOID), 1542 ]

1543

1544 # typedef struct _OUTPUT_DEBUG_STRING_INFO { 1545 # LPSTR lpDebugStringData; 1546 # WORD fUnicode; 1547 # WORD nDebugStringLength; 1548 # } OUTPUT_DEBUG_STRING_INFO; 1549 -class OUTPUT_DEBUG_STRING_INFO(Structure):

1550 _fields_ = [ 1551 ('lpDebugStringData', LPVOID), # don't use LPSTR 1552 ('fUnicode', WORD), 1553 ('nDebugStringLength', WORD), 1554 ]

1555

1556 # typedef struct _RIP_INFO { 1557 # DWORD dwError; 1558 # DWORD dwType; 1559 # } RIP_INFO, *LPRIP_INFO; 1560 -class RIP_INFO(Structure):

1561 _fields_ = [ 1562 ('dwError', DWORD), 1563 ('dwType', DWORD), 1564 ]

1565

1566 # typedef struct _DEBUG_EVENT { 1567 # DWORD dwDebugEventCode; 1568 # DWORD dwProcessId; 1569 # DWORD dwThreadId; 1570 # union { 1571 # EXCEPTION_DEBUG_INFO Exception; 1572 # CREATE_THREAD_DEBUG_INFO CreateThread; 1573 # CREATE_PROCESS_DEBUG_INFO CreateProcessInfo; 1574 # EXIT_THREAD_DEBUG_INFO ExitThread; 1575 # EXIT_PROCESS_DEBUG_INFO ExitProcess; 1576 # LOAD_DLL_DEBUG_INFO LoadDll; 1577 # UNLOAD_DLL_DEBUG_INFO UnloadDll; 1578 # OUTPUT_DEBUG_STRING_INFO DebugString; 1579 # RIP_INFO RipInfo; 1580 # } u; 1581 # } DEBUG_EVENT;. 1582 -class _DEBUG_EVENT_UNION_(Union):

1583 _fields_ = [ 1584 ('Exception', EXCEPTION_DEBUG_INFO), 1585 ('CreateThread', CREATE_THREAD_DEBUG_INFO), 1586 ('CreateProcessInfo', CREATE_PROCESS_DEBUG_INFO), 1587 ('ExitThread', EXIT_THREAD_DEBUG_INFO), 1588 ('ExitProcess', EXIT_PROCESS_DEBUG_INFO), 1589 ('LoadDll', LOAD_DLL_DEBUG_INFO), 1590 ('UnloadDll', UNLOAD_DLL_DEBUG_INFO), 1591 ('DebugString', OUTPUT_DEBUG_STRING_INFO), 1592 ('RipInfo', RIP_INFO), 1593 ]

1594 -class DEBUG_EVENT(Structure):

1595 _fields_ = [ 1596 ('dwDebugEventCode', DWORD), 1597 ('dwProcessId', DWORD), 1598 ('dwThreadId', DWORD), 1599 ('u', _DEBUG_EVENT_UNION_), 1600 ]

1601 LPDEBUG_EVENT = ctypes.POINTER(DEBUG_EVENT) 1602 1603 #--- Toolhelp library defines and structures ---------------------------------- 1604 1605 TH32CS_SNAPHEAPLIST = 0x00000001 1606 TH32CS_SNAPPROCESS = 0x00000002 1607 TH32CS_SNAPTHREAD = 0x00000004 1608 TH32CS_SNAPMODULE = 0x00000008 1609 TH32CS_INHERIT = 0x80000000 1610 TH32CS_SNAPALL = (TH32CS_SNAPHEAPLIST | TH32CS_SNAPPROCESS | TH32CS_SNAPTHREAD | TH32CS_SNAPMODULE)

1611 1612 # typedef struct tagTHREADENTRY32 { 1613 # DWORD dwSize; 1614 # DWORD cntUsage; 1615 # DWORD th32ThreadID; 1616 # DWORD th32OwnerProcessID; 1617 # LONG tpBasePri; 1618 # LONG tpDeltaPri; 1619 # DWORD dwFlags; 1620 # } THREADENTRY32, *PTHREADENTRY32; 1621 -class THREADENTRY32(Structure):

1622 _fields_ = [ 1623 ('dwSize', DWORD), 1624 ('cntUsage', DWORD), 1625 ('th32ThreadID', DWORD), 1626 ('th32OwnerProcessID', DWORD), 1627 ('tpBasePri', LONG), 1628 ('tpDeltaPri', LONG), 1629 ('dwFlags', DWORD), 1630 ]

1631 LPTHREADENTRY32 = ctypes.POINTER(THREADENTRY32)

1632 1633 # typedef struct tagPROCESSENTRY32 { 1634 # DWORD dwSize; 1635 # DWORD cntUsage; 1636 # DWORD th32ProcessID; 1637 # ULONG_PTR th32DefaultHeapID; 1638 # DWORD th32ModuleID; 1639 # DWORD cntThreads; 1640 # DWORD th32ParentProcessID; 1641 # LONG pcPriClassBase; 1642 # DWORD dwFlags; 1643 # TCHAR szExeFile[MAX_PATH]; 1644 # } PROCESSENTRY32, *PPROCESSENTRY32; 1645 -class PROCESSENTRY32(Structure):

1646 _fields_ = [ 1647 ('dwSize', DWORD), 1648 ('cntUsage', DWORD), 1649 ('th32ProcessID', DWORD), 1650 ('th32DefaultHeapID', ULONG_PTR), 1651 ('th32ModuleID', DWORD), 1652 ('cntThreads', DWORD), 1653 ('th32ParentProcessID', DWORD), 1654 ('pcPriClassBase', LONG), 1655 ('dwFlags', DWORD), 1656 ('szExeFile', TCHAR * 260), 1657 ]

1658 LPPROCESSENTRY32 = ctypes.POINTER(PROCESSENTRY32)

1659 1660 # typedef struct tagMODULEENTRY32 { 1661 # DWORD dwSize; 1662 # DWORD th32ModuleID; 1663 # DWORD th32ProcessID; 1664 # DWORD GlblcntUsage; 1665 # DWORD ProccntUsage; 1666 # BYTE* modBaseAddr; 1667 # DWORD modBaseSize; 1668 # HMODULE hModule; 1669 # TCHAR szModule[MAX_MODULE_NAME32 + 1]; 1670 # TCHAR szExePath[MAX_PATH]; 1671 # } MODULEENTRY32, *PMODULEENTRY32; 1672 -class MODULEENTRY32(Structure):

1673 _fields_ = [ 1674 ("dwSize", DWORD), 1675 ("th32ModuleID", DWORD), 1676 ("th32ProcessID", DWORD), 1677 ("GlblcntUsage", DWORD), 1678 ("ProccntUsage", DWORD), 1679 ("modBaseAddr", LPVOID), # BYTE* 1680 ("modBaseSize", DWORD), 1681 ("hModule", HMODULE), 1682 ("szModule", TCHAR * (MAX_MODULE_NAME32 + 1)), 1683 ("szExePath", TCHAR * MAX_PATH), 1684 ]

1685 LPMODULEENTRY32 = ctypes.POINTER(MODULEENTRY32)

1686 1687 # typedef struct tagHEAPENTRY32 { 1688 # SIZE_T dwSize; 1689 # HANDLE hHandle; 1690 # ULONG_PTR dwAddress; 1691 # SIZE_T dwBlockSize; 1692 # DWORD dwFlags; 1693 # DWORD dwLockCount; 1694 # DWORD dwResvd; 1695 # DWORD th32ProcessID; 1696 # ULONG_PTR th32HeapID; 1697 # } HEAPENTRY32, 1698 # *PHEAPENTRY32; 1699 -class HEAPENTRY32(Structure):

1700 _fields_ = [ 1701 ("dwSize", SIZE_T), 1702 ("hHandle", HANDLE), 1703 ("dwAddress", ULONG_PTR), 1704 ("dwBlockSize", SIZE_T), 1705 ("dwFlags", DWORD), 1706 ("dwLockCount", DWORD), 1707 ("dwResvd", DWORD), 1708 ("th32ProcessID", DWORD), 1709 ("th32HeapID", ULONG_PTR), 1710 ]

1711 LPHEAPENTRY32 = ctypes.POINTER(HEAPENTRY32)

1712 1713 # typedef struct tagHEAPLIST32 { 1714 # SIZE_T dwSize; 1715 # DWORD th32ProcessID; 1716 # ULONG_PTR th32HeapID; 1717 # DWORD dwFlags; 1718 # } HEAPLIST32, 1719 # *PHEAPLIST32; 1720 -class HEAPLIST32(Structure):

1721 _fields_ = [ 1722 ("dwSize", SIZE_T), 1723 ("th32ProcessID", DWORD), 1724 ("th32HeapID", ULONG_PTR), 1725 ("dwFlags", DWORD), 1726 ]

1727 LPHEAPLIST32 = POINTER(HEAPLIST32)

1728 1729 #--- kernel32.dll ------------------------------------------------------------- 1730 1731 # DWORD WINAPI GetLastError(void); 1732 -def GetLastError():

1733 _GetLastError = windll.kernel32.GetLastError 1734 _GetLastError.argtypes = [] 1735 _GetLastError.restype = DWORD 1736 return _GetLastError()

1737

1738 # void WINAPI SetLastError( 1739 # __in DWORD dwErrCode 1740 # ); 1741 -def SetLastError(dwErrCode):

1742 _SetLastError = windll.kernel32.SetLastError 1743 _SetLastError.argtypes = [DWORD] 1744 _SetLastError.restype = None 1745 _SetLastError(dwErrCode)

1746

1747 # BOOL WINAPI CloseHandle( 1748 # __in HANDLE hObject 1749 # ); 1750 -def CloseHandle(hHandle):

1751 if isinstance(hHandle, Handle): 1752 # Prevents the handle from being closed without notifying the Handle object. 1753 hHandle.close() 1754 else: 1755 _CloseHandle = windll.kernel32.CloseHandle 1756 _CloseHandle.argtypes = [HANDLE] 1757 _CloseHandle.restype = bool 1758 _CloseHandle.errcheck = RaiseIfZero 1759 _CloseHandle(hHandle)

1760

1761 # BOOL WINAPI DuplicateHandle( 1762 # __in HANDLE hSourceProcessHandle, 1763 # __in HANDLE hSourceHandle, 1764 # __in HANDLE hTargetProcessHandle, 1765 # __out LPHANDLE lpTargetHandle, 1766 # __in DWORD dwDesiredAccess, 1767 # __in BOOL bInheritHandle, 1768 # __in DWORD dwOptions 1769 # ); 1770 -def DuplicateHandle(hSourceHandle, hSourceProcessHandle = None, hTargetProcessHandle = None, dwDesiredAccess = STANDARD_RIGHTS_ALL, bInheritHandle = False, dwOptions = DUPLICATE_SAME_ACCESS):

1771 _DuplicateHandle = windll.kernel32.DuplicateHandle 1772 _DuplicateHandle.argtypes = [HANDLE, HANDLE, HANDLE, LPHANDLE, DWORD, BOOL, DWORD] 1773 _DuplicateHandle.restype = bool 1774 _DuplicateHandle.errcheck = RaiseIfZero 1775 1776 if hSourceProcessHandle is None: 1777 hSourceProcessHandle = GetCurrentProcess() 1778 if hTargetProcessHandle is None: 1779 hTargetProcessHandle = hSourceProcessHandle 1780 lpTargetHandle = HANDLE(INVALID_HANDLE_VALUE) 1781 _DuplicateHandle(hSourceHandle, hSourceProcessHandle, hTargetProcessHandle, ctypes.byref(lpTargetHandle), dwDesiredAccess, bool(bInheritHandle), dwOptions) 1782 if isinstance(hSourceHandle, Handle): 1783 HandleClass = hSourceHandle.__class__ 1784 else: 1785 HandleClass = Handle 1786 return HandleClass(lpTargetHandle.value)

1787

1788 # HLOCAL WINAPI LocalFree( 1789 # __in HLOCAL hMem 1790 # ); 1791 -def LocalFree(hMem):

1792 _LocalFree = windll.kernel32.LocalFree 1793 _LocalFree.argtypes = [HLOCAL] 1794 _LocalFree.restype = HLOCAL 1795 1796 result = _LocalFree(hMem) 1797 if result != NULL: 1798 ctypes.WinError()

1799

1800 #------------------------------------------------------------------------------ 1801 # DLL API 1802 1803 # DWORD WINAPI GetDllDirectory( 1804 # __in DWORD nBufferLength, 1805 # __out LPTSTR lpBuffer 1806 # ); 1807 -def GetDllDirectoryA():

1808 _GetDllDirectoryA = windll.kernel32.GetDllDirectoryA 1809 _GetDllDirectoryA.argytpes = [DWORD, LPSTR] 1810 _GetDllDirectoryA.restype = DWORD 1811 1812 nBufferLength = _GetDllDirectoryA(0, None) 1813 if nBufferLength == 0: 1814 return None 1815 lpBuffer = ctypes.create_string_buffer("", nBufferLength) 1816 _GetDllDirectoryA(nBufferLength, ctypes.byref(lpBuffer)) 1817 return lpBuffer.value

1818

1819 -def GetDllDirectoryW():

1820 _GetDllDirectoryW = windll.kernel32.GetDllDirectoryW 1821 _GetDllDirectoryW.argytpes = [DWORD, LPWSTR] 1822 _GetDllDirectoryW.restype = DWORD 1823 1824 nBufferLength = _GetDllDirectoryW(0, None) 1825 if nBufferLength == 0: 1826 return None 1827 lpBuffer = ctypes.create_unicode_buffer(u"", nBufferLength) 1828 _GetDllDirectoryW(nBufferLength, ctypes.byref(lpBuffer)) 1829 return lpBuffer.value

1830 1831 GetDllDirectory = GuessStringType(GetDllDirectoryA, GetDllDirectoryW)

1832 1833 # BOOL WINAPI SetDllDirectory( 1834 # __in_opt LPCTSTR lpPathName 1835 # ); 1836 -def SetDllDirectoryA(lpPathName = None):

1837 _SetDllDirectoryA = windll.kernel32.SetDllDirectoryA 1838 _SetDllDirectoryA.argytpes = [LPSTR] 1839 _SetDllDirectoryA.restype = bool 1840 _SetDllDirectoryA.errcheck = RaiseIfZero 1841 _SetDllDirectoryA(lpPathName)

1842

1843 -def SetDllDirectoryW(lpPathName):

1844 _SetDllDirectoryW = windll.kernel32.SetDllDirectoryW 1845 _SetDllDirectoryW.argytpes = [LPWSTR] 1846 _SetDllDirectoryW.restype = bool 1847 _SetDllDirectoryW.errcheck = RaiseIfZero 1848 _SetDllDirectoryW(lpPathName)

1849 1850 SetDllDirectory = GuessStringType(SetDllDirectoryA, SetDllDirectoryW)

1851 1852 # HMODULE WINAPI LoadLibrary( 1853 # __in LPCTSTR lpFileName 1854 # ); 1855 -def LoadLibraryA(pszLibrary):

1856 _LoadLibraryA = windll.kernel32.LoadLibraryA 1857 _LoadLibraryA.argtypes = [LPSTR] 1858 _LoadLibraryA.restype = HMODULE 1859 hModule = _LoadLibraryA(pszLibrary) 1860 if hModule == NULL: 1861 raise ctypes.WinError() 1862 return hModule

1863

1864 -def LoadLibraryW(pszLibrary):

1865 _LoadLibraryW = windll.kernel32.LoadLibraryW 1866 _LoadLibraryW.argtypes = [LPWSTR] 1867 _LoadLibraryW.restype = HMODULE 1868 hModule = _LoadLibraryW(pszLibrary) 1869 if hModule == NULL: 1870 raise ctypes.WinError() 1871 return hModule

1872 1873 LoadLibrary = GuessStringType(LoadLibraryA, LoadLibraryW)

1874 1875 # HMODULE WINAPI LoadLibraryEx( 1876 # __in LPCTSTR lpFileName, 1877 # __reserved HANDLE hFile, 1878 # __in DWORD dwFlags 1879 # ); 1880 -def LoadLibraryExA(pszLibrary, dwFlags = 0):

1881 _LoadLibraryExA = windll.kernel32.LoadLibraryExA 1882 _LoadLibraryExA.argtypes = [LPSTR, HANDLE, DWORD] 1883 _LoadLibraryExA.restype = HMODULE 1884 hModule = _LoadLibraryExA(pszLibrary, NULL, dwFlags) 1885 if hModule == NULL: 1886 raise ctypes.WinError() 1887 return hModule

1888

1889 -def LoadLibraryExW(pszLibrary, dwFlags = 0):

1890 _LoadLibraryExW = windll.kernel32.LoadLibraryExW 1891 _LoadLibraryExW.argtypes = [LPWSTR, HANDLE, DWORD] 1892 _LoadLibraryExW.restype = HMODULE 1893 hModule = _LoadLibraryExW(pszLibrary, NULL, dwFlags) 1894 if hModule == NULL: 1895 raise ctypes.WinError() 1896 return hModule

1897 1898 LoadLibraryEx = GuessStringType(LoadLibraryExA, LoadLibraryExW)

1899 1900 # HMODULE WINAPI GetModuleHandle( 1901 # __in_opt LPCTSTR lpModuleName 1902 # ); 1903 -def GetModuleHandleA(lpModuleName):

1904 _GetModuleHandleA = windll.kernel32.GetModuleHandleA 1905 _GetModuleHandleA.argtypes = [LPSTR] 1906 _GetModuleHandleA.restype = HMODULE 1907 hModule = _GetModuleHandleA(lpModuleName) 1908 if hModule == NULL: 1909 raise ctypes.WinError() 1910 return hModule

1911

1912 -def GetModuleHandleW(lpModuleName):

1913 _GetModuleHandleW = windll.kernel32.GetModuleHandleW 1914 _GetModuleHandleW.argtypes = [LPWSTR] 1915 _GetModuleHandleW.restype = HMODULE 1916 hModule = _GetModuleHandleW(lpModuleName) 1917 if hModule == NULL: 1918 raise ctypes.WinError() 1919 return hModule

1920 1921 GetModuleHandle = GuessStringType(GetModuleHandleA, GetModuleHandleW)

1922 1923 # FARPROC WINAPI GetProcAddress( 1924 # __in HMODULE hModule, 1925 # __in LPCSTR lpProcName 1926 # ); 1927 -def GetProcAddress(hModule, lpProcName):

1928 _GetProcAddress = windll.kernel32.GetProcAddress 1929 _GetProcAddress.argtypes = [HMODULE, LPVOID] 1930 _GetProcAddress.restype = LPVOID 1931 1932 if type(lpProcName) in (type(0), type(0L)): 1933 lpProcName = LPVOID(lpProcName) 1934 if lpProcName.value & (~0xFFFF): 1935 raise ValueError, 'Ordinal number too large: %d' % lpProcName.value 1936 elif type(lpProcName) == type(""): 1937 lpProcName = ctypes.c_char_p(lpProcName) 1938 else: 1939 raise TypeError, str(type(lpProcName)) 1940 return _GetProcAddress(hModule, lpProcName)

1941

1942 # BOOL WINAPI FreeLibrary( 1943 # __in HMODULE hModule 1944 # ); 1945 -def FreeLibrary(hModule):

1946 _FreeLibrary = windll.kernel32.FreeLibrary 1947 _FreeLibrary.argtypes = [HMODULE] 1948 _FreeLibrary.restype = bool 1949 _FreeLibrary.errcheck = RaiseIfZero 1950 _FreeLibrary(hModule)

1951

1952 #------------------------------------------------------------------------------ 1953 # File API and related 1954 1955 # BOOL WINAPI QueryFullProcessImageName( 1956 # __in HANDLE hProcess, 1957 # __in DWORD dwFlags, 1958 # __out LPTSTR lpExeName, 1959 # __inout PDWORD lpdwSize 1960 # ); 1961 -def QueryFullProcessImageNameA(hProcess, dwFlags = 0):

1962 _QueryFullProcessImageNameA = windll.kernel32.QueryFullProcessImageNameA 1963 _QueryFullProcessImageNameA.argtypes = [HANDLE, DWORD, LPSTR, PDWORD] 1964 _QueryFullProcessImageNameA.restype = bool 1965 1966 dwSize = MAX_PATH 1967 while 1: 1968 lpdwSize = DWORD(dwSize) 1969 lpExeName = ctypes.create_string_buffer('', lpdwSize.value + 1) 1970 success = _QueryFullProcessImageNameA(hProcess, dwFlags, lpExeName, ctypes.byref(lpdwSize)) 1971 if success and 0 < lpdwSize.value < dwSize: 1972 break 1973 error = GetLastError() 1974 if error != ERROR_INSUFFICIENT_BUFFER: 1975 raise ctypes.WinError(error) 1976 dwSize = dwSize + 256 1977 if dwSize > 0x1000: 1978 # this prevents an infinite loop in Windows 2008 when the path has spaces, 1979 # see http://msdn.microsoft.com/en-us/library/ms684919(VS.85).aspx#4 1980 raise ctypes.WinError(error) 1981 return lpExeName.value

1982

1983 -def QueryFullProcessImageNameW(hProcess, dwFlags = 0):

1984 _QueryFullProcessImageNameW = windll.kernel32.QueryFullProcessImageNameW 1985 _QueryFullProcessImageNameW.argtypes = [HANDLE, DWORD, LPWSTR, PDWORD] 1986 _QueryFullProcessImageNameW.restype = bool 1987 1988 dwSize = MAX_PATH 1989 while 1: 1990 lpdwSize = DWORD(dwSize) 1991 lpExeName = ctypes.create_unicode_buffer('', lpdwSize.value + 1) 1992 success = _QueryFullProcessImageNameW(hProcess, dwFlags, lpExeName, ctypes.byref(lpdwSize)) 1993 if success and 0 < lpdwSize.value < dwSize: 1994 break 1995 error = GetLastError() 1996 if error != ERROR_INSUFFICIENT_BUFFER: 1997 raise ctypes.WinError(error) 1998 dwSize = dwSize + 256 1999 if dwSize > 0x1000: 2000 # this prevents an infinite loop in Windows 2008 when the path has spaces, 2001 # see http://msdn.microsoft.com/en-us/library/ms684919(VS.85).aspx#4 2002 raise ctypes.WinError(error) 2003 return lpExeName.value

2004 2005 QueryFullProcessImageName = GuessStringType(QueryFullProcessImageNameA, QueryFullProcessImageNameW)

2006 2007 # DWORD WINAPI GetLogicalDriveStrings( 2008 # __in DWORD nBufferLength, 2009 # __out LPTSTR lpBuffer 2010 # ); 2011 -def GetLogicalDriveStringsA():

2012 _GetLogicalDriveStringsA = ctypes.windll.kernel32.GetLogicalDriveStringsA 2013 _GetLogicalDriveStringsA.argtypes = [DWORD, LPSTR] 2014 _GetLogicalDriveStringsA.restype = DWORD 2015 _GetLogicalDriveStringsA.errcheck = RaiseIfZero 2016 2017 nBufferLength = (4 * 26) + 1 # "X:\\\0" from A to Z plus empty string 2018 lpBuffer = ctypes.create_string_buffer('', nBufferLength) 2019 _GetLogicalDriveStringsA(nBufferLength, lpBuffer) 2020 drive_strings = list() 2021 string_p = ctypes.addressof(lpBuffer) 2022 sizeof_char = ctypes.sizeof(ctypes.c_char) 2023 while True: 2024 string_v = ctypes.string_at(string_p) 2025 if string_v == '': 2026 break 2027 drive_strings.append(string_v) 2028 string_p += len(string_v) + sizeof_char 2029 return drive_strings

2030

2031 -def GetLogicalDriveStringsW():

2032 _GetLogicalDriveStringsW = ctypes.windll.kernel32.GetLogicalDriveStringsW 2033 _GetLogicalDriveStringsW.argtypes = [DWORD, LPWSTR] 2034 _GetLogicalDriveStringsW.restype = DWORD 2035 _GetLogicalDriveStringsW.errcheck = RaiseIfZero 2036 2037 nBufferLength = (4 * 26) + 1 # "X:\\\0" from A to Z plus empty string 2038 lpBuffer = ctypes.create_unicode_buffer(u'', nBufferLength) 2039 _GetLogicalDriveStringsW(nBufferLength, lpBuffer) 2040 drive_strings = list() 2041 string_p = ctypes.addressof(lpBuffer) 2042 sizeof_wchar = ctypes.sizeof(ctypes.c_wchar) 2043 while True: 2044 string_v = ctypes.wstring_at(string_p) 2045 if string_v == u'': 2046 break 2047 drive_strings.append(string_v) 2048 string_p += (len(string_v) * sizeof_wchar) + sizeof_wchar 2049 return drive_strings

2050 2051 ##def GetLogicalDriveStringsA(): 2052 ## _GetLogicalDriveStringsA = windll.kernel32.GetLogicalDriveStringsA 2053 ## _GetLogicalDriveStringsA.argtypes = [DWORD, LPSTR] 2054 ## _GetLogicalDriveStringsA.restype = DWORD 2055 ## _GetLogicalDriveStringsA.errcheck = RaiseIfZero 2056 ## 2057 ## nBufferLength = (4 * 26) + 1 # "X:\\\0" from A to Z plus empty string 2058 ## lpBuffer = ctypes.create_string_buffer('', nBufferLength) 2059 ## _GetLogicalDriveStringsA(nBufferLength, lpBuffer) 2060 ## result = list() 2061 ## index = 0 2062 ## while 1: 2063 ## string = list() 2064 ## while 1: 2065 ## character = lpBuffer[index] 2066 ## index = index + 1 2067 ## if character == '\0': 2068 ## break 2069 ## string.append(character) 2070 ## if not string: 2071 ## break 2072 ## result.append(''.join(string)) 2073 ## return result 2074 ## 2075 ##def GetLogicalDriveStringsW(): 2076 ## _GetLogicalDriveStringsW = windll.kernel32.GetLogicalDriveStringsW 2077 ## _GetLogicalDriveStringsW.argtypes = [DWORD, LPWSTR] 2078 ## _GetLogicalDriveStringsW.restype = DWORD 2079 ## _GetLogicalDriveStringsW.errcheck = RaiseIfZero 2080 ## 2081 ## nBufferLength = (4 * 26) + 1 # "X:\\\0" from A to Z plus empty string 2082 ## lpBuffer = ctypes.create_unicode_buffer(u'', nBufferLength) 2083 ## _GetLogicalDriveStringsW(nBufferLength, lpBuffer) 2084 ## result = list() 2085 ## index = 0 2086 ## while 1: 2087 ## string = list() 2088 ## while 1: 2089 ## character = lpBuffer[index] 2090 ## index = index + 1 2091 ## if character == u'\0': 2092 ## break 2093 ## string.append(character) 2094 ## if not string: 2095 ## break 2096 ## result.append(u''.join(string)) 2097 ## return result 2098 2099 GetLogicalDriveStrings = GuessStringType(GetLogicalDriveStringsA, GetLogicalDriveStringsW)

2100 2101 # DWORD WINAPI QueryDosDevice( 2102 # __in_opt LPCTSTR lpDeviceName, 2103 # __out LPTSTR lpTargetPath, 2104 # __in DWORD ucchMax 2105 # ); 2106 -def QueryDosDeviceA(lpDeviceName = None):

2107 _QueryDosDeviceA = windll.kernel32.QueryDosDeviceA 2108 _QueryDosDeviceA.argtypes = [LPSTR, LPSTR, DWORD] 2109 _QueryDosDeviceA.restype = DWORD 2110 _QueryDosDeviceA.errcheck = RaiseIfZero 2111 2112 if not lpDeviceName: 2113 lpDeviceName = None 2114 ucchMax = 0x1000 2115 lpTargetPath = ctypes.create_string_buffer('', ucchMax) 2116 _QueryDosDeviceA(lpDeviceName, lpTargetPath, ucchMax) 2117 return lpTargetPath.value

2118

2119 -def QueryDosDeviceW(lpDeviceName):

2120 _QueryDosDeviceW = windll.kernel32.QueryDosDeviceW 2121 _QueryDosDeviceW.argtypes = [LPWSTR, LPWSTR, DWORD] 2122 _QueryDosDeviceW.restype = DWORD 2123 _QueryDosDeviceW.errcheck = RaiseIfZero 2124 2125 if not lpDeviceName: 2126 lpDeviceName = None 2127 ucchMax = 0x1000 2128 lpTargetPath = ctypes.create_unicode_buffer(u'', ucchMax) 2129 _QueryDosDeviceW(lpDeviceName, lpTargetPath, ucchMax) 2130 return lpTargetPath.value

2131 2132 QueryDosDevice = GuessStringType(QueryDosDeviceA, QueryDosDeviceW)

2133 2134 # LPVOID WINAPI MapViewOfFile( 2135 # __in HANDLE hFileMappingObject, 2136 # __in DWORD dwDesiredAccess, 2137 # __in DWORD dwFileOffsetHigh, 2138 # __in DWORD dwFileOffsetLow, 2139 # __in SIZE_T dwNumberOfBytesToMap 2140 # ); 2141 -def MapViewOfFile(hFileMappingObject, dwDesiredAccess = FILE_MAP_ALL_ACCESS | FILE_MAP_EXECUTE, dwFileOffsetHigh = 0, dwFileOffsetLow = 0, dwNumberOfBytesToMap = 0):

2142 _MapViewOfFile = windll.kernel32.MapViewOfFile 2143 _MapViewOfFile.argtypes = [HANDLE, DWORD, DWORD, DWORD, SIZE_T] 2144 _MapViewOfFile.restype = LPVOID 2145 lpBaseAddress = _MapViewOfFile(hFileMappingObject, dwDesiredAccess, dwFileOffsetHigh, dwFileOffsetLow, dwNumberOfBytesToMap) 2146 if lpBaseAddress == NULL: 2147 raise ctypes.WinError() 2148 return lpBaseAddress

2149

2150 # BOOL WINAPI UnmapViewOfFile( 2151 # __in LPCVOID lpBaseAddress 2152 # ); 2153 -def UnmapViewOfFile(lpBaseAddress):

2154 _UnmapViewOfFile = windll.kernel32.UnmapViewOfFile 2155 _UnmapViewOfFile.argtypes = [LPVOID] 2156 _UnmapViewOfFile.restype = bool 2157 _UnmapViewOfFile.errcheck = RaiseIfZero 2158 _UnmapViewOfFile(lpBaseAddress)

2159

2160 # HANDLE WINAPI OpenFileMapping( 2161 # __in DWORD dwDesiredAccess, 2162 # __in BOOL bInheritHandle, 2163 # __in LPCTSTR lpName 2164 # ); 2165 -def OpenFileMappingA(dwDesiredAccess, bInheritHandle, lpName):

2166 _OpenFileMappingA = windll.kernel32.OpenFileMappingA 2167 _OpenFileMappingA.argtypes = [DWORD, BOOL, LPSTR] 2168 _OpenFileMappingA.restype = HANDLE 2169 _OpenFileMappingA.errcheck = RaiseIfZero 2170 hFileMappingObject = _OpenFileMappingA(dwDesiredAccess, bool(bInheritHandle), lpName) 2171 return FileMappingHandle(hFileMappingObject)

2172

2173 -def OpenFileMappingW(dwDesiredAccess, bInheritHandle, lpName):

2174 _OpenFileMappingW = windll.kernel32.OpenFileMappingW 2175 _OpenFileMappingW.argtypes = [DWORD, BOOL, LPWSTR] 2176 _OpenFileMappingW.restype = HANDLE 2177 _OpenFileMappingW.errcheck = RaiseIfZero 2178 hFileMappingObject = _OpenFileMappingW(dwDesiredAccess, bool(bInheritHandle), lpName) 2179 return FileMappingHandle(hFileMappingObject)

2180 2181 OpenFileMapping = GuessStringType(OpenFileMappingA, OpenFileMappingW)

2182 2183 # HANDLE WINAPI CreateFileMapping( 2184 # __in HANDLE hFile, 2185 # __in_opt LPSECURITY_ATTRIBUTES lpAttributes, 2186 # __in DWORD flProtect, 2187 # __in DWORD dwMaximumSizeHigh, 2188 # __in DWORD dwMaximumSizeLow, 2189 # __in_opt LPCTSTR lpName 2190 # ); 2191 -def CreateFileMappingA(hFile, lpAttributes = None, flProtect = PAGE_EXECUTE_READWRITE, dwMaximumSizeHigh = 0, dwMaximumSizeLow = 0, lpName = None):

2192 _CreateFileMappingA = windll.kernel32.CreateFileMappingA 2193 _CreateFileMappingA.argtypes = [HANDLE, LPVOID, DWORD, DWORD, DWORD, LPSTR] 2194 _CreateFileMappingA.restype = HANDLE 2195 _CreateFileMappingA.errcheck = RaiseIfZero 2196 2197 if lpAttributes: 2198 lpAttributes = ctypes.pointer(lpAttributes) 2199 if not lpName: 2200 lpName = None 2201 hFileMappingObject = _CreateFileMappingA(hFile, lpAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName) 2202 return FileMappingHandle(hFileMappingObject)

2203

2204 -def CreateFileMappingW(hFile, lpAttributes = None, flProtect = PAGE_EXECUTE_READWRITE, dwMaximumSizeHigh = 0, dwMaximumSizeLow = 0, lpName = None):

2205 _CreateFileMappingW = windll.kernel32.CreateFileMappingW 2206 _CreateFileMappingW.argtypes = [HANDLE, LPVOID, DWORD, DWORD, DWORD, LPWSTR] 2207 _CreateFileMappingW.restype = HANDLE 2208 _CreateFileMappingW.errcheck = RaiseIfZero 2209 2210 if lpAttributes: 2211 lpAttributes = ctypes.pointer(lpAttributes) 2212 if not lpName: 2213 lpName = None 2214 hFileMappingObject = _CreateFileMappingW(hFile, lpAttributes, flProtect, dwMaximumSizeHigh, dwMaximumSizeLow, lpName) 2215 return FileMappingHandle(hFileMappingObject)

2216 2217 CreateFileMapping = GuessStringType(CreateFileMappingA, CreateFileMappingW)

2218 2219 # HANDLE WINAPI CreateFile( 2220 # __in LPCTSTR lpFileName, 2221 # __in DWORD dwDesiredAccess, 2222 # __in DWORD dwShareMode, 2223 # __in_opt LPSECURITY_ATTRIBUTES lpSecurityAttributes, 2224 # __in DWORD dwCreationDisposition, 2225 # __in DWORD dwFlagsAndAttributes, 2226 # __in_opt HANDLE hTemplateFile 2227 # ); 2228 -def CreateFileA(lpFileName, dwDesiredAccess = GENERIC_ALL, dwShareMode = 0, lpSecurityAttributes = None, dwCreationDisposition = OPEN_ALWAYS, dwFlagsAndAttributes = FILE_ATTRIBUTE_NORMAL, hTemplateFile = None):

2229 _CreateFileA = windll.kernel32.CreateFileA 2230 _CreateFileA.argtypes = [LPSTR, DWORD, DWORD, LPVOID, DWORD, DWORD, HANDLE] 2231 _CreateFileA.restype = HANDLE 2232 2233 if not lpFileName: 2234 lpFileName = None 2235 if lpSecurityAttributes: 2236 lpSecurityAttributes = ctypes.pointer(lpSecurityAttributes) 2237 hFile = _CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile) 2238 if hFile == INVALID_HANDLE_VALUE: 2239 raise ctypes.WinError() 2240 return FileHandle(hFile)

2241

2242 -def CreateFileW(lpFileName, dwDesiredAccess = GENERIC_ALL, dwShareMode = 0, lpSecurityAttributes = None, dwCreationDisposition = OPEN_ALWAYS, dwFlagsAndAttributes = FILE_ATTRIBUTE_NORMAL, hTemplateFile = None):

2243 _CreateFileW = windll.kernel32.CreateFileW 2244 _CreateFileW.argtypes = [LPWSTR, DWORD, DWORD, LPVOID, DWORD, DWORD, HANDLE] 2245 _CreateFileW.restype = HANDLE 2246 2247 if not lpFileName: 2248 lpFileName = None 2249 if lpSecurityAttributes: 2250 lpSecurityAttributes = ctypes.pointer(lpSecurityAttributes) 2251 hFile = _CreateFileW(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile) 2252 if hFile == INVALID_HANDLE_VALUE: 2253 raise ctypes.WinError() 2254 return FileHandle(hFile)

2255 2256 CreateFile = GuessStringType(CreateFileA, CreateFileW)

2257 2258 # BOOL WINAPI FlushFileBuffers( 2259 # __in HANDLE hFile 2260 # ); 2261 -def FlushFileBuffers(hFile):

2262 _FlushFileBuffers = windll.kernel32.FlushFileBuffers 2263 _FlushFileBuffers.argtypes = [HANDLE] 2264 _FlushFileBuffers.restype = bool 2265 _FlushFileBuffers.errcheck = RaiseIfZero 2266 _FlushFileBuffers(hFile)

2267

2268 # BOOL WINAPI FlushViewOfFile( 2269 # __in LPCVOID lpBaseAddress, 2270 # __in SIZE_T dwNumberOfBytesToFlush 2271 # ); 2272 -def FlushViewOfFile(lpBaseAddress, dwNumberOfBytesToFlush = 0):

2273 _FlushViewOfFile = windll.kernel32.FlushViewOfFile 2274 _FlushViewOfFile.argtypes = [LPVOID, SIZE_T] 2275 _FlushViewOfFile.restype = bool 2276 _FlushViewOfFile.errcheck = RaiseIfZero 2277 _FlushViewOfFile(lpBaseAddress, dwNumberOfBytesToFlush)

2278

2279 # DWORD WINAPI SearchPath( 2280 # __in_opt LPCTSTR lpPath, 2281 # __in LPCTSTR lpFileName, 2282 # __in_opt LPCTSTR lpExtension, 2283 # __in DWORD nBufferLength, 2284 # __out LPTSTR lpBuffer, 2285 # __out_opt LPTSTR *lpFilePart 2286 # ); 2287 -def SearchPathA(lpPath, lpFileName, lpExtension):

2288 _SearchPathA = windll.kernel32.SearchPathA 2289 _SearchPathA.argtypes = [LPSTR, LPSTR, LPSTR, DWORD, LPSTR, ctypes.POINTER(LPSTR)] 2290 _SearchPathA.restype = DWORD 2291 _SearchPathA.errcheck = RaiseIfZero 2292 2293 if not lpPath: 2294 lpPath = None 2295 if not lpExtension: 2296 lpExtension = None 2297 nBufferLength = _SearchPathA(lpPath, lpFileName, lpExtension, 0, None, None) 2298 lpBuffer = ctypes.create_string_buffer('', nBufferLength + 1) 2299 lpFilePart = LPSTR() 2300 _SearchPathA(lpPath, lpFileName, lpExtension, nBufferLength, lpBuffer, ctypes.byref(lpFilePart)) 2301 lpFilePart = lpFilePart.value 2302 lpBuffer = lpBuffer.value 2303 if lpBuffer == '': 2304 if GetLastError() == ERROR_SUCCESS: 2305 raise ctypes.WinError(ERROR_FILE_NOT_FOUND) 2306 raise ctypes.WinError() 2307 return (lpBuffer, lpFilePart)

2308

2309 -def SearchPathW(lpPath, lpFileName, lpExtension):

2310 _SearchPathW = windll.kernel32.SearchPathW 2311 _SearchPathW.argtypes = [LPWSTR, LPWSTR, LPWSTR, DWORD, LPWSTR, POINTER(LPWSTR)] 2312 _SearchPathW.restype = DWORD 2313 _SearchPathW.errcheck = RaiseIfZero 2314 2315 if not lpPath: 2316 lpPath = None 2317 if not lpExtension: 2318 lpExtension = None 2319 nBufferLength = _SearchPathW(lpPath, lpFileName, lpExtension, 0, None, None) 2320 lpBuffer = ctypes.create_unicode_buffer(u'', nBufferLength + 1) 2321 lpFilePart = LPWSTR() 2322 _SearchPathW(lpPath, lpFileName, lpExtension, nBufferLength, lpBuffer, ctypes.byref(lpFilePart)) 2323 lpFilePart = lpFilePart.value 2324 lpBuffer = lpBuffer.value 2325 if lpBuffer == u'': 2326 if GetLastError() == ERROR_SUCCESS: 2327 raise ctypes.WinError(ERROR_FILE_NOT_FOUND) 2328 raise ctypes.WinError() 2329 return (lpBuffer, lpFilePart)

2330 2331 SearchPath = GuessStringType(SearchPathA, SearchPathW)

2332 2333 # BOOL SetSearchPathMode( 2334 # __in DWORD Flags 2335 # ); 2336 -def SetSearchPathMode(Flags):

2337 _SetSearchPathMode = windll.kernel32.SetSearchPathMode 2338 _SetSearchPathMode.argtypes = [DWORD] 2339 _SetSearchPathMode.restype = bool 2340 _SetSearchPathMode.errcheck = RaiseIfZero 2341 _SetSearchPathMode(Flags)

2342

2343 # BOOL WINAPI DeviceIoControl( 2344 # __in HANDLE hDevice, 2345 # __in DWORD dwIoControlCode, 2346 # __in_opt LPVOID lpInBuffer, 2347 # __in DWORD nInBufferSize, 2348 # __out_opt LPVOID lpOutBuffer, 2349 # __in DWORD nOutBufferSize, 2350 # __out_opt LPDWORD lpBytesReturned, 2351 # __inout_opt LPOVERLAPPED lpOverlapped 2352 # ); 2353 -def DeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, lpOverlapped):

2354 _DeviceIoControl = windll.kernel32.DeviceIoControl 2355 _DeviceIoControl.argtypes = [HANDLE, DWORD, LPVOID, DWORD, LPVOID, DWORD, LPDWORD, LPOVERLAPPED] 2356 _DeviceIoControl.restype = bool 2357 _DeviceIoControl.errcheck = RaiseIfZero 2358 2359 if not lpInBuffer: 2360 lpInBuffer = None 2361 if not lpOutBuffer: 2362 lpOutBuffer = None 2363 if lpOverlapped: 2364 lpOverlapped = ctypes.pointer(lpOverlapped) 2365 lpBytesReturned = DWORD(0) 2366 _DeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, ctypes.byref(lpBytesReturned), lpOverlapped) 2367 return lpBytesReturned.value

2368

2369 # BOOL GetFileInformationByHandle( 2370 # HANDLE hFile, 2371 # LPBY_HANDLE_FILE_INFORMATION lpFileInformation 2372 # ); 2373 -def GetFileInformationByHandle(hFile):

2374 _GetFileInformationByHandle = windll.kernel32.GetFileInformationByHandle 2375 _GetFileInformationByHandle.argtypes = [HANDLE, LPBY_HANDLE_FILE_INFORMATION] 2376 _GetFileInformationByHandle.restype = bool 2377 _GetFileInformationByHandle.errcheck = RaiseIfZero 2378 2379 lpFileInformation = BY_HANDLE_FILE_INFORMATION() 2380 _GetFileInformationByHandle(hFile, ctypes.byref(lpFileInformation)) 2381 return lpFileInformation

2382

2383 # BOOL WINAPI GetFileInformationByHandleEx( 2384 # __in HANDLE hFile, 2385 # __in FILE_INFO_BY_HANDLE_CLASS FileInformationClass, 2386 # __out LPVOID lpFileInformation, 2387 # __in DWORD dwBufferSize 2388 # ); 2389 -def GetFileInformationByHandleEx(hFile, FileInformationClass, lpFileInformation, dwBufferSize):

2390 _GetFileInformationByHandleEx = windll.kernel32.GetFileInformationByHandleEx 2391 _GetFileInformationByHandleEx.argtypes = [HANDLE, DWORD, LPVOID, DWORD] 2392 _GetFileInformationByHandleEx.restype = bool 2393 _GetFileInformationByHandleEx.errcheck = RaiseIfZero 2394 # XXX TODO 2395 # support each FileInformationClass so the function can allocate the 2396 # corresponding structure for the lpFileInformation parameter 2397 _GetFileInformationByHandleEx(hFile, FileInformationClass, ctypes.byref(lpFileInformation), dwBufferSize)

2398

2399 # DWORD WINAPI GetFinalPathNameByHandle( 2400 # __in HANDLE hFile, 2401 # __out LPTSTR lpszFilePath, 2402 # __in DWORD cchFilePath, 2403 # __in DWORD dwFlags 2404 # ); 2405 -def GetFinalPathNameByHandleA(hFile, dwFlags = FILE_NAME_NORMALIZED | VOLUME_NAME_DOS):

2406 _GetFinalPathNameByHandleA = windll.kernel32.GetFinalPathNameByHandleA 2407 _GetFinalPathNameByHandleA.argtypes = [HANDLE, LPSTR, DWORD, DWORD] 2408 _GetFinalPathNameByHandleA.restype = DWORD 2409 2410 cchFilePath = _GetFinalPathNameByHandleA(hFile, None, 0, dwFlags) 2411 if cchFilePath == 0: 2412 raise ctypes.WinError() 2413 lpszFilePath = ctypes.create_string_buffer('', cchFilePath + 1) 2414 nCopied = _GetFinalPathNameByHandleA(hFile, lpszFilePath, cchFilePath, dwFlags) 2415 if nCopied <= 0 or nCopied > cchFilePath: 2416 raise ctypes.WinError() 2417 return lpszFilePath.value

2418

2419 -def GetFinalPathNameByHandleW(hFile, dwFlags = FILE_NAME_NORMALIZED | VOLUME_NAME_DOS):

2420 _GetFinalPathNameByHandleW = windll.kernel32.GetFinalPathNameByHandleW 2421 _GetFinalPathNameByHandleW.argtypes = [HANDLE, LPWSTR, DWORD, DWORD] 2422 _GetFinalPathNameByHandleW.restype = DWORD 2423 2424 cchFilePath = _GetFinalPathNameByHandleW(hFile, None, 0, dwFlags) 2425 if cchFilePath == 0: 2426 raise ctypes.WinError() 2427 lpszFilePath = ctypes.create_unicode_buffer(u'', cchFilePath + 1) 2428 nCopied = _GetFinalPathNameByHandleW(hFile, lpszFilePath, cchFilePath, dwFlags) 2429 if nCopied <= 0 or nCopied > cchFilePath: 2430 raise ctypes.WinError() 2431 return lpszFilePath.value

2432 2433 GetFinalPathNameByHandle = GuessStringType(GetFinalPathNameByHandleA, GetFinalPathNameByHandleW)

2434 2435 # DWORD GetFullPathName( 2436 # LPCTSTR lpFileName, 2437 # DWORD nBufferLength, 2438 # LPTSTR lpBuffer, 2439 # LPTSTR* lpFilePart 2440 # ); 2441 -def GetFullPathNameA(lpFileName):

2442 _GetFullPathNameA = windll.kernel32.GetFullPathNameA 2443 _GetFullPathNameA.argtypes = [LPSTR, DWORD, LPSTR, ctypes.POINTER(LPSTR)] 2444 _GetFullPathNameA.restype = DWORD 2445 2446 nBufferLength = _GetFullPathNameA(lpFileName, 0, None, None) 2447 if nBufferLength <= 0: 2448 raise ctypes.WinError() 2449 lpBuffer = ctypes.create_string_buffer('', nBufferLength + 1) 2450 lpFilePart = LPSTR 2451 nCopied = _GetFullPathNameA(lpFileName, nBufferLength, lpBuffer, ctypes.byref(lpFilePart)) 2452 if nCopied > nBufferLength or nCopied == 0: 2453 raise ctypes.WinError() 2454 return lpBuffer.value, lpFilePart.value

2455

2456 -def GetFullPathNameW(lpFileName):

2457 _GetFullPathNameW = windll.kernel32.GetFullPathNameW 2458 _GetFullPathNameW.argtypes = [LPWSTR, DWORD, LPWSTR, POINTER(LPWSTR)] 2459 _GetFullPathNameW.restype = DWORD 2460 2461 nBufferLength = _GetFullPathNameW(lpFileName, 0, None, None) 2462 if nBufferLength <= 0: 2463 raise ctypes.WinError() 2464 lpBuffer = ctypes.create_unicode_buffer(u'', nBufferLength + 1) 2465 lpFilePart = LPSTR 2466 nCopied = _GetFullPathNameW(lpFileName, nBufferLength, lpBuffer, ctypes.byref(lpFilePart)) 2467 if nCopied > nBufferLength or nCopied == 0: 2468 raise ctypes.WinError() 2469 return lpBuffer.value, lpFilePart.value

2470 2471 GetFullPathName = GuessStringType(GetFullPathNameA, GetFullPathNameW)

2472 2473 # DWORD WINAPI GetTempPath( 2474 # __in DWORD nBufferLength, 2475 # __out LPTSTR lpBuffer 2476 # ); 2477 -def GetTempPathA():

2478 _GetTempPathA = windll.kernel32.GetTempPathA 2479 _GetTempPathA.argtypes = [DWORD, LPSTR] 2480 _GetTempPathA.restype = DWORD 2481 2482 nBufferLength = _GetTempPathA(0, None) 2483 if nBufferLength <= 0: 2484 raise ctypes.WinError() 2485 lpBuffer = ctypes.create_string_buffer('', nBufferLength) 2486 nCopied = _GetTempPathA(nBufferLength, lpBuffer) 2487 if nCopied > nBufferLength or nCopied == 0: 2488 raise ctypes.WinError() 2489 return lpBuffer.value

2490

2491 -def GetTempPathW():

2492 _GetTempPathW = windll.kernel32.GetTempPathW 2493 _GetTempPathW.argtypes = [DWORD, LPWSTR] 2494 _GetTempPathW.restype = DWORD 2495 2496 nBufferLength = _GetTempPathW(0, None) 2497 if nBufferLength <= 0: 2498 raise ctypes.WinError() 2499 lpBuffer = ctypes.create_unicode_buffer(u'', nBufferLength) 2500 nCopied = _GetTempPathW(nBufferLength, lpBuffer) 2501 if nCopied > nBufferLength or nCopied == 0: 2502 raise ctypes.WinError() 2503 return lpBuffer.value

2504 2505 GetTempPath = GuessStringType(GetTempPathA, GetTempPathW)

2506 2507 # UINT WINAPI GetTempFileName( 2508 # __in LPCTSTR lpPathName, 2509 # __in LPCTSTR lpPrefixString, 2510 # __in UINT uUnique, 2511 # __out LPTSTR lpTempFileName 2512 # ); 2513 -def GetTempFileNameA(lpPathName = None, lpPrefixString = "TMP", uUnique = 0):

2514 _GetTempFileNameA = windll.kernel32.GetTempFileNameA 2515 _GetTempFileNameA.argtypes = [LPSTR, LPSTR, UINT, LPSTR] 2516 _GetTempFileNameA.restype = UINT 2517 2518 if lpPathName is None: 2519 lpPathName = GetTempPathA() 2520 lpTempFileName = ctypes.create_string_buffer('', MAX_PATH) 2521 uUnique = _GetTempFileNameA(lpPathName, lpPrefixString, uUnique, lpTempFileName) 2522 if uUnique == 0: 2523 raise ctypes.WinError() 2524 return lpTempFileName.value, uUnique

2525

2526 -def GetTempFileNameW(lpPathName = None, lpPrefixString = u"TMP", uUnique = 0):

2527 _GetTempFileNameW = windll.kernel32.GetTempFileNameW 2528 _GetTempFileNameW.argtypes = [LPWSTR, LPWSTR, UINT, LPWSTR] 2529 _GetTempFileNameW.restype = UINT 2530 2531 if lpPathName is None: 2532 lpPathName = GetTempPathW() 2533 lpTempFileName = ctypes.create_unicode_buffer(u'', MAX_PATH) 2534 uUnique = _GetTempFileNameW(lpPathName, lpPrefixString, uUnique, lpTempFileName) 2535 if uUnique == 0: 2536 raise ctypes.WinError() 2537 return lpTempFileName.value, uUnique

2538 2539 GetTempFileName = GuessStringType(GetTempFileNameA, GetTempFileNameW)

2540 2541 # DWORD WINAPI GetCurrentDirectory( 2542 # __in DWORD nBufferLength, 2543 # __out LPTSTR lpBuffer 2544 # ); 2545 -def GetCurrentDirectoryA():

2546 _GetCurrentDirectoryA = windll.kernel32.GetCurrentDirectoryA 2547 _GetCurrentDirectoryA.argtypes = [DWORD, LPSTR] 2548 _GetCurrentDirectoryA.restype = DWORD 2549 2550 nBufferLength = _GetCurrentDirectoryA(0, None) 2551 if nBufferLength <= 0: 2552 raise ctypes.WinError() 2553 lpBuffer = ctypes.create_string_buffer('', nBufferLength) 2554 nCopied = _GetCurrentDirectoryA(nBufferLength, lpBuffer) 2555 if nCopied > nBufferLength or nCopied == 0: 2556 raise ctypes.WinError() 2557 return lpBuffer.value

2558

2559 -def GetCurrentDirectoryW():

2560 _GetCurrentDirectoryW = windll.kernel32.GetCurrentDirectoryW 2561 _GetCurrentDirectoryW.argtypes = [DWORD, LPWSTR] 2562 _GetCurrentDirectoryW.restype = DWORD 2563 2564 nBufferLength = _GetCurrentDirectoryW(0, None) 2565 if nBufferLength <= 0: 2566 raise ctypes.WinError() 2567 lpBuffer = ctypes.create_unicode_buffer(u'', nBufferLength) 2568 nCopied = _GetCurrentDirectoryW(nBufferLength, lpBuffer) 2569 if nCopied > nBufferLength or nCopied == 0: 2570 raise ctypes.WinError() 2571 return lpBuffer.value

2572 2573 GetCurrentDirectory = GuessStringType(GetCurrentDirectoryA, GetCurrentDirectoryW) 2574 2575 #------------------------------------------------------------------------------ 2576 # Contrl-C handler 2577 2578 # BOOL WINAPI HandlerRoutine( 2579 # __in DWORD dwCtrlType 2580 # ); 2581 PHANDLER_ROUTINE = ctypes.WINFUNCTYPE(BOOL, DWORD)

2582 2583 # BOOL WINAPI SetConsoleCtrlHandler( 2584 # __in_opt PHANDLER_ROUTINE HandlerRoutine, 2585 # __in BOOL Add 2586 # ); 2587 -def SetConsoleCtrlHandler(HandlerRoutine = None, Add = True):

2588 _SetConsoleCtrlHandler = windll.kernel32.SetConsoleCtrlHandler 2589 _SetConsoleCtrlHandler.argtypes = [PHANDLER_ROUTINE, BOOL] 2590 _SetConsoleCtrlHandler.restype = bool 2591 _SetConsoleCtrlHandler.errcheck = RaiseIfZero 2592 _SetConsoleCtrlHandler(HandlerRoutine, bool(Add))

2593 # we can't automagically transform Python functions to PHANDLER_ROUTINE

2594 # because a) the actual pointer value is meaningful to the API 2595 # and b) if it gets garbage collected bad things would happen 2596 2597 # BOOL WINAPI GenerateConsoleCtrlEvent( 2598 # __in DWORD dwCtrlEvent, 2599 # __in DWORD dwProcessGroupId 2600 # ); 2601 -def GenerateConsoleCtrlEvent(dwCtrlEvent, dwProcessGroupId):

2602 _GenerateConsoleCtrlEvent = windll.kernel32.GenerateConsoleCtrlEvent 2603 _GenerateConsoleCtrlEvent.argtypes = [DWORD, DWORD] 2604 _GenerateConsoleCtrlEvent.restype = bool 2605 _GenerateConsoleCtrlEvent.errcheck = RaiseIfZero 2606 _GenerateConsoleCtrlEvent(dwCtrlEvent, dwProcessGroupId)

2607

2608 #------------------------------------------------------------------------------ 2609 # Synchronization API 2610 2611 # XXX NOTE 2612 # 2613 # Instead of waiting forever, we wait for a small period of time and loop. 2614 # This is a workaround for an unwanted behavior of psyco-accelerated code: 2615 # you can't interrupt a blocking call using Ctrl+C, because signal processing 2616 # is only done between C calls. 2617 # 2618 # Also see: bug #2793618 in Psyco project 2619 # http://sourceforge.net/tracker/?func=detail&aid=2793618&group_id=41036&atid=429622 2620 2621 # DWORD WINAPI WaitForSingleObject( 2622 # HANDLE hHandle, 2623 # DWORD dwMilliseconds 2624 # ); 2625 -def WaitForSingleObject(hHandle, dwMilliseconds = INFINITE):

2626 _WaitForSingleObject = windll.kernel32.WaitForSingleObject 2627 _WaitForSingleObject.argtypes = [HANDLE, DWORD] 2628 _WaitForSingleObject.restype = DWORD 2629 2630 if not dwMilliseconds and dwMilliseconds != 0: 2631 dwMilliseconds = INFINITE 2632 if dwMilliseconds != INFINITE: 2633 r = _WaitForSingleObject(hHandle, dwMilliseconds) 2634 if r == WAIT_FAILED: 2635 raise ctypes.WinError() 2636 else: 2637 while 1: 2638 r = _WaitForSingleObject(hHandle, 100) 2639 if r == WAIT_FAILED: 2640 raise ctypes.WinError() 2641 if r != WAIT_TIMEOUT: 2642 break 2643 return r

2644

2645 # DWORD WINAPI WaitForSingleObjectEx( 2646 # HANDLE hHandle, 2647 # DWORD dwMilliseconds, 2648 # BOOL bAlertable 2649 # ); 2650 -def WaitForSingleObjectEx(hHandle, dwMilliseconds = INFINITE, bAlertable = True):

2651 _WaitForSingleObjectEx = windll.kernel32.WaitForSingleObjectEx 2652 _WaitForSingleObjectEx.argtypes = [HANDLE, DWORD, BOOL] 2653 _WaitForSingleObjectEx.restype = DWORD 2654 2655 if not dwMilliseconds and dwMilliseconds != 0: 2656 dwMilliseconds = INFINITE 2657 if dwMilliseconds != INFINITE: 2658 r = _WaitForSingleObjectEx(hHandle, dwMilliseconds, bool(bAlertable)) 2659 if r == WAIT_FAILED: 2660 raise ctypes.WinError() 2661 else: 2662 while 1: 2663 r = _WaitForSingleObjectEx(hHandle, 100, bool(bAlertable)) 2664 if r == WAIT_FAILED: 2665 raise ctypes.WinError() 2666 if r != WAIT_TIMEOUT: 2667 break 2668 return r

2669

2670 # DWORD WINAPI WaitForMultipleObjects( 2671 # DWORD nCount, 2672 # const HANDLE *lpHandles, 2673 # BOOL bWaitAll, 2674 # DWORD dwMilliseconds 2675 # ); 2676 -def WaitForMultipleObjects(handles, bWaitAll = False, dwMilliseconds = INFINITE):

2677 _WaitForMultipleObjects = windll.kernel32.WaitForMultipleObjects 2678 _WaitForMultipleObjects.argtypes = [DWORD, ctypes.POINTER(HANDLE), BOOL, DWORD] 2679 _WaitForMultipleObjects.restype = DWORD 2680 2681 if not dwMilliseconds and dwMilliseconds != 0: 2682 dwMilliseconds = INFINITE 2683 nCount = len(handles) 2684 lpHandlesType = HANDLE * nCount 2685 lpHandles = lpHandlesType(*handles) 2686 if dwMilliseconds != INFINITE: 2687 r = _WaitForMultipleObjects(ctypes.byref(lpHandles), bool(bWaitAll), dwMilliseconds) 2688 if r == WAIT_FAILED: 2689 raise ctypes.WinError() 2690 else: 2691 while 1: 2692 r = _WaitForMultipleObjects(ctypes.byref(lpHandles), bool(bWaitAll), 100) 2693 if r == WAIT_FAILED: 2694 raise ctypes.WinError() 2695 if r != WAIT_TIMEOUT: 2696 break 2697 return r

2698

2699 # DWORD WINAPI WaitForMultipleObjectsEx( 2700 # DWORD nCount, 2701 # const HANDLE *lpHandles, 2702 # BOOL bWaitAll, 2703 # DWORD dwMilliseconds, 2704 # BOOL bAlertable 2705 # ); 2706 -def WaitForMultipleObjectsEx(handles, bWaitAll = False, dwMilliseconds = INFINITE, bAlertable = True):

2707 _WaitForMultipleObjectsEx = windll.kernel32.WaitForMultipleObjectsEx 2708 _WaitForMultipleObjectsEx.argtypes = [DWORD, ctypes.POINTER(HANDLE), BOOL, DWORD] 2709 _WaitForMultipleObjectsEx.restype = DWORD 2710 2711 if not dwMilliseconds and dwMilliseconds != 0: 2712 dwMilliseconds = INFINITE 2713 nCount = len(handles) 2714 lpHandlesType = HANDLE * nCount 2715 lpHandles = lpHandlesType(*handles) 2716 if dwMilliseconds != INFINITE: 2717 r = _WaitForMultipleObjectsEx(ctypes.byref(lpHandles), bool(bWaitAll), dwMilliseconds, bool(bAlertable)) 2718 if r == WAIT_FAILED: 2719 raise ctypes.WinError() 2720 else: 2721 while 1: 2722 r = _WaitForMultipleObjectsEx(ctypes.byref(lpHandles), bool(bWaitAll), 100, bool(bAlertable)) 2723 if r == WAIT_FAILED: 2724 raise ctypes.WinError() 2725 if r != WAIT_TIMEOUT: 2726 break 2727 return r

2728

2729 #------------------------------------------------------------------------------ 2730 # Debug API 2731 2732 # BOOL WaitForDebugEvent( 2733 # LPDEBUG_EVENT lpDebugEvent, 2734 # DWORD dwMilliseconds 2735 # ); 2736 -def WaitForDebugEvent(dwMilliseconds = INFINITE):

2737 _WaitForDebugEvent = windll.kernel32.WaitForDebugEvent 2738 _WaitForDebugEvent.argtypes = [LPDEBUG_EVENT, DWORD] 2739 _WaitForDebugEvent.restype = DWORD 2740 2741 if not dwMilliseconds and dwMilliseconds != 0: 2742 dwMilliseconds = INFINITE 2743 lpDebugEvent = DEBUG_EVENT() 2744 lpDebugEvent.dwDebugEventCode = 0 2745 lpDebugEvent.dwProcessId = 0 2746 lpDebugEvent.dwThreadId = 0 2747 if dwMilliseconds != INFINITE: 2748 success = _WaitForDebugEvent(ctypes.byref(lpDebugEvent), dwMilliseconds) 2749 if success == 0: 2750 raise ctypes.WinError() 2751 else: 2752 while 1: 2753 success = _WaitForDebugEvent(ctypes.byref(lpDebugEvent), 100) 2754 if success != 0: 2755 break 2756 code = GetLastError() 2757 if code not in (ERROR_SEM_TIMEOUT, WAIT_TIMEOUT): 2758 raise ctypes.WinError(code) 2759 return lpDebugEvent

2760

2761 # BOOL ContinueDebugEvent( 2762 # DWORD dwProcessId, 2763 # DWORD dwThreadId, 2764 # DWORD dwContinueStatus 2765 # ); 2766 -def ContinueDebugEvent(dwProcessId, dwThreadId, dwContinueStatus = DBG_EXCEPTION_NOT_HANDLED):

2767 _ContinueDebugEvent = windll.kernel32.ContinueDebugEvent 2768 _ContinueDebugEvent.argtypes = [DWORD, DWORD, DWORD] 2769 _ContinueDebugEvent.restype = bool 2770 _ContinueDebugEvent.errcheck = RaiseIfZero 2771 _ContinueDebugEvent(dwProcessId, dwThreadId, dwContinueStatus)

2772

2773 # BOOL WINAPI FlushInstructionCache( 2774 # __in HANDLE hProcess, 2775 # __in LPCVOID lpBaseAddress, 2776 # __in SIZE_T dwSize 2777 # ); 2778 -def FlushInstructionCache(hProcess, lpBaseAddress = None, dwSize = 0):

2779 # http://blogs.msdn.com/oldnewthing/archive/2003/12/08/55954.aspx#55958 2780 _FlushInstructionCache = windll.kernel32.FlushInstructionCache 2781 _FlushInstructionCache.argtypes = [HANDLE, LPVOID, SIZE_T] 2782 _FlushInstructionCache.restype = bool 2783 _FlushInstructionCache.errcheck = RaiseIfZero 2784 _FlushInstructionCache(hProcess, lpBaseAddress, dwSize)

2785

2786 # BOOL DebugActiveProcess( 2787 # DWORD dwProcessId 2788 # ); 2789 -def DebugActiveProcess(dwProcessId):

2790 _DebugActiveProcess = windll.kernel32.DebugActiveProcess 2791 _DebugActiveProcess.argtypes = [DWORD] 2792 _DebugActiveProcess.restype = bool 2793 _DebugActiveProcess.errcheck = RaiseIfZero 2794 _DebugActiveProcess(dwProcessId)

2795

2796 # BOOL DebugActiveProcessStop( 2797 # DWORD dwProcessId 2798 # ); 2799 -def DebugActiveProcessStop(dwProcessId):

2800 _DebugActiveProcessStop = windll.kernel32.DebugActiveProcessStop 2801 _DebugActiveProcessStop.argtypes = [DWORD] 2802 _DebugActiveProcessStop.restype = bool 2803 _DebugActiveProcessStop.errcheck = RaiseIfZero 2804 _DebugActiveProcessStop(dwProcessId)

2805

2806 # BOOL CheckRemoteDebuggerPresent( 2807 # HANDLE hProcess, 2808 # PBOOL pbDebuggerPresent 2809 # ); 2810 -def CheckRemoteDebuggerPresent(hProcess):

2811 _CheckRemoteDebuggerPresent = windll.kernel32.CheckRemoteDebuggerPresent 2812 _CheckRemoteDebuggerPresent.argtypes = [HANDLE, PBOOL] 2813 _CheckRemoteDebuggerPresent.restype = bool 2814 _CheckRemoteDebuggerPresent.errcheck = RaiseIfZero 2815 2816 pbDebuggerPresent = BOOL(0) 2817 _CheckRemoteDebuggerPresent(hProcess, ctypes.byref(pbDebuggerPresent)) 2818 return bool(pbDebuggerPresent.value)

2819

2820 # BOOL DebugSetProcessKillOnExit( 2821 # BOOL KillOnExit 2822 # ); 2823 -def DebugSetProcessKillOnExit(KillOnExit):

2824 _DebugSetProcessKillOnExit = windll.kernel32.DebugSetProcessKillOnExit 2825 _DebugSetProcessKillOnExit.argtypes = [BOOL] 2826 _DebugSetProcessKillOnExit.restype = bool 2827 _DebugSetProcessKillOnExit.errcheck = RaiseIfZero 2828 _DebugSetProcessKillOnExit(bool(KillOnExit))

2829

2830 # BOOL DebugBreakProcess( 2831 # HANDLE Process 2832 # ); 2833 -def DebugBreakProcess(hProcess):

2834 _DebugBreakProcess = windll.kernel32.DebugBreakProcess 2835 _DebugBreakProcess.argtypes = [HANDLE] 2836 _DebugBreakProcess.restype = bool 2837 _DebugBreakProcess.errcheck = RaiseIfZero 2838 _DebugBreakProcess(hProcess)

2839

2840 # void WINAPI OutputDebugString( 2841 # __in_opt LPCTSTR lpOutputString 2842 # ); 2843 -def OutputDebugStringA(lpOutputString):

2844 _OutputDebugStringA = windll.kernel32.OutputDebugStringA 2845 _OutputDebugStringA.argtypes = [LPSTR] 2846 _OutputDebugStringA.restype = None 2847 _OutputDebugStringA(lpOutputString)

2848

2849 -def OutputDebugStringW(lpOutputString):

2850 _OutputDebugStringW = windll.kernel32.OutputDebugStringW 2851 _OutputDebugStringW.argtypes = [LPWSTR] 2852 _OutputDebugStringW.restype = None 2853 _OutputDebugStringW(lpOutputString)

2854 2855 OutputDebugString = GuessStringType(OutputDebugStringA, OutputDebugStringW)

2856 2857 # BOOL WINAPI ReadProcessMemory( 2858 # __in HANDLE hProcess, 2859 # __in LPCVOID lpBaseAddress, 2860 # __out LPVOID lpBuffer, 2861 # __in SIZE_T nSize, 2862 # __out SIZE_T* lpNumberOfBytesRead 2863 # ); 2864 -def ReadProcessMemory(hProcess, lpBaseAddress, nSize):

2865 _ReadProcessMemory = windll.kernel32.ReadProcessMemory 2866 _ReadProcessMemory.argtypes = [HANDLE, LPVOID, LPVOID, SIZE_T, POINTER(SIZE_T)] 2867 _ReadProcessMemory.restype = bool 2868 2869 lpBuffer = ctypes.create_string_buffer('', nSize) 2870 lpNumberOfBytesRead = SIZE_T(0) 2871 success = _ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, ctypes.byref(lpNumberOfBytesRead)) 2872 if not success and GetLastError() != ERROR_PARTIAL_COPY: 2873 raise ctypes.WinError() 2874 return str(lpBuffer.raw)[:lpNumberOfBytesRead.value]

2875

2876 # BOOL WINAPI WriteProcessMemory( 2877 # __in HANDLE hProcess, 2878 # __in LPCVOID lpBaseAddress, 2879 # __in LPVOID lpBuffer, 2880 # __in SIZE_T nSize, 2881 # __out SIZE_T* lpNumberOfBytesWritten 2882 # ); 2883 -def WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer):

2884 _WriteProcessMemory = windll.kernel32.WriteProcessMemory 2885 _WriteProcessMemory.argtypes = [HANDLE, LPVOID, LPVOID, SIZE_T, ctypes.POINTER(SIZE_T)] 2886 _WriteProcessMemory.restype = bool 2887 2888 nSize = len(lpBuffer) 2889 lpBuffer = ctypes.create_string_buffer(lpBuffer) 2890 lpNumberOfBytesWritten = SIZE_T(0) 2891 success = _WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, ctypes.byref(lpNumberOfBytesWritten)) 2892 if not success and GetLastError() != ERROR_PARTIAL_COPY: 2893 raise ctypes.WinError() 2894 return lpNumberOfBytesWritten.value

2895

2896 # LPVOID WINAPI VirtualAllocEx( 2897 # __in HANDLE hProcess, 2898 # __in_opt LPVOID lpAddress, 2899 # __in SIZE_T dwSize, 2900 # __in DWORD flAllocationType, 2901 # __in DWORD flProtect 2902 # ); 2903 -def VirtualAllocEx(hProcess, lpAddress = 0, dwSize = 0x1000, flAllocationType = MEM_COMMIT | MEM_RESERVE, flProtect = PAGE_EXECUTE_READWRITE):

2904 _VirtualAllocEx = windll.kernel32.VirtualAllocEx 2905 _VirtualAllocEx.argtypes = [HANDLE, LPVOID, SIZE_T, DWORD, DWORD] 2906 _VirtualAllocEx.restype = LPVOID 2907 2908 lpAddress = _VirtualAllocEx(hProcess, lpAddress, dwSize, flAllocationType, flProtect) 2909 if lpAddress == NULL: 2910 raise ctypes.WinError() 2911 return lpAddress

2912

2913 # SIZE_T WINAPI VirtualQueryEx( 2914 # __in HANDLE hProcess, 2915 # __in_opt LPCVOID lpAddress, 2916 # __out PMEMORY_BASIC_INFORMATION lpBuffer, 2917 # __in SIZE_T dwLength 2918 # ); 2919 -def VirtualQueryEx(hProcess, lpAddress):

2920 _VirtualQueryEx = windll.kernel32.VirtualQueryEx 2921 _VirtualQueryEx.argtypes = [HANDLE, LPVOID, PMEMORY_BASIC_INFORMATION, SIZE_T] 2922 _VirtualQueryEx.restype = SIZE_T 2923 2924 lpBuffer = MEMORY_BASIC_INFORMATION() 2925 dwLength = sizeof(MEMORY_BASIC_INFORMATION) 2926 success = _VirtualQueryEx(hProcess, lpAddress, ctypes.byref(lpBuffer), dwLength) 2927 if success == 0: 2928 raise ctypes.WinError() 2929 return MemoryBasicInformation(lpBuffer)

2930

2931 # BOOL WINAPI VirtualProtectEx( 2932 # __in HANDLE hProcess, 2933 # __in LPVOID lpAddress, 2934 # __in SIZE_T dwSize, 2935 # __in DWORD flNewProtect, 2936 # __out PDWORD lpflOldProtect 2937 # ); 2938 -def VirtualProtectEx(hProcess, lpAddress, dwSize, flNewProtect = PAGE_EXECUTE_READWRITE):

2939 _VirtualProtectEx = windll.kernel32.VirtualProtectEx 2940 _VirtualProtectEx.argtypes = [HANDLE, LPVOID, SIZE_T, DWORD, PDWORD] 2941 _VirtualProtectEx.restype = bool 2942 _VirtualProtectEx.errcheck = RaiseIfZero 2943 2944 flOldProtect = DWORD(0) 2945 _VirtualProtectEx(hProcess, lpAddress, dwSize, flNewProtect, ctypes.byref(flOldProtect)) 2946 return flOldProtect.value

2947

2948 # BOOL WINAPI VirtualFreeEx( 2949 # __in HANDLE hProcess, 2950 # __in LPVOID lpAddress, 2951 # __in SIZE_T dwSize, 2952 # __in DWORD dwFreeType 2953 # ); 2954 -def VirtualFreeEx(hProcess, lpAddress, dwSize = 0, dwFreeType = MEM_RELEASE):

2955 _VirtualFreeEx = windll.kernel32.VirtualFreeEx 2956 _VirtualFreeEx.argtypes = [HANDLE, LPVOID, SIZE_T, DWORD] 2957 _VirtualFreeEx.restype = bool 2958 _VirtualFreeEx.errcheck = RaiseIfZero 2959 _VirtualFreeEx(hProcess, lpAddress, dwSize, dwFreeType)

2960

2961 # HANDLE WINAPI CreateRemoteThread( 2962 # __in HANDLE hProcess, 2963 # __in LPSECURITY_ATTRIBUTES lpThreadAttributes, 2964 # __in SIZE_T dwStackSize, 2965 # __in LPTHREAD_START_ROUTINE lpStartAddress, 2966 # __in LPVOID lpParameter, 2967 # __in DWORD dwCreationFlags, 2968 # __out LPDWORD lpThreadId 2969 # ); 2970 -def CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags):

2971 _CreateRemoteThread = windll.kernel32.CreateRemoteThread 2972 _CreateRemoteThread.argtypes = [HANDLE, LPSECURITY_ATTRIBUTES, SIZE_T, LPVOID, LPVOID, DWORD, LPDWORD] 2973 _CreateRemoteThread.restype = HANDLE 2974 2975 if not lpThreadAttributes: 2976 lpThreadAttributes = None 2977 else: 2978 lpThreadAttributes = ctypes.byref(lpThreadAttributes) 2979 dwThreadId = DWORD(0) 2980 hThread = _CreateRemoteThread(hProcess, lpThreadAttributes, dwStackSize, lpStartAddress, lpParameter, dwCreationFlags, ctypes.byref(dwThreadId)) 2981 if hThread == INVALID_HANDLE_VALUE: 2982 raise ctypes.WinError() 2983 return ThreadHandle(hThread), dwThreadId.value

2984

2985 #------------------------------------------------------------------------------ 2986 # Process API 2987 2988 # BOOL WINAPI CreateProcess( 2989 # __in_opt LPCTSTR lpApplicationName, 2990 # __inout_opt LPTSTR lpCommandLine, 2991 # __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes, 2992 # __in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, 2993 # __in BOOL bInheritHandles, 2994 # __in DWORD dwCreationFlags, 2995 # __in_opt LPVOID lpEnvironment, 2996 # __in_opt LPCTSTR lpCurrentDirectory, 2997 # __in LPSTARTUPINFO lpStartupInfo, 2998 # __out LPPROCESS_INFORMATION lpProcessInformation 2999 # ); 3000 -def CreateProcessA(lpApplicationName, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None):

3001 _CreateProcessA = windll.kernel32.CreateProcessA 3002 _CreateProcessA.argtypes = [LPSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPSTR, LPVOID, LPPROCESS_INFORMATION] 3003 _CreateProcessA.restype = bool 3004 _CreateProcessA.errcheck = RaiseIfZero 3005 3006 if not lpApplicationName: 3007 lpApplicationName = None 3008 if not lpCommandLine: 3009 lpCommandLine = None 3010 else: 3011 lpCommandLine = ctypes.create_string_buffer(lpCommandLine) 3012 if not lpEnvironment: 3013 lpEnvironment = None 3014 else: 3015 lpEnvironment = ctypes.create_string_buffer(lpEnvironment) 3016 if not lpCurrentDirectory: 3017 lpCurrentDirectory = None 3018 if not lpProcessAttributes: 3019 lpProcessAttributes = None 3020 else: 3021 lpProcessAttributes = ctypes.byref(lpProcessAttributes) 3022 if not lpThreadAttributes: 3023 lpThreadAttributes = None 3024 else: 3025 lpThreadAttributes = ctypes.byref(lpThreadAttributes) 3026 if not lpStartupInfo: 3027 lpStartupInfo = STARTUPINFO() 3028 lpStartupInfo.cb = sizeof(STARTUPINFO) 3029 lpStartupInfo.lpReserved = 0 3030 lpStartupInfo.lpDesktop = 0 3031 lpStartupInfo.lpTitle = 0 3032 lpStartupInfo.dwFlags = 0 3033 lpStartupInfo.cbReserved2 = 0 3034 lpStartupInfo.lpReserved2 = 0 3035 lpProcessInformation = PROCESS_INFORMATION() 3036 lpProcessInformation.hProcess = INVALID_HANDLE_VALUE 3037 lpProcessInformation.hThread = INVALID_HANDLE_VALUE 3038 lpProcessInformation.dwProcessId = 0 3039 lpProcessInformation.dwThreadId = 0 3040 _CreateProcessA(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bool(bInheritHandles), dwCreationFlags, lpEnvironment, lpCurrentDirectory, ctypes.byref(lpStartupInfo), ctypes.byref(lpProcessInformation)) 3041 return ProcessInformation(lpProcessInformation)

3042

3043 -def CreateProcessW(lpApplicationName, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None):

3044 _CreateProcessW = windll.kernel32.CreateProcessW 3045 _CreateProcessW.argtypes = [LPWSTR, LPWSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPWSTR, LPVOID, LPPROCESS_INFORMATION] 3046 _CreateProcessW.restype = bool 3047 _CreateProcessW.errcheck = RaiseIfZero 3048 3049 if not lpApplicationName: 3050 lpApplicationName = None 3051 if not lpCommandLine: 3052 lpCommandLine = None 3053 else: 3054 lpCommandLine = ctypes.create_unicode_buffer(lpCommandLine) 3055 if not lpEnvironment: 3056 lpEnvironment = None 3057 else: 3058 lpEnvironment = ctypes.create_unicode_buffer(lpEnvironment) 3059 if not lpCurrentDirectory: 3060 lpCurrentDirectory = None 3061 if not lpProcessAttributes: 3062 lpProcessAttributes = None 3063 else: 3064 lpProcessAttributes = ctypes.byref(lpProcessAttributes) 3065 if not lpThreadAttributes: 3066 lpThreadAttributes = None 3067 else: 3068 lpThreadAttributes = ctypes.byref(lpThreadAttributes) 3069 if not lpStartupInfo: 3070 lpStartupInfo = STARTUPINFO() 3071 lpStartupInfo.cb = sizeof(STARTUPINFO) 3072 lpStartupInfo.lpReserved = 0 3073 lpStartupInfo.lpDesktop = 0 3074 lpStartupInfo.lpTitle = 0 3075 lpStartupInfo.dwFlags = 0 3076 lpStartupInfo.cbReserved2 = 0 3077 lpStartupInfo.lpReserved2 = 0 3078 lpProcessInformation = PROCESS_INFORMATION() 3079 lpProcessInformation.hProcess = INVALID_HANDLE_VALUE 3080 lpProcessInformation.hThread = INVALID_HANDLE_VALUE 3081 lpProcessInformation.dwProcessId = 0 3082 lpProcessInformation.dwThreadId = 0 3083 _CreateProcessW(lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bool(bInheritHandles), dwCreationFlags, lpEnvironment, lpCurrentDirectory, ctypes.byref(lpStartupInfo), ctypes.byref(lpProcessInformation)) 3084 return ProcessInformation(lpProcessInformation)

3085 3086 CreateProcess = GuessStringType(CreateProcessA, CreateProcessW)

3087 3088 # BOOL WINAPI CreateProcessAsUser( 3089 # __in_opt HANDLE hToken, 3090 # __in_opt LPCTSTR lpApplicationName, 3091 # __inout_opt LPTSTR lpCommandLine, 3092 # __in_opt LPSECURITY_ATTRIBUTES lpProcessAttributes, 3093 # __in_opt LPSECURITY_ATTRIBUTES lpThreadAttributes, 3094 # __in BOOL bInheritHandles, 3095 # __in DWORD dwCreationFlags, 3096 # __in_opt LPVOID lpEnvironment, 3097 # __in_opt LPCTSTR lpCurrentDirectory, 3098 # __in LPSTARTUPINFO lpStartupInfo, 3099 # __out LPPROCESS_INFORMATION lpProcessInformation 3100 # ); 3101 -def CreateProcessAsUserA(hToken, lpApplicationName, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None):

3102 _CreateProcessAsUserA = windll.kernel32.CreateProcessAsUserA 3103 _CreateProcessAsUserA.argtypes = [HANDLE, LPSTR, LPSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPSTR, LPVOID, LPPROCESS_INFORMATION] 3104 _CreateProcessAsUserA.restype = bool 3105 _CreateProcessAsUserA.errcheck = RaiseIfZero 3106 3107 if not lpApplicationName: 3108 lpApplicationName = None 3109 if not lpCommandLine: 3110 lpCommandLine = None 3111 else: 3112 lpCommandLine = ctypes.create_string_buffer(lpCommandLine) 3113 if not lpEnvironment: 3114 lpEnvironment = None 3115 else: 3116 lpEnvironment = ctypes.create_string_buffer(lpEnvironment) 3117 if not lpCurrentDirectory: 3118 lpCurrentDirectory = None 3119 if not lpProcessAttributes: 3120 lpProcessAttributes = None 3121 else: 3122 lpProcessAttributes = ctypes.byref(lpProcessAttributes) 3123 if not lpThreadAttributes: 3124 lpThreadAttributes = None 3125 else: 3126 lpThreadAttributes = ctypes.byref(lpThreadAttributes) 3127 if not lpStartupInfo: 3128 lpStartupInfo = STARTUPINFO() 3129 lpStartupInfo.cb = sizeof(STARTUPINFO) 3130 lpStartupInfo.lpReserved = 0 3131 lpStartupInfo.lpDesktop = 0 3132 lpStartupInfo.lpTitle = 0 3133 lpStartupInfo.dwFlags = 0 3134 lpStartupInfo.cbReserved2 = 0 3135 lpStartupInfo.lpReserved2 = 0 3136 lpProcessInformation = PROCESS_INFORMATION() 3137 lpProcessInformation.hProcess = INVALID_HANDLE_VALUE 3138 lpProcessInformation.hThread = INVALID_HANDLE_VALUE 3139 lpProcessInformation.dwProcessId = 0 3140 lpProcessInformation.dwThreadId = 0 3141 _CreateProcessAsUserA(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bool(bInheritHandles), dwCreationFlags, lpEnvironment, lpCurrentDirectory, ctypes.byref(lpStartupInfo), ctypes.byref(lpProcessInformation)) 3142 return ProcessInformation(lpProcessInformation)

3143

3144 -def CreateProcessAsUserW(hToken, lpApplicationName, lpCommandLine=None, lpProcessAttributes=None, lpThreadAttributes=None, bInheritHandles=False, dwCreationFlags=0, lpEnvironment=None, lpCurrentDirectory=None, lpStartupInfo=None):

3145 _CreateProcessAsUserW = windll.kernel32.CreateProcessAsUserW 3146 _CreateProcessAsUserW.argtypes = [HANDLE, LPWSTR, LPWSTR, LPSECURITY_ATTRIBUTES, LPSECURITY_ATTRIBUTES, BOOL, DWORD, LPVOID, LPWSTR, LPVOID, LPPROCESS_INFORMATION] 3147 _CreateProcessAsUserW.restype = bool 3148 _CreateProcessAsUserW.errcheck = RaiseIfZero 3149 3150 if not lpApplicationName: 3151 lpApplicationName = None 3152 if not lpCommandLine: 3153 lpCommandLine = None 3154 else: 3155 lpCommandLine = ctypes.create_unicode_buffer(lpCommandLine) 3156 if not lpEnvironment: 3157 lpEnvironment = None 3158 else: 3159 lpEnvironment = ctypes.create_unicode_buffer(lpEnvironment) 3160 if not lpCurrentDirectory: 3161 lpCurrentDirectory = None 3162 if not lpProcessAttributes: 3163 lpProcessAttributes = None 3164 else: 3165 lpProcessAttributes = ctypes.byref(lpProcessAttributes) 3166 if not lpThreadAttributes: 3167 lpThreadAttributes = None 3168 else: 3169 lpThreadAttributes = ctypes.byref(lpThreadAttributes) 3170 if not lpStartupInfo: 3171 lpStartupInfo = STARTUPINFO() 3172 lpStartupInfo.cb = sizeof(STARTUPINFO) 3173 lpStartupInfo.lpReserved = 0 3174 lpStartupInfo.lpDesktop = 0 3175 lpStartupInfo.lpTitle = 0 3176 lpStartupInfo.dwFlags = 0 3177 lpStartupInfo.cbReserved2 = 0 3178 lpStartupInfo.lpReserved2 = 0 3179 lpProcessInformation = PROCESS_INFORMATION() 3180 lpProcessInformation.hProcess = INVALID_HANDLE_VALUE 3181 lpProcessInformation.hThread = INVALID_HANDLE_VALUE 3182 lpProcessInformation.dwProcessId = 0 3183 lpProcessInformation.dwThreadId = 0 3184 _CreateProcessAsUserW(hToken, lpApplicationName, lpCommandLine, lpProcessAttributes, lpThreadAttributes, bool(bInheritHandles), dwCreationFlags, lpEnvironment, lpCurrentDirectory, ctypes.byref(lpStartupInfo), ctypes.byref(lpProcessInformation)) 3185 return ProcessInformation(lpProcessInformation)

3186 3187 CreateProcessAsUser = GuessStringType(CreateProcessAsUserA, CreateProcessAsUserW)

3188 3189 # BOOL WINAPI InitializeProcThreadAttributeList( 3190 # __out_opt LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, 3191 # __in DWORD dwAttributeCount, 3192 # __reserved DWORD dwFlags, 3193 # __inout PSIZE_T lpSize 3194 # ); 3195 -def InitializeProcThreadAttributeList(dwAttributeCount):

3196 _InitializeProcThreadAttributeList = windll.kernel32.InitializeProcThreadAttributeList 3197 _InitializeProcThreadAttributeList.argtypes = [LPPROC_THREAD_ATTRIBUTE_LIST, DWORD, DWORD, PSIZE_T] 3198 _InitializeProcThreadAttributeList.restype = bool 3199 3200 Size = SIZE_T(0) 3201 _InitializeProcThreadAttributeList(None, dwAttributeCount, 0, ctypes.byref(Size)) 3202 RaiseIfZero(Size.value) 3203 AttributeList = (BYTE * Size.value)() 3204 success = _InitializeProcThreadAttributeList(ctypes.byref(AttributeList), dwAttributeCount, 0, ctypes.byref(Size)) 3205 RaiseIfZero(success) 3206 return AttributeList

3207

3208 # BOOL WINAPI UpdateProcThreadAttribute( 3209 # __inout LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList, 3210 # __in DWORD dwFlags, 3211 # __in DWORD_PTR Attribute, 3212 # __in PVOID lpValue, 3213 # __in SIZE_T cbSize, 3214 # __out_opt PVOID lpPreviousValue, 3215 # __in_opt PSIZE_T lpReturnSize 3216 # ); 3217 -def UpdateProcThreadAttribute(lpAttributeList, Attribute, Value, cbSize = None):

3218 _UpdateProcThreadAttribute = windll.kernel32.UpdateProcThreadAttribute 3219 _UpdateProcThreadAttribute.argtypes = [LPPROC_THREAD_ATTRIBUTE_LIST, DWORD, DWORD_PTR, PVOID, SIZE_T, PVOID, PSIZE_T] 3220 _UpdateProcThreadAttribute.restype = bool 3221 _UpdateProcThreadAttribute.errcheck = RaiseIfZero 3222 3223 if cbSize is None: 3224 cbSize = ctypes.sizeof(Value) 3225 _UpdateProcThreadAttribute(ctypes.byref(lpAttributeList), 0, Attribute, ctypes.byref(Value), cbSize, None, None)

3226

3227 # VOID WINAPI DeleteProcThreadAttributeList( 3228 # __inout LPPROC_THREAD_ATTRIBUTE_LIST lpAttributeList 3229 # ); 3230 -def DeleteProcThreadAttributeList(lpAttributeList):

3231 _DeleteProcThreadAttributeList = windll.kernel32.DeleteProcThreadAttributeList 3232 _DeleteProcThreadAttributeList.restype = None 3233 _DeleteProcThreadAttributeList(ctypes.byref(lpAttributeList))

3234

3235 # HANDLE WINAPI OpenProcess( 3236 # __in DWORD dwDesiredAccess, 3237 # __in BOOL bInheritHandle, 3238 # __in DWORD dwProcessId 3239 # ); 3240 -def OpenProcess(dwDesiredAccess, bInheritHandle, dwProcessId):

3241 _OpenProcess = windll.kernel32.OpenProcess 3242 _OpenProcess.argtypes = [DWORD, BOOL, DWORD] 3243 _OpenProcess.restype = HANDLE 3244 3245 hProcess = _OpenProcess(dwDesiredAccess, bool(bInheritHandle), dwProcessId) 3246 if hProcess == NULL: 3247 raise ctypes.WinError() 3248 return ProcessHandle(hProcess)

3249

3250 # HANDLE WINAPI OpenThread( 3251 # __in DWORD dwDesiredAccess, 3252 # __in BOOL bInheritHandle, 3253 # __in DWORD dwThreadId 3254 # ); 3255 -def OpenThread(dwDesiredAccess, bInheritHandle, dwThreadId):

3256 _OpenThread = windll.kernel32.OpenThread 3257 _OpenThread.argtypes = [DWORD, BOOL, DWORD] 3258 _OpenThread.restype = HANDLE 3259 3260 hProcess = _OpenThread(dwDesiredAccess, bool(bInheritHandle), dwThreadId) 3261 if hProcess == NULL: 3262 raise ctypes.WinError() 3263 return ThreadHandle(hProcess)

3264

3265 # DWORD WINAPI SuspendThread( 3266 # __in HANDLE hThread 3267 # ); 3268 -def SuspendThread(hThread):

3269 _SuspendThread = windll.kernel32.SuspendThread 3270 _SuspendThread.argtypes = [HANDLE] 3271 _SuspendThread.restype = DWORD 3272 3273 previousCount = _SuspendThread(hThread) 3274 if previousCount == DWORD(-1).value: 3275 raise ctypes.WinError() 3276 return previousCount

3277

3278 # DWORD WINAPI ResumeThread( 3279 # __in HANDLE hThread 3280 # ); 3281 -def ResumeThread(hThread):

3282 _ResumeThread = windll.kernel32.ResumeThread 3283 _ResumeThread.argtypes = [HANDLE] 3284 _ResumeThread.restype = DWORD 3285 3286 previousCount = _ResumeThread(hThread) 3287 if previousCount == DWORD(-1).value: 3288 raise ctypes.WinError() 3289 return previousCount

3290

3291 # BOOL WINAPI TerminateThread( 3292 # __inout HANDLE hThread, 3293 # __in DWORD dwExitCode 3294 # ); 3295 -def TerminateThread(hThread, dwExitCode = 0):

3296 _TerminateThread = windll.kernel32.TerminateThread 3297 _TerminateThread.argtypes = [HANDLE, DWORD] 3298 _TerminateThread.restype = bool 3299 _TerminateThread.errcheck = RaiseIfZero 3300 _TerminateThread(hThread, dwExitCode)

3301

3302 # BOOL WINAPI TerminateProcess( 3303 # __inout HANDLE hProcess, 3304 # __in DWORD dwExitCode 3305 # ); 3306 -def TerminateProcess(hProcess, dwExitCode = 0):

3307 _TerminateProcess = windll.kernel32.TerminateProcess 3308 _TerminateProcess.argtypes = [HANDLE, DWORD] 3309 _TerminateProcess.restype = bool 3310 _TerminateProcess.errcheck = RaiseIfZero 3311 _TerminateProcess(hProcess, dwExitCode)

3312

3313 # HANDLE WINAPI GetCurrentProcess(void); 3314 -def GetCurrentProcess():

3315 _GetCurrentProcess = windll.kernel32.GetCurrentProcess 3316 _GetCurrentProcess.argtypes = [] 3317 _GetCurrentProcess.restype = HANDLE 3318 return _GetCurrentProcess()

3319

3320 # HANDLE WINAPI GetCurrentThread(void); 3321 -def GetCurrentThread():

3322 _GetCurrentThread = windll.kernel32.GetCurrentThread 3323 _GetCurrentThread.argtypes = [] 3324 _GetCurrentThread.restype = HANDLE 3325 return _GetCurrentThread()

3326

3327 # DWORD WINAPI GetCurrentProcessId(void); 3328 -def GetCurrentProcessId():

3329 _GetCurrentProcessId = windll.kernel32.GetCurrentProcessId 3330 _GetCurrentProcessId.argtypes = [] 3331 _GetCurrentProcessId.restype = DWORD 3332 return _GetCurrentProcessId()

3333

3334 # DWORD WINAPI GetCurrentThreadId(void); 3335 -def GetCurrentThreadId():

3336 _GetCurrentThreadId = windll.kernel32.GetCurrentThreadId 3337 _GetCurrentThreadId.argtypes = [] 3338 _GetCurrentThreadId.restype = DWORD 3339 return _GetCurrentThreadId()

3340

3341 # DWORD WINAPI GetProcessId( 3342 # __in HANDLE hProcess 3343 # ); 3344 -def GetProcessId(hProcess):

3345 _GetProcessId = windll.kernel32.GetProcessId 3346 _GetProcessId.argtypes = [HANDLE] 3347 _GetProcessId.restype = DWORD 3348 _GetProcessId.errcheck = RaiseIfZero 3349 return _GetProcessId(hProcess)

3350

3351 # DWORD WINAPI GetThreadId( 3352 # __in HANDLE hThread 3353 # ); 3354 -def GetThreadId(hThread):

3355 _GetThreadId = windll.kernel32._GetThreadId 3356 _GetThreadId.argtypes = [HANDLE] 3357 _GetThreadId.restype = DWORD 3358 3359 dwThreadId = _GetThreadId(hThread) 3360 if dwThreadId == 0: 3361 raise ctypes.WinError() 3362 return dwThreadId

3363

3364 # DWORD WINAPI GetProcessIdOfThread( 3365 # __in HANDLE hThread 3366 # ); 3367 -def GetProcessIdOfThread(hThread):

3368 _GetProcessIdOfThread = windll.kernel32.GetProcessIdOfThread 3369 _GetProcessIdOfThread.argtypes = [HANDLE] 3370 _GetProcessIdOfThread.restype = DWORD 3371 3372 dwProcessId = _GetProcessIdOfThread(hThread) 3373 if dwProcessId == 0: 3374 raise ctypes.WinError() 3375 return dwProcessId

3376

3377 # BOOL WINAPI GetExitCodeProcess( 3378 # __in HANDLE hProcess, 3379 # __out LPDWORD lpExitCode 3380 # ); 3381 -def GetExitCodeProcess(hProcess):

3382 _GetExitCodeProcess = windll.kernel32.GetExitCodeProcess 3383 _GetExitCodeProcess.argtypes = [HANDLE] 3384 _GetExitCodeProcess.restype = bool 3385 _GetExitCodeProcess.errcheck = RaiseIfZero 3386 3387 lpExitCode = DWORD(0) 3388 _GetExitCodeProcess(hProcess, ctypes.byref(lpExitCode)) 3389 return lpExitCode.value

3390

3391 # BOOL WINAPI GetExitCodeThread( 3392 # __in HANDLE hThread, 3393 # __out LPDWORD lpExitCode 3394 # ); 3395 -def GetExitCodeThread(hThread):

3396 _GetExitCodeThread = windll.kernel32.GetExitCodeThread 3397 _GetExitCodeThread.argtypes = [HANDLE] 3398 _GetExitCodeThread.restype = bool 3399 _GetExitCodeThread.errcheck = RaiseIfZero 3400 3401 lpExitCode = DWORD(0) 3402 _GetExitCodeThread(hThread, ctypes.byref(lpExitCode)) 3403 return lpExitCode.value

3404

3405 # DWORD WINAPI GetProcessVersion( 3406 # __in DWORD ProcessId 3407 # ); 3408 -def GetProcessVersion(ProcessId):

3409 _GetProcessVersion = windll.kernel32.GetProcessVersion 3410 _GetProcessVersion.argtypes = [DWORD] 3411 _GetProcessVersion.restype = DWORD 3412 3413 retval = _GetProcessVersion(ProcessId) 3414 if retval == 0: 3415 raise ctypes.WinError() 3416 return retval

3417

3418 # DWORD WINAPI GetPriorityClass( 3419 # __in HANDLE hProcess 3420 # ); 3421 -def GetPriorityClass(hProcess):

3422 _GetPriorityClass = windll.kernel32.GetPriorityClass 3423 _GetPriorityClass.argtypes = [HANDLE] 3424 _GetPriorityClass.restype = DWORD 3425 3426 retval = _GetPriorityClass(hProcess) 3427 if retval == 0: 3428 raise ctypes.WinError() 3429 return retval

3430

3431 # BOOL WINAPI SetPriorityClass( 3432 # __in HANDLE hProcess, 3433 # __in DWORD dwPriorityClass 3434 # ); 3435 -def SetPriorityClass(hProcess, dwPriorityClass = NORMAL_PRIORITY_CLASS):

3436 _SetPriorityClass = windll.kernel32.SetPriorityClass 3437 _SetPriorityClass.argtypes = [HANDLE, DWORD] 3438 _SetPriorityClass.restype = bool 3439 _SetPriorityClass.errcheck = RaiseIfZero 3440 _SetPriorityClass(hProcess, dwPriorityClass)

3441

3442 # BOOL WINAPI GetProcessPriorityBoost( 3443 # __in HANDLE hProcess, 3444 # __out PBOOL pDisablePriorityBoost 3445 # ); 3446 -def GetProcessPriorityBoost(hProcess):

3447 _GetProcessPriorityBoost = windll.kernel32.GetProcessPriorityBoost 3448 _GetProcessPriorityBoost.argtypes = [HANDLE, PBOOL] 3449 _GetProcessPriorityBoost.restype = bool 3450 _GetProcessPriorityBoost.errcheck = RaiseIfZero 3451 3452 pDisablePriorityBoost = BOOL(False) 3453 _GetProcessPriorityBoost(hProcess, ctypes.byref(pDisablePriorityBoost)) 3454 return bool(pDisablePriorityBoost.value)

3455

3456 # BOOL WINAPI SetProcessPriorityBoost( 3457 # __in HANDLE hProcess, 3458 # __in BOOL DisablePriorityBoost 3459 # ); 3460 -def SetProcessPriorityBoost(hProcess, DisablePriorityBoost):

3461 _SetProcessPriorityBoost = windll.kernel32.SetProcessPriorityBoost 3462 _SetProcessPriorityBoost.argtypes = [HANDLE, BOOL] 3463 _SetProcessPriorityBoost.restype = bool 3464 _SetProcessPriorityBoost.errcheck = RaiseIfZero 3465 _SetProcessPriorityBoost(hProcess, bool(DisablePriorityBoost))

3466

3467 # BOOL WINAPI GetProcessAffinityMask( 3468 # __in HANDLE hProcess, 3469 # __out PDWORD_PTR lpProcessAffinityMask, 3470 # __out PDWORD_PTR lpSystemAffinityMask 3471 # ); 3472 -def GetProcessAffinityMask(hProcess):

3473 _GetProcessAffinityMask = windll.kernel32.GetProcessAffinityMask 3474 _GetProcessAffinityMask.argtypes = [HANDLE, PDWORD_PTR, PDWORD_PTR] 3475 _GetProcessAffinityMask.restype = bool 3476 _GetProcessAffinityMask.errcheck = RaiseIfZero 3477 3478 lpProcessAffinityMask = DWORD_PTR(0) 3479 lpSystemAffinityMask = DWORD_PTR(0) 3480 _GetProcessAffinityMask(hProcess, ctypes.byref(lpProcessAffinityMask), ctypes.byref(lpSystemAffinityMask)) 3481 return lpProcessAffinityMask.value, lpSystemAffinityMask.value

3482

3483 # BOOL WINAPI SetProcessAffinityMask( 3484 # __in HANDLE hProcess, 3485 # __in DWORD_PTR dwProcessAffinityMask 3486 # ); 3487 -def SetProcessAffinityMask(hProcess, dwProcessAffinityMask):

3488 _SetProcessAffinityMask = windll.kernel32.SetProcessAffinityMask 3489 _SetProcessAffinityMask.argtypes = [HANDLE, DWORD_PTR] 3490 _SetProcessAffinityMask.restype = bool 3491 _SetProcessAffinityMask.errcheck = RaiseIfZero 3492 _SetProcessAffinityMask(hProcess, dwProcessAffinityMask)

3493

3494 #------------------------------------------------------------------------------ 3495 # Toolhelp32 API 3496 3497 # HANDLE WINAPI CreateToolhelp32Snapshot( 3498 # __in DWORD dwFlags, 3499 # __in DWORD th32ProcessID 3500 # ); 3501 -def CreateToolhelp32Snapshot(dwFlags = TH32CS_SNAPALL, th32ProcessID = 0):

3502 _CreateToolhelp32Snapshot = windll.kernel32.CreateToolhelp32Snapshot 3503 _CreateToolhelp32Snapshot.argtypes = [DWORD, DWORD] 3504 _CreateToolhelp32Snapshot.restype = HANDLE 3505 3506 hSnapshot = _CreateToolhelp32Snapshot(dwFlags, th32ProcessID) 3507 if hSnapshot == INVALID_HANDLE_VALUE: 3508 raise ctypes.WinError() 3509 return SnapshotHandle(hSnapshot)

3510

3511 # BOOL WINAPI Process32First( 3512 # __in HANDLE hSnapshot, 3513 # __inout LPPROCESSENTRY32 lppe 3514 # ); 3515 -def Process32First(hSnapshot):

3516 _Process32First = windll.kernel32.Process32First 3517 _Process32First.argtypes = [HANDLE, LPPROCESSENTRY32] 3518 _Process32First.restype = bool 3519 3520 pe = PROCESSENTRY32() 3521 pe.dwSize = sizeof(PROCESSENTRY32) 3522 success = _Process32First(hSnapshot, ctypes.byref(pe)) 3523 if not success: 3524 if GetLastError() == ERROR_NO_MORE_FILES: 3525 return None 3526 raise ctypes.WinError() 3527 return pe

3528

3529 # BOOL WINAPI Process32Next( 3530 # __in HANDLE hSnapshot, 3531 # __out LPPROCESSENTRY32 lppe 3532 # ); 3533 -def Process32Next(hSnapshot, pe = None):

3534 _Process32Next = windll.kernel32.Process32Next 3535 _Process32Next.argtypes = [HANDLE, LPPROCESSENTRY32] 3536 _Process32Next.restype = bool 3537 3538 if pe is None: 3539 pe = PROCESSENTRY32() 3540 pe.dwSize = sizeof(PROCESSENTRY32) 3541 success = _Process32Next(hSnapshot, ctypes.byref(pe)) 3542 if not success: 3543 if GetLastError() == ERROR_NO_MORE_FILES: 3544 return None 3545 raise ctypes.WinError() 3546 return pe

3547

3548 # BOOL WINAPI Thread32First( 3549 # __in HANDLE hSnapshot, 3550 # __inout LPTHREADENTRY32 lpte 3551 # ); 3552 -def Thread32First(hSnapshot):

3553 _Thread32First = windll.kernel32.Thread32First 3554 _Thread32First.argtypes = [HANDLE, LPTHREADENTRY32] 3555 _Thread32First.restype = bool 3556 3557 te = THREADENTRY32() 3558 te.dwSize = sizeof(THREADENTRY32) 3559 success = _Thread32First(hSnapshot, ctypes.byref(te)) 3560 if not success: 3561 if GetLastError() == ERROR_NO_MORE_FILES: 3562 return None 3563 raise ctypes.WinError() 3564 return te

3565

3566 # BOOL WINAPI Thread32Next( 3567 # __in HANDLE hSnapshot, 3568 # __out LPTHREADENTRY32 lpte 3569 # ); 3570 -def Thread32Next(hSnapshot, te = None):

3571 _Thread32Next = windll.kernel32.Thread32Next 3572 _Thread32Next.argtypes = [HANDLE, LPTHREADENTRY32] 3573 _Thread32Next.restype = bool 3574 3575 if te is None: 3576 te = THREADENTRY32() 3577 te.dwSize = sizeof(THREADENTRY32) 3578 success = _Thread32Next(hSnapshot, ctypes.byref(te)) 3579 if not success: 3580 if GetLastError() == ERROR_NO_MORE_FILES: 3581 return None 3582 raise ctypes.WinError() 3583 return te

3584

3585 # BOOL WINAPI Module32First( 3586 # __in HANDLE hSnapshot, 3587 # __inout LPMODULEENTRY32 lpme 3588 # ); 3589 -def Module32First(hSnapshot):

3590 _Module32First = windll.kernel32.Module32First 3591 _Module32First.argtypes = [HANDLE, LPMODULEENTRY32] 3592 _Module32First.restype = bool 3593 3594 me = MODULEENTRY32() 3595 me.dwSize = sizeof(MODULEENTRY32) 3596 success = _Module32First(hSnapshot, ctypes.byref(me)) 3597 if not success: 3598 if GetLastError() == ERROR_NO_MORE_FILES: 3599 return None 3600 raise ctypes.WinError() 3601 return me

3602

3603 # BOOL WINAPI Module32Next( 3604 # __in HANDLE hSnapshot, 3605 # __out LPMODULEENTRY32 lpme 3606 # ); 3607 -def Module32Next(hSnapshot, me = None):

3608 _Module32Next = windll.kernel32.Module32Next 3609 _Module32Next.argtypes = [HANDLE, LPMODULEENTRY32] 3610 _Module32Next.restype = bool 3611 3612 if me is None: 3613 me = MODULEENTRY32() 3614 me.dwSize = sizeof(MODULEENTRY32) 3615 success = _Module32Next(hSnapshot, ctypes.byref(me)) 3616 if not success: 3617 if GetLastError() == ERROR_NO_MORE_FILES: 3618 return None 3619 raise ctypes.WinError() 3620 return me

3621

3622 # BOOL WINAPI Heap32First( 3623 # __inout LPHEAPENTRY32 lphe, 3624 # __in DWORD th32ProcessID, 3625 # __in ULONG_PTR th32HeapID 3626 # ); 3627 -def Heap32First(th32ProcessID, th32HeapID):

3628 _Heap32First = windll.kernel32.Heap32First 3629 _Heap32First.argtypes = [LPHEAPENTRY32, DWORD, ULONG_PTR] 3630 _Heap32First.restype = bool 3631 3632 he = HEAPENTRY32() 3633 he.dwSize = sizeof(HEAPENTRY32) 3634 success = _Heap32First(ctypes.byref(he), th32ProcessID, th32HeapID) 3635 if not success: 3636 if GetLastError() == ERROR_NO_MORE_FILES: 3637 return None 3638 raise ctypes.WinError() 3639 return he

3640

3641 # BOOL WINAPI Heap32Next( 3642 # __out LPHEAPENTRY32 lphe 3643 # ); 3644 -def Heap32Next(he):

3645 _Heap32Next = windll.kernel32.Heap32Next 3646 _Heap32Next.argtypes = [LPHEAPENTRY32] 3647 _Heap32Next.restype = bool 3648 3649 he.dwSize = sizeof(HEAPENTRY32) 3650 success = _Heap32Next(ctypes.byref(he)) 3651 if not success: 3652 if GetLastError() == ERROR_NO_MORE_FILES: 3653 return None 3654 raise ctypes.WinError() 3655 return he

3656

3657 # BOOL WINAPI Heap32ListFirst( 3658 # __in HANDLE hSnapshot, 3659 # __inout LPHEAPLIST32 lphl 3660 # ); 3661 -def Heap32ListFirst(hSnapshot):

3662 _Heap32ListFirst = windll.kernel32.Heap32ListFirst 3663 _Heap32ListFirst.argtypes = [HANDLE, LPHEAPLIST32] 3664 _Heap32ListFirst.restype = bool 3665 3666 hl = HEAPLIST32() 3667 hl.dwSize = sizeof(HEAPLIST32) 3668 success = _Heap32ListFirst(hSnapshot, ctypes.byref(hl)) 3669 if not success: 3670 if GetLastError() == ERROR_NO_MORE_FILES: 3671 return None 3672 raise ctypes.WinError() 3673 return hl

3674

3675 # BOOL WINAPI Heap32ListNext( 3676 # __in HANDLE hSnapshot, 3677 # __out LPHEAPLIST32 lphl 3678 # ); 3679 -def Heap32ListNext(hSnapshot, hl = None):

3680 _Heap32ListNext = windll.kernel32.Heap32ListNext 3681 _Heap32ListNext.argtypes = [HANDLE, LPHEAPLIST32] 3682 _Heap32ListNext.restype = bool 3683 3684 if hl is None: 3685 hl = HEAPLIST32() 3686 hl.dwSize = sizeof(HEAPLIST32) 3687 success = _Heap32ListNext(hSnapshot, ctypes.byref(hl)) 3688 if not success: 3689 if GetLastError() == ERROR_NO_MORE_FILES: 3690 return None 3691 raise ctypes.WinError() 3692 return hl

3693

3694 # BOOL WINAPI Toolhelp32ReadProcessMemory( 3695 # __in DWORD th32ProcessID, 3696 # __in LPCVOID lpBaseAddress, 3697 # __out LPVOID lpBuffer, 3698 # __in SIZE_T cbRead, 3699 # __out SIZE_T lpNumberOfBytesRead 3700 # ); 3701 -def Toolhelp32ReadProcessMemory(th32ProcessID, lpBaseAddress, cbRead):

3702 _Toolhelp32ReadProcessMemory = windll.kernel32.Toolhelp32ReadProcessMemory 3703 _Toolhelp32ReadProcessMemory.argtypes = [DWORD, LPVOID, LPVOID, SIZE_T, POINTER(SIZE_T)] 3704 _Toolhelp32ReadProcessMemory.restype = bool 3705 3706 lpBuffer = ctypes.create_string_buffer('', cbRead) 3707 lpNumberOfBytesRead = SIZE_T(0) 3708 success = _Toolhelp32ReadProcessMemory(th32ProcessID, lpBaseAddress, lpBuffer, cbRead, ctypes.byref(lpNumberOfBytesRead)) 3709 if not success and GetLastError() != ERROR_PARTIAL_COPY: 3710 raise ctypes.WinError() 3711 return str(lpBuffer.raw)[:lpNumberOfBytesRead.value]

3712

3713 #------------------------------------------------------------------------------ 3714 # Miscellaneous system information 3715 3716 # DWORD WINAPI GetCurrentProcessorNumber(void); 3717 -def GetCurrentProcessorNumber():

3718 _GetCurrentProcessorNumber = windll.kernel32.GetCurrentProcessorNumber 3719 _GetCurrentProcessorNumber.argtypes = [] 3720 _GetCurrentProcessorNumber.restype = DWORD 3721 _GetCurrentProcessorNumber.errcheck = RaiseIfZero 3722 return _GetCurrentProcessorNumber()

3723

3724 # VOID WINAPI FlushProcessWriteBuffers(void); 3725 -def FlushProcessWriteBuffers():

3726 _FlushProcessWriteBuffers = windll.kernel32.FlushProcessWriteBuffers 3727 _FlushProcessWriteBuffers.argtypes = [] 3728 _FlushProcessWriteBuffers.restype = None 3729 _FlushProcessWriteBuffers()

3730

3731 # BOOL WINAPI GetLogicalProcessorInformation( 3732 # __out PSYSTEM_LOGICAL_PROCESSOR_INFORMATION Buffer, 3733 # __inout PDWORD ReturnLength 3734 # ); 3735 3736 # TO DO http://msdn.microsoft.com/en-us/library/ms683194(VS.85).aspx 3737 3738 # BOOL WINAPI GetProcessIoCounters( 3739 # __in HANDLE hProcess, 3740 # __out PIO_COUNTERS lpIoCounters 3741 # ); 3742 3743 # TO DO http://msdn.microsoft.com/en-us/library/ms683218(VS.85).aspx 3744 3745 # DWORD WINAPI GetGuiResources( 3746 # __in HANDLE hProcess, 3747 # __in DWORD uiFlags 3748 # ); 3749 -def GetGuiResources(hProcess, uiFlags = GR_GDIOBJECTS):

3750 _GetGuiResources = windll.kernel32.GetGuiResources 3751 _GetGuiResources.argtypes = [HANDLE, DWORD] 3752 _GetGuiResources.restype = DWORD 3753 3754 dwCount = _GetGuiResources(hProcess, uiFlags) 3755 if dwCount == 0: 3756 errcode = GetLastError() 3757 if errcode != ERROR_SUCCESS: 3758 raise ctypes.WinError(errcode) 3759 return dwCount

3760

3761 # BOOL WINAPI GetProcessHandleCount( 3762 # __in HANDLE hProcess, 3763 # __inout PDWORD pdwHandleCount 3764 # ); 3765 -def GetProcessHandleCount(hProcess):

3766 _GetProcessHandleCount = windll.kernel32.GetProcessHandleCount 3767 _GetProcessHandleCount.argtypes = [HANDLE, PDWORD] 3768 _GetProcessHandleCount.restype = DWORD 3769 _GetProcessHandleCount.errcheck = RaiseIfZero 3770 3771 pdwHandleCount = DWORD(0) 3772 _GetProcessHandleCount(hProcess, ctypes.byref(pdwHandleCount)) 3773 return pdwHandleCount.value

3774

3775 # BOOL WINAPI GetProcessTimes( 3776 # __in HANDLE hProcess, 3777 # __out LPFILETIME lpCreationTime, 3778 # __out LPFILETIME lpExitTime, 3779 # __out LPFILETIME lpKernelTime, 3780 # __out LPFILETIME lpUserTime 3781 # ); 3782 -def GetProcessTimes(hProcess):

3783 _GetProcessTimes = windll.kernel32.GetProcessTimes 3784 _GetProcessTimes.argtypes = [HANDLE, LPFILETIME, LPFILETIME, LPFILETIME] 3785 _GetProcessTimes.restype = bool 3786 _GetProcessTimes.errcheck = RaiseIfZero 3787 3788 CreationTime = FILETIME() 3789 ExitTime = FILETIME() 3790 KernelTime = FILETIME() 3791 UserTime = FILETIME() 3792 3793 _GetProcessTimes(hProcess, ctypes.byref(CreationTime), ctypes.byref(ExitTime), ctypes.byref(KernelTime), ctypes.byref(UserTime)) 3794 3795 ## CreationTime = CreationTime.dwLowDateTime + (CreationTime.dwHighDateTime << 32) 3796 ## ExitTime = ExitTime.dwLowDateTime + (ExitTime.dwHighDateTime << 32) 3797 KernelTime = KernelTime.dwLowDateTime + (KernelTime.dwHighDateTime << 32) 3798 UserTime = UserTime.dwLowDateTime + (UserTime.dwHighDateTime << 32) 3799 3800 CreationTime = FileTimeToSystemTime(CreationTime) 3801 ExitTime = FileTimeToSystemTime(ExitTime) 3802 3803 return (CreationTime, ExitTime, KernelTime, UserTime)

3804

3805 # BOOL WINAPI FileTimeToSystemTime( 3806 # __in const FILETIME *lpFileTime, 3807 # __out LPSYSTEMTIME lpSystemTime 3808 # ); 3809 -def FileTimeToSystemTime(lpFileTime):

3810 _FileTimeToSystemTime = windll.kernel32.FileTimeToSystemTime 3811 _FileTimeToSystemTime.argtypes = [LPFILETIME, LPSYSTEMTIME] 3812 _FileTimeToSystemTime.restype = bool 3813 _FileTimeToSystemTime.errcheck = RaiseIfZero 3814 3815 if isinstance(lpFileTime, FILETIME): 3816 FileTime = lpFileTime 3817 else: 3818 FileTime = FILETIME() 3819 FileTime.dwLowDateTime = lpFileTime & 0xFFFFFFFF 3820 FileTime.dwHighDateTime = lpFileTime >> 32 3821 SystemTime = SYSTEMTIME() 3822 _FileTimeToSystemTime(ctypes.byref(FileTime), ctypes.byref(SystemTime)) 3823 return SystemTime

3824

3825 # void WINAPI GetSystemTimeAsFileTime( 3826 # __out LPFILETIME lpSystemTimeAsFileTime 3827 # ); 3828 -def GetSystemTimeAsFileTime():

3829 _GetSystemTimeAsFileTime = windll.kernel32.GetSystemTimeAsFileTime 3830 _GetSystemTimeAsFileTime.argtypes = [LPFILETIME] 3831 _GetSystemTimeAsFileTime.restype = None 3832 3833 FileTime = FILETIME() 3834 _GetSystemTimeAsFileTime(ctypes.byref(FileTime)) 3835 return FileTime

3836

3837 #------------------------------------------------------------------------------ 3838 # Global ATOM API 3839 3840 # ATOM GlobalAddAtom( 3841 # __in LPCTSTR lpString 3842 # ); 3843 -def GlobalAddAtomA(lpString):

3844 _GlobalAddAtomA = windll.kernel32.GlobalAddAtomA 3845 _GlobalAddAtomA.argtypes = [LPSTR] 3846 _GlobalAddAtomA.restype = ATOM 3847 _GlobalAddAtomA.errcheck = RaiseIfZero 3848 return _GlobalAddAtomA(lpString)

3849

3850 -def GlobalAddAtomW(lpString):

3851 _GlobalAddAtomW = windll.kernel32.GlobalAddAtomW 3852 _GlobalAddAtomW.argtypes = [LPWSTR] 3853 _GlobalAddAtomW.restype = ATOM 3854 _GlobalAddAtomW.errcheck = RaiseIfZero 3855 return _GlobalAddAtomW(lpString)

3856 3857 GlobalAddAtom = GuessStringType(GlobalAddAtomA, GlobalAddAtomW)

3858 3859 # ATOM GlobalFindAtom( 3860 # __in LPCTSTR lpString 3861 # ); 3862 -def GlobalFindAtomA(lpString):

3863 _GlobalFindAtomA = windll.kernel32.GlobalFindAtomA 3864 _GlobalFindAtomA.argtypes = [LPSTR] 3865 _GlobalFindAtomA.restype = ATOM 3866 _GlobalFindAtomA.errcheck = RaiseIfZero 3867 return _GlobalFindAtomA(lpString)

3868

3869 -def GlobalFindAtomW(lpString):

3870 _GlobalFindAtomW = windll.kernel32.GlobalFindAtomW 3871 _GlobalFindAtomW.argtypes = [LPWSTR] 3872 _GlobalFindAtomW.restype = ATOM 3873 _GlobalFindAtomW.errcheck = RaiseIfZero 3874 return _GlobalFindAtomW(lpString)

3875 3876 GlobalFindAtom = GuessStringType(GlobalFindAtomA, GlobalFindAtomW)

3877 3878 # UINT GlobalGetAtomName( 3879 # __in ATOM nAtom, 3880 # __out LPTSTR lpBuffer, 3881 # __in int nSize 3882 # ); 3883 -def GlobalGetAtomNameA(nAtom):

3884 _GlobalGetAtomNameA = windll.kernel32.GlobalGetAtomNameA 3885 _GlobalGetAtomNameA.argtypes = [ATOM, LPSTR, ctypes.c_int] 3886 _GlobalGetAtomNameA.restype = UINT 3887 _GlobalGetAtomNameA.errcheck = RaiseIfZero 3888 3889 nSize = 64 3890 while 1: 3891 lpBuffer = ctypes.create_string_buffer("", nSize) 3892 nCopied = _GlobalGetAtomNameA(nAtom, lpBuffer, nSize) 3893 if nCopied < nSize - 1: 3894 break 3895 nSize = nSize + 64 3896 return lpBuffer.value

3897

3898 -def GlobalGetAtomNameW(nAtom):

3899 _GlobalGetAtomNameW = windll.kernel32.GlobalGetAtomNameW 3900 _GlobalGetAtomNameW.argtypes = [ATOM, LPWSTR, ctypes.c_int] 3901 _GlobalGetAtomNameW.restype = UINT 3902 _GlobalGetAtomNameW.errcheck = RaiseIfZero 3903 3904 nSize = 64 3905 while 1: 3906 lpBuffer = ctypes.create_unicode_buffer(u"", nSize) 3907 nCopied = _GlobalGetAtomNameW(nAtom, lpBuffer, nSize) 3908 if nCopied < nSize - 1: 3909 break 3910 nSize = nSize + 64 3911 return lpBuffer.value

3912 3913 GlobalGetAtomName = GuessStringType(GlobalGetAtomNameA, GlobalGetAtomNameW)

3914 3915 # ATOM GlobalDeleteAtom( 3916 # __in ATOM nAtom 3917 # ); 3918 -def GlobalDeleteAtom(nAtom):

3919 _GlobalDeleteAtom = windll.kernel32.GlobalDeleteAtom 3920 _GlobalDeleteAtom.argtypes 3921 _GlobalDeleteAtom.restype 3922 SetLastError(ERROR_SUCCESS) 3923 _GlobalDeleteAtom(nAtom) 3924 error = GetLastError() 3925 if error != ERROR_SUCCESS: 3926 raise ctypes.WinError(error)

3927

3928 #------------------------------------------------------------------------------ 3929 # Wow64 API 3930 3931 # BOOL WINAPI IsWow64Process( 3932 # __in HANDLE hProcess, 3933 # __out PBOOL Wow64Process 3934 # ); 3935 -def IsWow64Process(hProcess):

3936 _IsWow64Process = windll.kernel32.IsWow64Process 3937 _IsWow64Process.argtypes = [HANDLE, PBOOL] 3938 _IsWow64Process.restype = bool 3939 _IsWow64Process.errcheck = RaiseIfZero 3940 3941 Wow64Process = BOOL(FALSE) 3942 _IsWow64Process(hProcess, ctypes.byref(Wow64Process)) 3943 return bool(Wow64Process)

3944

3945 # BOOLEAN WINAPI Wow64EnableWow64FsRedirection( 3946 # __in BOOLEAN Wow64FsEnableRedirection 3947 # ); 3948 -def Wow64EnableWow64FsRedirection(Wow64FsEnableRedirection):

3949 _Wow64EnableWow64FsRedirection = windll.kernel32.Wow64EnableWow64FsRedirection 3950 _Wow64EnableWow64FsRedirection.argtypes = [BOOLEAN] 3951 _Wow64EnableWow64FsRedirection.restype = BOOLEAN 3952 _Wow64EnableWow64FsRedirection.errcheck = RaiseIfZero

3953

3954 # BOOL WINAPI Wow64DisableWow64FsRedirection( 3955 # __out PVOID *OldValue 3956 # ); 3957 -def Wow64DisableWow64FsRedirection():

3958 _Wow64DisableWow64FsRedirection = windll.kernel32.Wow64DisableWow64FsRedirection 3959 _Wow64DisableWow64FsRedirection.argtypes = [PPVOID] 3960 _Wow64DisableWow64FsRedirection.restype = BOOL 3961 _Wow64DisableWow64FsRedirection.errcheck = RaiseIfZero 3962 3963 OldValue = PVOID(None) 3964 _Wow64DisableWow64FsRedirection(ctypes.byref(OldValue)) 3965 return OldValue

3966

3967 # BOOL WINAPI Wow64RevertWow64FsRedirection( 3968 # __in PVOID OldValue 3969 # ); 3970 -def Wow64RevertWow64FsRedirection(OldValue):

3971 _Wow64RevertWow64FsRedirection = windll.kernel32.Wow64RevertWow64FsRedirection 3972 _Wow64RevertWow64FsRedirection.argtypes = [PVOID] 3973 _Wow64RevertWow64FsRedirection.restype = BOOL 3974 _Wow64RevertWow64FsRedirection.errcheck = RaiseIfZero 3975 _Wow64RevertWow64FsRedirection(OldValue)

3976 3977 #============================================================================== 3978 # Mark functions that Psyco cannot compile. 3979 # In your programs, don't use psyco.full(). 3980 # Call psyco.bind() on your main function instead. 3981 3982 try: 3983 import psyco 3984 psyco.cannotcompile(WaitForDebugEvent) 3985 psyco.cannotcompile(WaitForSingleObject) 3986 psyco.cannotcompile(WaitForSingleObjectEx) 3987 psyco.cannotcompile(WaitForMultipleObjects) 3988 psyco.cannotcompile(WaitForMultipleObjectsEx) 3989 except ImportError: 3990 pass 3991