Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Package win32 :: Module psapi
[hide private]
[frames] | no frames]

Source Code for Module winappdbg.win32.psapi

  1  # Copyright (c) 2009-2010, Mario Vilas 
  2  # All rights reserved. 
  3  # 
  4  # Redistribution and use in source and binary forms, with or without 
  5  # modification, are permitted provided that the following conditions are met: 
  6  # 
  7  #     * Redistributions of source code must retain the above copyright notice, 
  8  #       this list of conditions and the following disclaimer. 
  9  #     * Redistributions in binary form must reproduce the above copyright 
 10  #       notice,this list of conditions and the following disclaimer in the 
 11  #       documentation and/or other materials provided with the distribution. 
 12  #     * Neither the name of the copyright holder nor the names of its 
 13  #       contributors may be used to endorse or promote products derived from 
 14  #       this software without specific prior written permission. 
 15  # 
 16  # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
 17  # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
 18  # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
 19  # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 
 20  # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
 21  # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 
 22  # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 
 23  # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 
 24  # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
 25  # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
 26  # POSSIBILITY OF SUCH DAMAGE. 
 27   
 28  """ 
 29  Wrapper for psapi.dll in ctypes. 
 30  """ 
 31   
 32  __revision__ = "$Id: psapi.py 618 2010-02-11 02:15:09Z qvasimodo $" 
 33   
 34  from defines import * 
 35   
 36  #--- PSAPI structures and constants ------------------------------------------- 
 37   
 38  LIST_MODULES_DEFAULT    = 0x00 
 39  LIST_MODULES_32BIT      = 0x01 
 40  LIST_MODULES_64BIT      = 0x02 
 41  LIST_MODULES_ALL        = 0x03 
 42   
 43  # typedef struct _MODULEINFO { 
 44  #   LPVOID lpBaseOfDll; 
 45  #   DWORD  SizeOfImage; 
 46  #   LPVOID EntryPoint; 
 47  # } MODULEINFO, *LPMODULEINFO; 

 48 -class MODULEINFO(Structure): 

 49      _fields_ = [ 
 50          ("lpBaseOfDll",     LPVOID),    # remote pointer 
 51          ("SizeOfImage",     DWORD), 
 52          ("EntryPoint",      LPVOID),    # remote pointer 
 53  ] 

 54  LPMODULEINFO = POINTER(MODULEINFO) 
 55   
 56  #--- psapi.dll ---------------------------------------------------------------- 
 57   
 58  # BOOL WINAPI EnumDeviceDrivers( 
 59  #   __out  LPVOID *lpImageBase, 
 60  #   __in   DWORD cb, 
 61  #   __out  LPDWORD lpcbNeeded 
 62  # ); 

 63 -def EnumDeviceDrivers(): 

 64      _EnumDeviceDrivers = windll.psapi.EnumDeviceDrivers 
 65      _EnumDeviceDrivers.argtypes = [LPVOID, DWORD, LPDWORD] 
 66      _EnumDeviceDrivers.restype = bool 
 67      _EnumDeviceDrivers.errcheck = RaiseIfZero 
 68   
 69      size       = 0x1000 
 70      lpcbNeeded = DWORD(size) 
 71      unit       = sizeof(LPVOID) 
 72      while 1: 
 73          lpImageBase = (LPVOID * (size // unit))() 
 74          _EnumDeviceDrivers(ctypes.byref(lpImageBase), lpcbNeeded, ctypes.byref(lpcbNeeded)) 
 75          needed = lpcbNeeded.value 
 76          if needed <= size: 
 77              break 
 78          size = needed 
 79      return [ lpImageBase[index] for index in xrange(0, (needed // unit)) ] 

 80   
 81  # BOOL WINAPI EnumProcesses( 
 82  #   __out  DWORD *pProcessIds, 
 83  #   __in   DWORD cb, 
 84  #   __out  DWORD *pBytesReturned 
 85  # ); 

 86 -def EnumProcesses(): 

 87      _EnumProcesses = windll.psapi.EnumProcesses 
 88      _EnumProcesses.argtypes = [LPVOID, DWORD, LPDWORD] 
 89      _EnumProcesses.restype = bool 
 90      _EnumProcesses.errcheck = RaiseIfZero 
 91   
 92      size            = 0x1000 
 93      cbBytesReturned = DWORD() 
 94      unit            = sizeof(DWORD) 
 95      while 1: 
 96          ProcessIds = (DWORD * (size // unit))() 
 97          cbBytesReturned.value = size 
 98          _EnumProcesses(ctypes.byref(ProcessIds), cbBytesReturned, ctypes.byref(cbBytesReturned)) 
 99          returned = cbBytesReturned.value 
100          if returned < size: 
101              break 
102          size = size + 0x1000 
103      ProcessIdList = list() 
104      for ProcessId in ProcessIds: 
105          if ProcessId is None: 
106              break 
107          ProcessIdList.append(ProcessId) 
108      return ProcessIdList 

109   
110  # BOOL WINAPI EnumProcessModules( 
111  #   __in   HANDLE hProcess, 
112  #   __out  HMODULE *lphModule, 
113  #   __in   DWORD cb, 
114  #   __out  LPDWORD lpcbNeeded 
115  # ); 

116 -def EnumProcessModules(hProcess): 

117      _EnumProcessModules = windll.psapi.EnumProcessModules 
118      _EnumProcessModules.argtypes = [HANDLE, LPVOID, DWORD, LPDWORD] 
119      _EnumProcessModules.restype = bool 
120      _EnumProcessModules.errcheck = RaiseIfZero 
121   
122      size = 0x1000 
123      lpcbNeeded = DWORD(size) 
124      unit = sizeof(HMODULE) 
125      while 1: 
126          lphModule = (HMODULE * (size // unit))() 
127          _EnumProcessModules(hProcess, ctypes.byref(lphModule), lpcbNeeded, ctypes.byref(lpcbNeeded)) 
128          needed = lpcbNeeded.value 
129          if needed <= size: 
130              break 
131          size = needed 
132      return [ lphModule[index] for index in xrange(0, int(needed // unit)) ] 

133   
134  # BOOL WINAPI EnumProcessModulesEx( 
135  #   __in   HANDLE hProcess, 
136  #   __out  HMODULE *lphModule, 
137  #   __in   DWORD cb, 
138  #   __out  LPDWORD lpcbNeeded, 
139  #   __in   DWORD dwFilterFlag 
140  # ); 

141 -def EnumProcessModulesEx(hProcess, dwFilterFlag = LIST_MODULES_DEFAULT): 

142      _EnumProcessModulesEx = windll.psapi.EnumProcessModulesEx 
143      _EnumProcessModulesEx.argtypes = [HANDLE, LPVOID, DWORD, LPDWORD, DWORD] 
144      _EnumProcessModulesEx.restype = bool 
145      _EnumProcessModulesEx.errcheck = RaiseIfZero 
146   
147      size = 0x1000 
148      lpcbNeeded = DWORD(size) 
149      unit = sizeof(HMODULE) 
150      while 1: 
151          lphModule = (HMODULE * (size // unit))() 
152          _EnumProcessModulesEx(hProcess, ctypes.byref(lphModule), lpcbNeeded, ctypes.byref(lpcbNeeded), dwFilterFlag) 
153          needed = lpcbNeeded.value 
154          if needed <= size: 
155              break 
156          size = needed 
157      return [ lphModule[index] for index in xrange(0, (needed // unit)) ] 

158   
159  # DWORD WINAPI GetDeviceDriverBaseName( 
160  #   __in   LPVOID ImageBase, 
161  #   __out  LPTSTR lpBaseName, 
162  #   __in   DWORD nSize 
163  # ); 

164 -def GetDeviceDriverBaseNameA(ImageBase): 

165      _GetDeviceDriverBaseNameA = windll.psapi.GetDeviceDriverBaseNameA 
166      _GetDeviceDriverBaseNameA.argtypes = [LPVOID, LPSTR, DWORD] 
167      _GetDeviceDriverBaseNameA.restype = DWORD 
168   
169      nSize = MAX_PATH 
170      while 1: 
171          lpBaseName = ctypes.create_string_buffer("", nSize) 
172          nCopied = _GetDeviceDriverBaseNameA(ImageBase, lpBaseName, nSize) 
173          if nCopied == 0: 
174              raise ctypes.WinError() 
175          if nCopied < (nSize - 1): 
176              break 
177          nSize = nSize + MAX_PATH 
178      return lpBaseName.value 

179   

180 -def GetDeviceDriverBaseNameW(ImageBase): 

181      _GetDeviceDriverBaseNameW = windll.psapi.GetDeviceDriverBaseNameW 
182      _GetDeviceDriverBaseNameW.argtypes = [LPVOID, LPWSTR, DWORD] 
183      _GetDeviceDriverBaseNameW.restype = DWORD 
184   
185      nSize = MAX_PATH 
186      while 1: 
187          lpBaseName = ctypes.create_unicode_buffer(u"", nSize) 
188          nCopied = _GetDeviceDriverBaseNameW(ImageBase, lpBaseName, nSize) 
189          if nCopied == 0: 
190              raise ctypes.WinError() 
191          if nCopied < (nSize - 1): 
192              break 
193          nSize = nSize + MAX_PATH 
194      return lpBaseName.value 

195   
196  GetDeviceDriverBaseName = GuessStringType(GetDeviceDriverBaseNameA, GetDeviceDriverBaseNameW) 
197   
198  # DWORD WINAPI GetDeviceDriverFileName( 
199  #   __in   LPVOID ImageBase, 
200  #   __out  LPTSTR lpFilename, 
201  #   __in   DWORD nSize 
202  # ); 

203 -def GetDeviceDriverFileNameA(ImageBase): 

204      _GetDeviceDriverFileNameA = windll.psapi.GetDeviceDriverFileNameA 
205      _GetDeviceDriverFileNameA.argtypes = [LPVOID, LPSTR, DWORD] 
206      _GetDeviceDriverFileNameA.restype = DWORD 
207   
208      nSize = MAX_PATH 
209      while 1: 
210          lpFilename = ctypes.create_string_buffer("", nSize) 
211          nCopied = ctypes.windll.psapi.GetDeviceDriverFileNameA(ImageBase, lpFilename, nSize) 
212          if nCopied == 0: 
213              raise ctypes.WinError() 
214          if nCopied < (nSize - 1): 
215              break 
216          nSize = nSize + MAX_PATH 
217      return lpFilename.value 

218   

219 -def GetDeviceDriverFileNameW(ImageBase): 

220      _GetDeviceDriverFileNameW = windll.psapi.GetDeviceDriverFileNameW 
221      _GetDeviceDriverFileNameW.argtypes = [LPVOID, LPWSTR, DWORD] 
222      _GetDeviceDriverFileNameW.restype = DWORD 
223   
224      nSize = MAX_PATH 
225      while 1: 
226          lpFilename = ctypes.create_unicode_buffer(u"", nSize) 
227          nCopied = ctypes.windll.psapi.GetDeviceDriverFileNameW(ImageBase, lpFilename, nSize) 
228          if nCopied == 0: 
229              raise ctypes.WinError() 
230          if nCopied < (nSize - 1): 
231              break 
232          nSize = nSize + MAX_PATH 
233      return lpFilename.value 

234   
235  GetDeviceDriverFileName = GuessStringType(GetDeviceDriverFileNameA, GetDeviceDriverFileNameW) 
236   
237  # DWORD WINAPI GetMappedFileName( 
238  #   __in   HANDLE hProcess, 
239  #   __in   LPVOID lpv, 
240  #   __out  LPTSTR lpFilename, 
241  #   __in   DWORD nSize 
242  # ); 

243 -def GetMappedFileNameA(hProcess, lpv): 

244      _GetMappedFileNameA = ctypes.windll.psapi.GetMappedFileNameA 
245      _GetMappedFileNameA.argtypes = [HANDLE, LPVOID, LPSTR, DWORD] 
246      _GetMappedFileNameA.restype = DWORD 
247   
248      nSize = MAX_PATH 
249      while 1: 
250          lpFilename = ctypes.create_string_buffer("", nSize) 
251          nCopied = _GetMappedFileNameA(hProcess, lpv, lpFilename, nSize) 
252          if nCopied == 0: 
253              raise ctypes.WinError() 
254          if nCopied < (nSize - 1): 
255              break 
256          nSize = nSize + MAX_PATH 
257      return lpFilename.value 

258   

259 -def GetMappedFileNameW(hProcess, lpv): 

260      _GetMappedFileNameW = ctypes.windll.psapi.GetMappedFileNameW 
261      _GetMappedFileNameW.argtypes = [HANDLE, LPVOID, LPWSTR, DWORD] 
262      _GetMappedFileNameW.restype = DWORD 
263   
264      nSize = MAX_PATH 
265      while 1: 
266          lpFilename = ctypes.create_unicode_buffer(u"", nSize) 
267          nCopied = _GetMappedFileNameW(hProcess, lpv, lpFilename, nSize) 
268          if nCopied == 0: 
269              raise ctypes.WinError() 
270          if nCopied < (nSize - 1): 
271              break 
272          nSize = nSize + MAX_PATH 
273      return lpFilename.value 

274   
275  GetMappedFileName = GuessStringType(GetMappedFileNameA, GetMappedFileNameW) 
276   
277  # DWORD WINAPI GetModuleFileNameEx( 
278  #   __in      HANDLE hProcess, 
279  #   __in_opt  HMODULE hModule, 
280  #   __out     LPTSTR lpFilename, 
281  #   __in      DWORD nSize 
282  # ); 

283 -def GetModuleFileNameExA(hProcess, hModule = None): 

284      _GetModuleFileNameExA = ctypes.windll.psapi.GetModuleFileNameExA 
285      _GetModuleFileNameExA.argtypes = [HANDLE, HMODULE, LPSTR, DWORD] 
286      _GetModuleFileNameExA.restype = DWORD 
287   
288      nSize = MAX_PATH 
289      while 1: 
290          lpFilename = ctypes.create_string_buffer("", nSize) 
291          nCopied = _GetModuleFileNameExA(hProcess, hModule, lpFilename, nSize) 
292          if nCopied == 0: 
293              raise ctypes.WinError() 
294          if nCopied < (nSize - 1): 
295              break 
296          nSize = nSize + MAX_PATH 
297      return lpFilename.value 

298   

299 -def GetModuleFileNameExW(hProcess, hModule = None): 

300      _GetModuleFileNameExW = ctypes.windll.psapi.GetModuleFileNameExW 
301      _GetModuleFileNameExW.argtypes = [HANDLE, HMODULE, LPWSTR, DWORD] 
302      _GetModuleFileNameExW.restype = DWORD 
303   
304      nSize = MAX_PATH 
305      while 1: 
306          lpFilename = ctypes.create_unicode_buffer(u"", nSize) 
307          nCopied = _GetModuleFileNameExW(hProcess, hModule, lpFilename, nSize) 
308          if nCopied == 0: 
309              raise ctypes.WinError() 
310          if nCopied < (nSize - 1): 
311              break 
312          nSize = nSize + MAX_PATH 
313      return lpFilename.value 

314   
315  GetModuleFileNameEx = GuessStringType(GetModuleFileNameExA, GetModuleFileNameExW) 
316   
317  # BOOL WINAPI GetModuleInformation( 
318  #   __in   HANDLE hProcess, 
319  #   __in   HMODULE hModule, 
320  #   __out  LPMODULEINFO lpmodinfo, 
321  #   __in   DWORD cb 
322  # ); 

323 -def GetModuleInformation(hProcess, hModule, lpmodinfo = None): 

324      _GetModuleInformation = windll.psapi.GetModuleInformation 
325      _GetModuleInformation.argtypes = [HANDLE, HMODULE, LPMODULEINFO, DWORD] 
326      _GetModuleInformation.restype = bool 
327      _GetModuleInformation.errcheck = RaiseIfZero 
328   
329      if lpmodinfo is None: 
330          lpmodinfo = MODULEINFO() 
331      _GetModuleInformation(hProcess, hModule, ctypes.byref(lpmodinfo), sizeof(lpmodinfo)) 
332      return lpmodinfo 

333   
334  # DWORD WINAPI GetProcessImageFileName( 
335  #   __in   HANDLE hProcess, 
336  #   __out  LPTSTR lpImageFileName, 
337  #   __in   DWORD nSize 
338  # ); 

339 -def GetProcessImageFileNameA(hProcess): 

340      _GetProcessImageFileNameA = windll.psapi.GetProcessImageFileNameA 
341      _GetProcessImageFileNameA.argtypes = [HANDLE, LPSTR, DWORD] 
342      _GetProcessImageFileNameA.restype = DWORD 
343   
344      nSize = MAX_PATH 
345      while 1: 
346          lpFilename = ctypes.create_string_buffer("", nSize) 
347          nCopied = _GetProcessImageFileNameA(hProcess, lpFilename, nSize) 
348          if nCopied == 0: 
349              raise ctypes.WinError() 
350          if nCopied < (nSize - 1): 
351              break 
352          nSize = nSize + MAX_PATH 
353      return lpFilename.value 

354   

355 -def GetProcessImageFileNameW(hProcess): 

356      _GetProcessImageFileNameW = windll.psapi.GetProcessImageFileNameW 
357      _GetProcessImageFileNameW.argtypes = [HANDLE, LPWSTR, DWORD] 
358      _GetProcessImageFileNameW.restype = DWORD 
359   
360      nSize = MAX_PATH 
361      while 1: 
362          lpFilename = ctypes.create_unicode_buffer(u"", nSize) 
363          nCopied = _GetProcessImageFileNameW(hProcess, lpFilename, nSize) 
364          if nCopied == 0: 
365              raise ctypes.WinError() 
366          if nCopied < (nSize - 1): 
367              break 
368          nSize = nSize + MAX_PATH 
369      return lpFilename.value 

370   
371  GetProcessImageFileName = GuessStringType(GetProcessImageFileNameA, GetProcessImageFileNameW) 
372

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Tue Jul 20 14:32:30 2010 http://epydoc.sourceforge.net