├── .github └── workflows │ └── tests.yml ├── .gitignore ├── AUTHORS ├── CHANGELOG ├── LICENSE ├── README.md ├── TODO ├── ctypes_generation ├── README ├── com_parser.py ├── def_parser.py ├── definitions │ ├── com │ │ ├── BITS │ │ │ ├── IBackgroundCopyCallback.txt │ │ │ ├── IBackgroundCopyError.txt │ │ │ ├── IBackgroundCopyFile.txt │ │ │ ├── IBackgroundCopyFile2.txt │ │ │ ├── IBackgroundCopyFile3.txt │ │ │ ├── IBackgroundCopyJob.txt │ │ │ ├── IBackgroundCopyJob2.txt │ │ │ ├── IBackgroundCopyJob3.txt_ignore │ │ │ ├── IBackgroundCopyManager.txt │ │ │ ├── IEnumBackgroundCopyFiles.txt │ │ │ └── IEnumBackgroundCopyJobs.txt │ │ ├── Explorer │ │ │ ├── IBindCtx.txt │ │ │ ├── IEnumExplorerCommand.txt │ │ │ ├── IEnumMoniker.txt │ │ │ ├── IEnumShellItems.txt │ │ │ ├── IEnumString.txt │ │ │ ├── IExplorerCommand.txt │ │ │ ├── IRunningObjectTable.txt │ │ │ ├── IShellItem.txt │ │ │ └── IShellItemArray.txt │ │ ├── ICallFactory.txt │ │ ├── ICallFrame.txt │ │ ├── ICallFrameEvents.txt │ │ ├── ICallFrameWalker.txt │ │ ├── ICallInterceptor.txt │ │ ├── IClassFactory.txt │ │ ├── IClientSecurity.txt │ │ ├── IComCatalog.txt │ │ ├── IDispatch.txt │ │ ├── IEnumVARIANT.txt │ │ ├── IInternalUnknown.txt │ │ ├── IMarshal.txt │ │ ├── IMoniker.txt │ │ ├── INetFwPolicy2.txt │ │ ├── INetFwRule.txt │ │ ├── INetFwRules.txt │ │ ├── INetFwServiceRestriction.txt │ │ ├── IObjContext.txt │ │ ├── IPersist.txt │ │ ├── IPersistFile.txt │ │ ├── IRemUnknown.txt │ │ ├── IShellLinkAVtbl.txt │ │ ├── IShellLinkW.txt │ │ ├── IStdIdentity.txt │ │ ├── IStorage.txt │ │ ├── IStream.txt │ │ ├── ITypeComp.txt │ │ ├── ITypeInfo.txt │ │ ├── ITypeLib.txt │ │ ├── IUnknown.txt │ │ ├── Tasks │ │ │ ├── IAction.txt │ │ │ ├── IActionCollection.txt │ │ │ ├── IComHandlerAction.txt │ │ │ ├── IEmailAction.txt │ │ │ ├── IExecAction.txt │ │ │ ├── IIdleSettings.txt │ │ │ ├── INetworkSettings.txt │ │ │ ├── IPrincipal.txt │ │ │ ├── IRegisteredTask.txt │ │ │ ├── IRegisteredTaskCollection.txt │ │ │ ├── IRegistrationInfo.txt │ │ │ ├── IRepetitionPattern.txt │ │ │ ├── IRunningTask.txt │ │ │ ├── IRunningTaskCollection.txt │ │ │ ├── IShowMessageAction.txt │ │ │ ├── ITaskDefinition.txt │ │ │ ├── ITaskFolder.txt │ │ │ ├── ITaskFolderCollection.txt │ │ │ ├── ITaskNamedValueCollection.txt │ │ │ ├── ITaskNamedValuePair.txt │ │ │ ├── ITaskService.txt │ │ │ ├── ITaskSettings.txt │ │ │ ├── ITrigger.txt │ │ │ └── ITriggerCollection.txt │ │ ├── WMI │ │ │ ├── IEnumWbemClassObject.txt │ │ │ ├── IWbemCallResultVtbl.txt │ │ │ ├── IWbemClassObjectVtbl.txt │ │ │ ├── IWbemContextVtbl.txt │ │ │ ├── IWbemLocatorVtbl.txt │ │ │ ├── IWbemObjectSink.txt │ │ │ ├── IWbemObjectTextSrc.txt │ │ │ ├── IWbemQualifierSet.txt │ │ │ └── IWbemServicesVtbl.txt │ │ ├── WebBrowser │ │ │ └── IWebBrowser2.txt │ │ ├── combase │ │ │ ├── IActivationProperties.txt │ │ │ ├── IActivationPropertiesOut.txt │ │ │ ├── IActivationPropertyIn.txt │ │ │ ├── IActivationStageInfo.txt │ │ │ ├── IClassClassicInfo.txt │ │ │ ├── IComClassInfo.txt │ │ │ ├── IContext.txt │ │ │ ├── IEnumContextProps.txt │ │ │ ├── IEnumSTATSTG.txt │ │ │ ├── IInitActivationPropertiesIn.txt │ │ │ ├── IOpaqueData.txt │ │ │ ├── IPrivActivationPropertiesIn.txt │ │ │ ├── IPrivActivationPropertiesOut.txt │ │ │ ├── IScmReplyInfo.txt │ │ │ ├── IScmRequestInfo.txt │ │ │ ├── IStandardActivator.txt │ │ │ └── ISystemActivator.txt │ │ ├── manually_created │ │ │ ├── IProxyManager.txt │ │ │ └── IProxyServerIdentity.txt │ │ ├── propertysystem │ │ │ ├── IApplicationActivationManager.txt │ │ │ ├── IPackageDebugSettings.txt │ │ │ └── IPackageExecutionStateChangeNotification.txt │ │ ├── rpc │ │ │ ├── IChannelHook.txt │ │ │ ├── IRpcChannelBuffer.txt │ │ │ ├── IRpcHelper.txt │ │ │ ├── IRpcOptions.txt │ │ │ └── IRpcStubBuffer.txt │ │ └── template.py │ ├── defines │ │ ├── bits.txt │ │ ├── cfgmgr32.txt │ │ ├── combase.txt │ │ ├── comdef.txt │ │ ├── crypt_algid.txt │ │ ├── custom_rpc_windef.txt │ │ ├── device_types.txt │ │ ├── disk.txt │ │ ├── dpapi.txt │ │ ├── editions.txt │ │ ├── error_helper.txt │ │ ├── event_trace.txt │ │ ├── file.txt │ │ ├── gdt.txt │ │ ├── ioctl.txt │ │ ├── kuser_shared_data.txt │ │ ├── midl.txt │ │ ├── netapi.txt │ │ ├── network.txt │ │ ├── pipe.txt │ │ ├── proc_thread_attributes.txt │ │ ├── processor.txt │ │ ├── registry.txt │ │ ├── section.txt │ │ ├── security.txt │ │ ├── services.txt │ │ ├── setupapi.txt │ │ ├── shell.txt │ │ ├── shlwapi.txt │ │ ├── specific_access_right.txt │ │ ├── symbols.txt │ │ ├── szOID.txt │ │ ├── template.py │ │ ├── thread_context.txt │ │ ├── token.txt │ │ ├── version.txt │ │ ├── windef.txt │ │ ├── windef_error.txt_ignore │ │ ├── windef_evtlog.txt │ │ ├── windef_pe.txt │ │ ├── wintrust_crypt_def.txt │ │ └── wsocket.txt │ ├── flag.py │ ├── functions │ │ ├── accessibility.txt │ │ ├── alpc.txt │ │ ├── atoms.txt │ │ ├── cfgmgr32.txt │ │ ├── com.txt │ │ ├── crypto_wintrust.txt │ │ ├── dbghelp.txt │ │ ├── disk.txt │ │ ├── dpapi.txt │ │ ├── environ.txt │ │ ├── event_trace.txt │ │ ├── evtlog.txt │ │ ├── file.txt │ │ ├── heap.txt │ │ ├── internet.txt │ │ ├── io.txt │ │ ├── lsa.txt │ │ ├── memoryapi.txt │ │ ├── ncrypt.txt │ │ ├── netapi.txt │ │ ├── netip.txt │ │ ├── network.txt │ │ ├── ntfs_transaction.txt │ │ ├── ntregistry.txt │ │ ├── pipe.txt │ │ ├── process.txt │ │ ├── registry.txt │ │ ├── security.txt │ │ ├── service.txt │ │ ├── setupapi.txt │ │ ├── shell32.txt │ │ ├── shlwapi.txt │ │ ├── symbols.txt │ │ ├── synchapi.txt │ │ ├── syscall.txt │ │ ├── sysinfo.txt │ │ ├── syswow64.txt │ │ ├── time.txt │ │ ├── trace_data_helper.txt │ │ ├── version.txt │ │ ├── window.txt │ │ ├── winfunc.txt │ │ ├── winfunc_crypto.txt.ignore │ │ ├── winfunc_notdoc.txt │ │ └── wsocket.txt │ ├── interface_to_iid.txt │ ├── ntstatus.txt │ ├── ntstatus_template.py │ ├── simple_types.txt │ ├── structures │ │ ├── MIDL.txt │ │ ├── alpc.txt │ │ ├── bits.txt │ │ ├── cfgmgr32.txt │ │ ├── com.txt │ │ ├── com_explorer.txt │ │ ├── com_typelib.txt │ │ ├── combase.txt │ │ ├── combase_localthisthat_versions.txt │ │ ├── crypto.txt │ │ ├── debug.txt │ │ ├── disk.txt │ │ ├── dpapi.txt │ │ ├── event_trace.txt │ │ ├── evtlog.txt │ │ ├── file_info.txt │ │ ├── guid.txt │ │ ├── internet.txt │ │ ├── io.txt │ │ ├── kuser_shared_data.txt │ │ ├── lsa.txt │ │ ├── mitigations.txt │ │ ├── netapi.txt │ │ ├── netip.txt │ │ ├── network.txt │ │ ├── ntregistry.txt │ │ ├── pe.txt │ │ ├── proc_thread_attributes.txt │ │ ├── process.txt │ │ ├── processor.txt │ │ ├── section.txt │ │ ├── security.txt │ │ ├── service.txt │ │ ├── setupapi.txt │ │ ├── shell.txt │ │ ├── simple_structs.txt │ │ ├── symbols.txt │ │ ├── system_info.txt │ │ ├── tasks.txt │ │ ├── teb_peb.txt │ │ ├── template.py │ │ ├── thread_context.txt │ │ ├── time.txt │ │ ├── token.txt │ │ ├── trace_data_helper.txt │ │ ├── window.txt │ │ ├── winstruct.txt │ │ ├── winstruct_apisetmap.txt │ │ ├── winstruct_bits.txt │ │ ├── wmi.txt │ │ └── wsocket.txt │ ├── winerror.txt │ └── winerror_template.py ├── dummy_wintypes.py ├── extended_interfaces │ └── IStream.py ├── extended_structs │ ├── PSID.py │ ├── _CRYPTOAPI_BLOB.py │ ├── _CRYPT_ATTRIBUTE.py │ ├── _CRYPT_ATTRIBUTES.py │ ├── _CRYPT_BIT_BLOB.py │ ├── _EVENT_DESCRIPTOR.py │ ├── _EVENT_HEADER_EXTENDED_DATA_ITEM.py │ ├── _EVENT_RECORD.py │ ├── _FILETIME.py │ ├── _FILE_RENAME_INFORMATION.py │ ├── _GUID.py │ ├── _LIST_ENTRY.py │ ├── _LOAD_DLL_DEBUG_INFO.py │ ├── _LSA_UNICODE_STRING.py │ ├── _LUID.py │ ├── _MEMORY_BASIC_INFORMATION32.py │ ├── _MEMORY_BASIC_INFORMATION64.py │ ├── _OBJECT_ATTRIBUTES.py │ ├── _RPC_IF_ID.py │ ├── _SERVICE_STATUS_PROCESS.py │ ├── _SID_AND_ATTRIBUTES.py │ ├── _tagADDRESS64.py │ ├── tagDUALSTRINGARRAY.py │ └── tagMInterfacePointer.py ├── func_parser.py ├── generate.py ├── oldgen.py ├── simpleparser.py ├── struct_parser.py └── winstruct.py ├── docs ├── .nojekyll ├── build │ └── html │ │ ├── .buildinfo │ │ ├── _modules │ │ ├── index.html │ │ └── windows │ │ │ ├── alpc.html │ │ │ ├── com.html │ │ │ ├── crypto │ │ │ ├── certificate.html │ │ │ ├── cryptmsg.html │ │ │ ├── encrypt_decrypt.html │ │ │ └── generation.html │ │ │ ├── debug │ │ │ ├── breakpoints.html │ │ │ ├── debugger.html │ │ │ ├── localdbg.html │ │ │ ├── symboldbg.html │ │ │ └── symbols.html │ │ │ ├── generated_def │ │ │ ├── flag.html │ │ │ ├── interfaces.html │ │ │ └── winstructs.html │ │ │ ├── hooks.html │ │ │ ├── native_exec │ │ │ ├── cpuid.html │ │ │ ├── native_function.html │ │ │ └── simple_x86.html │ │ │ ├── pe_parse.html │ │ │ ├── pipe.html │ │ │ ├── remotectypes.html │ │ │ ├── rpc │ │ │ ├── client.html │ │ │ ├── epmapper.html │ │ │ └── ndr.html │ │ │ ├── security.html │ │ │ ├── syswow64.html │ │ │ ├── utils │ │ │ ├── pythonutils.html │ │ │ └── winutils.html │ │ │ ├── winobject │ │ │ ├── apisetmap.html │ │ │ ├── device_manager.html │ │ │ ├── event_log.html │ │ │ ├── event_trace.html │ │ │ ├── exception.html │ │ │ ├── handle.html │ │ │ ├── network.html │ │ │ ├── object_manager.html │ │ │ ├── process.html │ │ │ ├── registry.html │ │ │ ├── service.html │ │ │ ├── system.html │ │ │ ├── system_module.html │ │ │ ├── task_scheduler.html │ │ │ ├── token.html │ │ │ ├── volume.html │ │ │ └── wmi.html │ │ │ ├── winproxy │ │ │ ├── apiproxy.html │ │ │ └── error.html │ │ │ └── wintrust.html │ │ ├── _sources │ │ ├── alpc.rst.txt │ │ ├── com.rst.txt │ │ ├── crypto.rst.txt │ │ ├── debug.rst.txt │ │ ├── device_manager.rst.txt │ │ ├── encoding.rst.txt │ │ ├── etw.rst.txt │ │ ├── evtlog.rst.txt │ │ ├── exception.rst.txt │ │ ├── generated.rst.txt │ │ ├── handle.rst.txt │ │ ├── iat_hook.rst.txt │ │ ├── index.rst.txt │ │ ├── interfaces_generated.rst.txt │ │ ├── internals.rst.txt │ │ ├── native_exec.rst.txt │ │ ├── network.rst.txt │ │ ├── ntstatus_generated.rst.txt │ │ ├── object_manager.rst.txt │ │ ├── pipe.rst.txt │ │ ├── process.rst.txt │ │ ├── registry.rst.txt │ │ ├── rpc.rst.txt │ │ ├── sample.rst.txt │ │ ├── security.rst.txt │ │ ├── service.rst.txt │ │ ├── system_module.rst.txt │ │ ├── task_scheduler.rst.txt │ │ ├── token.rst.txt │ │ ├── utils.rst.txt │ │ ├── volume.rst.txt │ │ ├── windef_generated.rst.txt │ │ ├── windows.rst.txt │ │ ├── winerror_generated.rst.txt │ │ ├── winfuncs_generated.rst.txt │ │ ├── winobject.rst.txt │ │ ├── winproxy.rst.txt │ │ ├── winstructs_generated.rst.txt │ │ ├── wintrust.rst.txt │ │ ├── wip.rst.txt │ │ └── wmi.rst.txt │ │ ├── _static │ │ ├── basic.css │ │ ├── classic.css │ │ ├── css │ │ │ └── mbasic.css │ │ ├── doctools.js │ │ ├── documentation_options.js │ │ ├── file.png │ │ ├── language_data.js │ │ ├── minus.png │ │ ├── plus.png │ │ ├── pygments.css │ │ ├── searchtools.js │ │ ├── sidebar.js │ │ └── sphinx_highlight.js │ │ ├── alpc.html │ │ ├── com.html │ │ ├── crypto.html │ │ ├── debug.html │ │ ├── device_manager.html │ │ ├── encoding.html │ │ ├── etw.html │ │ ├── evtlog.html │ │ ├── exception.html │ │ ├── generated.html │ │ ├── genindex.html │ │ ├── handle.html │ │ ├── iat_hook.html │ │ ├── index.html │ │ ├── interfaces_generated.html │ │ ├── internals.html │ │ ├── native_exec.html │ │ ├── network.html │ │ ├── ntstatus_generated.html │ │ ├── object_manager.html │ │ ├── pipe.html │ │ ├── process.html │ │ ├── py-modindex.html │ │ ├── registry.html │ │ ├── rpc.html │ │ ├── sample.html │ │ ├── search.html │ │ ├── searchindex.js │ │ ├── security.html │ │ ├── service.html │ │ ├── system_module.html │ │ ├── task_scheduler.html │ │ ├── token.html │ │ ├── utils.html │ │ ├── volume.html │ │ ├── windef_generated.html │ │ ├── windows.html │ │ ├── winerror_generated.html │ │ ├── winfuncs_generated.html │ │ ├── winobject.html │ │ ├── winproxy.html │ │ ├── winstructs_generated.html │ │ ├── wintrust.html │ │ ├── wip.html │ │ └── wmi.html ├── generate_samples.py ├── generate_winproxy_list.py ├── index.html ├── make.bat └── source │ ├── _static │ └── css │ │ └── mbasic.css │ ├── alpc.rst │ ├── com.rst │ ├── conf.py │ ├── crypto.rst │ ├── debug.rst │ ├── device_manager.rst │ ├── encoding.rst │ ├── etw.rst │ ├── evtlog.rst │ ├── exception.rst │ ├── generated.rst │ ├── handle.rst │ ├── iat_hook.rst │ ├── index.rst │ ├── interfaces_generated.rst │ ├── internals.rst │ ├── native_exec.rst │ ├── network.rst │ ├── ntstatus_generated.rst │ ├── object_manager.rst │ ├── pipe.rst │ ├── process.rst │ ├── registry.rst │ ├── rpc.rst │ ├── sample.rst │ ├── samples_output │ ├── alpc_advanced_alpc.txt │ ├── alpc_simple_alpc.txt │ ├── com_com_inetfwpolicy2.txt │ ├── com_icallinterceptor.txt │ ├── crypto_certificate.txt │ ├── crypto_wintrust.txt │ ├── debug_attach.txt │ ├── debug_change_function_ret_value.txt │ ├── debug_debug_functionbp.txt │ ├── debug_debugger_membp_singlestep.txt │ ├── debug_debugger_on_setup.txt │ ├── debug_debugger_print_LdrLoaddll.txt │ ├── debug_local_debugger.txt │ ├── debug_symbol_debugger.txt │ ├── debug_symbol_processsymdemo.txt │ ├── debug_symbol_symsearch.txt │ ├── debug_symbol_virtsymdemo.txt │ ├── device_manager_device_manager.txt │ ├── device_manager_enum_devices.txt │ ├── etw_etw_enumeration.txt │ ├── etw_uac_trace.txt │ ├── event_log_eventlog.txt │ ├── network_network.txt │ ├── object_manager_findobj.txt │ ├── object_manager_object_manager.txt │ ├── pipe_child_send_object.txt │ ├── process_apisetmap.txt │ ├── process_current_process.txt │ ├── process_iat_hook.txt │ ├── process_msstore_interpreter_remote_python.txt │ ├── process_peb.txt │ ├── process_remote_process.txt │ ├── process_veh_segv.txt │ ├── registry_registry.txt │ ├── rpc_lsass.txt │ ├── scheduled_task_scheduled_task.txt │ ├── security_query_sacl.txt │ ├── security_security_descriptor.txt │ ├── service_python_service.txt │ ├── service_service_demo.txt │ ├── system.txt │ ├── test_code.txt │ ├── token_token_demo.txt │ ├── wmi_create_process.txt │ └── wmi_wmi_request.txt │ ├── security.rst │ ├── service.rst │ ├── system_module.rst │ ├── task_scheduler.rst │ ├── token.rst │ ├── utils.rst │ ├── volume.rst │ ├── windef_generated.rst │ ├── windows.rst │ ├── winerror_generated.rst │ ├── winfuncs_generated.rst │ ├── winobject.rst │ ├── winproxy.rst │ ├── winstructs_generated.rst │ ├── wintrust.rst │ ├── wip.rst │ └── wmi.rst ├── samples ├── alpc │ ├── advanced_alpc.py │ └── simple_alpc.py ├── com │ ├── com_inetfwpolicy2.py │ └── icallinterceptor.py ├── crypto │ ├── certificate.py │ ├── encryption_demo.py │ └── wintrust.py ├── debug │ ├── attach.py │ ├── change_function_ret_value.py │ ├── debug_functionbp.py │ ├── debugger_api.py │ ├── debugger_membp_singlestep.py │ ├── debugger_on_setup.py │ ├── debugger_print_LdrLoaddll.py │ ├── follow_file_read_write.py │ ├── local_debugger.py │ ├── local_debugger_remote_process.py │ ├── symbol_debugger.py │ └── symbols │ │ ├── processsymdemo.py │ │ ├── symsearch.py │ │ ├── symtypes.py │ │ └── virtsymdemo.py ├── device_manager │ ├── device_manager.py │ └── enum_devices.py ├── encoding │ └── check_encoding_config.py ├── etw │ ├── etw_enumeration.py │ └── uac_trace.py ├── event_log │ ├── eventlog.py │ ├── evtexplorer.py │ └── wevtutil.py ├── find_value.py ├── native_utils.py ├── network │ ├── demo_ws2_32.py │ └── network.py ├── ntcall.py ├── object_manager │ ├── findobj.py │ ├── object_manager.py │ └── winobj.py ├── pipe │ ├── child_send_object.py │ └── pipe_custom_acl.py ├── process │ ├── apisetmap.py │ ├── current_process.py │ ├── dump_apisetmap.py │ ├── iat_hook.py │ ├── msstore_interpreter_remote_python.py │ ├── peb.py │ ├── remote_process.py │ ├── remote_veh_segv.py │ ├── thread.py │ └── veh_segv.py ├── registry │ └── registry.py ├── rpc │ ├── lsass.py │ └── uac.py ├── scheduled_tasks │ └── scheduled_task.py ├── security │ ├── explain_security_desciptor.py │ ├── query_sacl.py │ └── security_descriptor.py ├── service │ ├── python_service.py │ └── service_demo.py ├── system.py ├── test_code.py ├── token │ └── token_demo.py ├── wincli.py └── wmi │ ├── create_process.py │ └── wmi_request.py ├── setup.py ├── tests ├── __init__.py ├── conftest.py ├── dbg_injection.py ├── pfwtest.py ├── pytest.ini ├── test_alpc.py ├── test_apisetmap.py ├── test_bits.py ├── test_cpuid.py ├── test_crypto.py ├── test_debugger.py ├── test_device_manager.py ├── test_event_trace.py ├── test_evtlog.py ├── test_generated_code.py ├── test_generated_def.py ├── test_handle.py ├── test_hook.py ├── test_improved_buffer.py ├── test_injection.py ├── test_midl.py ├── test_native_utils.py ├── test_ndr.py ├── test_network.py ├── test_object_manager.py ├── test_orpc.py ├── test_parse_pe.py ├── test_pipe.py ├── test_process.py ├── test_registry.py ├── test_remotectypes.py ├── test_rpc.py ├── test_scheduled_tasks.py ├── test_security.py ├── test_service.py ├── test_simple_arm64.py ├── test_simple_x64.py ├── test_simple_x86.py ├── test_symbol.py ├── test_system.py ├── test_system_modules.py ├── test_syswow.py ├── test_token.py ├── test_winproxy.py ├── test_wintrust.py ├── test_winutils.py └── test_wmi.py └── windows ├── __init__.py ├── alpc.py ├── com.py ├── crypto ├── __init__.py ├── catalog.py ├── certificate.py ├── cryptmsg.py ├── dpapi.py ├── encrypt_decrypt.py ├── generation.py └── sign_verify.py ├── dbgprint.py ├── debug ├── __init__.py ├── breakpoints.py ├── debugger.py ├── localdbg.py ├── symboldbg.py └── symbols.py ├── generated_def ├── __init__.py ├── auto_doc_tst.py ├── flag.py ├── interfaces.py ├── meta.py ├── ntstatus.py ├── windef.py ├── winerror.py ├── winfuncs.py └── winstructs.py ├── hooks.py ├── injection.py ├── native_exec ├── __init__.py ├── cpuid.py ├── native_function.py ├── nativeutils.py ├── simple_arm64.py ├── simple_x64.py └── simple_x86.py ├── pe_parse.py ├── pipe.py ├── pycompat.py ├── remotectypes.py ├── rpc ├── __init__.py ├── client.py ├── epmapper.py ├── ndr.py └── stubborn.py ├── security.py ├── syswow64.py ├── test.py ├── utils ├── __init__.py ├── improved_buffer.py ├── pythonutils.py └── winutils.py ├── winobject ├── __init__.py ├── apisetmap.py ├── bits.py ├── device_manager.py ├── event_log.py ├── event_trace.py ├── exception.py ├── file.py ├── handle.py ├── network.py ├── object_manager.py ├── process.py ├── registry.py ├── service.py ├── system.py ├── system_module.py ├── task_scheduler.py ├── token.py ├── volume.py └── wmi.py ├── winproxy ├── __init__.py ├── apiproxy.py ├── apis │ ├── __init__.py │ ├── advapi32.py │ ├── cfgmgr32.py │ ├── crypt32.py │ ├── cryptui.py │ ├── dbghelp.py │ ├── dnsapi.py │ ├── iphlpapi.py │ ├── kernel32.py │ ├── ktmw32.py │ ├── ncrypt.py │ ├── netapi32.py │ ├── ntdll.py │ ├── ole32.py │ ├── oleacc.py │ ├── oleaut32.py │ ├── psapi.py │ ├── setupapi.py │ ├── shell32.py │ ├── shlwapi.py │ ├── tdh.py │ ├── user32.py │ ├── version.py │ ├── virtdisk.py │ ├── wevtapi.py │ ├── winhttp.py │ ├── wininet.py │ ├── wintrust.py │ └── ws2_32.py └── error.py └── wintrust.py /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | doctrees 3 | *.inv 4 | *.pickle 5 | *.ignore 6 | *.code-workspace 7 | 8 | .vscode/ 9 | .cache/ 10 | dist/ 11 | build/ 12 | docs/BuildDocEnv/ 13 | playground/ 14 | *egg-info/ -------------------------------------------------------------------------------- /AUTHORS: -------------------------------------------------------------------------------- 1 | * Hakril -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2016-2024, Rouault Clement 2 | All rights reserved. 3 | 4 | Redistribution and use in source and binary forms, with or without modification, 5 | are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this 8 | list of conditions and the following disclaimer. 9 | 10 | * Redistributions in binary form must reproduce the above copyright notice, this 11 | list of conditions and the following disclaimer in the documentation and/or 12 | other materials provided with the distribution. 13 | 14 | * Neither the name of the {organization} nor the names of its 15 | contributors may be used to endorse or promote products derived from 16 | this software without specific prior written permission. 17 | 18 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 19 | ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 20 | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE 21 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR 22 | ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 23 | (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 24 | LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON 25 | ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 27 | SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -------------------------------------------------------------------------------- /ctypes_generation/README: -------------------------------------------------------------------------------- 1 | == ctypes_generation == 2 | 3 | I don't have the need for (nor want to code) a full C parser but I need to parse some 4 | windows definitions to generate some python functions/structs/flags. 5 | So, there are 3 dumb parsers used to generate: 6 | - function prototype 7 | - ctypes struct definition 8 | - flags (int with name) 9 | 10 | Maybe one day I will do something clean and sane. 11 | But not today. 12 | sorry :( -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/BITS/IBackgroundCopyCallback.txt: -------------------------------------------------------------------------------- 1 | typedef struct IBackgroundCopyCallbackVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IBackgroundCopyCallback * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IBackgroundCopyCallback * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IBackgroundCopyCallback * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *JobTransferred )( 18 | __RPC__in IBackgroundCopyCallback * This, 19 | /* [in] */ __RPC__in_opt IBackgroundCopyJob *pJob); 20 | 21 | HRESULT ( STDMETHODCALLTYPE *JobError )( 22 | __RPC__in IBackgroundCopyCallback * This, 23 | /* [in] */ __RPC__in_opt IBackgroundCopyJob *pJob, 24 | /* [in] */ __RPC__in_opt IBackgroundCopyError *pError); 25 | 26 | HRESULT ( STDMETHODCALLTYPE *JobModification )( 27 | __RPC__in IBackgroundCopyCallback * This, 28 | /* [in] */ __RPC__in_opt IBackgroundCopyJob *pJob, 29 | /* [in] */ DWORD dwReserved); 30 | 31 | END_INTERFACE 32 | } IBackgroundCopyCallbackVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/BITS/IBackgroundCopyFile.txt: -------------------------------------------------------------------------------- 1 | typedef struct IBackgroundCopyFileVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IBackgroundCopyFile * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IBackgroundCopyFile * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IBackgroundCopyFile * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *GetRemoteName )( 18 | __RPC__in IBackgroundCopyFile * This, 19 | /* [out] */ __RPC__deref_out_opt LPWSTR *pVal); 20 | 21 | HRESULT ( STDMETHODCALLTYPE *GetLocalName )( 22 | __RPC__in IBackgroundCopyFile * This, 23 | /* [out] */ __RPC__deref_out_opt LPWSTR *pVal); 24 | 25 | HRESULT ( STDMETHODCALLTYPE *GetProgress )( 26 | __RPC__in IBackgroundCopyFile * This, 27 | /* [out] */ __RPC__out BG_FILE_PROGRESS *pVal); 28 | 29 | END_INTERFACE 30 | } IBackgroundCopyFileVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/Explorer/IEnumMoniker.txt: -------------------------------------------------------------------------------- 1 | typedef struct IEnumMonikerVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IEnumMoniker * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IEnumMoniker * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IEnumMoniker * This); 16 | 17 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *Next )( 18 | IEnumMoniker * This, 19 | /* [in] */ ULONG celt, 20 | /* [annotation] */ 21 | __out_ecount_part(celt,*pceltFetched) IMoniker **rgelt, 22 | /* [annotation] */ 23 | __out_opt ULONG *pceltFetched); 24 | 25 | HRESULT ( STDMETHODCALLTYPE *Skip )( 26 | __RPC__in IEnumMoniker * This, 27 | /* [in] */ ULONG celt); 28 | 29 | HRESULT ( STDMETHODCALLTYPE *Reset )( 30 | __RPC__in IEnumMoniker * This); 31 | 32 | HRESULT ( STDMETHODCALLTYPE *Clone )( 33 | __RPC__in IEnumMoniker * This, 34 | /* [out] */ __RPC__deref_out_opt IEnumMoniker **ppenum); 35 | 36 | END_INTERFACE 37 | } IEnumMonikerVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/Explorer/IEnumString.txt: -------------------------------------------------------------------------------- 1 | typedef struct IEnumStringVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IEnumString * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IEnumString * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IEnumString * This); 16 | 17 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *Next )( 18 | IEnumString * This, 19 | /* [in] */ ULONG celt, 20 | /* [annotation] */ 21 | __RPC__out_ecount_part(celt,*pceltFetched) LPOLESTR *rgelt, 22 | /* [annotation] */ 23 | __out_opt ULONG *pceltFetched); 24 | 25 | HRESULT ( STDMETHODCALLTYPE *Skip )( 26 | __RPC__in IEnumString * This, 27 | /* [in] */ ULONG celt); 28 | 29 | HRESULT ( STDMETHODCALLTYPE *Reset )( 30 | __RPC__in IEnumString * This); 31 | 32 | HRESULT ( STDMETHODCALLTYPE *Clone )( 33 | __RPC__in IEnumString * This, 34 | /* [out] */ __RPC__deref_out_opt IEnumString **ppenum); 35 | 36 | END_INTERFACE 37 | } IEnumStringVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/ICallFactory.txt: -------------------------------------------------------------------------------- 1 | typedef struct ICallFactoryVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | ICallFactory * This, 7 | /* [in] */ REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | ICallFactory * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | ICallFactory * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *CreateCall )( 18 | ICallFactory * This, 19 | /* [annotation][in] */ 20 | __in REFIID riid, 21 | /* [annotation][in] */ 22 | __in_opt IUnknown *pCtrlUnk, 23 | /* [annotation][in] */ 24 | __in REFIID riid2, 25 | /* [annotation][iid_is][out] */ 26 | __deref_out IUnknown **ppv); 27 | 28 | END_INTERFACE 29 | } ICallFactoryVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/ICallFrameEvents.txt: -------------------------------------------------------------------------------- 1 | typedef struct ICallFrameEventsVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | ICallFrameEvents * This, 7 | /* [in] */ REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | ICallFrameEvents * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | ICallFrameEvents * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *OnCall )( 18 | ICallFrameEvents * This, 19 | /* [in] */ ICallFrame *pFrame); 20 | 21 | END_INTERFACE 22 | } ICallFrameEventsVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/ICallFrameWalker.txt: -------------------------------------------------------------------------------- 1 | typedef struct ICallFrameWalkerVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | ICallFrameWalker * This, 7 | /* [in] */ REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | ICallFrameWalker * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | ICallFrameWalker * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *OnWalkInterface )( 18 | ICallFrameWalker * This, 19 | /* [in] */ REFIID iid, 20 | /* [in] */ PVOID *ppvInterface, 21 | /* [in] */ BOOL fIn, 22 | /* [in] */ BOOL fOut); 23 | 24 | END_INTERFACE 25 | } ICallFrameWalkerVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/IClassFactory.txt: -------------------------------------------------------------------------------- 1 | typedef struct IClassFactoryVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IClassFactory * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IClassFactory * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IClassFactory * This); 15 | 16 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *CreateInstance )( 17 | IClassFactory * This, 18 | /* [unique][in] */ IUnknown *pUnkOuter, 19 | /* [in] */ REFIID riid, 20 | /* [iid_is][out] */ void **ppvObject); 21 | 22 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *LockServer )( 23 | IClassFactory * This, 24 | /* [in] */ BOOL fLock); 25 | 26 | END_INTERFACE 27 | } IClassFactoryVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/IEnumVARIANT.txt: -------------------------------------------------------------------------------- 1 | typedef struct IEnumVARIANTVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IEnumVARIANT * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IEnumVARIANT * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IEnumVARIANT * This); 16 | 17 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *Next )( 18 | IEnumVARIANT * This, 19 | /* [in] */ ULONG celt, 20 | /* [length_is][size_is][out] */ VARIANT *rgVar, 21 | /* [out] */ ULONG *pCeltFetched); 22 | 23 | HRESULT ( STDMETHODCALLTYPE *Skip )( 24 | __RPC__in IEnumVARIANT * This, 25 | /* [in] */ ULONG celt); 26 | 27 | HRESULT ( STDMETHODCALLTYPE *Reset )( 28 | __RPC__in IEnumVARIANT * This); 29 | 30 | HRESULT ( STDMETHODCALLTYPE *Clone )( 31 | __RPC__in IEnumVARIANT * This, 32 | /* [out] */ __RPC__deref_out_opt IEnumVARIANT **ppEnum); 33 | 34 | END_INTERFACE 35 | } IEnumVARIANTVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/IInternalUnknown.txt: -------------------------------------------------------------------------------- 1 | typedef struct IInternalUnknownVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IInternalUnknown * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IInternalUnknown * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IInternalUnknown * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *QueryInternalInterface )( 17 | IInternalUnknown * This, 18 | /* [in] */ REFIID riid, 19 | /* [out] */ void **ppv); 20 | 21 | END_INTERFACE 22 | } IInternalUnknownVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/IPersist.txt: -------------------------------------------------------------------------------- 1 | typedef struct IPersistVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IPersist * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IPersist * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IPersist * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *GetClassID )( 18 | __RPC__in IPersist * This, 19 | /* [out] */ __RPC__out CLSID *pClassID); 20 | 21 | END_INTERFACE 22 | } IPersistVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/IRemUnknown.txt: -------------------------------------------------------------------------------- 1 | typedef struct IRemUnknownVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IRemUnknown * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IRemUnknown * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IRemUnknown * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *RemQueryInterface )( 17 | IRemUnknown * This, 18 | /* [in] */ REFIPID ripid, 19 | /* [in] */ ULONG cRefs, 20 | /* [in] */ USHORT cIids, 21 | /* [size_is][in] */ IID *iids, 22 | /* [size_is][size_is][out] */ REMQIRESULT **ppQIResults); 23 | 24 | HRESULT ( STDMETHODCALLTYPE *RemAddRef )( 25 | IRemUnknown * This, 26 | /* [in] */ USHORT cInterfaceRefs, 27 | /* [size_is][in] */ REMINTERFACEREF *InterfaceRefs, 28 | /* [size_is][out] */ HRESULT *pResults); 29 | 30 | HRESULT ( STDMETHODCALLTYPE *RemRelease )( 31 | IRemUnknown * This, 32 | /* [in] */ USHORT cInterfaceRefs, 33 | /* [size_is][in] */ REMINTERFACEREF *InterfaceRefs); 34 | 35 | END_INTERFACE 36 | } IRemUnknownVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/IStdIdentity.txt: -------------------------------------------------------------------------------- 1 | // IStdIdentity is an empty interface to check that an object is the IStdIdentity 2 | // and thus query other interface 3 | typedef struct IStdIdentityVtbl 4 | { 5 | BEGIN_INTERFACE 6 | 7 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 8 | IUnknown * This, 9 | /* [in] */ REFIID riid, 10 | /* [annotation][iid_is][out] */ 11 | __RPC__deref_out void **ppvObject); 12 | 13 | ULONG ( STDMETHODCALLTYPE *AddRef )( 14 | IUnknown * This); 15 | 16 | ULONG ( STDMETHODCALLTYPE *Release )( 17 | IUnknown * This); 18 | 19 | END_INTERFACE 20 | } IStdIdentityVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/ITypeComp.txt: -------------------------------------------------------------------------------- 1 | typedef struct ITypeCompVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in ITypeComp * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out PVOID *ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in ITypeComp * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in ITypeComp * This); 16 | 17 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *Bind )( 18 | ITypeComp * This, 19 | /* [annotation][in] */ 20 | __RPC__in LPOLESTR szName, 21 | /* [in] */ ULONG lHashVal, 22 | /* [in] */ WORD wFlags, 23 | /* [out] */ ITypeInfo **ppTInfo, 24 | /* [out] */ DESCKIND *pDescKind, 25 | /* [out] */ BINDPTR *pBindPtr); 26 | 27 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *BindType )( 28 | ITypeComp * This, 29 | /* [annotation][in] */ 30 | __RPC__in LPOLESTR szName, 31 | /* [in] */ ULONG lHashVal, 32 | /* [out] */ ITypeInfo **ppTInfo, 33 | /* [out] */ ITypeComp **ppTComp); 34 | 35 | END_INTERFACE 36 | } ITypeCompVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/IUnknown.txt: -------------------------------------------------------------------------------- 1 | typedef struct IUnknownVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IUnknown * This, 7 | /* [in] */ REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | IUnknown * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | IUnknown * This); 16 | 17 | END_INTERFACE 18 | } IUnknownVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/WMI/IWbemCallResultVtbl.txt: -------------------------------------------------------------------------------- 1 | typedef struct IWbemCallResultVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IWbemCallResult * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IWbemCallResult * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IWbemCallResult * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *GetResultObject )( 18 | __RPC__in IWbemCallResult * This, 19 | /* [in] */ long lTimeout, 20 | /* [out] */ __RPC__deref_out_opt IWbemClassObject **ppResultObject); 21 | 22 | HRESULT ( STDMETHODCALLTYPE *GetResultString )( 23 | __RPC__in IWbemCallResult * This, 24 | /* [in] */ long lTimeout, 25 | /* [out] */ __RPC__deref_out_opt BSTR *pstrResultString); 26 | 27 | HRESULT ( STDMETHODCALLTYPE *GetResultServices )( 28 | __RPC__in IWbemCallResult * This, 29 | /* [in] */ long lTimeout, 30 | /* [out] */ __RPC__deref_out_opt IWbemServices **ppServices); 31 | 32 | HRESULT ( STDMETHODCALLTYPE *GetCallStatus )( 33 | __RPC__in IWbemCallResult * This, 34 | /* [in] */ long lTimeout, 35 | /* [out] */ __RPC__out long *plStatus); 36 | 37 | END_INTERFACE 38 | } IWbemCallResultVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/WMI/IWbemLocatorVtbl.txt: -------------------------------------------------------------------------------- 1 | typedef struct IWbemLocatorVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IWbemLocator * This, 7 | /* [in] */ REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | IWbemLocator * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | IWbemLocator * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *ConnectServer )( 18 | IWbemLocator * This, 19 | /* [in] */ const BSTR strNetworkResource, 20 | /* [in] */ const BSTR strUser, 21 | /* [in] */ const BSTR strPassword, 22 | /* [in] */ const BSTR strLocale, 23 | /* [in] */ long lSecurityFlags, 24 | /* [in] */ const BSTR strAuthority, 25 | /* [in] */ IWbemContext *pCtx, 26 | /* [out] */ IWbemServices **ppNamespace); 27 | 28 | END_INTERFACE 29 | } IWbemLocatorVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/WMI/IWbemObjectSink.txt: -------------------------------------------------------------------------------- 1 | typedef struct IWbemObjectSinkVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IWbemObjectSink * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IWbemObjectSink * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IWbemObjectSink * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *Indicate )( 18 | __RPC__in IWbemObjectSink * This, 19 | /* [in] */ long lObjectCount, 20 | /* [size_is][in] */ __RPC__in_ecount_full(lObjectCount) IWbemClassObject **apObjArray); 21 | 22 | HRESULT ( STDMETHODCALLTYPE *SetStatus )( 23 | __RPC__in IWbemObjectSink * This, 24 | /* [in] */ long lFlags, 25 | /* [in] */ HRESULT hResult, 26 | /* [unique][in] */ __RPC__in_opt BSTR strParam, 27 | /* [unique][in] */ __RPC__in_opt IWbemClassObject *pObjParam); 28 | 29 | END_INTERFACE 30 | } IWbemObjectSinkVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/WMI/IWbemObjectTextSrc.txt: -------------------------------------------------------------------------------- 1 | typedef struct IWbemObjectTextSrcVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IWbemObjectTextSrc * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IWbemObjectTextSrc * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IWbemObjectTextSrc * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *GetText )( 17 | IWbemObjectTextSrc * This, 18 | /* [in] */ long lFlags, 19 | /* [in] */ IWbemClassObject *pObj, 20 | /* [in] */ ULONG uObjTextFormat, 21 | /* [in] */ IWbemContext *pCtx, 22 | /* [out] */ BSTR *strText); 23 | 24 | HRESULT ( STDMETHODCALLTYPE *CreateFromText )( 25 | IWbemObjectTextSrc * This, 26 | /* [in] */ long lFlags, 27 | /* [in] */ BSTR strText, 28 | /* [in] */ ULONG uObjTextFormat, 29 | /* [in] */ IWbemContext *pCtx, 30 | /* [out] */ IWbemClassObject **pNewObj); 31 | 32 | END_INTERFACE 33 | } IWbemObjectTextSrcVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IActivationPropertiesOut.txt: -------------------------------------------------------------------------------- 1 | typedef struct IActivationPropertiesOutVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IActivationPropertiesOut * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IActivationPropertiesOut * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IActivationPropertiesOut * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *GetActivationID )( 17 | IActivationPropertiesOut * This, 18 | /* [out] */ GUID *pActivationID); 19 | 20 | HRESULT ( STDMETHODCALLTYPE *GetObjectInterface )( 21 | IActivationPropertiesOut * This, 22 | /* [in] */ REFIID riid, 23 | /* [in] */ DWORD actvflags, 24 | /* [iid_is][out] */ void **ppv); 25 | 26 | HRESULT ( STDMETHODCALLTYPE *GetObjectInterfaces )( 27 | IActivationPropertiesOut * This, 28 | /* [in] */ DWORD cIfs, 29 | /* [in] */ DWORD actvflags, 30 | /* [size_is][in] */ MULTI_QI *multiQi); 31 | 32 | HRESULT ( STDMETHODCALLTYPE *RemoveRequestedIIDs )( 33 | IActivationPropertiesOut * This, 34 | /* [in] */ DWORD cIfs, 35 | /* [size_is][in] */ IID *rgIID); 36 | 37 | END_INTERFACE 38 | } IActivationPropertiesOutVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IActivationStageInfo.txt: -------------------------------------------------------------------------------- 1 | typedef struct IActivationStageInfoVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IActivationStageInfo * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IActivationStageInfo * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IActivationStageInfo * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *SetStageAndIndex )( 17 | IActivationStageInfo * This, 18 | /* [in] */ ACTIVATION_STAGE stage, 19 | /* [in] */ int index); 20 | 21 | HRESULT ( STDMETHODCALLTYPE *GetStage )( 22 | IActivationStageInfo * This, 23 | /* [out] */ ACTIVATION_STAGE *pstage); 24 | 25 | HRESULT ( STDMETHODCALLTYPE *GetIndex )( 26 | IActivationStageInfo * This, 27 | /* [out] */ int *pindex); 28 | 29 | END_INTERFACE 30 | } IActivationStageInfoVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IContext.txt: -------------------------------------------------------------------------------- 1 | typedef struct IContextVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IContext * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IContext * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IContext * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *SetProperty )( 17 | IContext * This, 18 | /* [in] */ REFGUID rpolicyId, 19 | /* [in] */ CPFLAGS flags, 20 | /* [in] */ IUnknown *pUnk); 21 | 22 | HRESULT ( STDMETHODCALLTYPE *RemoveProperty )( 23 | IContext * This, 24 | /* [in] */ REFGUID rPolicyId); 25 | 26 | HRESULT ( STDMETHODCALLTYPE *GetProperty )( 27 | IContext * This, 28 | /* [in] */ REFGUID rGuid, 29 | /* [out] */ CPFLAGS *pFlags, 30 | /* [out] */ IUnknown **ppUnk); 31 | 32 | HRESULT ( STDMETHODCALLTYPE *EnumContextProps )( 33 | IContext * This, 34 | /* [out] */ IEnumContextProps **ppEnumContextProps); 35 | 36 | END_INTERFACE 37 | } IContextVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IEnumContextProps.txt: -------------------------------------------------------------------------------- 1 | typedef struct IEnumContextPropsVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IEnumContextProps * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IEnumContextProps * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IEnumContextProps * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *Next )( 17 | IEnumContextProps * This, 18 | /* [in] */ ULONG celt, 19 | /* [length_is][size_is][out] */ ContextProperty *pContextProperties, 20 | /* [out] */ ULONG *pceltFetched); 21 | 22 | HRESULT ( STDMETHODCALLTYPE *Skip )( 23 | IEnumContextProps * This, 24 | /* [in] */ ULONG celt); 25 | 26 | HRESULT ( STDMETHODCALLTYPE *Reset )( 27 | IEnumContextProps * This); 28 | 29 | HRESULT ( STDMETHODCALLTYPE *Clone )( 30 | IEnumContextProps * This, 31 | /* [out] */ IEnumContextProps **ppEnumContextProps); 32 | 33 | HRESULT ( STDMETHODCALLTYPE *Count )( 34 | IEnumContextProps * This, 35 | /* [out] */ ULONG *pcelt); 36 | 37 | END_INTERFACE 38 | } IEnumContextPropsVtbl; 39 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IEnumSTATSTG.txt: -------------------------------------------------------------------------------- 1 | typedef struct IEnumSTATSTGVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IEnumSTATSTG * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IEnumSTATSTG * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IEnumSTATSTG * This); 15 | 16 | /* [local] */ HRESULT ( STDMETHODCALLTYPE *Next )( 17 | IEnumSTATSTG * This, 18 | /* [in] */ ULONG celt, 19 | /* [length_is][size_is][out] */ STATSTG *rgelt, 20 | /* [out] */ ULONG *pceltFetched); 21 | 22 | HRESULT ( STDMETHODCALLTYPE *Skip )( 23 | IEnumSTATSTG * This, 24 | /* [in] */ ULONG celt); 25 | 26 | HRESULT ( STDMETHODCALLTYPE *Reset )( 27 | IEnumSTATSTG * This); 28 | 29 | HRESULT ( STDMETHODCALLTYPE *Clone )( 30 | IEnumSTATSTG * This, 31 | /* [out] */ IEnumSTATSTG **ppenum); 32 | 33 | END_INTERFACE 34 | } IEnumSTATSTGVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IOpaqueData.txt: -------------------------------------------------------------------------------- 1 | typedef struct IOpaqueDataInfoVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IOpaqueDataInfo * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IOpaqueDataInfo * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IOpaqueDataInfo * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *AddOpaqueData )( 17 | IOpaqueDataInfo * This, 18 | /* [in] */ OpaqueData *pData); 19 | 20 | HRESULT ( STDMETHODCALLTYPE *GetOpaqueData )( 21 | IOpaqueDataInfo * This, 22 | /* [in] */ REFGUID guid, 23 | /* [out] */ OpaqueData **pData); 24 | 25 | HRESULT ( STDMETHODCALLTYPE *DeleteOpaqueData )( 26 | IOpaqueDataInfo * This, 27 | /* [in] */ REFGUID guid); 28 | 29 | HRESULT ( STDMETHODCALLTYPE *GetOpaqueDataCount )( 30 | IOpaqueDataInfo * This, 31 | /* [out] */ ULONG *pulCount); 32 | 33 | HRESULT ( STDMETHODCALLTYPE *GetAllOpaqueData )( 34 | IOpaqueDataInfo * This, 35 | /* [out] */ OpaqueData **prgData); 36 | 37 | END_INTERFACE 38 | } IOpaqueDataInfoVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IScmReplyInfo.txt: -------------------------------------------------------------------------------- 1 | typedef struct IScmReplyInfoVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IScmReplyInfo * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IScmReplyInfo * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IScmReplyInfo * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *SetResolverInfo )( 17 | IScmReplyInfo * This, 18 | /* [in] */ PRIV_RESOLVER_INFO *pResolverInfo); /* Need to be cast to PRIV_RESOLVER_INFO_LEGACY on old windows */ 19 | 20 | HRESULT ( STDMETHODCALLTYPE *GetResolverInfo )( 21 | IScmReplyInfo * This, 22 | /* [out] */ PRIV_RESOLVER_INFO **ppResolverInfo); /* Need to be cast to PRIV_RESOLVER_INFO_LEGACY on old windows */ 23 | 24 | HRESULT ( STDMETHODCALLTYPE *SetRemoteReplyInfo )( 25 | IScmReplyInfo * This, 26 | /* [in] */ REMOTE_REPLY_SCM_INFO *pRemoteReply); 27 | 28 | HRESULT ( STDMETHODCALLTYPE *GetRemoteReplyInfo )( 29 | IScmReplyInfo * This, 30 | /* [out] */ REMOTE_REPLY_SCM_INFO **ppRemoteReply); 31 | 32 | END_INTERFACE 33 | } IScmReplyInfoVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/IScmRequestInfo.txt: -------------------------------------------------------------------------------- 1 | typedef struct IScmRequestInfoVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IScmRequestInfo * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IScmRequestInfo * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IScmRequestInfo * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *SetScmInfo )( 17 | IScmRequestInfo * This, 18 | /* [in] */ PRIV_SCM_INFO *pScmInfo); 19 | 20 | HRESULT ( STDMETHODCALLTYPE *GetScmInfo )( 21 | IScmRequestInfo * This, 22 | /* [out] */ PRIV_SCM_INFO **ppScmInfo); 23 | 24 | HRESULT ( STDMETHODCALLTYPE *SetRemoteRequestInfo )( 25 | IScmRequestInfo * This, 26 | /* [in] */ REMOTE_REQUEST_SCM_INFO *pRemoteReq); 27 | 28 | HRESULT ( STDMETHODCALLTYPE *GetRemoteRequestInfo )( 29 | IScmRequestInfo * This, 30 | /* [out] */ REMOTE_REQUEST_SCM_INFO **ppRemoteReq); 31 | 32 | END_INTERFACE 33 | } IScmRequestInfoVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/combase/ISystemActivator.txt: -------------------------------------------------------------------------------- 1 | typedef struct ISystemActivatorVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | ISystemActivator * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | ISystemActivator * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | ISystemActivator * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *GetClassObject )( 17 | ISystemActivator * This, 18 | /* [unique][in] */ IActivationPropertiesIn *pActProperties, 19 | /* [out] */ IActivationPropertiesOut **ppActProperties); 20 | 21 | HRESULT ( STDMETHODCALLTYPE *CreateInstance )( 22 | ISystemActivator * This, 23 | /* [unique][in] */ IUnknown *pUnkOuter, 24 | /* [unique][in] */ IActivationPropertiesIn *pActProperties, 25 | /* [out] */ IActivationPropertiesOut **ppActProperties); 26 | 27 | END_INTERFACE 28 | } ISystemActivatorVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/manually_created/IProxyServerIdentity.txt: -------------------------------------------------------------------------------- 1 | typedef struct IProxyServerIdentityVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IProxyServerIdentity * This, 7 | /* [in] */ REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | __RPC__deref_out void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | IProxyServerIdentity * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | IProxyServerIdentity * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *GetServerProcessId )( 18 | IProxyServerIdentity * This, 19 | UINT *processId); 20 | 21 | HRESULT ( STDMETHODCALLTYPE *GetServerProcessHandle )( 22 | IProxyServerIdentity * This, 23 | DWORD dwDesiredAccess, 24 | INT bInheritHandle, 25 | PVOID *phProcess) ; 26 | 27 | END_INTERFACE 28 | } IProxyServerIdentityVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/propertysystem/IPackageExecutionStateChangeNotification.txt: -------------------------------------------------------------------------------- 1 | typedef struct IPackageExecutionStateChangeNotificationVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | __RPC__in IPackageExecutionStateChangeNotification * This, 7 | /* [in] */ __RPC__in REFIID riid, 8 | /* [annotation][iid_is][out] */ 9 | _COM_Outptr_ void **ppvObject); 10 | 11 | ULONG ( STDMETHODCALLTYPE *AddRef )( 12 | __RPC__in IPackageExecutionStateChangeNotification * This); 13 | 14 | ULONG ( STDMETHODCALLTYPE *Release )( 15 | __RPC__in IPackageExecutionStateChangeNotification * This); 16 | 17 | HRESULT ( STDMETHODCALLTYPE *OnStateChanged )( 18 | __RPC__in IPackageExecutionStateChangeNotification * This, 19 | /* [string][in] */ __RPC__in_string LPCWSTR pszPackageFullName, 20 | /* [in] */ PACKAGE_EXECUTION_STATE pesNewState); 21 | 22 | END_INTERFACE 23 | } IPackageExecutionStateChangeNotificationVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/rpc/IRpcChannelBuffer.txt: -------------------------------------------------------------------------------- 1 | typedef struct IRpcChannelBufferVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IRpcChannelBuffer * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IRpcChannelBuffer * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IRpcChannelBuffer * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *GetBuffer )( 17 | IRpcChannelBuffer * This, 18 | /* [in] */ RPCOLEMESSAGE *pMessage, 19 | /* [in] */ REFIID riid); 20 | 21 | HRESULT ( STDMETHODCALLTYPE *SendReceive )( 22 | IRpcChannelBuffer * This, 23 | /* [out][in] */ RPCOLEMESSAGE *pMessage, 24 | /* [out] */ ULONG *pStatus); 25 | 26 | HRESULT ( STDMETHODCALLTYPE *FreeBuffer )( 27 | IRpcChannelBuffer * This, 28 | /* [in] */ RPCOLEMESSAGE *pMessage); 29 | 30 | HRESULT ( STDMETHODCALLTYPE *GetDestCtx )( 31 | IRpcChannelBuffer * This, 32 | /* [out] */ DWORD *pdwDestContext, 33 | /* [out] */ void **ppvDestContext); 34 | 35 | HRESULT ( STDMETHODCALLTYPE *IsConnected )( 36 | IRpcChannelBuffer * This); 37 | 38 | END_INTERFACE 39 | } IRpcChannelBufferVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/rpc/IRpcHelper.txt: -------------------------------------------------------------------------------- 1 | typedef struct IRpcHelperVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IRpcHelper * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IRpcHelper * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IRpcHelper * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *GetDCOMProtocolVersion )( 17 | IRpcHelper * This, 18 | /* [out] */ DWORD *pComVersion); 19 | 20 | HRESULT ( STDMETHODCALLTYPE *GetIIDFromOBJREF )( 21 | IRpcHelper * This, 22 | /* [in] */ void *pObjRef, 23 | /* [out] */ IID **piid); 24 | 25 | END_INTERFACE 26 | } IRpcHelperVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/rpc/IRpcOptions.txt: -------------------------------------------------------------------------------- 1 | typedef struct IRpcOptionsVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IRpcOptions * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ void **ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IRpcOptions * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IRpcOptions * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *Set )( 17 | IRpcOptions * This, 18 | /* [in] */ IUnknown *pPrx, 19 | /* [in] */ DWORD dwProperty, 20 | /* [in] */ ULONG_PTR dwValue); 21 | 22 | HRESULT ( STDMETHODCALLTYPE *Query )( 23 | IRpcOptions * This, 24 | /* [in] */ IUnknown *pPrx, 25 | /* [in] */ DWORD dwProperty, 26 | /* [out] */ ULONG_PTR *pdwValue); 27 | 28 | END_INTERFACE 29 | } IRpcOptionsVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/com/rpc/IRpcStubBuffer.txt: -------------------------------------------------------------------------------- 1 | typedef struct IRpcStubBufferVtbl 2 | { 3 | BEGIN_INTERFACE 4 | 5 | HRESULT ( STDMETHODCALLTYPE *QueryInterface )( 6 | IRpcStubBuffer * This, 7 | /* [in] */ REFIID riid, 8 | /* [iid_is][out] */ PVOID *ppvObject); 9 | 10 | ULONG ( STDMETHODCALLTYPE *AddRef )( 11 | IRpcStubBuffer * This); 12 | 13 | ULONG ( STDMETHODCALLTYPE *Release )( 14 | IRpcStubBuffer * This); 15 | 16 | HRESULT ( STDMETHODCALLTYPE *Connect )( 17 | IRpcStubBuffer * This, 18 | /* [in] */ IUnknown *pUnkServer); 19 | 20 | PVOID ( STDMETHODCALLTYPE *Disconnect )( 21 | IRpcStubBuffer * This); 22 | 23 | HRESULT ( STDMETHODCALLTYPE *Invoke )( 24 | IRpcStubBuffer * This, 25 | /* [in] */ RPCOLEMESSAGE *_prpcmsg, 26 | /* [in] */ IRpcChannelBuffer *_pRpcChannelBuffer); 27 | 28 | // IRpcStubBuffer * 29 | PVOID ( STDMETHODCALLTYPE *IsIIDSupported )( 30 | IRpcStubBuffer * This, 31 | /* [in] */ REFIID riid); 32 | 33 | ULONG ( STDMETHODCALLTYPE *CountRefs )( 34 | IRpcStubBuffer * This); 35 | 36 | HRESULT ( STDMETHODCALLTYPE *DebugServerQueryInterface )( 37 | IRpcStubBuffer * This, 38 | PVOID *ppv); 39 | 40 | PVOID ( STDMETHODCALLTYPE *DebugServerRelease )( 41 | IRpcStubBuffer * This, 42 | PVOID pv); 43 | 44 | END_INTERFACE 45 | } IRpcStubBufferVtbl; -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/bits.txt: -------------------------------------------------------------------------------- 1 | #define BG_JOB_ENUM_ALL_USERS 0x0001 2 | 3 | #define BG_NOTIFY_JOB_TRANSFERRED 0x0001 4 | #define BG_NOTIFY_JOB_ERROR 0x0002 5 | #define BG_NOTIFY_DISABLE 0x0004 6 | #define BG_NOTIFY_JOB_MODIFICATION 0x0008 7 | #define BG_NOTIFY_FILE_TRANSFERRED 0x0010 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/combase.txt: -------------------------------------------------------------------------------- 1 | #define ORPCF_NULL ( 0 ) 2 | #define ORPCF_LOCAL ( 1 ) 3 | #define ORPCF_RESERVED1 ( 2 ) 4 | #define ORPCF_RESERVED2 ( 4 ) 5 | #define ORPCF_RESERVED3 ( 8 ) 6 | #define ORPCF_RESERVED4 ( 16 ) 7 | 8 | #define ORPCF_INPUT_SYNC ORPCF_RESERVED1 9 | #define ORPCF_ASYNC ORPCF_RESERVED2 10 | #define ORPCF_DYNAMIC_CLOAKING ORPCF_RESERVED3 11 | 12 | #define ORPCF_REJECTED ORPCF_RESERVED1 13 | #define ORPCF_RETRY_LATER ORPCF_RESERVED2 14 | 15 | #define OBJREF_SIGNATURE ( 0x574f454d ) 16 | #define OBJREF_STANDARD ( 0x1 ) 17 | #define OBJREF_HANDLER ( 0x2 ) 18 | #define OBJREF_CUSTOM ( 0x4 ) 19 | #define OBJREF_EXTENDED ( 0x8 ) 20 | #define SORF_OXRES1 ( 0x1 ) 21 | #define SORF_OXRES2 ( 0x20 ) 22 | #define SORF_OXRES3 ( 0x40 ) 23 | #define SORF_OXRES4 ( 0x80 ) 24 | #define SORF_OXRES5 ( 0x100 ) 25 | #define SORF_OXRES6 ( 0x200 ) 26 | #define SORF_OXRES7 ( 0x400 ) 27 | #define SORF_OXRES8 ( 0x800 ) 28 | #define SORF_NULL ( 0 ) 29 | #define SORF_NOPING ( 0x1000 ) 30 | 31 | #define UNIQUE_FLAG_PADDING 2 32 | #define MAINHDRSIG 0x414E554B 33 | #define ENTRYHDRSIG 0x494E414E -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/custom_rpc_windef.txt: -------------------------------------------------------------------------------- 1 | #define RPC_REQUEST_TYPE_CALL 0 2 | #define RPC_REQUEST_TYPE_BIND 1 3 | 4 | #define RPC_RESPONSE_TYPE_BIND_OK 1 5 | #define RPC_RESPONSE_TYPE_FAIL 2 6 | #define RPC_RESPONSE_TYPE_SUCCESS 3 7 | 8 | #define BIND_IF_SYNTAX_NDR32 1 9 | #define BIND_IF_SYNTAX_NDR64 2 10 | #define BIND_IF_SYNTAX_UNKNOWN 4 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/disk.txt: -------------------------------------------------------------------------------- 1 | #define VIRTUAL_STORAGE_TYPE_DEVICE_UNKNOWN 0 2 | #define VIRTUAL_STORAGE_TYPE_DEVICE_ISO 1 3 | #define VIRTUAL_STORAGE_TYPE_DEVICE_VHD 2 4 | #define VIRTUAL_STORAGE_TYPE_DEVICE_VHDX 3 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/error_helper.txt: -------------------------------------------------------------------------------- 1 | #define APPLICATION_ERROR_MASK 0x20000000 2 | #define ERROR_SEVERITY_SUCCESS 0x00000000 3 | #define ERROR_SEVERITY_INFORMATIONAL 0x40000000 4 | #define ERROR_SEVERITY_WARNING 0x80000000 5 | #define ERROR_SEVERITY_ERROR 0xC0000000 6 | 7 | // https://learn.microsoft.com/en-us/windows/win32/com/structure-of-com-error-codes 8 | // Define the facility codes 9 | // 10 | #define FACILITY_WINDOWS 0x8 11 | #define FACILITY_WIN32 0x7 12 | #define FACILITY_STORAGE 0x3 13 | #define FACILITY_RPC 0x1 14 | #define FACILITY_NULL 0x0 15 | #define FACILITY_ITF 0x4 16 | #define FACILITY_DISPATCH 0x2 17 | 18 | 19 | // 20 | // Define the severity codes 21 | // 22 | #define STATUS_SEVERITY_SUCCESS 0x0 23 | #define STATUS_SEVERITY_COERROR 0x2 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/kuser_shared_data.txt: -------------------------------------------------------------------------------- 1 | #define MM_SHARED_USER_DATA_VA 0x7FFE0000 2 | 3 | #define XSTATE_LEGACY_FLOATING_POINT (0) 4 | #define XSTATE_LEGACY_SSE (1) 5 | #define XSTATE_GSSE (2) 6 | #define XSTATE_AVX (XSTATE_GSSE) 7 | #define XSTATE_MPX_BNDREGS (3) 8 | #define XSTATE_MPX_BNDCSR (4) 9 | #define XSTATE_AVX512_KMASK (5) 10 | #define XSTATE_AVX512_ZMM_H (6) 11 | #define XSTATE_AVX512_ZMM (7) 12 | #define XSTATE_IPT (8) 13 | #define XSTATE_LWP (62) 14 | #define MAXIMUM_XSTATE_FEATURES (64) -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/midl.txt: -------------------------------------------------------------------------------- 1 | #define FC_ALLOCATE_ALL_NODES 0x01 2 | #define FC_DONT_FREE 0x02 3 | #define FC_ALLOCED_ON_STACK 0x04 4 | #define FC_SIMPLE_POINTER 0x08 5 | #define FC_POINTER_DEREF 0x10 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/pipe.txt: -------------------------------------------------------------------------------- 1 | #define PIPE_ACCESS_INBOUND 0x00000001 2 | #define PIPE_ACCESS_OUTBOUND 0x00000002 3 | #define PIPE_ACCESS_DUPLEX 0x00000003 4 | 5 | // 6 | // Define the Named Pipe End flags for GetNamedPipeInfo 7 | // 8 | 9 | #define PIPE_CLIENT_END 0x00000000 10 | #define PIPE_SERVER_END 0x00000001 11 | 12 | // 13 | // Define the dwPipeMode values for CreateNamedPipe 14 | // 15 | 16 | #define PIPE_WAIT 0x00000000 17 | #define PIPE_NOWAIT 0x00000001 18 | #define PIPE_READMODE_BYTE 0x00000000 19 | #define PIPE_READMODE_MESSAGE 0x00000002 20 | #define PIPE_TYPE_BYTE 0x00000000 21 | #define PIPE_TYPE_MESSAGE 0x00000004 22 | #define PIPE_ACCEPT_REMOTE_CLIENTS 0x00000000 23 | #define PIPE_REJECT_REMOTE_CLIENTS 0x00000008 24 | 25 | // 26 | // Define the well known values for CreateNamedPipe nMaxInstances 27 | // 28 | 29 | #define PIPE_UNLIMITED_INSTANCES 255 30 | 31 | 32 | #define NMPWAIT_WAIT_FOREVER 0xffffffff 33 | #define NMPWAIT_NOWAIT 0x00000001 34 | #define NMPWAIT_USE_DEFAULT_WAIT 0x00000000 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/section.txt: -------------------------------------------------------------------------------- 1 | #define MEM_EXTENDED_PARAMETER_TYPE_BITS 8 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/version.txt: -------------------------------------------------------------------------------- 1 | /* 2 | FILE_VER_GET_... flags are for use by 3 | GetFileVersionInfoSizeEx 4 | GetFileVersionInfoExW 5 | */ 6 | #define FILE_VER_GET_LOCALISED 0x01 7 | #define FILE_VER_GET_NEUTRAL 0x02 8 | #define FILE_VER_GET_PREFETCHED 0x04 -------------------------------------------------------------------------------- /ctypes_generation/definitions/defines/windef_evtlog.txt: -------------------------------------------------------------------------------- 1 | #define EVENTLOG_SUCCESS 0x0000 2 | #define EVENTLOG_ERROR_TYPE 0x0001 3 | #define EVENTLOG_WARNING_TYPE 0x0002 4 | #define EVENTLOG_INFORMATION_TYPE 0x0004 5 | #define EVENTLOG_AUDIT_SUCCESS 0x0008 6 | #define EVENTLOG_AUDIT_FAILURE 0x0010 7 | 8 | 9 | #define EVENTLOG_SEQUENTIAL_READ 0x0001 10 | #define EVENTLOG_SEEK_READ 0x0002 11 | #define EVENTLOG_FORWARDS_READ 0x0004 12 | #define EVENTLOG_BACKWARDS_READ 0x0008 13 | 14 | #define EVT_VARIANT_TYPE_MASK 0x7f 15 | #define EVT_VARIANT_TYPE_ARRAY 128 -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/accessibility.txt: -------------------------------------------------------------------------------- 1 | HRESULT WINAPI ObjectFromLresult( 2 | _In_ LRESULT lResult, 3 | _In_ REFIID riid, 4 | _In_ WPARAM wParam, 5 | _Out_ PVOID *ppvObject 6 | ); 7 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/atoms.txt: -------------------------------------------------------------------------------- 1 | ATOM AddAtomA( 2 | LPCSTR lpString 3 | ); 4 | 5 | 6 | ATOM AddAtomW( 7 | LPCWSTR lpString 8 | ); 9 | 10 | 11 | ATOM GlobalAddAtomA( 12 | LPCSTR lpString 13 | ); 14 | 15 | ATOM GlobalAddAtomExA( 16 | LPCSTR lpString, 17 | DWORD Flags 18 | ); 19 | 20 | ATOM GlobalAddAtomExW( 21 | LPCWSTR lpString, 22 | DWORD Flags 23 | ); 24 | 25 | 26 | ATOM GlobalAddAtomW( 27 | LPCWSTR lpString 28 | ); 29 | 30 | 31 | ATOM GlobalDeleteAtom( 32 | ATOM nAtom 33 | ); 34 | 35 | 36 | UINT GlobalGetAtomNameA( 37 | ATOM nAtom, 38 | LPSTR lpBuffer, 39 | INT nSize 40 | ); 41 | 42 | UINT GlobalGetAtomNameW( 43 | ATOM nAtom, 44 | LPWSTR lpBuffer, 45 | INT nSize 46 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/dbghelp.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hakril/PythonForWindows/9aaf2c6f6c037da2a70db9cc3a4664acea32ad4c/ctypes_generation/definitions/functions/dbghelp.txt -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/disk.txt: -------------------------------------------------------------------------------- 1 | DWORD OpenVirtualDisk( 2 | PVIRTUAL_STORAGE_TYPE VirtualStorageType, 3 | PCWSTR Path, 4 | VIRTUAL_DISK_ACCESS_MASK VirtualDiskAccessMask, 5 | OPEN_VIRTUAL_DISK_FLAG Flags, 6 | POPEN_VIRTUAL_DISK_PARAMETERS Parameters, 7 | PHANDLE Handle 8 | ); 9 | 10 | 11 | DWORD AttachVirtualDisk( 12 | HANDLE VirtualDiskHandle, 13 | PSECURITY_DESCRIPTOR SecurityDescriptor, 14 | ATTACH_VIRTUAL_DISK_FLAG Flags, 15 | ULONG ProviderSpecificFlags, 16 | PATTACH_VIRTUAL_DISK_PARAMETERS Parameters, 17 | LPOVERLAPPED Overlapped 18 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/dpapi.txt: -------------------------------------------------------------------------------- 1 | BOOL CryptProtectData( 2 | DATA_BLOB *pDataIn, 3 | LPCWSTR szDataDescr, 4 | DATA_BLOB *pOptionalEntropy, 5 | PVOID pvReserved, 6 | CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, 7 | DWORD dwFlags, 8 | DATA_BLOB *pDataOut 9 | ); 10 | 11 | BOOL CryptUnprotectData( 12 | DATA_BLOB *pDataIn, 13 | LPWSTR *ppszDataDescr, 14 | DATA_BLOB *pOptionalEntropy, 15 | PVOID pvReserved, 16 | CRYPTPROTECT_PROMPTSTRUCT *pPromptStruct, 17 | DWORD dwFlags, 18 | DATA_BLOB *pDataOut 19 | ); 20 | 21 | BOOL CryptProtectMemory( 22 | LPVOID pDataIn, 23 | DWORD cbDataIn, 24 | DWORD dwFlags 25 | ); 26 | 27 | BOOL CryptUnprotectMemory( 28 | LPVOID pDataIn, 29 | DWORD cbDataIn, 30 | DWORD dwFlags 31 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/environ.txt: -------------------------------------------------------------------------------- 1 | DWORD GetEnvironmentVariableA( 2 | [in, optional] LPCSTR lpName, 3 | [out, optional] LPSTR lpBuffer, 4 | [in] DWORD nSize 5 | ); 6 | 7 | DWORD GetEnvironmentVariableW( 8 | [in, optional] LPCWSTR lpName, 9 | [out, optional] LPWSTR lpBuffer, 10 | [in] DWORD nSize 11 | ); 12 | 13 | 14 | BOOL SetEnvironmentVariableA( 15 | [in] LPCSTR lpName, 16 | [in, optional] LPCSTR lpValue 17 | ); 18 | 19 | BOOL SetEnvironmentVariableW( 20 | [in] LPCWSTR lpName, 21 | [in, optional] LPCWSTR lpValue 22 | ); 23 | 24 | PVOID GetEnvironmentStringsA(); 25 | 26 | PVOID GetEnvironmentStringsW(); 27 | 28 | BOOL SetEnvironmentStringsW( 29 | LPWCH NewEnvironment 30 | ); 31 | 32 | BOOL FreeEnvironmentStringsA( 33 | PVOID penv 34 | ); 35 | 36 | BOOL FreeEnvironmentStringsW( 37 | PVOID penv 38 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/heap.txt: -------------------------------------------------------------------------------- 1 | LPVOID HeapAlloc( 2 | HANDLE hHeap, 3 | DWORD dwFlags, 4 | SIZE_T dwBytes 5 | ); 6 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/memoryapi.txt: -------------------------------------------------------------------------------- 1 | 2 | HANDLE OpenFileMappingW( 3 | DWORD dwDesiredAccess, 4 | BOOL bInheritHandle, 5 | LPCWSTR lpName 6 | ); 7 | 8 | HANDLE OpenFileMappingA( 9 | DWORD dwDesiredAccess, 10 | BOOL bInheritHandle, 11 | LPCSTR lpName 12 | ); 13 | 14 | BOOL UnmapViewOfFile( 15 | LPCVOID lpBaseAddress 16 | ); 17 | 18 | 19 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/ncrypt.txt: -------------------------------------------------------------------------------- 1 | SECURITY_STATUS NCryptOpenKey( 2 | [in] NCRYPT_PROV_HANDLE hProvider, 3 | [out] NCRYPT_KEY_HANDLE *phKey, 4 | [in] LPCWSTR pszKeyName, 5 | [in] DWORD dwLegacyKeySpec, 6 | [in] DWORD dwFlags 7 | ); 8 | 9 | 10 | SECURITY_STATUS NCryptOpenStorageProvider( 11 | [out] NCRYPT_PROV_HANDLE *phProvider, 12 | [in, optional] LPCWSTR pszProviderName, 13 | [in] DWORD dwFlags 14 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/netip.txt: -------------------------------------------------------------------------------- 1 | ULONG GetIpNetTable( 2 | PMIB_IPNETTABLE IpNetTable, 3 | PULONG SizePointer, 4 | BOOL Order 5 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/shell32.txt: -------------------------------------------------------------------------------- 1 | HINSTANCE WINAPI ShellExecuteA( 2 | _In_opt_ HWND hwnd, 3 | _In_opt_ LPCSTR lpOperation, 4 | _In_ LPCSTR lpFile, 5 | _In_opt_ LPCSTR lpParameters, 6 | _In_opt_ LPCSTR lpDirectory, 7 | _In_ INT nShowCmd 8 | ); 9 | 10 | 11 | HINSTANCE WINAPI ShellExecuteW( 12 | _In_opt_ HWND hwnd, 13 | _In_opt_ LPWSTR lpOperation, 14 | _In_ LPWSTR lpFile, 15 | _In_opt_ LPWSTR lpParameters, 16 | _In_opt_ LPWSTR lpDirectory, 17 | _In_ INT nShowCmd 18 | ); 19 | 20 | 21 | BOOL SHGetPathFromIDListA( 22 | PCIDLIST_ABSOLUTE pidl, 23 | LPCSTR pszPath 24 | ); 25 | 26 | BOOL SHGetPathFromIDListW( 27 | PCIDLIST_ABSOLUTE pidl, 28 | LPWSTR pszPath 29 | ); 30 | 31 | INT SHFileOperationA( 32 | LPSHFILEOPSTRUCTA lpFileOp 33 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/shlwapi.txt: -------------------------------------------------------------------------------- 1 | PWSTR WINAPI StrStrIW( 2 | _In_ PWSTR pszFirst, 3 | _In_ PWSTR pszSrch 4 | ); 5 | 6 | PCSTR WINAPI StrStrIA( 7 | _In_ PCSTR pszFirst, 8 | _In_ PCSTR pszSrch 9 | ); 10 | 11 | 12 | BOOL IsOS( 13 | DWORD dwOS 14 | ); 15 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/synchapi.txt: -------------------------------------------------------------------------------- 1 | HANDLE CreateEventA( 2 | LPSECURITY_ATTRIBUTES lpEventAttributes, 3 | BOOL bManualReset, 4 | BOOL bInitialState, 5 | LPCSTR lpName 6 | ); 7 | 8 | HANDLE CreateEventW( 9 | LPSECURITY_ATTRIBUTES lpEventAttributes, 10 | BOOL bManualReset, 11 | BOOL bInitialState, 12 | LPCWSTR lpName 13 | ); 14 | 15 | HANDLE CreateEventExA( 16 | LPSECURITY_ATTRIBUTES lpEventAttributes, 17 | LPCSTR lpName, 18 | DWORD dwFlags, 19 | DWORD dwDesiredAccess 20 | ); 21 | 22 | HANDLE CreateEventExW( 23 | LPSECURITY_ATTRIBUTES lpEventAttributes, 24 | LPCWSTR lpName, 25 | DWORD dwFlags, 26 | DWORD dwDesiredAccess 27 | ); 28 | 29 | HANDLE WINAPI OpenEventA( 30 | __in DWORD dwDesiredAccess, 31 | __in BOOL bInheritHandle, 32 | __in LPCSTR lpName 33 | ); 34 | 35 | HANDLE WINAPI OpenEventW( 36 | __in DWORD dwDesiredAccess, 37 | __in BOOL bInheritHandle, 38 | __in LPCWSTR lpName 39 | ); 40 | 41 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/time.txt: -------------------------------------------------------------------------------- 1 | BOOL FileTimeToSystemTime( 2 | FILETIME *lpFileTime, 3 | LPSYSTEMTIME lpSystemTime 4 | ); 5 | 6 | BOOL SystemTimeToFileTime( 7 | SYSTEMTIME *lpSystemTime, 8 | LPFILETIME lpFileTime 9 | ); 10 | 11 | // void 12 | PVOID GetSystemTime( 13 | LPSYSTEMTIME lpSystemTime 14 | ); 15 | 16 | BOOL GetSystemTimes( 17 | PFILETIME lpIdleTime, 18 | PFILETIME lpKernelTime, 19 | PFILETIME lpUserTime 20 | ); 21 | 22 | // void 23 | PVOID GetSystemTimeAsFileTime( 24 | LPFILETIME lpSystemTimeAsFileTime 25 | ); 26 | 27 | // void 28 | PVOID GetLocalTime( 29 | LPSYSTEMTIME lpSystemTime 30 | ); 31 | 32 | DWORD GetTickCount(); 33 | 34 | ULONGLONG GetTickCount64(); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/trace_data_helper.txt: -------------------------------------------------------------------------------- 1 | TDHSTATUS TdhEnumerateProviders( 2 | PPROVIDER_ENUMERATION_INFO pBuffer, 3 | ULONG *pBufferSize 4 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/winfunc_crypto.txt.ignore: -------------------------------------------------------------------------------- 1 | BOOL WINAPI CryptCATAdminCalcHashFromFileHandle( 2 | __in HANDLE hFile, 3 | __inout DWORD *pcbHash, 4 | _Out_opt_ BYTE *pbHash, 5 | __in DWORD dwFlags); 6 | 7 | HCATINFO WINAPI CryptCATAdminEnumCatalogFromHash( 8 | __in HCATADMIN hCatAdmin, 9 | __in BYTE *pbHash, 10 | __in DWORD cbHash, 11 | __in DWORD dwFlags, 12 | __inout HCATINFO *phPrevCatInfo); 13 | 14 | BOOL WINAPI CryptCATAdminAcquireContext( 15 | _Out_ HCATADMIN *phCatAdmin, 16 | _In_ GUID *pgSubsystem, 17 | _In_ DWORD dwFlags 18 | ); 19 | 20 | BOOL WINAPI CryptCATCatalogInfoFromContext( 21 | _In_ HCATINFO hCatInfo, 22 | _Inout_ CATALOG_INFO *psCatInfo, 23 | _In_ DWORD dwFlags 24 | ); 25 | 26 | 27 | BOOL WINAPI CryptCATAdminReleaseCatalogContext( 28 | _In_ HCATADMIN hCatAdmin, 29 | _In_ HCATINFO hCatInfo, 30 | _In_ DWORD dwFlags 31 | ); 32 | 33 | BOOL WINAPI CryptCATAdminReleaseContext( 34 | _In_ HCATADMIN hCatAdmin, 35 | _In_ DWORD dwFlags 36 | ); -------------------------------------------------------------------------------- /ctypes_generation/definitions/functions/winfunc_notdoc.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hakril/PythonForWindows/9aaf2c6f6c037da2a70db9cc3a4664acea32ad4c/ctypes_generation/definitions/functions/winfunc_notdoc.txt -------------------------------------------------------------------------------- /ctypes_generation/definitions/ntstatus_template.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import ctypes 3 | from .flag import Flag 4 | 5 | is_py3 = (sys.version_info.major >= 3) 6 | 7 | class NtStatusException(WindowsError): 8 | ALL_STATUS = {} 9 | def __init__(self , code): 10 | try: 11 | x = self.ALL_STATUS[code] 12 | except KeyError: 13 | x = (code, 'UNKNOW_ERROR', 'Error non documented in ntstatus.py') 14 | self.code = x[0] 15 | self.name = x[1] 16 | self.descr = x[2] 17 | code_as_long = ctypes.c_long(x[0]).value 18 | if is_py3: 19 | vals = code_as_long, x[1], x[2], code_as_long 20 | else: 21 | vals = code_as_long, x[1], x[2] 22 | return super(NtStatusException, self).__init__(*vals) 23 | 24 | def __str__(self): 25 | return "{e.name}(0x{e.code:x}): {e.descr}".format(e=self) 26 | 27 | def __repr__(self): 28 | return "{0}(0x{1:08x}, {2})".format(type(self).__name__, self.code, self.name) 29 | 30 | @classmethod 31 | def register_ntstatus(cls, code, name, descr): 32 | if code in cls.ALL_STATUS: 33 | return # Use the first def 34 | cls.ALL_STATUS[code] = (code, name, descr) 35 | return Flag(name, code) 36 | 37 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/MIDL.txt: -------------------------------------------------------------------------------- 1 | typedef enum { 2 | FC_ZERO,FC_BYTE,FC_CHAR,FC_SMALL,FC_USMALL,FC_WCHAR,FC_SHORT,FC_USHORT,FC_LONG,FC_ULONG,FC_FLOAT,FC_HYPER,FC_DOUBLE,FC_ENUM16,FC_ENUM32, 3 | FC_IGNORE,FC_ERROR_STATUS_T,FC_RP,FC_UP,FC_OP,FC_FP,FC_STRUCT,FC_PSTRUCT,FC_CSTRUCT,FC_CPSTRUCT,FC_CVSTRUCT,FC_BOGUS_STRUCT,FC_CARRAY, 4 | FC_CVARRAY,FC_SMFARRAY,FC_LGFARRAY,FC_SMVARRAY,FC_LGVARRAY,FC_BOGUS_ARRAY,FC_C_CSTRING,FC_C_BSTRING,FC_C_SSTRING,FC_C_WSTRING,FC_CSTRING, 5 | FC_BSTRING,FC_SSTRING,FC_WSTRING,FC_ENCAPSULATED_UNION,FC_NON_ENCAPSULATED_UNION,FC_BYTE_COUNT_POINTER,FC_TRANSMIT_AS,FC_REPRESENT_AS,FC_IP, 6 | FC_BIND_CONTEXT,FC_BIND_GENERIC,FC_BIND_PRIMITIVE,FC_AUTO_HANDLE,FC_CALLBACK_HANDLE,FC_UNUSED1,FC_POINTER,FC_ALIGNM2,FC_ALIGNM4,FC_ALIGNM8, 7 | FC_UNUSED2,FC_UNUSED3,FC_UNUSED4,FC_STRUCTPAD1,FC_STRUCTPAD2,FC_STRUCTPAD3,FC_STRUCTPAD4,FC_STRUCTPAD5,FC_STRUCTPAD6,FC_STRUCTPAD7, 8 | FC_STRING_SIZED,FC_UNUSED5,FC_NO_REPEAT,FC_FIXED_REPEAT,FC_VARIABLE_REPEAT,FC_FIXED_OFFSET,FC_VARIABLE_OFFSET,FC_PP,FC_EMBEDDED_COMPLEX, 9 | FC_IN_PARAM,FC_IN_PARAM_BASETYPE,FC_IN_PARAM_NO_FREE_INST,FC_IN_OUT_PARAM,FC_OUT_PARAM,FC_RETURN_PARAM,FC_RETURN_PARAM_BASETYPE,FC_DEREFERENCE, 10 | FC_DIV_2,FC_MULT_2,FC_ADD_1,FC_SUB_1,FC_CALLBACK,FC_CONSTANT_IID,FC_END,FC_PAD,FC_SPLIT_DEREFERENCE = 0x74,FC_SPLIT_DIV_2,FC_SPLIT_MULT_2, 11 | FC_SPLIT_ADD_1,FC_SPLIT_SUB_1,FC_SPLIT_CALLBACK,FC_HARD_STRUCT = 0xb1,FC_TRANSMIT_AS_PTR,FC_REPRESENT_AS_PTR,FC_USER_MARSHAL,FC_PIPE, 12 | FC_BLKHOLE,FC_RANGE,FC_INT3264,FC_UINT3264,FC_END_OF_UNIVERSE 13 | } NDR_FORMAT_CHARACTER; 14 | 15 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/bits.txt: -------------------------------------------------------------------------------- 1 | typedef enum __MIDL_IBackgroundCopyJob2_0002 { 2 | BG_AUTH_SCHEME_BASIC, 3 | BG_AUTH_SCHEME_DIGEST, 4 | BG_AUTH_SCHEME_NTLM, 5 | BG_AUTH_SCHEME_NEGOTIATE, 6 | BG_AUTH_SCHEME_PASSPORT 7 | } BG_AUTH_SCHEME; 8 | 9 | 10 | typedef enum __MIDL_IBackgroundCopyJob2_0001 { 11 | BG_AUTH_TARGET_SERVER, 12 | BG_AUTH_TARGET_PROXY 13 | } BG_AUTH_TARGET; 14 | 15 | 16 | typedef struct __MIDL_IBackgroundCopyJob2_0003 { 17 | LPWSTR UserName; 18 | LPWSTR Password; 19 | } BG_BASIC_CREDENTIALS; 20 | 21 | typedef union __MIDL_IBackgroundCopyJob2_0004 { 22 | BG_BASIC_CREDENTIALS Basic; 23 | } BG_AUTH_CREDENTIALS_UNION; 24 | 25 | typedef struct { 26 | BG_AUTH_TARGET Target; 27 | BG_AUTH_SCHEME Scheme; 28 | BG_AUTH_CREDENTIALS_UNION Credentials; 29 | } BG_AUTH_CREDENTIALS; 30 | 31 | typedef struct _BG_JOB_REPLY_PROGRESS { 32 | UINT64 BytesTotal; 33 | UINT64 BytesTransferred; 34 | } BG_JOB_REPLY_PROGRESS; 35 | 36 | typedef struct _BG_FILE_RANGE { 37 | UINT64 InitialOffset; 38 | UINT64 Length; 39 | } BG_FILE_RANGE; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/dpapi.txt: -------------------------------------------------------------------------------- 1 | typedef struct _CRYPTPROTECT_PROMPTSTRUCT { 2 | DWORD cbSize; 3 | DWORD dwPromptFlags; 4 | HWND hwndApp; 5 | LPCWSTR szPrompt; 6 | } CRYPTPROTECT_PROMPTSTRUCT, *PCRYPTPROTECT_PROMPTSTRUCT; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/guid.txt: -------------------------------------------------------------------------------- 1 | /* I 'often' add typedef for GUID: so I put it in a specific file */ 2 | 3 | typedef struct _GUID { 4 | ULONG Data1; 5 | USHORT Data2; 6 | USHORT Data3; 7 | BYTE Data4[ 8 ]; 8 | } GUID, IID, CLSID, *REFIID, *REFCLSID, *LPGUID, *REFGUID, *LPCLSID, *LPCGUID, IPID, CID, *REFIPID; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/internet.txt: -------------------------------------------------------------------------------- 1 | typedef struct _INTERNET_BUFFERSA { 2 | DWORD dwStructSize; 3 | struct _INTERNET_BUFFERSA *Next; 4 | LPCSTR lpcszHeader; 5 | DWORD dwHeadersLength; 6 | DWORD dwHeadersTotal; 7 | LPVOID lpvBuffer; 8 | DWORD dwBufferLength; 9 | DWORD dwBufferTotal; 10 | DWORD dwOffsetLow; 11 | DWORD dwOffsetHigh; 12 | } INTERNET_BUFFERSA, *LPINTERNET_BUFFERSA; 13 | 14 | typedef struct _INTERNET_BUFFERSW { 15 | DWORD dwStructSize; 16 | struct _INTERNET_BUFFERSW *Next; 17 | LPCWSTR lpcszHeader; 18 | DWORD dwHeadersLength; 19 | DWORD dwHeadersTotal; 20 | LPVOID lpvBuffer; 21 | DWORD dwBufferLength; 22 | DWORD dwBufferTotal; 23 | DWORD dwOffsetLow; 24 | DWORD dwOffsetHigh; 25 | } INTERNET_BUFFERSW, *LPINTERNET_BUFFERSW; 26 | 27 | -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/io.txt: -------------------------------------------------------------------------------- 1 | typedef struct _OVERLAPPED { 2 | ULONG_PTR Internal; 3 | ULONG_PTR InternalHigh; 4 | union { 5 | struct { 6 | DWORD Offset; 7 | DWORD OffsetHigh; 8 | } _ANON_OVERLAPPED_DUMMYSTRUCTNAME; 9 | PVOID Pointer; 10 | } _ANON_OVERLAPPED_DUMMYUNIONNAME; 11 | HANDLE hEvent; 12 | } OVERLAPPED, *LPOVERLAPPED; 13 | 14 | typedef struct _OVERLAPPED_ENTRY { 15 | ULONG_PTR lpCompletionKey; 16 | LPOVERLAPPED lpOverlapped; 17 | ULONG_PTR Internal; 18 | DWORD dwNumberOfBytesTransferred; 19 | } OVERLAPPED_ENTRY, *LPOVERLAPPED_ENTRY; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/netip.txt: -------------------------------------------------------------------------------- 1 | typedef struct _MIB_IPNETROW_LH { 2 | IF_INDEX dwIndex; 3 | DWORD dwPhysAddrLen; 4 | UCHAR bPhysAddr[8]; 5 | DWORD dwAddr; 6 | union { 7 | DWORD dwType; 8 | }; 9 | } MIB_IPNETROW, *PMIB_IPNETROW; 10 | 11 | typedef struct _MIB_IPNETTABLE { 12 | DWORD dwNumEntries; 13 | MIB_IPNETROW table[ANY_SIZE]; 14 | } MIB_IPNETTABLE, *PMIB_IPNETTABLE; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/ntregistry.txt: -------------------------------------------------------------------------------- 1 | typedef enum _KEY_VALUE_INFORMATION_CLASS { 2 | KeyValueBasicInformation , 3 | KeyValueFullInformation , 4 | KeyValuePartialInformation , 5 | KeyValueFullInformationAlign64 , 6 | KeyValuePartialInformationAlign64 , 7 | KeyValueLayerInformation , 8 | MaxKeyValueInfoClass 9 | } KEY_VALUE_INFORMATION_CLASS; 10 | 11 | 12 | typedef struct _KEY_VALUE_BASIC_INFORMATION { 13 | ULONG TitleIndex; 14 | ULONG Type; 15 | ULONG NameLength; 16 | WCHAR Name[1]; 17 | } KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION; 18 | 19 | typedef struct _KEY_VALUE_FULL_INFORMATION { 20 | ULONG TitleIndex; 21 | ULONG Type; 22 | ULONG DataOffset; 23 | ULONG DataLength; 24 | ULONG NameLength; 25 | WCHAR Name[1]; 26 | } KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; 27 | 28 | 29 | typedef struct _KEY_VALUE_PARTIAL_INFORMATION { 30 | ULONG TitleIndex; 31 | ULONG Type; 32 | ULONG DataLength; 33 | UCHAR Data[1]; 34 | } KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION; 35 | 36 | 37 | typedef enum _KEY_INFORMATION_CLASS { 38 | KeyBasicInformation, 39 | KeyNodeInformation, 40 | KeyFullInformation, 41 | KeyNameInformation, 42 | KeyCachedInformation, 43 | KeyFlagsInformation, 44 | KeyVirtualizationInformation, 45 | KeyHandleTagsInformation, 46 | KeyTrustInformation, 47 | KeyLayerInformation, 48 | MaxKeyInfoClass 49 | } KEY_INFORMATION_CLASS; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/proc_thread_attributes.txt: -------------------------------------------------------------------------------- 1 | typedef enum _PROC_THREAD_ATTRIBUTE_NUM { 2 | ProcThreadAttributeParentProcess = 0, 3 | ProcThreadAttributeHandleList = 2, 4 | ProcThreadAttributeGroupAffinity = 3, 5 | ProcThreadAttributePreferredNode = 4, 6 | ProcThreadAttributeIdealProcessor = 5, 7 | ProcThreadAttributeUmsThread = 6, 8 | ProcThreadAttributeMitigationPolicy = 7, 9 | ProcThreadAttributeSecurityCapabilities = 9, 10 | ProcThreadAttributeProtectionLevel = 11, 11 | ProcThreadAttributeJobList = 13, 12 | ProcThreadAttributeChildProcessPolicy = 14, 13 | ProcThreadAttributeAllApplicationPackagesPolicy = 15, 14 | ProcThreadAttributeWin32kFilter = 16, 15 | ProcThreadAttributeSafeOpenPromptOriginClaim = 17, 16 | ProcThreadAttributeDesktopAppPolicy = 18, 17 | ProcThreadAttributePseudoConsole = 22, 18 | ProcThreadAttributeMitigationAuditPolicy = 24, 19 | ProcThreadAttributeMachineType = 25, 20 | ProcThreadAttributeComponentFilter = 26, 21 | ProcThreadAttributeEnableOptionalXStateFeatures = 27, 22 | ProcThreadAttributeTrustedApp = 29, 23 | ProcThreadAttributeSveVectorLength = 30, 24 | } PROC_THREAD_ATTRIBUTE_NUM; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/processor.txt: -------------------------------------------------------------------------------- 1 | typedef enum _MACHINE_ATTRIBUTES { 2 | UserEnabled = 0x00000001, 3 | KernelEnabled = 0x00000002, 4 | Wow64Container = 0x00000004 5 | } MACHINE_ATTRIBUTES; 6 | 7 | typedef struct _PROCESS_MACHINE_INFORMATION { 8 | USHORT ProcessMachine; 9 | USHORT Res0; 10 | MACHINE_ATTRIBUTES MachineAttributes; 11 | } PROCESS_MACHINE_INFORMATION; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/section.txt: -------------------------------------------------------------------------------- 1 | typedef enum MEM_EXTENDED_PARAMETER_TYPE { 2 | MemExtendedParameterInvalidType = 0, 3 | MemExtendedParameterAddressRequirements = 1, 4 | MemExtendedParameterNumaNode = 2, 5 | MemExtendedParameterPartitionHandle = 3, 6 | MemExtendedParameterUserPhysicalHandle = 4, 7 | MemExtendedParameterAttributeFlags = 5, 8 | MemExtendedParameterImageMachine = 6, 9 | MemExtendedParameterMax 10 | } *PMEM_EXTENDED_PARAMETER_TYPE; 11 | 12 | 13 | typedef struct _MEM_ADDRESS_REQUIREMENTS { 14 | PVOID LowestStartingAddress; 15 | PVOID HighestEndingAddress; 16 | SIZE_T Alignment; 17 | } MEM_ADDRESS_REQUIREMENTS, *PMEM_ADDRESS_REQUIREMENTS; 18 | 19 | 20 | typedef struct MEM_EXTENDED_PARAMETER { 21 | struct { 22 | ULONG64 Type : 8; // MEM_EXTENDED_PARAMETER_TYPE_BITS -> define not handled in parser here 23 | ULONG64 Reserved : 56; // 64 - MEM_EXTENDED_PARAMETER_TYPE_BITS -> define not handled in parser here 24 | } DUMMYSTRUCTNAME; 25 | union { 26 | ULONG64 ULong64; 27 | PVOID Pointer; 28 | SIZE_T Size; 29 | HANDLE Handle; 30 | ULONG ULong; 31 | } DUMMYUNIONNAME; 32 | } MEM_EXTENDED_PARAMETER, *PMEM_EXTENDED_PARAMETER; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/setupapi.txt: -------------------------------------------------------------------------------- 1 | // 2 | // Device interface information structure (references a device 3 | // interface that is associated with the device information 4 | // element that owns it). 5 | // 6 | typedef struct _SP_DEVICE_INTERFACE_DATA { 7 | DWORD cbSize; 8 | GUID InterfaceClassGuid; 9 | DWORD Flags; 10 | ULONG_PTR Reserved; 11 | } SP_DEVICE_INTERFACE_DATA, *PSP_DEVICE_INTERFACE_DATA; 12 | 13 | 14 | // 15 | // Device information structure (references a device instance 16 | // that is a member of a device information set) 17 | // 18 | typedef struct _SP_DEVINFO_DATA { 19 | DWORD cbSize; 20 | GUID ClassGuid; 21 | DWORD DevInst; // DEVINST handle 22 | ULONG_PTR Reserved; 23 | } SP_DEVINFO_DATA, *PSP_DEVINFO_DATA; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/shell.txt: -------------------------------------------------------------------------------- 1 | typedef struct _SHITEMID { 2 | USHORT cb; 3 | BYTE abID[1]; 4 | } SHITEMID; 5 | 6 | 7 | /* MANUAL TYPEDEF see: https://msdn.microsoft.com/en-us/library/windows/desktop/bb773321(v=vs.85).aspx*/ 8 | 9 | typedef struct _ITEMIDLIST { 10 | SHITEMID mkid; 11 | } ITEMIDLIST, *PCIDLIST_ABSOLUTE, *PIDLIST_ABSOLUTE; 12 | 13 | 14 | typedef enum ACTIVATEOPTIONS 15 | { 16 | AO_NONE = 0, 17 | AO_DESIGNMODE = 0x1, 18 | AO_NOERRORUI = 0x2, 19 | AO_NOSPLASHSCREEN = 0x4, 20 | AO_PRELAUNCH = 0x2000000 21 | } ACTIVATEOPTIONS; 22 | 23 | 24 | typedef /* [v1_enum] */ 25 | enum PACKAGE_EXECUTION_STATE 26 | { 27 | PES_UNKNOWN = 0, 28 | PES_RUNNING = 1, 29 | PES_SUSPENDING = 2, 30 | PES_SUSPENDED = 3, 31 | PES_TERMINATED = 4 32 | } PACKAGE_EXECUTION_STATE; 33 | 34 | typedef struct _SHFILEOPSTRUCTA { 35 | HWND hwnd; 36 | UINT wFunc; 37 | PCSTR pFrom; 38 | PCSTR pTo; 39 | FILEOP_FLAGS fFlags; 40 | BOOL fAnyOperationsAborted; 41 | LPVOID hNameMappings; 42 | PCSTR lpszProgressTitle; 43 | } SHFILEOPSTRUCTA, *LPSHFILEOPSTRUCTA; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/simple_structs.txt: -------------------------------------------------------------------------------- 1 | /* Structures that do not depends on anything other that basic type 2 | Simplify structure dependancy file graph 3 | */ 4 | 5 | typedef struct _LIST_ENTRY { 6 | struct _LIST_ENTRY *Flink; 7 | struct _LIST_ENTRY *Blink; 8 | } LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY; 9 | 10 | typedef struct _LSA_UNICODE_STRING { 11 | USHORT Length; 12 | USHORT MaximumLength; 13 | PVOID Buffer; // PVOID to prevent ctypes to automatically read the content of the buffer till a \0 14 | } LSA_UNICODE_STRING, *PLSA_UNICODE_STRING, UNICODE_STRING, *PUNICODE_STRING; 15 | 16 | typedef struct _CLIENT_ID{ 17 | HANDLE UniqueProcess; 18 | HANDLE UniqueThread; 19 | } CLIENT_ID, *PCLIENT_ID; 20 | 21 | typedef struct _CLIENT_ID64{ 22 | ULONG64 UniqueProcess; 23 | ULONG64 UniqueThread; 24 | } CLIENT_ID64, *PCLIENT_ID64; 25 | 26 | typedef struct _CLIENT_ID32{ 27 | ULONG UniqueProcess; 28 | ULONG UniqueThread; 29 | } CLIENT_ID32, *PCLIENT_ID32; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/time.txt: -------------------------------------------------------------------------------- 1 | typedef struct _TIME_ZONE_INFORMATION { 2 | LONG Bias; 3 | WCHAR StandardName[32]; 4 | SYSTEMTIME StandardDate; 5 | LONG StandardBias; 6 | WCHAR DaylightName[32]; 7 | SYSTEMTIME DaylightDate; 8 | LONG DaylightBias; 9 | } TIME_ZONE_INFORMATION, *PTIME_ZONE_INFORMATION, *LPTIME_ZONE_INFORMATION; -------------------------------------------------------------------------------- /ctypes_generation/definitions/structures/trace_data_helper.txt: -------------------------------------------------------------------------------- 1 | typedef struct _TRACE_PROVIDER_INFO { 2 | GUID ProviderGuid; 3 | ULONG SchemaSource; 4 | ULONG ProviderNameOffset; 5 | } TRACE_PROVIDER_INFO; 6 | 7 | 8 | typedef struct _PROVIDER_ENUMERATION_INFO { 9 | ULONG NumberOfProviders; 10 | ULONG Reserved; 11 | TRACE_PROVIDER_INFO TraceProviderInfoArray[ANYSIZE_ARRAY]; 12 | } PROVIDER_ENUMERATION_INFO, *PPROVIDER_ENUMERATION_INFO; -------------------------------------------------------------------------------- /ctypes_generation/definitions/winerror_template.py: -------------------------------------------------------------------------------- 1 | from .flag import make_flag, FlagMapper 2 | 3 | -------------------------------------------------------------------------------- /ctypes_generation/dummy_wintypes.py: -------------------------------------------------------------------------------- 1 | names = ['HINSTANCE', 'HRESULT', 'ATOM', 'BOOL', 'BOOLEAN', 'BYTE', 'COLORREF', 'DOUBLE', 'DWORD', 'FILETIME', 'FLOAT', 'HACCEL', 'HANDLE', 'HBITMAP', ' HBRUSH', 'HCOLORSPACE', 'HDC', 'HDESK', 'HDWP', 'HENHMETAFILE', 'HFONT', 'HGDIOBJ', 'HGLOBAL', 'HHOOK', 'HICON', 'HINSTA NCE', 'HKEY', 'HKL', 'HLOCAL', 'HMENU', 'HMETAFILE', 'HMODULE', 'HMONITOR', 'HPALETTE', 'HPEN', 'HRGN', 'HRSRC', 'HSTR', 'HTASK', 'HWINSTA', 'HWND', 'INT', 'LANGID', 'LARGE_INTEGER', 'LCID', 'LCTYPE', 'LGRPID', 'LONG', 'LPARAM', 'LPCOLESTR' , 'LPCSTR', 'LPCVOID', 'LPCWSTR', 'LPOLESTR', 'LPSTR', 'LPVOID', 'LPWSTR', 'MAX_PATH', 'MSG', 'OLESTR', 'POINT', 'POINTL ', 'RECT', 'RECTL', 'RGB', 'SC_HANDLE', 'SERVICE_STATUS_HANDLE', 'SHORT', 'SIZE', 'SIZEL', 'SMALL_RECT', 'UINT', 'ULARGE _INTEGER', 'ULONG', 'USHORT', 'VARIANT_BOOL', 'WCHAR', 'WIN32_FIND_DATAA', 'WIN32_FIND_DATAW', 'WORD', 'WPARAM', '_COORD ', '_FILETIME', '_LARGE_INTEGER', '_POINTL', '_RECTL', '_SMALL_RECT', '_ULARGE_INTEGER', "ULARGE_INTEGER", 'tagMSG', 'tagPOINT', 'tagRECT' , 'tagSIZE'] 2 | -------------------------------------------------------------------------------- /ctypes_generation/extended_interfaces/IStream.py: -------------------------------------------------------------------------------- 1 | OLD_IStream = IStream 2 | class IStream(OLD_IStream): 3 | 4 | def read(self, size): 5 | buffer = (CHAR * size)() 6 | size_read = ULONG() 7 | self.Read(buffer, size, size_read) 8 | return buffer[:size_read.value] 9 | 10 | 11 | def write(self, data): 12 | assert isinstance(data, bytes), "IStream.write() only accept bytes but {0} was passed".format(type(data)) 13 | written = ULONG() 14 | self.Write(data, len(data), written) 15 | return written.value 16 | 17 | def seek(self, position, origin=STREAM_SEEK_SET): 18 | newpos = ULARGE_INTEGER() 19 | self.Seek(position, origin, newpos) 20 | return newpos.value 21 | 22 | 23 | 24 | -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_CRYPTOAPI_BLOB.py: -------------------------------------------------------------------------------- 1 | class _CRYPTOAPI_BLOB(_CRYPTOAPI_BLOB): 2 | @classmethod 3 | def from_string(cls, buf): 4 | self = cls() 5 | self.cbData = len(buf) 6 | self.pbData = (BYTE * self.cbData)(*bytearray(buf)) 7 | return self 8 | 9 | @property 10 | def data(self): 11 | return bytearray(self.pbData[:self.cbData]) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_CRYPT_ATTRIBUTE.py: -------------------------------------------------------------------------------- 1 | OLD_CRYPT_ATTRIBUTE = _CRYPT_ATTRIBUTE 2 | 3 | class _CRYPT_ATTRIBUTE(_CRYPT_ATTRIBUTE): 4 | @property 5 | def count(self): # __len__ ? 6 | return self.cValue 7 | 8 | @property 9 | def values(self): 10 | return self.rgValue[:self.cValue] 11 | 12 | @property 13 | def objid(self): 14 | # SZOID_MAPPER defined in the generated structures template.py 15 | return SZOID_MAPPER[self.pszObjId] 16 | 17 | def __repr__(self): 18 | # return """<{0} pszObjId={1!r} Values={2}>""".format(type(self).__name__, self.objid, self.cValue) 19 | if not self.pszObjId in SZOID_MAPPER: 20 | return """<{0} pszObjId="{1}" Values={2}>""".format(type(self).__name__, self.pszObjId, self.cValue) 21 | flag = SZOID_MAPPER[self.pszObjId] 22 | return """<{0} pszObjId="{1}" ({2}) Values={3}>""".format(type(self).__name__, flag, flag.name, self.cValue) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_CRYPT_ATTRIBUTES.py: -------------------------------------------------------------------------------- 1 | OLD_CRYPT_ATTRIBUTES = _CRYPT_ATTRIBUTES 2 | class _CRYPT_ATTRIBUTES(_CRYPT_ATTRIBUTES): 3 | @property 4 | def count(self): # __len__ ? 5 | return self.cAttr 6 | 7 | @property 8 | def attributes(self): 9 | return self.rgAttr[:self.cAttr] 10 | 11 | def __getitem__(self, oid): 12 | return [x for x in self.attributes if x.pszObjId == oid] 13 | 14 | def __repr__(self): 15 | return """<{0} Attributes={1}>""".format(type(self).__name__, self.cAttr) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_CRYPT_BIT_BLOB.py: -------------------------------------------------------------------------------- 1 | class _CRYPT_BIT_BLOB(_CRYPT_BIT_BLOB): 2 | @property 3 | def data(self): 4 | return bytearray(self.pbData[:self.cbData]) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_EVENT_DESCRIPTOR.py: -------------------------------------------------------------------------------- 1 | class _EVENT_DESCRIPTOR(_EVENT_DESCRIPTOR): 2 | def __repr__(self): 3 | return "<{0} Id={self.Id} Opcode={self.Opcode} Version={self.Version} Level={self.Level}>".format(type(self).__name__, self=self) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_EVENT_HEADER_EXTENDED_DATA_ITEM.py: -------------------------------------------------------------------------------- 1 | _OLD_EVENT_HEADER_EXTENDED_DATA_ITEM = _EVENT_HEADER_EXTENDED_DATA_ITEM 2 | class _EVENT_HEADER_EXTENDED_DATA_ITEM(_OLD_EVENT_HEADER_EXTENDED_DATA_ITEM): 3 | @property 4 | def data(self): 5 | bdata = (ctypes.c_char * self.DataSize).from_address(self.DataPtr) 6 | return bdata[:] -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_EVENT_RECORD.py: -------------------------------------------------------------------------------- 1 | _OLD_EVENT_RECORD = _EVENT_RECORD 2 | class _EVENT_RECORD(_OLD_EVENT_RECORD): 3 | pass -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_FILETIME.py: -------------------------------------------------------------------------------- 1 | INITIAL_FILETIME = FILETIME 2 | 3 | class _FILETIME(INITIAL_FILETIME): 4 | def __int__(self): 5 | return (self.dwHighDateTime << 32) + self.dwLowDateTime -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_FILE_RENAME_INFORMATION.py: -------------------------------------------------------------------------------- 1 | INITIAL_FILE_RENAME_INFORMATION = _FILE_RENAME_INFORMATION 2 | 3 | class _FILE_RENAME_INFORMATION(INITIAL_FILE_RENAME_INFORMATION): 4 | @property 5 | def filename(self): 6 | filename_addr = ctypes.addressof(self) + type(self).FileName.offset 7 | if getattr(self, "_target", None) is not None: #remote ctypes :D -> TRICKS OF THE YEAR 8 | raw_data = self._target.read_memory(filename_addr, self.FileNameLength) 9 | return raw_data.decode("utf16") 10 | size = int(self.FileNameLength / 2) 11 | return (ctypes.c_wchar * size).from_address(filename_addr)[:] 12 | -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_LIST_ENTRY.py: -------------------------------------------------------------------------------- 1 | # From: ctypes_generation\extended_structs\_LIST_ENTRY.py 2 | # _LIST_ENTRY is a self referencing structure 3 | # Currently ctypes generation does not support extending self referencing structures 4 | # Ass the _fields_ assignement should happen after the extended structure definition 5 | # So we just redefine fully _LIST_ENTRY without inheriting the real one 6 | 7 | class _LIST_ENTRY(Structure): 8 | def get_real_struct(self, targetcls, target_field): 9 | # >>> gdef.LDR_DATA_TABLE_ENTRY.InMemoryOrderLinks 10 | # 11 | # This field object does not allow to retrieve the type.. 12 | # So we need to basse the target class AND the target field.. 13 | return targetcls.from_address(ctypes.addressof(self) - target_field.offset) 14 | 15 | _LIST_ENTRY._fields_ = [ 16 | ("Flink", POINTER(_LIST_ENTRY)), 17 | ("Blink", POINTER(_LIST_ENTRY)), 18 | ] -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_LOAD_DLL_DEBUG_INFO.py: -------------------------------------------------------------------------------- 1 | # typedef struct _LOAD_DLL_DEBUG_INFO { 2 | # HANDLE hFile; 3 | # LPVOID lpBaseOfDll; 4 | # DWORD dwDebugInfoFileOffset; 5 | # DWORD nDebugInfoSize; 6 | # LPVOID lpImageName; 7 | # WORD fUnicode; 8 | # } LOAD_DLL_DEBUG_INFO, *LPLOAD_DLL_DEBUG_INFO; 9 | 10 | class _LOAD_DLL_DEBUG_INFO(_LOAD_DLL_DEBUG_INFO): 11 | def hello(self): 12 | return "hello" -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_LSA_UNICODE_STRING.py: -------------------------------------------------------------------------------- 1 | INITIAL_LSA_UNICODE_STRING = _LSA_UNICODE_STRING 2 | 3 | class _LSA_UNICODE_STRING(INITIAL_LSA_UNICODE_STRING): 4 | @property 5 | def str(self): 6 | """The python string of the LSA_UNICODE_STRING object 7 | 8 | :type: :class:`unicode` 9 | """ 10 | if not self.Length: 11 | return "" 12 | if getattr(self, "_target", None) is not None: #remote ctypes :D -> TRICKS OF THE YEAR 13 | raw_data = self._target.read_memory(self.Buffer, self.Length) 14 | return raw_data.decode("utf16") 15 | size = int(self.Length / 2) 16 | return (ctypes.c_wchar * size).from_address(self.Buffer)[:] 17 | 18 | @classmethod 19 | def from_string(cls, s): 20 | utf16_len = len(s) * 2 21 | return cls(utf16_len, utf16_len, ctypes.cast(PWSTR(s), PVOID)) 22 | 23 | @classmethod 24 | def from_size(cls, size): 25 | buffer = ctypes.create_string_buffer(size) 26 | return cls(size, size, ctypes.cast(buffer, PVOID)) 27 | 28 | def __repr__(self): 29 | return windows.pycompat.urepr_encode(u"""<{0} "{1}" at {2}>""".format(type(self).__name__, self.str, hex(id(self)))) 30 | 31 | def __sprint__(self): 32 | try: 33 | return self.__repr__() 34 | except TypeError as e: 35 | # Bad buffer: print raw infos 36 | return """<{0} len={1} maxlen={2} buffer={3}>""".format(type(self).__name__, self.Length, self.MaximumLength, self.Buffer) 37 | -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_LUID.py: -------------------------------------------------------------------------------- 1 | _INITIAL_LUID = _LUID 2 | class _LUID(_INITIAL_LUID): 3 | def __int__(self): 4 | return (self.HighPart << 32) | self.LowPart 5 | 6 | def __eq__(self, other): 7 | return (self.HighPart, self.LowPart) == (other.HighPart, other.LowPart) 8 | 9 | def __repr__(self): 10 | return "<{0} HighPart={1} LowPart={2}>".format(type(self).__name__, self.HighPart, self.LowPart) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_OBJECT_ATTRIBUTES.py: -------------------------------------------------------------------------------- 1 | class _OBJECT_ATTRIBUTES(_OBJECT_ATTRIBUTES): 2 | @classmethod 3 | def from_string(cls, path, attributes=OBJ_CASE_INSENSITIVE): # Directly on constructor ? 4 | self = cls() 5 | self.Length = ctypes.sizeof(self) 6 | self.RootDirectory = 0 7 | self.ObjectName = ctypes.pointer(LSA_UNICODE_STRING.from_string(path)) 8 | self.Attributes = attributes 9 | self.SecurityDescriptor = 0 10 | self.SecurityQualityOfService = 0 11 | return self 12 | 13 | def __repr__(self): 14 | if not self.ObjectName: 15 | return super(_OBJECT_ATTRIBUTES, self).__repr__() 16 | # .contents allow compatibility with remotectypes 17 | return """<{0} ObjectName="{1}">""".format(type(self).__name__, self.ObjectName.contents.str) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_RPC_IF_ID.py: -------------------------------------------------------------------------------- 1 | INITIAL_RPC_IF_ID = RPC_IF_ID 2 | 3 | class _RPC_IF_ID(INITIAL_RPC_IF_ID): 4 | def __repr__(self): 5 | return ''.format(self.Uuid.to_string(), self.VersMajor, self.VersMinor) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_SID_AND_ATTRIBUTES.py: -------------------------------------------------------------------------------- 1 | _INITIAL_SID_AND_ATTRIBUTES = _SID_AND_ATTRIBUTES 2 | class _SID_AND_ATTRIBUTES(_INITIAL_SID_AND_ATTRIBUTES): 3 | pass 4 | 5 | # Only in TOKEN_GROUPS 6 | # attributes = FlagExatractor(_INITIAL_SID_AND_ATTRIBUTES.Attributes, 7 | # (SE_GROUP_MANDATORY, 8 | # SE_GROUP_ENABLED_BY_DEFAULT, 9 | # SE_GROUP_ENABLED, 10 | # SE_GROUP_OWNER, 11 | # SE_GROUP_USE_FOR_DENY_ONLY, 12 | # SE_GROUP_INTEGRITY, 13 | # SE_GROUP_INTEGRITY_ENABLED, 14 | # SE_GROUP_LOGON_ID, 15 | # SE_GROUP_RESOURCE)) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/_tagADDRESS64.py: -------------------------------------------------------------------------------- 1 | class _tagADDRESS64(_tagADDRESS64): 2 | def __repr__(self): 3 | if not self.Segment: 4 | return "<{0} {offset:#x}>".format(type(self).__name__, offset=self.Offset) 5 | return "<{0} {seg:#x}:{offset:#x}>".format(type(self).__name__, seg=self.Segment, offset=self.Offset) -------------------------------------------------------------------------------- /ctypes_generation/extended_structs/tagMInterfacePointer.py: -------------------------------------------------------------------------------- 1 | INITIAL_tagMInterfacePointer = tagMInterfacePointer 2 | 3 | class tagMInterfacePointer(INITIAL_tagMInterfacePointer): 4 | @property 5 | def objref(self): 6 | return OBJREF.from_address(ctypes.addressof(self.abData)) -------------------------------------------------------------------------------- /docs/.nojekyll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hakril/PythonForWindows/9aaf2c6f6c037da2a70db9cc3a4664acea32ad4c/docs/.nojekyll -------------------------------------------------------------------------------- /docs/build/html/.buildinfo: -------------------------------------------------------------------------------- 1 | # Sphinx build info version 1 2 | # This file hashes the configuration used when building these files. When it is not found, a full rebuild will be done. 3 | config: 79eb4f6d749f8afd0854dfaf20582dd7 4 | tags: 645f666f9bcd5a90fca523b33c5a78b7 5 | -------------------------------------------------------------------------------- /docs/build/html/_sources/alpc.rst.txt: -------------------------------------------------------------------------------- 1 | ``windows.alpc`` -- Advanced Local Procedure Call 2 | ************************************************* 3 | 4 | .. module:: windows.alpc 5 | 6 | The :mod:`windows.alpc` module regroups the classes that permits to send and receive 7 | ALPC messages over an ALPC port and the classes representing these messages. 8 | 9 | 10 | .. note:: 11 | 12 | See samples: 13 | 14 | * :ref:`sample_alpc` 15 | * :ref:`sample_advanced_alpc` 16 | 17 | ALPC Message 18 | ------------ 19 | 20 | .. autoclass:: AlpcMessage 21 | 22 | .. autoclass:: AlpcMessagePort 23 | 24 | .. autoclass:: MessageAttribute 25 | 26 | ALPC client 27 | ----------- 28 | 29 | .. autoclass:: AlpcClient 30 | 31 | ALPC Server 32 | ----------- 33 | 34 | .. autoclass:: AlpcServer -------------------------------------------------------------------------------- /docs/build/html/_sources/etw.rst.txt: -------------------------------------------------------------------------------- 1 | ETW -- Event Tracing for Windows 2 | ================================ 3 | 4 | .. module:: windows.winobject.event_trace 5 | 6 | The :class:`EtwManager` instance is accessible via :py:attr:`windows.system.etw 7 | ` 8 | 9 | .. note:: 10 | 11 | This code is the result of my research on ``ETW`` that lead to this presentation `ETW for the lazy reverser (FR) `_ 12 | 13 | 14 | .. note:: 15 | 16 | See sample :ref:`sample_etw` 17 | 18 | 19 | EtwManager 20 | """""""""" 21 | 22 | 23 | .. autoclass:: EtwManager 24 | :members: 25 | 26 | 27 | Tracing Events 28 | """""""""""""" 29 | 30 | EtwTrace 31 | '''''''' 32 | 33 | .. autoclass:: EtwTrace 34 | :members: 35 | 36 | 37 | EventTraceProperties 38 | '''''''''''''''''''' 39 | 40 | .. autoclass:: EventTraceProperties 41 | :members: 42 | 43 | EventRecord 44 | ''''''''''' 45 | 46 | .. autoclass:: EventRecord 47 | :members: 48 | 49 | -------------------------------------------------------------------------------- /docs/build/html/_sources/handle.rst.txt: -------------------------------------------------------------------------------- 1 | Handle -- Processes handles 2 | ============================ 3 | 4 | The list of handles is accessible via :py:attr:`windows.system.handles 5 | ` 6 | 7 | .. note:: 8 | 9 | See sample :ref:`sample_system` 10 | 11 | .. module:: windows.winobject.handle 12 | 13 | .. autoclass:: Handle -------------------------------------------------------------------------------- /docs/build/html/_sources/network.rst.txt: -------------------------------------------------------------------------------- 1 | Network 2 | ======= 3 | 4 | .. module:: windows.winobject.network 5 | 6 | The :class:`Network` instance is accessible via :py:attr:`windows.system.network 7 | ` 8 | 9 | .. note:: 10 | 11 | See sample :ref:`sample_network_exploration` 12 | 13 | 14 | .. autoclass:: Network 15 | 16 | Connections 17 | """"""""""" 18 | 19 | .. autoclass:: TCP4Connection 20 | 21 | 22 | .. autoclass:: TCP6Connection 23 | 24 | Firewall 25 | """""""" 26 | 27 | .. autoclass:: Firewall 28 | 29 | 30 | .. autoclass:: FirewallRule -------------------------------------------------------------------------------- /docs/build/html/_sources/object_manager.rst.txt: -------------------------------------------------------------------------------- 1 | Object Manager -- Kernel objects 2 | ================================ 3 | 4 | .. module:: windows.winobject.object_manager 5 | 6 | The :class:`ObjectManager` instance is accessible via :py:attr:`windows.system.object_manager 7 | ` 8 | 9 | 10 | .. note:: 11 | 12 | See sample at :ref:`sample_object_manager` 13 | 14 | 15 | ObjectManager 16 | """"""""""""" 17 | 18 | .. autoclass:: ObjectManager 19 | :members: 20 | :undoc-members: 21 | :special-members: __getitem__ 22 | 23 | 24 | 25 | KernelObject 26 | """""""""""" 27 | 28 | .. autoclass:: KernelObject 29 | :members: 30 | :undoc-members: 31 | :special-members: __getitem__,__iter__ -------------------------------------------------------------------------------- /docs/build/html/_sources/pipe.rst.txt: -------------------------------------------------------------------------------- 1 | ``windows.pipe`` -- Inter-Process Communication 2 | *********************************************** 3 | 4 | .. module:: windows.pipe 5 | 6 | 7 | :mod:`windows.pipe` is wrapper around :class:`_multiprocessing.PipeConnection` simplifiying its use. 8 | 9 | The main improvement are: 10 | 11 | - send/recv object from a pipe name in one line 12 | - Context manager around pipe connection 13 | 14 | .. note:: 15 | 16 | see sample :ref:`sample_pipe` 17 | 18 | Helper functions 19 | """""""""""""""" 20 | 21 | .. autofunction:: create 22 | .. autofunction:: connect 23 | .. autofunction:: recv_object 24 | .. autofunction:: send_object 25 | .. autofunction:: full_pipe_address 26 | 27 | 28 | PipeConnection 29 | """""""""""""" 30 | 31 | .. autoclass:: PipeConnection -------------------------------------------------------------------------------- /docs/build/html/_sources/registry.rst.txt: -------------------------------------------------------------------------------- 1 | Registry 2 | ======== 3 | 4 | .. module:: windows.winobject.registry 5 | 6 | The :class:`Registry` instance is accessible via :py:attr:`windows.system.registry 7 | ` 8 | 9 | .. note:: 10 | 11 | See sample :ref:`sample_registry` 12 | 13 | Registry 14 | """""""" 15 | 16 | .. autoclass:: Registry 17 | :special-members: __call__ 18 | 19 | 20 | PyHKey 21 | """""" 22 | 23 | .. autoclass:: PyHKey 24 | 25 | .. function:: __call__(name) 26 | 27 | Alias for :func:`open_subkey` 28 | 29 | .. function:: __getitem__(name) 30 | 31 | Alias for :func:`get` 32 | 33 | .. function:: __setitem__(name) 34 | 35 | Wrapper for :func:`set`, accept ``value`` or ``(value, type)`` 36 | 37 | .. function:: __delitem__(name) 38 | 39 | Alias for :func:`delete_value` 40 | 41 | KeyValue 42 | """""""" 43 | 44 | .. autoclass:: KeyValue 45 | :exclude-members: count, index -------------------------------------------------------------------------------- /docs/build/html/_sources/service.rst.txt: -------------------------------------------------------------------------------- 1 | Service 2 | ======= 3 | 4 | The services manager is accessible via :py:attr:`windows.system.services 5 | ` 6 | 7 | .. note:: 8 | 9 | See sample :ref:`sample_system` & :ref:`sample_services_demo` 10 | 11 | .. module:: windows.winobject.service 12 | 13 | 14 | ServiceManager 15 | """""""""""""" 16 | 17 | .. autoclass:: ServiceManager 18 | :show-inheritance: 19 | :inherited-members: 20 | :special-members: __getitem__, __iter__ 21 | 22 | 23 | Service 24 | """"""" 25 | 26 | .. autoclass:: Service 27 | :inherited-members: -------------------------------------------------------------------------------- /docs/build/html/_sources/system_module.rst.txt: -------------------------------------------------------------------------------- 1 | System Module -- Loaded kernel modules 2 | ====================================== 3 | 4 | .. module:: windows.winobject.system_module 5 | 6 | 7 | The list of system modules is accessible via :py:attr:`windows.system.modules ` 8 | 9 | 10 | .. note:: 11 | 12 | See sample :ref:`sample_system` 13 | 14 | 15 | 16 | 17 | SystemModule 18 | """""""""""" 19 | 20 | .. autoclass:: SystemModule 21 | :inherited-members: 22 | :members: 23 | :undoc-members: 24 | :show-inheritance: 25 | 26 | 27 | SystemModuleWow64 28 | """"""""""""""""" 29 | 30 | .. autoclass:: SystemModuleWow64 31 | :inherited-members: 32 | :members: 33 | :undoc-members: 34 | :show-inheritance: 35 | 36 | 37 | BaseSystemModule 38 | """""""""""""""" 39 | 40 | .. autoclass:: BaseSystemModule 41 | 42 | 43 | 44 | -------------------------------------------------------------------------------- /docs/build/html/_sources/volume.rst.txt: -------------------------------------------------------------------------------- 1 | Volume -- The logical drives 2 | ============================ 3 | 4 | The list of logical drives is accessible via :py:attr:`windows.system.logicaldrives 5 | ` 6 | 7 | 8 | .. note:: 9 | 10 | See sample :ref:`sample_system` 11 | 12 | .. module:: windows.winobject.volume 13 | 14 | .. autoclass:: LogicalDrive 15 | 16 | .. data:: name 17 | 18 | Name of the logical drive 19 | 20 | :type: :class:`str` -------------------------------------------------------------------------------- /docs/build/html/_sources/windows.rst.txt: -------------------------------------------------------------------------------- 1 | The ``windows`` module 2 | ********************** 3 | 4 | The ``windows`` module is the module installed by :file:`setup.py`. 5 | 6 | This module exports some objects representing the current state of the system. 7 | It also offers some submodules aimed to help the interfacing with ``Windows`` and native code execution. 8 | 9 | The defaults objects accessible in ``windows`` are: 10 | * ``system`` of type :class:`windows.winobject.system.System` 11 | * ``current_process`` of type :class:`windows.winobject.process.CurrentProcess` 12 | * ``current_thread`` of type :class:`windows.winobject.process.CurrentThread` 13 | 14 | The submodules that you might use by themself are: 15 | * :mod:`windows.generated_def` 16 | * :mod:`windows.native_exec` 17 | * :mod:`windows.winproxy` 18 | * :mod:`windows.security` 19 | * :mod:`windows.wintrust` 20 | * :mod:`windows.crypto` 21 | * :mod:`windows.utils` 22 | * :mod:`windows.debug` 23 | * :mod:`windows.alpc` 24 | * :mod:`windows.pipe` 25 | * :mod:`windows.rpc` 26 | * :mod:`windows.com` 27 | 28 | .. _object_system: 29 | 30 | The ``system`` object 31 | """"""""""""""""""""" 32 | 33 | .. note:: 34 | 35 | See sample :ref:`sample_system` 36 | 37 | .. module:: windows.winobject.system 38 | 39 | .. autoclass:: windows.winobject.system.System 40 | :members: 41 | :show-inheritance: 42 | :inherited-members: 43 | 44 | -------------------------------------------------------------------------------- /docs/build/html/_sources/winobject.rst.txt: -------------------------------------------------------------------------------- 1 | The :mod:`windows` objects 2 | ========================== 3 | 4 | Through the :ref:`system ` object many classes representing various `Windows` 5 | parts are accessible. 6 | 7 | This sections describes them by group of relation. 8 | 9 | .. toctree:: 10 | :maxdepth: 3 11 | 12 | process.rst 13 | token.rst 14 | exception.rst 15 | registry.rst 16 | network.rst 17 | service.rst 18 | volume.rst 19 | wmi.rst 20 | handle.rst 21 | system_module.rst 22 | object_manager.rst 23 | device_manager.rst 24 | task_scheduler.rst 25 | evtlog.rst 26 | etw.rst -------------------------------------------------------------------------------- /docs/build/html/_sources/wintrust.rst.txt: -------------------------------------------------------------------------------- 1 | ``windows.wintrust`` -- Checking signature 2 | ****************************************** 3 | 4 | .. module:: windows.wintrust 5 | 6 | .. note:: 7 | 8 | See sample :ref:`sample_wintrust` 9 | 10 | The :mod:`wintrust` module offers wrapper around ``wintrust.dll``. 11 | It allows to check the signature of a file. 12 | 13 | The signature of a file can be at two differents place: 14 | 15 | * In the file itself (:func:`check_signature`) 16 | * In a catalog file (:func:`full_signature_information`) 17 | 18 | .. note:: 19 | 20 | `Explanation about catalog files `_ 21 | 22 | 23 | API 24 | """ 25 | 26 | .. autofunction:: is_signed 27 | 28 | .. autofunction:: full_signature_information 29 | 30 | .. autofunction:: check_signature 31 | 32 | 33 | SignatureData 34 | ''''''''''''' 35 | 36 | .. autoclass:: SignatureData 37 | :exclude-members: count, index 38 | 39 | 40 | 41 | -------------------------------------------------------------------------------- /docs/build/html/_sources/wip.rst.txt: -------------------------------------------------------------------------------- 1 | Early Work In Progress 2 | ====================== 3 | 4 | Here are some features that are still work in progress. Code might be unstable and/or ultra-ugly. 5 | 6 | -------------------------------------------------------------------------------- /docs/build/html/_sources/wmi.rst.txt: -------------------------------------------------------------------------------- 1 | WMI -- Make request to WMI 2 | ========================== 3 | 4 | .. module:: windows.winobject.wmi 5 | 6 | 7 | The :class:`WmiManager` is accessible via :py:attr:`windows.system.wmi 8 | ` 9 | 10 | .. note:: 11 | 12 | See sample :ref:`wmi_samples` 13 | 14 | 15 | WmiManager 16 | """""""""" 17 | 18 | .. autoclass:: WmiManager 19 | :no-inherited-members: 20 | :members: DEFAULT_NAMESPACE, select, query, namespaces 21 | 22 | 23 | WmiNamespace 24 | """""""""""" 25 | 26 | .. autoclass:: WmiNamespace 27 | :members: 28 | :show-inheritance: 29 | 30 | WmiObject 31 | """"""""" 32 | 33 | .. autoclass:: WmiObject 34 | :members: 35 | :special-members: __call__, __getitem__, __setitem__ 36 | :show-inheritance: 37 | 38 | 39 | WmiCallResult 40 | """"""""""""" 41 | 42 | .. autoclass:: WmiCallResult 43 | :members: 44 | :show-inheritance: 45 | 46 | WmiEnumeration 47 | """""""""""""" 48 | 49 | .. autoclass:: WmiEnumeration 50 | :members: 51 | :special-members: __call__, __iter__ 52 | :show-inheritance: 53 | -------------------------------------------------------------------------------- /docs/build/html/_static/css/mbasic.css: -------------------------------------------------------------------------------- 1 | /* 2 | * basic.css 3 | * ~~~~~~~~~ 4 | * 5 | * Sphinx stylesheet -- basic theme. 6 | * 7 | * :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS. 8 | * :license: BSD, see LICENSE for details. 9 | * 10 | */ 11 | 12 | /* -- general body styles --------------------------------------------------- */ 13 | 14 | div.body { 15 | min-width: 450px; 16 | max-width: none; 17 | } 18 | 19 | div.bodywrapper { margin-right: 20px; } 20 | 21 | .sphinxsidebarwrapper { overflow-y: scroll; } 22 | 23 | div.admonition-todo { 24 | border-top: 2px solid red; 25 | border-bottom: 2px solid red; 26 | border-left: 2px solid red; 27 | border-right: 2px solid red; 28 | background-color: #ff6347 29 | } -------------------------------------------------------------------------------- /docs/build/html/_static/documentation_options.js: -------------------------------------------------------------------------------- 1 | const DOCUMENTATION_OPTIONS = { 2 | VERSION: '1.0.3', 3 | LANGUAGE: 'en', 4 | COLLAPSE_INDEX: false, 5 | BUILDER: 'html', 6 | FILE_SUFFIX: '.html', 7 | LINK_SUFFIX: '.html', 8 | HAS_SOURCE: true, 9 | SOURCELINK_SUFFIX: '.txt', 10 | NAVIGATION_WITH_KEYS: false, 11 | SHOW_SEARCH_SUMMARY: true, 12 | ENABLE_SEARCH_SHORTCUTS: true, 13 | }; -------------------------------------------------------------------------------- /docs/build/html/_static/file.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hakril/PythonForWindows/9aaf2c6f6c037da2a70db9cc3a4664acea32ad4c/docs/build/html/_static/file.png -------------------------------------------------------------------------------- /docs/build/html/_static/minus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hakril/PythonForWindows/9aaf2c6f6c037da2a70db9cc3a4664acea32ad4c/docs/build/html/_static/minus.png -------------------------------------------------------------------------------- /docs/build/html/_static/plus.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/hakril/PythonForWindows/9aaf2c6f6c037da2a70db9cc3a4664acea32ad4c/docs/build/html/_static/plus.png -------------------------------------------------------------------------------- /docs/generate_winproxy_list.py: -------------------------------------------------------------------------------- 1 | import sys 2 | import os.path 3 | sys.path.append(os.path.dirname(os.path.abspath(__file__)) + "\\..") 4 | print(sys.path[-1]) 5 | import pydoc 6 | import re 7 | import windows 8 | 9 | 10 | winprox = windows.winproxy 11 | all_in_module = [getattr(winprox, x) for x in dir(winprox)] 12 | functions = [f for f in all_in_module if hasattr(f, "prototype")] 13 | 14 | import pdb;pdb.set_trace() 15 | 16 | print ("Functions:") 17 | print("") 18 | for f in functions: 19 | doc = pydoc.text.document(f) 20 | doc = re.sub("\x08." , "", doc) 21 | print("* {0}::\n\n {1}".format(f.func_name, doc)) 22 | #print("* {0}::\n\n {1}".format(f.func_name, pydoc.plain(pydoc.render_doc(f)))) 23 | 24 | -------------------------------------------------------------------------------- /docs/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | Redirection to build/html 4 | 5 | 6 | 7 | Nothing here. 8 | 9 | -------------------------------------------------------------------------------- /docs/source/_static/css/mbasic.css: -------------------------------------------------------------------------------- 1 | /* 2 | * basic.css 3 | * ~~~~~~~~~ 4 | * 5 | * Sphinx stylesheet -- basic theme. 6 | * 7 | * :copyright: Copyright 2007-2018 by the Sphinx team, see AUTHORS. 8 | * :license: BSD, see LICENSE for details. 9 | * 10 | */ 11 | 12 | /* -- general body styles --------------------------------------------------- */ 13 | 14 | div.body { 15 | min-width: 450px; 16 | max-width: none; 17 | } 18 | 19 | div.bodywrapper { margin-right: 20px; } 20 | 21 | .sphinxsidebarwrapper { overflow-y: scroll; } 22 | 23 | div.admonition-todo { 24 | border-top: 2px solid red; 25 | border-bottom: 2px solid red; 26 | border-left: 2px solid red; 27 | border-right: 2px solid red; 28 | background-color: #ff6347 29 | } -------------------------------------------------------------------------------- /docs/source/alpc.rst: -------------------------------------------------------------------------------- 1 | ``windows.alpc`` -- Advanced Local Procedure Call 2 | ************************************************* 3 | 4 | .. module:: windows.alpc 5 | 6 | The :mod:`windows.alpc` module regroups the classes that permits to send and receive 7 | ALPC messages over an ALPC port and the classes representing these messages. 8 | 9 | 10 | .. note:: 11 | 12 | See samples: 13 | 14 | * :ref:`sample_alpc` 15 | * :ref:`sample_advanced_alpc` 16 | 17 | ALPC Message 18 | ------------ 19 | 20 | .. autoclass:: AlpcMessage 21 | 22 | .. autoclass:: AlpcMessagePort 23 | 24 | .. autoclass:: MessageAttribute 25 | 26 | ALPC client 27 | ----------- 28 | 29 | .. autoclass:: AlpcClient 30 | 31 | ALPC Server 32 | ----------- 33 | 34 | .. autoclass:: AlpcServer -------------------------------------------------------------------------------- /docs/source/etw.rst: -------------------------------------------------------------------------------- 1 | ETW -- Event Tracing for Windows 2 | ================================ 3 | 4 | .. module:: windows.winobject.event_trace 5 | 6 | The :class:`EtwManager` instance is accessible via :py:attr:`windows.system.etw 7 | ` 8 | 9 | .. note:: 10 | 11 | This code is the result of my research on ``ETW`` that lead to this presentation `ETW for the lazy reverser (FR) `_ 12 | 13 | 14 | .. note:: 15 | 16 | See sample :ref:`sample_etw` 17 | 18 | 19 | EtwManager 20 | """""""""" 21 | 22 | 23 | .. autoclass:: EtwManager 24 | :members: 25 | 26 | 27 | Tracing Events 28 | """""""""""""" 29 | 30 | EtwTrace 31 | '''''''' 32 | 33 | .. autoclass:: EtwTrace 34 | :members: 35 | 36 | 37 | EventTraceProperties 38 | '''''''''''''''''''' 39 | 40 | .. autoclass:: EventTraceProperties 41 | :members: 42 | 43 | EventRecord 44 | ''''''''''' 45 | 46 | .. autoclass:: EventRecord 47 | :members: 48 | 49 | -------------------------------------------------------------------------------- /docs/source/handle.rst: -------------------------------------------------------------------------------- 1 | Handle -- Processes handles 2 | ============================ 3 | 4 | The list of handles is accessible via :py:attr:`windows.system.handles 5 | ` 6 | 7 | .. note:: 8 | 9 | See sample :ref:`sample_system` 10 | 11 | .. module:: windows.winobject.handle 12 | 13 | .. autoclass:: Handle -------------------------------------------------------------------------------- /docs/source/network.rst: -------------------------------------------------------------------------------- 1 | Network 2 | ======= 3 | 4 | .. module:: windows.winobject.network 5 | 6 | The :class:`Network` instance is accessible via :py:attr:`windows.system.network 7 | ` 8 | 9 | .. note:: 10 | 11 | See sample :ref:`sample_network_exploration` 12 | 13 | 14 | .. autoclass:: Network 15 | 16 | Connections 17 | """"""""""" 18 | 19 | .. autoclass:: TCP4Connection 20 | 21 | 22 | .. autoclass:: TCP6Connection 23 | 24 | Firewall 25 | """""""" 26 | 27 | .. autoclass:: Firewall 28 | 29 | 30 | .. autoclass:: FirewallRule -------------------------------------------------------------------------------- /docs/source/object_manager.rst: -------------------------------------------------------------------------------- 1 | Object Manager -- Kernel objects 2 | ================================ 3 | 4 | .. module:: windows.winobject.object_manager 5 | 6 | The :class:`ObjectManager` instance is accessible via :py:attr:`windows.system.object_manager 7 | ` 8 | 9 | 10 | .. note:: 11 | 12 | See sample at :ref:`sample_object_manager` 13 | 14 | 15 | ObjectManager 16 | """"""""""""" 17 | 18 | .. autoclass:: ObjectManager 19 | :members: 20 | :undoc-members: 21 | :special-members: __getitem__ 22 | 23 | 24 | 25 | KernelObject 26 | """""""""""" 27 | 28 | .. autoclass:: KernelObject 29 | :members: 30 | :undoc-members: 31 | :special-members: __getitem__,__iter__ -------------------------------------------------------------------------------- /docs/source/pipe.rst: -------------------------------------------------------------------------------- 1 | ``windows.pipe`` -- Inter-Process Communication 2 | *********************************************** 3 | 4 | .. module:: windows.pipe 5 | 6 | 7 | :mod:`windows.pipe` is wrapper around :class:`_multiprocessing.PipeConnection` simplifiying its use. 8 | 9 | The main improvement are: 10 | 11 | - send/recv object from a pipe name in one line 12 | - Context manager around pipe connection 13 | 14 | .. note:: 15 | 16 | see sample :ref:`sample_pipe` 17 | 18 | Helper functions 19 | """""""""""""""" 20 | 21 | .. autofunction:: create 22 | .. autofunction:: connect 23 | .. autofunction:: recv_object 24 | .. autofunction:: send_object 25 | .. autofunction:: full_pipe_address 26 | 27 | 28 | PipeConnection 29 | """""""""""""" 30 | 31 | .. autoclass:: PipeConnection -------------------------------------------------------------------------------- /docs/source/registry.rst: -------------------------------------------------------------------------------- 1 | Registry 2 | ======== 3 | 4 | .. module:: windows.winobject.registry 5 | 6 | The :class:`Registry` instance is accessible via :py:attr:`windows.system.registry 7 | ` 8 | 9 | .. note:: 10 | 11 | See sample :ref:`sample_registry` 12 | 13 | Registry 14 | """""""" 15 | 16 | .. autoclass:: Registry 17 | :special-members: __call__ 18 | 19 | 20 | PyHKey 21 | """""" 22 | 23 | .. autoclass:: PyHKey 24 | 25 | .. function:: __call__(name) 26 | 27 | Alias for :func:`open_subkey` 28 | 29 | .. function:: __getitem__(name) 30 | 31 | Alias for :func:`get` 32 | 33 | .. function:: __setitem__(name) 34 | 35 | Wrapper for :func:`set`, accept ``value`` or ``(value, type)`` 36 | 37 | .. function:: __delitem__(name) 38 | 39 | Alias for :func:`delete_value` 40 | 41 | KeyValue 42 | """""""" 43 | 44 | .. autoclass:: KeyValue 45 | :exclude-members: count, index -------------------------------------------------------------------------------- /docs/source/samples_output/alpc_simple_alpc.txt: -------------------------------------------------------------------------------- 1 | (cmd) python alpc\simple_alpc.py 2 | [SERV] PORT <\RPC Control\PythonForWindowsPORT> CREATED 3 | Client pid = 15840 4 | [SERV] Message type = 0x300a 5 | [SERV] Received data: <> 6 | [SERV] Connection request 7 | [CLIENT] Connected: 8 | 9 | [SERV] Received message: 10 | [SERV] Message type = 0x3001 11 | [CLIENT] Response: 12 | BYE 13 | -------------------------------------------------------------------------------- /docs/source/samples_output/com_com_inetfwpolicy2.txt: -------------------------------------------------------------------------------- 1 | (cmd) python com\com_inetfwpolicy2.py 2 | Initialisation of COM 3 | Creating INetFwPolicy2 variable 4 | at 0x2925a3e2350> (value = None) 5 | 6 | Generating CLSID 7 | 8 | 9 | Creating COM instance 10 | (value = 0x2827524184096) 11 | 12 | Checking for enabled profiles 13 | * NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_DOMAIN(0x1) -> True 14 | * NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PRIVATE(0x2) -> True 15 | * NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PUBLIC(0x4) -> True 16 | -------------------------------------------------------------------------------- /docs/source/samples_output/com_icallinterceptor.txt: -------------------------------------------------------------------------------- 1 | (cmd) python com\icallinterceptor.py 2 | Hello from python sink ! 3 | Catching call to 4 | Info about parameters 0: 5 | * param0info.fIn -> 0x1 6 | * param0info.fOut -> 0x0 7 | * param0info.stackOffset -> 0x8 8 | * param0info.cbParam -> 0x8 9 | param0 value = 2 10 | Leaving the sink ! 11 | return value = 1234 12 | firewall enabled = VARIANT_BOOL(True) 13 | Testing a function taking a PTR to a COM interface 14 | Before call: ( at 0x1fb65de5550>, None) 15 | After call: (, 2179257488408) 16 | -------------------------------------------------------------------------------- /docs/source/samples_output/crypto_wintrust.txt: -------------------------------------------------------------------------------- 1 | (cmd) python crypto\wintrust.py 2 | Checking signature of 3 | is_signed: 4 | check_signature: <0> 5 | full_signature_information: 6 | * signed 7 | * catalog 8 | * catalogsigned 9 | * additionalinfo <0> 10 | Checking signature of some loaded DLL 11 | : True 12 | : True 13 | : True 14 | : True 15 | : True 16 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_attach.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\attach.py 2 | Finding process with pid <27576> 3 | Target is 4 | Debugger attached: 5 | 6 | NtCreateFile of <54203712>: handle = 0x1c8 7 | Handle manually found! typename=, name=<\Device\HarddiskVolume3\Windows\Globalization\Sorting\SortDefault.nls> 8 | 9 | NtCreateFile of <54268840>: handle = 0x1f0 10 | Handle manually found! typename=, name=<\Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat> 11 | 12 | NtCreateFile of <54280288>: handle = 0x200 13 | Handle manually found! typename=, name=<\Device\HarddiskVolume3\Windows\Branding\Basebrd\basebrd.dll> 14 | 15 | Exiting process 16 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_change_function_ret_value.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\change_function_ret_value.py 2 | [DEBUGGE] IsDebuggerPresent=42 3 | [DEBUGGE] IsDebuggerPresent=43 4 | [DEBUGGE] IsDebuggerPresent=44 5 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_debug_functionbp.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\debug_functionbp.py 2 | NtCreateFile of <50173784>: handle = 0x1c4 3 | Handle manually found! typename=, name=<\Device\HarddiskVolume3\Windows\Globalization\Sorting\SortDefault.nls> 4 | 5 | NtCreateFile of <50181528>: handle = 0x1ec 6 | Handle manually found! typename=, name=<\Device\HarddiskVolume3\Windows\Fonts\StaticCache.dat> 7 | 8 | NtCreateFile of <50195912>: handle = 0x1fc 9 | Handle manually found! typename=, name=<\Device\HarddiskVolume3\Windows\Branding\Basebrd\basebrd.dll> 10 | 11 | Exiting process 12 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_debugger_membp_singlestep.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\debugger_membp_singlestep.py 2 | Got exception EXCEPTION_BREAKPOINT(0x80000003) at 0x7ff8e5aebd44 3 | Got exception UNKNOW_EXCEPTION(0x4000001f) at 0x77e58727 4 | Instruction at <0xa50006> wrote at <0xa60000> 5 | Got single_step UNKNOW_EXCEPTION(0x4000001e) at 0xa5000c 6 | Got single_step UNKNOW_EXCEPTION(0x4000001e) at 0xa50011 7 | Instruction at <0xa50011> wrote at <0xa60004> 8 | Got single_step UNKNOW_EXCEPTION(0x4000001e) at 0xa50017 9 | Got single_step UNKNOW_EXCEPTION(0x4000001e) at 0xa5001c 10 | Got single_step UNKNOW_EXCEPTION(0x4000001e) at 0xa50022 11 | Got single_step UNKNOW_EXCEPTION(0x4000001e) at 0xa50023 12 | No more single step: exiting 13 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_debugger_on_setup.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\debugger_on_setup.py 2 | == With on_setup == 3 | Setup called: 4 | 5 | Process exit: 6 | 7 | == Without on_setup == 8 | Exception: EXCEPTION_BREAKPOINT(0x80000003L) 9 | 10 | Process exit: 11 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_debugger_print_LdrLoaddll.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\debugger_print_LdrLoaddll.py 2 | Got exception EXCEPTION_BREAKPOINT(0x80000003) at 0x7ff8e5aebd44 3 | Loading 4 | Got exception UNKNOW_EXCEPTION(0x4000001f) at 0x77e58727 5 | Loading 6 | Loading 7 | Loading 8 | Loading 9 | Loading 10 | Loading 11 | Loading 12 | Loading 13 | Loading 14 | Loading 15 | Loading 16 | Ask to load : exiting process 17 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_local_debugger.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\local_debugger.py 2 | Code addr = 0x25f8532000e 3 | GOT AN HXBP at 0x25f8532000e 4 | EXCEPTION !!!! Got a EXCEPTION_SINGLE_STEP(0x80000004) at 0x7ff8e377257d 5 | EXCEPTION !!!! Got a EXCEPTION_SINGLE_STEP(0x80000004) at 0x7ff8e5a6aa80 6 | EXCEPTION !!!! Got a EXCEPTION_SINGLE_STEP(0x80000004) at 0x7ff8e5aafde0 7 | EXCEPTION !!!! Got a EXCEPTION_SINGLE_STEP(0x80000004) at 0x7ff8e5aafdf4 8 | Done! 9 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_symbol_debugger.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\symbol_debugger.py 2 | Namespace(dbghelp=None) 3 | Breakpoint triggered at: ntdll!LdrpInitializeProcess 4 | 5 | 6 | Breakpoint triggered at: KERNELBASE!CreateFileInternal 7 | 8 | 9 | Breakpoint triggered at: KERNELBASE!CreateFileInternal 10 | 11 | 12 | Breakpoint triggered at: KERNELBASE!CreateFileInternal 13 | 14 | Quitting 15 | 16 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_symbol_processsymdemo.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\symbols\processsymdemo.py 2 | Namespace(dbghelp=None) 3 | Target is 4 | Some loaded modules are: 5 | * 6 | * 7 | * 8 | 9 | Resolving function 10 | Symbol found ! 11 | * __repr__: 12 | * __str__: advapi32!CreateServiceEx 13 | * addr: 0x7ff8e4b2d2e0 14 | * name: CreateServiceEx 15 | * fullname: advapi32!CreateServiceEx 16 | * module: 17 | -------------------------------------------------------------------------------- /docs/source/samples_output/debug_symbol_virtsymdemo.txt: -------------------------------------------------------------------------------- 1 | (cmd) python debug\symbols\virtsymdemo.py 2 | Namespace(dbghelp=None) 3 | Ntdll module is: 4 | * name = ntdll 5 | * addr = 0x420000 6 | * path = c:\windows\system32\ntdll.dll 7 | * type = 8 | * pdb = c:\Symbols\ntdll.pdb\8D5D5ED5D5B8AA609A82600C14E3004D1\ntdll.pdb 9 | 10 | Resolving function 11 | Symbol found ! 12 | * __repr__: 13 | * __str__: ntdll!LdrLoadDll 14 | * addr: 0x44a160 15 | * name: LdrLoadDll 16 | * fullname: ntdll!LdrLoadDll 17 | * module: 18 | 19 | Loading kernelbase 20 | Loaded modules are: [, ] 21 | Looking up address: 0x1231242 22 | Symbol resolved ! 23 | * __repr__: 24 | * __str__: kernelbase!PsspThunkWin32Nt_HANDLE_ENTRY+0x2 25 | * start: 0x1231240 26 | * addr: 0x1231242 27 | * displacement: 0x2 28 | * name: PsspThunkWin32Nt_HANDLE_ENTRY 29 | * fullname: kernelbase!PsspThunkWin32Nt_HANDLE_ENTRY+0x2 30 | * module: 31 | -------------------------------------------------------------------------------- /docs/source/samples_output/device_manager_device_manager.txt: -------------------------------------------------------------------------------- 1 | (cmd) python device_manager\device_manager.py 2 | Device manager is 3 | Enumerating the first 3 device classes 4 | * 5 | * 6 | * 7 | Finding device class 'System' 8 | * 9 | Enumerating some devices of 'System' 10 | * 11 | * 12 | Enumerating allocated resources: 13 | * 14 | * 15 | * 16 | Enumerating allocated resources: 17 | * 18 | * 19 | * 20 | -------------------------------------------------------------------------------- /docs/source/samples_output/etw_etw_enumeration.txt: -------------------------------------------------------------------------------- 1 | (cmd) python etw\etw_enumeration.py 2 | ETW Manager is: 3 | 4 | Listing some ETW sessions: 5 | * 6 | * name: AppModel 7 | * guid: A922A8BE-2450-438E-9520-FBCDFB46B0BD 8 | * id: 4 9 | * logfile: 10 | * 11 | * name: LwtNetLog 12 | * guid: 603BA31E-EC5A-4CDE-BE87-ED0A16C3B170 13 | * id: 14 14 | * logfile: C:\WINDOWS\System32\LogFiles\WMI\LwtNetLog.etl 15 | 16 | Looking for providers for: 17 | Found a provider/session for target: 18 | * Provider: 19 | * Instance: 20 | * Process: 21 | Found a provider/session for target: 22 | * Provider: 23 | * Instance: 24 | * Process: 25 | Found a provider/session for target: 26 | * Provider: 27 | * Instance: 28 | * Process: 29 | -------------------------------------------------------------------------------- /docs/source/samples_output/network_network.txt: -------------------------------------------------------------------------------- 1 | (cmd) python network\network.py 2 | Working on ipv4 3 | == Listening == 4 | Some listening connections: [, , ] 5 | Listening ports are : [80, 135, 445, 902, 912, 27036, 49664, 49665, 49666, 49667, 49671, 49673, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 1120, 5556, 6463, 22885, 22886, 27060, 49330, 49331, 49794, 49795, 49867, 52541, 57125, 57138, 65000, 65001, 139, 5556, 57046, 57109, 57110, 57143, 57144, 139, 5556, 139, 5556] 6 | == Established == 7 | Some established connections: [ 127.0.0.1:49488>, 127.0.0.1:52332>, 127.0.0.1:912>] 8 | == connection to localhost:80 == 9 | Our connection is [ 127.0.0.1:80>] 10 | Sending YOP 11 | Closing socket 12 | Sending LAIT 13 | Traceback (most recent call last): 14 | File "network\network.py", line 34, in 15 | s.send("LAIT") 16 | socket.error: [Errno 10054] An existing connection was forcibly closed by the remote host 17 | -------------------------------------------------------------------------------- /docs/source/samples_output/object_manager_findobj.txt: -------------------------------------------------------------------------------- 1 | (cmd) python object_manager\findobj.py 2 | Looking for object name containing 3 | * 4 | * 5 | * 6 | <\DriverStores\SYSTEM> -> STATUS_ACCESS_DENIED 7 | * -> <\Device\Mup\;MailslotRedirector> 8 | * 9 | <\Device\00000020> -> STATUS_ACCESS_DENIED 10 | <\Device\00000020> -> STATUS_ACCESS_DENIED 11 | <\Device\00000020> -> STATUS_ACCESS_DENIED 12 | <\Device\00000020> -> STATUS_ACCESS_DENIED 13 | <\Device\00000020> -> STATUS_ACCESS_DENIED 14 | <\KernelObjects\PrefetchTracesReady> -> STATUS_ACCESS_DENIED 15 | <\KnownDlls\powrprof.dll> -> STATUS_ACCESS_DENIED 16 | * 17 | * 18 | * 19 | <\Windows\SbApiPort> -> STATUS_ACCESS_DENIED 20 | <\Windows\SbApiPort> -> STATUS_ACCESS_DENIED 21 | <\Sessions\BNOLINKS\1> -> STATUS_ACCESS_DENIED 22 | <\Sessions\BNOLINKS\1> -> STATUS_ACCESS_DENIED 23 | <\Sessions\BNOLINKS\1> -> STATUS_ACCESS_DENIED 24 | -------------------------------------------------------------------------------- /docs/source/samples_output/object_manager_object_manager.txt: -------------------------------------------------------------------------------- 1 | (cmd) python object_manager\object_manager.py 2 | Object manager is 3 | Root object is 4 | 5 | Listing some of root-subobject: 6 | * PendingRenameMutex: 7 | * ObjectTypes: 8 | * storqosfltport: 9 | * MicrosoftMalwareProtectionRemoteIoPortWD: 10 | 11 | Retrieving <\Rpc Control\lsasspirpc>: 12 | Object is: 13 | * name: 14 | * path: <\Rpc Control> 15 | * fullname: <\Rpc Control\lsasspirpc> 16 | * type: 17 | * target: 18 | 19 | Looking for a SymbolicLink in 20 | Object is: 21 | * name: 22 | * target: <\Device\Harddisk0\Partition0> 23 | -------------------------------------------------------------------------------- /docs/source/samples_output/pipe_child_send_object.txt: -------------------------------------------------------------------------------- 1 | (cmd) python pipe\child_send_object.py 2 | Child is 3 | Created pipe is 4 | Receiving object from injected process 5 | Remote Address = 0x97a0000 6 | Querying memory in target at <0x97a0000> 7 | * 8 | Querying mapped file in target at <0x97a0000> 9 | * \Device\HarddiskVolume2\Users\hakril\Documents\projets\PythonForWindows\samples\tst.txt 10 | -------------------------------------------------------------------------------- /docs/source/samples_output/process_apisetmap.txt: -------------------------------------------------------------------------------- 1 | (cmd) python process\apisetmap.py 2 | Computer is a 3 | ApiSetMap: (version = 6) 4 | Entries in 'apisetmap_dict' are the full api-dll path extracted 5 | * apisetmap.apisetmap_dict['api-ms-win-core-processthreads-l1-1-3'] -> kernelbase.dll 6 | Entries in 'resolution_dict' are the contains the util-part check by windows 7 | * apisetmap.resolution_dict['api-ms-win-core-processthreads-l1-1-'] -> kernelbase.dll 8 | ApiSetMap.resolve resolve a api-dll based on the util part 9 | * apisetmap.resolve('api-ms-win-core-processthreads-l1-1-1') -> kernelbase.dll 10 | * apisetmap.resolve('api-ms-win-core-processthreads-l1-1-2') -> kernelbase.dll 11 | * apisetmap.resolve('api-ms-win-core-processthreads-l1-1-PART_IS_IGNORED') -> kernelbase.dll 12 | * apisetmap.resolve('BAD_DLL-3.dll') -> raised: KeyError('BAD_DLL-',) 13 | -------------------------------------------------------------------------------- /docs/source/samples_output/process_current_process.txt: -------------------------------------------------------------------------------- 1 | (cmd) python process\current_process.py 2 | current process is 3 | current process is a <64> bits process 4 | current process is a SysWow64 process ? 5 | current process pid <26976> and ppid <28256> 6 | Here are the current process threads: <[, , , ]> 7 | Let's execute some native code ! (0x41 + 1) 8 | Native code returned <0x42> 9 | Allocating memory in current process 10 | Allocated memory is at <0x1dd8d2f0000> 11 | Writing 'SOME STUFF' in allocation memory 12 | Reading memory : 13 | -------------------------------------------------------------------------------- /docs/source/samples_output/process_iat_hook.txt: -------------------------------------------------------------------------------- 1 | (cmd) python process\iat_hook.py 2 | Asking for 3 | Hook called | hKey = 0x12d687 | lpSubKey = 4 | Secret key asked, returning magic handle 0x12345678 5 | Result = 0x12345678 6 | 7 | Asking for 8 | Hook called | hKey = 0x12d687 | lpSubKey = 9 | Asked for a failing key: returning 0x2a 10 | WindowsError(42, 'Windows Error 0x2A') 11 | 12 | Asking for 13 | Hook called | hKey = 0x80000001L | lpSubKey = 14 | Non-secret key : calling normal function 15 | Result = 0x428 16 | -------------------------------------------------------------------------------- /docs/source/samples_output/process_msstore_interpreter_remote_python.txt: -------------------------------------------------------------------------------- 1 | PS C:\Users\hakril\PythonForWindows> py .\samples\process\msstore_interpreter_remote_python.py 2 | Executable is: C:\Users\hakril\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.13_qbz5n2kfra8p0\python.exe 3 | Trying normal execute_python() 4 | Exception during proc1.execute_python(): 5 | InjectionFailedError('Injection of failed') 6 | Trying mspython workaround: 7 | Executing python code! 8 | Injecting: C:\Users\hakril\AppData\Local\Temp\pfw_dllcache\vcruntime140.dll 9 | Injecting: C:\Users\hakril\AppData\Local\Temp\pfw_dllcache\python313.dll 10 | Executing more python code! 11 | Executing an error python code! 12 | Expected error during safe_execute_python 13 | b'Traceback (most recent call last):\n File "", line 1, in \nNameError: name \'BAD_VARIABLE\' is not defined\n' 14 | Sleeping a little 15 | Killing target process ! -------------------------------------------------------------------------------- /docs/source/samples_output/process_peb.txt: -------------------------------------------------------------------------------- 1 | (cmd) python process\peb.py 2 | Exploring the current process PEB 3 | PEB is <> 4 | Commandline object is <_LSA_UNICODE_STRING "C:\Python27\python.exe process\peb.py" at 0x5a6f8a0> 5 | Commandline string is 47063282 6 | Imagepath <_LSA_UNICODE_STRING "C:\Python27\python.exe" at 0x5a6f990> 7 | Printing some modules: 8 | 9 | 10 | 11 | 12 | 13 | === K32 === 14 | Looking for kernel32.dll 15 | Kernel32 module: 16 | Module name = | Fullname = 17 | Kernel32 is loaded at address 0x76930000 18 | === K32 PE === 19 | PE Representation of k32: 20 | Here are some exports {0: 1989445168L, 'CreateFileA': 1989795280L, 42: 1989636592L, 'VirtualAlloc': 1989437552L} 21 | Import DLL dependancies are (without api-*): ['kernelbase.dll', 'ntdll.dll'] 22 | IAT Entry for ntdll!NtCreateFile = | addr = 0x769a1a28L 23 | Sections: [, , , , ] 24 | -------------------------------------------------------------------------------- /docs/source/samples_output/process_veh_segv.txt: -------------------------------------------------------------------------------- 1 | (cmd) python process\veh_segv.py 2 | Protected page is at <0x289b6bc0000> 3 | Setting page protection to 4 | 5 | ==Entry of VEH handler== 6 | Instr at 0x7ff8bda3e718 accessed to addr 0x289b6bc0000 7 | Resetting page protection to 8 | ==Entry of VEH handler== 9 | Exception of type EXCEPTION_SINGLE_STEP(0x80000004) 10 | Resetting page protection to 11 | Value 1 read 12 | 13 | ==Entry of VEH handler== 14 | Instr at 0x7ff8bda3e718 accessed to addr 0x289b6bc0010 15 | Resetting page protection to 16 | ==Entry of VEH handler== 17 | Exception of type EXCEPTION_SINGLE_STEP(0x80000004) 18 | Resetting page protection to 19 | Value 2 read 20 | -------------------------------------------------------------------------------- /docs/source/samples_output/registry_registry.txt: -------------------------------------------------------------------------------- 1 | (cmd) python registry\registry.py 2 | Registry is <> 3 | HKEY_CURRENT_USER is <> 4 | HKEY_CURRENT_USER subkeys names are: 5 | ['AppEvents', 6 | 'AppXBackupContentType', 7 | 'Console', 8 | 'Control Panel', 9 | 'Environment', 10 | 'EUDC', 11 | 'Keyboard Layout', 12 | 'Network', 13 | 'Printers', 14 | 'Software', 15 | 'System', 16 | 'Uninstall', 17 | 'Volatile Environment'] 18 | Opening 'Software' in HKEY_CURRENT_USER: 19 | We can also open it in one access: 20 | Looking at CurrentVersion 21 | Key is 22 | values are: 23 | [KeyValue(name='SoftwareType', value=u'System', type=1), 24 | KeyValue(name='RegisteredOwner', value=u'hakril', type=1), 25 | ... 26 | KeyValue(name='PathName', value=u'C:\\WINDOWS', type=1)] 27 | registered owner = 28 | -------------------------------------------------------------------------------- /docs/source/samples_output/rpc_lsass.txt: -------------------------------------------------------------------------------- 1 | (cmd) python rpc\lsass.py 2 | (2, u'SeCreateTokenPrivilege') 3 | (3, u'SeAssignPrimaryTokenPrivilege') 4 | (4, u'SeLockMemoryPrivilege') 5 | (5, u'SeIncreaseQuotaPrivilege') 6 | (6, u'SeMachineAccountPrivilege') 7 | (7, u'SeTcbPrivilege') 8 | (8, u'SeSecurityPrivilege') 9 | (9, u'SeTakeOwnershipPrivilege') 10 | (10, u'SeLoadDriverPrivilege') 11 | (11, u'SeSystemProfilePrivilege') 12 | (12, u'SeSystemtimePrivilege') 13 | (13, u'SeProfileSingleProcessPrivilege') 14 | (14, u'SeIncreaseBasePriorityPrivilege') 15 | (15, u'SeCreatePagefilePrivilege') 16 | (16, u'SeCreatePermanentPrivilege') 17 | (17, u'SeBackupPrivilege') 18 | (18, u'SeRestorePrivilege') 19 | (19, u'SeShutdownPrivilege') 20 | (20, u'SeDebugPrivilege') 21 | (21, u'SeAuditPrivilege') 22 | (22, u'SeSystemEnvironmentPrivilege') 23 | (23, u'SeChangeNotifyPrivilege') 24 | (24, u'SeRemoteShutdownPrivilege') 25 | (25, u'SeUndockPrivilege') 26 | (26, u'SeSyncAgentPrivilege') 27 | (27, u'SeEnableDelegationPrivilege') 28 | (28, u'SeManageVolumePrivilege') 29 | (29, u'SeImpersonatePrivilege') 30 | (30, u'SeCreateGlobalPrivilege') 31 | (31, u'SeTrustedCredManAccessPrivilege') 32 | (32, u'SeRelabelPrivilege') 33 | (33, u'SeIncreaseWorkingSetPrivilege') 34 | (34, u'SeTimeZonePrivilege') 35 | (35, u'SeCreateSymbolicLinkPrivilege') 36 | (36, u'SeDelegateSessionUserImpersonatePrivilege') 37 | -------------------------------------------------------------------------------- /docs/source/samples_output/scheduled_task_scheduled_task.txt: -------------------------------------------------------------------------------- 1 | (cmd) python scheduled_tasks\scheduled_task.py 2 | Task scheduler is 3 | Root folder is 4 | Listing sub folders 5 | * 6 | * 7 | * 8 | Manually opening subfolder <\Microsoft\Windows\AppID> 9 | Working into 10 | * PolicyConverter 11 | * SmartScreenSpecific 12 | * VerifiedPublisherCertStoreCheck 13 | 14 | Analysing task 15 | * Name: 16 | * Path: <\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck> 17 | * Definition: <> 18 | Listing actions: 19 | * Action: <> 20 | * Type: 21 | * path: <%windir%\system32\appidcertstorecheck.exe> 22 | * arguments: 23 | Listing triggers: 24 | * Trigger type: 25 | 26 | Creating folder 27 | Demo folder is 28 | Creating Task definition 29 | Registering task definition as in <> 30 | Created task is 31 | Deleting the demo task 32 | Deleting the demo folder 33 | -------------------------------------------------------------------------------- /docs/source/samples_output/security_query_sacl.txt: -------------------------------------------------------------------------------- 1 | (cmd) python security\query_sacl.py 2 | This sample should be run as admin to demonstration SACL access 3 | 4 | [NO-PRIV] Querying SecurityDescriptor without SACL 5 | sacl = 6 | 7 | [NO-PRIV] Querying SecurityDescriptor with SACL 8 | None: [Error 1314] A required privilege is not held by the client. 9 | 10 | Enabling 11 | [ERROR] has no privilege 12 | 13 | 14 | (cmd-admin) python security\query_sacl.py 15 | 16 | [NO-PRIV] Querying SecurityDescriptor without SACL 17 | sacl = 18 | 19 | [NO-PRIV] Querying SecurityDescriptor with SACL 20 | None: [Error 1314] A required privilege is not held by the client. 21 | 22 | Enabling 23 | 24 | [PRIV] Querying SecurityDescriptor with SACL 25 | sacl = 26 | [] -------------------------------------------------------------------------------- /docs/source/samples_output/security_security_descriptor.txt: -------------------------------------------------------------------------------- 1 | (cmd) python security\security_descriptor.py 2 | Security descriptor is: O:BAG:AND:(A;OI;CCDCLCSWRPWPRCWDWOGA;;;S-1-0-0)(D;CIIO;CCDCLCSWRPWPRCWDWOGA;;;S-1-0-0) 3 | Owner: S-1-5-32-544 4 | - lookup: ('BUILTIN', 'Administrators') 5 | Group: S-1-5-7 6 | - lookup: ('NT AUTHORITY', 'ANONYMOUS LOGON') 7 | Dacl: 8 | 9 | ACE [0]: 10 | - Header-AceType: ACCESS_ALLOWED_ACE_TYPE(0x0) 11 | - Header-AceFlags: 1 12 | - Header-flags: [OBJECT_INHERIT_ACE(0x1)] 13 | - Mask: 269353023 14 | - mask: [1, 2, 4, 8, 16, 32, READ_CONTROL(0x20000), WRITE_DAC(0x40000), WRITE_OWNER(0x80000), GENERIC_ALL(0x10000000)] 15 | - Sid: S-1-0-0 16 | 17 | ACE [1]: 18 | - Header-AceType: ACCESS_DENIED_ACE_TYPE(0x1) 19 | - Header-AceFlags: 10 20 | - Header-flags: [CONTAINER_INHERIT_ACE(0x2), INHERIT_ONLY_ACE(0x8)] 21 | - Mask: 269353023 22 | - mask: [1, 2, 4, 8, 16, 32, READ_CONTROL(0x20000), WRITE_DAC(0x40000), WRITE_OWNER(0x80000), GENERIC_ALL(0x10000000)] 23 | - Sid: S-1-0-0 24 | -------------------------------------------------------------------------------- /docs/source/samples_output/service_service_demo.txt: -------------------------------------------------------------------------------- 1 | (cmd) python service\service_demo.py 2 | Listing the first 3 services: 3 | * 4 | * 5 | * 6 | 7 | Retriving service 8 | 9 | - name: 'TapiSrv' 10 | - description: 'Telephony' 11 | - state: SERVICE_STOPPED(0x1) 12 | - type: 48L 13 | - process: None 14 | - security-description: O:SYG:SYD:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPLOCRRC;;;IU)(A;;CCLCSWRPLOCRRC;;;SU) 15 | Trying to start the service 16 | Service started ! 17 | 18 | - state: SERVICE_RUNNING(0x4) 19 | - process: 20 | -------------------------------------------------------------------------------- /docs/source/samples_output/token_token_demo.txt: -------------------------------------------------------------------------------- 1 | (cmd) python token\token_demo.py 2 | Our process token is 3 | Retrieving some infos 4 | Username: 5 | User: 6 | - lookup : ('WILLIE', 'hakril') 7 | Primary group: 8 | - lookup : ('WILLIE', 'Aucun') 9 | 10 | Token Groups is 11 | First group SID is 12 | Some sid and attributes: 13 | - S-1-5-21-184905214-2723199098-2761450773-513: 7 14 | - S-1-1-0: 7 15 | - S-1-5-114: 16 16 | 17 | Duplicate token is 18 | Enabling 19 | Current thread token is 20 | Setting impersonation token ! 21 | Current thread token is 22 | -------------------------------------------------------------------------------- /docs/source/samples_output/wmi_create_process.txt: -------------------------------------------------------------------------------- 1 | (cmd) python wmi\create_process.py 2 | WMI namespace is <> 3 | Process class is 4 | Method Create InParams is <> 5 | Method Create InParams properties are <['CommandLine', 'CurrentDirectory', 'ProcessStartupInformation']> 6 | Creating instance of inparam 7 | InParam instance is <> 8 | Setting 9 | Executing method 10 | OutParams is 11 | Out params values are: ['ProcessId', 'ReturnValue'] 12 | Created process is 13 | Waiting 1s 14 | Killing the process 15 | -------------------------------------------------------------------------------- /docs/source/samples_output/wmi_wmi_request.txt: -------------------------------------------------------------------------------- 1 | (cmd) python wmi\wmi_request.py 2 | WMI requester is 3 | Selecting * from 'Win32_Process' 4 | They are <329> processes 5 | Looking for ourself via pid 6 | Some info about our process: 7 | * Name -> python.exe 8 | * ProcessId -> 28460 9 | * OSName -> Microsoft Windows 11 Pro|C:\Windows|\Device\Harddisk0\Partition3 10 | * UserModeTime -> 0 11 | * WindowsVersion -> 10.0.22631 12 | * CommandLine -> C:\Users\cleme\AppData\Local\Programs\Python\Python311\python.exe wmi\wmi_request.py 13 |