├── unitracer
    ├── lib
    │   ├── __init__.py
    │   ├── windows
    │   │   ├── __init__.py
    │   │   ├── hooks
    │   │   │   ├── tool
    │   │   │   │   ├── __init__.py
    │   │   │   │   ├── hook.py
    │   │   │   │   └── generator
    │   │   │   ├── urlmon.py
    │   │   │   ├── __init__.py
    │   │   │   ├── advapi32.py
    │   │   │   └── kernel32.py
    │   │   ├── dll
    │   │   │   ├── ntdll.dll
    │   │   │   ├── urlmon.dll
    │   │   │   ├── user32.dll
    │   │   │   ├── advapi32.dll
    │   │   │   ├── kernel32.dll
    │   │   │   └── KernelBase.dll
    │   │   ├── amd64
    │   │   │   ├── __init__.py
    │   │   │   ├── psapi.py
    │   │   │   ├── shlwapi.py
    │   │   │   ├── shell32.py
    │   │   │   ├── wtsapi32.py
    │   │   │   ├── dbghelp.py
    │   │   │   ├── gdi32.py
    │   │   │   ├── ntdll.py
    │   │   │   └── context_i386.py
    │   │   └── i386
    │   │   │   ├── __init__.py
    │   │   │   ├── psapi.py
    │   │   │   ├── shlwapi.py
    │   │   │   ├── shell32.py
    │   │   │   ├── wtsapi32.py
    │   │   │   ├── dbghelp.py
    │   │   │   ├── gdi32.py
    │   │   │   ├── ntdll.py
    │   │   │   └── context_i386.py
    │   ├── util.py
    │   └── segment.py
    ├── __init__.py
    ├── unitracer.py
    └── windows.py
├── .gitignore
├── samples
    ├── Wincalc.sc
    ├── AntiDebug.exe
    ├── Downloader.exe
    └── URLDownloadToFile.sc
├── .gitmodules
├── test.py
├── example.py
├── LICENSE
└── README.md


/unitracer/lib/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/hooks/tool/__init__.py:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | *.swp
2 | *.pyc
3 | .python-version
4 | 


--------------------------------------------------------------------------------
/samples/Wincalc.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/samples/Wincalc.sc


--------------------------------------------------------------------------------
/unitracer/__init__.py:
--------------------------------------------------------------------------------
1 | from .windows import Windows
2 | 
3 | __all__ = ["Windows"]
4 | 


--------------------------------------------------------------------------------
/samples/AntiDebug.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/samples/AntiDebug.exe


--------------------------------------------------------------------------------
/samples/Downloader.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/samples/Downloader.exe


--------------------------------------------------------------------------------
/samples/URLDownloadToFile.sc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/samples/URLDownloadToFile.sc


--------------------------------------------------------------------------------
/unitracer/lib/windows/dll/ntdll.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/unitracer/lib/windows/dll/ntdll.dll


--------------------------------------------------------------------------------
/unitracer/lib/windows/dll/urlmon.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/unitracer/lib/windows/dll/urlmon.dll


--------------------------------------------------------------------------------
/unitracer/lib/windows/dll/user32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/unitracer/lib/windows/dll/user32.dll


--------------------------------------------------------------------------------
/unitracer/lib/windows/dll/advapi32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/unitracer/lib/windows/dll/advapi32.dll


--------------------------------------------------------------------------------
/unitracer/lib/windows/dll/kernel32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/unitracer/lib/windows/dll/kernel32.dll


--------------------------------------------------------------------------------
/.gitmodules:
--------------------------------------------------------------------------------
1 | [submodule "unitracer/lib/windows/pe"]
2 | 	path = unitracer/lib/windows/pe
3 | 	url = https://github.com/icchy/pe
4 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/dll/KernelBase.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/icchy/tracecorn/HEAD/unitracer/lib/windows/dll/KernelBase.dll


--------------------------------------------------------------------------------
/test.py:
--------------------------------------------------------------------------------
 1 | import unitracer
 2 | 
 3 | 
 4 | def test_uni():
 5 |     uni = unitracer.Windows()
 6 |     uni.load_code(open('./samples/URLDownloadToFile.sc').read())
 7 |     # uni.load_pe('./samples/AntiDebug.exe')
 8 |     uni.verbose = False
 9 |     uni.start(0)
10 | 
11 | test_uni()
12 | 


--------------------------------------------------------------------------------
/unitracer/lib/util.py:
--------------------------------------------------------------------------------
 1 | import struct
 2 | from io import BytesIO
 3 | 
 4 | 
 5 | p8  = lambda x:struct.pack("<B", x)
 6 | u8  = lambda x:struct.unpack("<B", x)[0]
 7 | p16 = lambda x:struct.pack("<H", x)
 8 | u16 = lambda x:struct.unpack("<H", x)[0]
 9 | p32 = lambda x:struct.pack("<I", x)
10 | u32 = lambda x:struct.unpack("<I", x)[0]
11 | p64 = lambda x:struct.pack("<Q", x)
12 | u64 = lambda x:struct.unpack("<Q", x)[0]
13 | 
14 | 
15 | def align(addr, alignment=0x1000):
16 |     mask = ((1<<64)-1) & -alignment
17 |     return (addr + (alignment-1)) & mask
18 | 
19 | 
20 | def struct2str(s):
21 |     return BytesIO(s).read()
22 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/hooks/urlmon.py:
--------------------------------------------------------------------------------
 1 | from unicorn.x86_const import *
 2 | 
 3 | 
 4 | hooks = None
 5 | hooks = set(vars().keys())
 6 | 
 7 | def URLDownloadToFileA(ut):
 8 |     retaddr = ut.popstack()
 9 |     pCaller = ut.popstack()
10 |     szURL = ut.popstack()
11 |     szURL_s = ut.getstr(szURL)
12 |     szFileName = ut.popstack()
13 |     szFileName_s = ut.getstr(szFileName)
14 |     dwReserved = ut.popstack()
15 |     lpfnCB = ut.popstack()
16 | 
17 |     print 'URLDownloadToFileA (pCaller=0x{0:x}, szURL="{1}", szFileName="{2}", lpfnCB=0x{3:x})'.format(pCaller, szURL_s, szFileName_s, lpfnCB)
18 |     ut.emu.reg_write(UC_X86_REG_EAX, 0)
19 |     ut.pushstack(retaddr)
20 | 
21 | hooks = set(vars().keys()).difference(hooks)
22 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/hooks/tool/hook.py:
--------------------------------------------------------------------------------
 1 | class Hook(object):
 2 |     def __init__(self, name, restype, argtypes):
 3 |         self.name = name
 4 |         self.restype = restype
 5 |         self.argtypes = argtypes
 6 | 
 7 |     def hook(self, ut):
 8 |         args = []
 9 |         retaddr = ut.getstack(0)
10 |         idx = 1
11 |         for t, n in self.argtypes:
12 |             val = ut.getstack(idx)
13 |             if t in []:
14 |                 if val == 0:
15 |                     args.append("0x{0:08x}".format(val))
16 |                 else:
17 |                     args.append('"{}"'.format(ut.getstr(val)))
18 |             else:
19 |                 args.append("0x{0:08x}".format(val))
20 |             idx += 1
21 |         print("Unhooked function: {} ({})".format(self.name, ', '.join(args)))
22 | 


--------------------------------------------------------------------------------
/example.py:
--------------------------------------------------------------------------------
 1 | import unitracer
 2 | from unicorn.x86_const import *
 3 | 
 4 | 
 5 | uni = unitracer.Windows()
 6 | 
 7 | # add search path for dll
 8 | uni.dll_path.insert(0, "dlls")
 9 | 
10 | # change stack
11 | uni.STACK_BASE = 0x60000000
12 | uni.STACK_SIZE = 0x10000
13 | 
14 | # load binary
15 | uni.load_pe('./samples/AntiDebug.exe')
16 | # uni.load_code(open('./samples/URLDownloadToFile.sc').read())
17 | 
18 | # add api hooks
19 | def IsDebuggerPresent(ut):
20 |     emu = ut.emu
21 |     retaddr = ut.popstack()
22 |     print "IsDebuggerPresent"
23 |     emu.reg_write(UC_X86_REG_EAX, 0)
24 |     ut.pushstack(retaddr)
25 | 
26 | uni.api_hooks['IsDebuggerPresent'] = IsDebuggerPresent
27 | 
28 | # add original hooks
29 | def myhook(ut, address, size, userdata):
30 |     if address == 0xdeadbeef:
31 |         ut.dumpregs(["eax", "ebx"])
32 | 
33 | uni.hooks.append(myhook)
34 | 
35 | # suppress verbose output (disassemble)
36 | uni.verbose = False
37 | 
38 | uni.start(0)
39 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/hooks/__init__.py:
--------------------------------------------------------------------------------
 1 | from ..i386 import *
 2 | 
 3 | import importlib
 4 | import os
 5 | import sys
 6 | 
 7 | sys.path.append(os.path.dirname(__file__)) 
 8 | 
 9 | hooks = None
10 | hooks = set(vars().keys())
11 | 
12 | # load default hook
13 | from .tool.basehook import *
14 | 
15 | 
16 | # load defined hooks
17 | for f in os.listdir(os.path.dirname(__file__)):
18 |     if not f.endswith('.py') or f == '__init__.py':
19 |         continue
20 |     name = f[:-3]
21 |     m = importlib.import_module('.'.join(['unitracer', 'lib', 'windows', 'hooks', name]))
22 |     for n in getattr(m, 'hooks'):
23 |         mn = n # module name
24 |         if n not in vars().keys():
25 |             # check function for Unicode or ANSI Strings
26 |             if mn + 'A' in vars().keys() or mn + 'W' in vars().keys():
27 |                 mn += 'A' # force convert to ANSI Strings
28 |             else:
29 |                 continue
30 |         globals()[mn].hook = getattr(m, n)
31 | 
32 | 
33 | hooks = set(vars().keys()).difference(hooks)
34 | hooks = [_x for _x in hooks if not _x.startswith('_')]
35 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2017 Ryo ICHIKAWA
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # unitracer
 2 | Windows API tracer for malware
 3 | 
 4 |  * based on [Dutas](https://github.com/dungtv543/Dutas) and [PyAna](https://github.com/PyAna/PyAna)
 5 | 
 6 | ## Requirements
 7 |  * Unicorn 1.0
 8 |  * Capstone
 9 |  * some dlls
10 | 
11 | ## Features
12 |  * Windows API trace/hook
13 |  * setup special data of TIB, PEB, LDR...
14 |  * using [original PE parser](https://github.com/icchy/pe) (faster than pefile)
15 | 
16 | ## Usage
17 | ```python
18 | import unitracer
19 | from unicorn.x86_const import *
20 | 
21 | 
22 | uni = unitracer.Windows()
23 | 
24 | # add search path for dll
25 | uni.dll_path.insert(0, "dlls")
26 | 
27 | # change stack
28 | uni.STACK_BASE = 0x60000000
29 | uni.STACK_SIZE = 0x10000
30 | 
31 | # load binary
32 | uni.load_pe('./samples/AntiDebug.exe')
33 | # uni.load_code(open('./samples/URLDownloadToFile.sc').read())
34 | 
35 | # add api hooks
36 | def IsDebuggerPresent(ut):
37 |     emu = ut.emu
38 |     retaddr = ut.popstack()
39 |     print "IsDebuggerPresent"
40 |     emu.reg_write(UC_X86_REG_EAX, 0)
41 |     ut.pushstack(retaddr)
42 | 
43 | uni.api_hooks['IsDebuggerPresent'] = IsDebuggerPresent
44 | 
45 | # add original hooks
46 | def myhook(ut, address, size, userdata):
47 |     if address == 0xdeadbeef:
48 |         ut.dumpregs(["eax", "ebx"])
49 | 
50 | uni.hooks.append(myhook)
51 | 
52 | # suppress verbose output (disassemble)
53 | uni.verbose = False
54 | 
55 | uni.start(0)
56 | ```
57 | 
58 | ## Sample
59 |  * running `samples/URLDownloadToFile.sc`
60 |  ![sample](http://imgur.com/AHzR1ZJ.png)
61 | 
62 | ## TODO
63 |  * 64 bit
64 |  * etc...
65 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/hooks/advapi32.py:
--------------------------------------------------------------------------------
 1 | from unicorn.x86_const import *
 2 | import importlib
 3 | 
 4 | 
 5 | hooks = None
 6 | hooks = set(vars().keys())
 7 | 
 8 | def RegCreateKeyA(ut):
 9 |     retaddr = ut.popstack()
10 |     hKey = ut.popstack()
11 |     lpSubKey = ut.popstack()
12 |     phkResult = ut.popstack()
13 | 
14 |     print 'RegCreateKeyA (hKey=0x{0:x}, lpSubkey="{1}", phkResult=0x{2:x})'.format(hKey, ut.getstr(lpSubKey), phkResult)
15 |     ut.emu.mem_write(phkResult, ut.pack(0x12341234))
16 |     ut.emu.reg_write(UC_X86_REG_EAX, 0)
17 |     ut.pushstack(retaddr)
18 | 
19 | 
20 | def RegSetValueExA(ut):
21 |     retaddr = ut.popstack()
22 |     hKey = ut.popstack()
23 |     lpValueName = ut.popstack()
24 |     _ = ut.popstack()
25 |     dwType = ut.popstack()
26 |     lpData = ut.popstack()
27 |     cbData = ut.popstack()
28 | 
29 |     dwType_s = None
30 |     m = importlib.import_module('advapi32', package="..i386")
31 |     for n in dir(m):
32 |         if n.startswith('REG_'):
33 |             if getattr(m, n) == dwType:
34 |                 dwType_s = n
35 | 
36 |     print 'RegSetValueExA (hKey=0x{0:x}, lpValueName="{1}", dwType={2}, lpData="{3}", cbData={4})'.format(hKey, ut.getstr(lpValueName), dwType_s, ut.getstr(lpData), cbData)
37 |     ut.emu.reg_write(UC_X86_REG_EAX, 0)
38 |     ut.pushstack(retaddr)
39 | 
40 | 
41 | def RegCloseKey(ut):
42 |     retaddr = ut.popstack()
43 |     hKey = ut.popstack()
44 | 
45 |     print 'RegCloseKey (hKey=0x{0:x})'.format(hKey)
46 |     ut.emu.reg_write(UC_X86_REG_EAX, 0)
47 |     ut.pushstack(retaddr)
48 | 
49 | hooks = set(vars().keys()).difference(hooks)
50 | hooks = [_x for _x in hooks if not _x.startswith('_')]
51 | 


--------------------------------------------------------------------------------
/unitracer/lib/segment.py:
--------------------------------------------------------------------------------
 1 | from unicorn.x86_const import *
 2 | 
 3 | from .util import *
 4 | 
 5 | 
 6 | class GDT_32(object):
 7 |     def __init__(self, emu, gdt_base, size):
 8 |         emu.mem_map(gdt_base, align(size))
 9 |         emu.reg_write(UC_X86_REG_GDTR, (0, gdt_base, size, 0x0))
10 |         self.emu = emu
11 |         self.gdt_base = gdt_base
12 | 
13 |     @staticmethod
14 |     def _gdt_entry(base, limit, flags):
15 |         #  0:15 -> limit 0:15
16 |         # 16:31 -> base 0:15
17 |         # 32:39 -> base 16:23
18 |         # 40:47 -> access
19 |         # 48:51 -> limit 16:19
20 |         # 52:55 -> flags
21 |         # 56:63 -> base 24:31
22 | 
23 |         entry  = limit & 0xffff
24 |         entry |= (base & 0xffff) << 16
25 |         entry |= ((base >> 16) & 0xff) << 32
26 |         entry |= (flags & 0xff) << 40
27 |         entry |= ((limit >> 16) & 0xf) << 48
28 |         entry |= ((flags >> 8) & 0xf) << 52
29 |         entry |= ((base >> 24) & 0xff) << 56
30 |         return struct.pack("<Q", entry)
31 | 
32 |     @staticmethod
33 |     def gdt_entry_flags(gr, sz, pr, privl, ex, dc, rw, ac):
34 |         flags =  ac & 1
35 |         flags |= (rw & 1) << 1
36 |         flags |= (dc & 1) << 2
37 |         flags |= (ex & 1) << 3
38 |         flags |= 1 << 4
39 |         flags |= (privl & 0b11) << 5
40 |         flags |= (pr & 1) << 7
41 |         flags |= (sz & 1) << 10
42 |         flags |= (gr & 1) << 11
43 |         return flags
44 | 
45 |     @staticmethod
46 |     def _seg_selector(index, ti, rpl):
47 |         #  0: 1 -> rpl
48 |         #  2: 2 -> ti
49 |         #  3:15 -> index
50 | 
51 |         sel  = rpl
52 |         sel |= ti << 2
53 |         sel |= index << 3
54 |         return sel
55 | 
56 |     def set_entry(self, index, base, limit, flags, ti=0, rpl=3):
57 |         emu = self.emu
58 |         gdt_base = self.gdt_base
59 | 
60 |         emu.mem_write(gdt_base+index*8, self._gdt_entry(base, limit, flags))
61 |         return self._seg_selector(index, ti, rpl)
62 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/hooks/tool/generator:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python2
 2 | 
 3 | import os
 4 | 
 5 | LIBLLVM_PATH = '/usr/local/Cellar/llvm/3.6.2/lib'
 6 | LIBLLVM_PYTHON_PATH = os.path.join(LIBLLVM_PATH, 'python2.7/site-packages')
 7 | 
 8 | import sys
 9 | sys.path.append(LIBLLVM_PYTHON_PATH)
10 | 
11 | from clang.cindex import Index
12 | from clang.cindex import Config
13 | 
14 | Config.set_library_path(LIBLLVM_PATH)
15 | 
16 | 
17 | 
18 | def print_node_tree(node, depth=0):
19 |     print node.kind.name, node.spelling, node.location.line
20 |     for child in node.get_children():
21 |         sys.stdout.write("  "*depth)
22 |         print_node_tree(child, depth+1)
23 | 
24 | 
25 | def extract_func(node):
26 |     res = dict()
27 |     for c in node.get_children():
28 |         if '__attribute__((stdcall))' in c.type.spelling:
29 |             if c.kind.name == 'FUNCTION_DECL':
30 |                 res[c.spelling] = get_func(c)
31 |     return res
32 | 
33 | def get_func(node):
34 |     assert node.kind.name == 'FUNCTION_DECL'
35 |     ret = dict()
36 |     ret['ret'] = node.result_type.spelling
37 |     ret['args'] = list()
38 |     for c in node.get_arguments():
39 |         ret['args'].append([c.type.spelling, c.spelling])
40 |     return ret
41 | 
42 | def search_func(node, funcname):
43 |     for c in node.get_children():
44 |         if c.kind.name == 'FUNCTION_DECL' and c.displayname.startswith(funcname):
45 |             return c
46 |         else:
47 |             return search_func(c, funcname)
48 | 
49 | 
50 | MINGW_HEADER_DIR = '/Users/icchy/Downloads/mingw-w64-v3.1.0/mingw-w64-headers/include/'
51 | LICENSE = os.path.join(MINGW_HEADER_DIR, '..', '..', 'COPYING')
52 | 
53 | index = Index.create()
54 | 
55 | # winbase_h = os.path.join(MINGW_HEADER_DIR, 'winbase.h')
56 | # windows_h = os.path.join(MINGW_HEADER_DIR, 'windows.h')
57 | 
58 | 
59 | # cd MINGW_HEADER_DIR && clang -E -I ../crt -I ../include windows.h > all.h
60 | all_h = os.path.join(MINGW_HEADER_DIR, 'all.h')
61 | tu = index.parse(all_h)
62 | 
63 | 
64 | # sys.exit(1)
65 | 
66 | apis = extract_func(tu.cursor)
67 | 
68 | print 'from .hook import Hook'
69 | print ''
70 | 
71 | # print ''
72 | # print "'''"
73 | # print open(LICENSE).read()
74 | # print "'''"
75 | # print ''
76 | 
77 | for api in apis:
78 |     args = apis[api]['args']
79 |     ret = apis[api]['ret']
80 |     print "{} = Hook({}, {}, {})".format(api, repr(api), repr(ret), repr(args))
81 | 


--------------------------------------------------------------------------------
/unitracer/unitracer.py:
--------------------------------------------------------------------------------
 1 | from unicorn.x86_const import *
 2 | 
 3 | from .lib.util import *
 4 | 
 5 | 
 6 | class Unitracer(object):
 7 |     regmap = {
 8 |         'ax': [UC_X86_REG_EAX, UC_X86_REG_RAX],
 9 |         'bx': [UC_X86_REG_EBX, UC_X86_REG_RBX],
10 |         'cx': [UC_X86_REG_ECX, UC_X86_REG_RCX],
11 |         'dx': [UC_X86_REG_EDX, UC_X86_REG_RDX],
12 |         'di': [UC_X86_REG_EDI, UC_X86_REG_RDI],
13 |         'si': [UC_X86_REG_ESI, UC_X86_REG_RSI],
14 |         'bp': [UC_X86_REG_EBP, UC_X86_REG_RBP],
15 |         'sp': [UC_X86_REG_ESP, UC_X86_REG_RSP],
16 |         'ip': [UC_X86_REG_EIP, UC_X86_REG_RIP],
17 |     }
18 | 
19 |     def __init__(self, mem_size = 15*1024*1024):
20 |         raise NotImplementedError
21 | 
22 |     def _hook_code(self, uc, address, size, userdata):
23 |         raise NotImplementedError
24 | 
25 |     def pack(self, x):
26 |         return {32: p32, 64: p64}[self.bits](x)
27 | 
28 |     def unpack(self, x):
29 |         return {32: u32, 64: u64}[self.bits](x)
30 | 
31 |     def getstack(self, idx):
32 |         sp = self.getSP()
33 |         data = self.emu.mem_read(sp+(idx*self.bytes), self.bytes)
34 |         return self.unpack(data)
35 | 
36 |     def setstack(self, idx, val):
37 |         sp = self.getSP()
38 |         self.emu.mem_write(sp+(idx*self.bytes), self.pack(val))
39 | 
40 |     def popstack(self):
41 |         sp = self.getSP()
42 |         data = self.getstack(0)
43 |         self.setSP(sp+self.bytes)
44 |         return data
45 | 
46 |     def pushstack(self, data):
47 |         sp = self.getSP()
48 |         self.setstack(-1, data)
49 |         self.setSP(sp-self.bytes)
50 | 
51 |     def setSP(self, val):
52 |         self.emu.reg_write(self.ucreg('sp'), val)
53 | 
54 |     def getSP(self):
55 |         return self.emu.reg_read(self.ucreg('sp'))
56 | 
57 |     def packstr(self, s):
58 |         return s.split("\x00", 1)[0]
59 | 
60 |     def getstr(self, addr, size=100):
61 |         data = ""
62 |         for i in range(size):
63 |             data += self.emu.mem_read(addr+i, 1)
64 |             if data.endswith('\x00'):
65 |                 break
66 |         return self.packstr(data)
67 | 
68 |     def ucreg(self, n):
69 |         return self.regmap[n][self.is64]
70 | 
71 |     def dumpregs(self, regs):
72 |         for reg in regs:
73 |             val = self.emu.reg_read(self.ucreg(reg[1:].lower()))
74 |             print(("{0}: 0x{1:0"+str(self.bytes*2)+"x}").format(reg, val))
75 | 
76 |     def emu_init(self):
77 |         raise NotImplementedError
78 | 
79 |     def start(self, offset):
80 |         raise NotImplementedError
81 | 
82 |     def stop(self):
83 |         raise NotImplementedError
84 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/hooks/kernel32.py:
--------------------------------------------------------------------------------
 1 | from unicorn.x86_const import *
 2 | 
 3 | 
 4 | hooks = None
 5 | hooks = set(vars().keys())
 6 | 
 7 | def GetWindowsDirectoryA(ut):
 8 |     emu = ut.emu
 9 |     retaddr = ut.popstack()
10 |     lpBuffer = ut.popstack()
11 |     uSize = ut.popstack()
12 |     windir = "C:\\Windows"
13 |     print 'GetWindowsDirectoryA = "{0}"'.format(windir)
14 |     emu.mem_write(lpBuffer, windir)
15 |     emu.reg_write(UC_X86_REG_EAX, len(windir))
16 |     ut.pushstack(retaddr)
17 | 
18 | 
19 | def lstrcat(ut):
20 |     emu = ut.emu
21 |     retaddr = ut.popstack()
22 |     lpString1 = ut.popstack()
23 |     lpString2 = ut.popstack()
24 |     lpString1_s = ut.getstr(lpString1)
25 |     lpString2_s = ut.getstr(lpString2)
26 | 
27 |     print 'lstrcat ("{0}", "{1}")'.format(lpString1_s, lpString2_s)
28 |     emu.mem_write(lpString1+len(lpString1_s), str(lpString2_s))
29 |     ut.pushstack(retaddr)
30 | 
31 | 
32 | def ExitProcess(ut):
33 |     retaddr = ut.popstack()
34 |     uExitCode = ut.popstack()
35 | 
36 |     print 'ExitProcess ({0})'.format(uExitCode)
37 |     ut.pushstack(retaddr)
38 | 
39 | 
40 | def IsDebuggerPresent(ut):
41 |     retaddr = ut.popstack()
42 |     res = 0
43 | 
44 |     print 'IsDebuggerPresent = {0}'.format(res)
45 |     ut.emu.reg_write(UC_X86_REG_EAX, res)
46 |     ut.pushstack(retaddr)
47 | 
48 | 
49 | def GetProcAddress(ut):
50 |     retaddr = ut.popstack()
51 |     hModule = ut.popstack()
52 |     lpProcName = ut.popstack()
53 |     lpProcName_s = str(ut.getstr(lpProcName))
54 | 
55 |     res = None
56 |     if lpProcName_s in ut.dll_funcs.keys():
57 |         res = ut.dll_funcs[lpProcName_s]
58 |     else:
59 |         res = 0x0
60 | 
61 |     print 'GetProcAddress (hModule=0x{0:x}, lpProcName="{1}") = 0x{2:08x}'.format(hModule, lpProcName_s, res)
62 |     ut.emu.reg_write(UC_X86_REG_EAX, res)
63 |     ut.pushstack(retaddr)
64 | 
65 | 
66 | def LoadLibraryA(ut):
67 |     retaddr = ut.popstack()
68 |     lpFileName = ut.popstack()
69 |     lpFileName_s = str(ut.getstr(lpFileName))
70 | 
71 |     res = None
72 |     if lpFileName_s in map(lambda x:x[0], ut.dlls):
73 |         res = filter(lambda x:x[0]==lpFileName_s, ut.dlls)[0][1]
74 |     else:
75 |         res = ut.load_dll(lpFileName_s)
76 | 
77 |     print 'LoadLibraryA (lpFileName="{0}")'.format(lpFileName_s)
78 |     ut.pushstack(retaddr)
79 | 
80 | 
81 | def WinExec(ut):
82 |     retaddr = ut.popstack()
83 |     lpCmdLine = ut.popstack()
84 |     lpCmdLine_s = ut.getstr(lpCmdLine)
85 |     uCmdShow = ut.popstack()
86 | 
87 |     print 'WinExec (lpCmdLine="{0}", uCmdShow=0x{1:x})'.format(lpCmdLine_s, uCmdShow)
88 |     ut.emu.reg_write(UC_X86_REG_EAX, 0x20)
89 |     ut.pushstack(retaddr)
90 | 
91 | hooks = set(vars().keys()).difference(hooks)
92 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/__init__.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | # Copyright (c) 2009-2014, Mario Vilas
 5 | # All rights reserved.
 6 | #
 7 | # Redistribution and use in source and binary forms, with or without
 8 | # modification, are permitted provided that the following conditions are met:
 9 | #
10 | #     * Redistributions of source code must retain the above copyright notice,
11 | #       this list of conditions and the following disclaimer.
12 | #     * Redistributions in binary form must reproduce the above copyright
13 | #       notice,this list of conditions and the following disclaimer in the
14 | #       documentation and/or other materials provided with the distribution.
15 | #     * Neither the name of the copyright holder nor the names of its
16 | #       contributors may be used to endorse or promote products derived from
17 | #       this software without specific prior written permission.
18 | #
19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 | # POSSIBILITY OF SUCH DAMAGE.
30 | 
31 | """
32 | Debugging API wrappers in ctypes.
33 | """
34 | 
35 | __revision__ = "$Id: __init__.py 1299 2013-12-20 09:30:55Z qvasimodo $"
36 | 
37 | import defines
38 | import kernel32
39 | import user32
40 | import advapi32
41 | import wtsapi32
42 | import shell32
43 | import shlwapi
44 | import psapi
45 | import dbghelp
46 | import ntdll
47 | 
48 | from defines    import *
49 | from kernel32   import *
50 | from user32     import *
51 | from advapi32   import *
52 | from wtsapi32   import *
53 | from shell32    import *
54 | from shlwapi    import *
55 | from psapi      import *
56 | from dbghelp    import *
57 | from ntdll      import *
58 | 
59 | # This calculates the list of exported symbols.
60 | _all = set()
61 | _all.update(defines._all)
62 | _all.update(kernel32._all)
63 | _all.update(user32._all)
64 | _all.update(advapi32._all)
65 | _all.update(wtsapi32._all)
66 | _all.update(shell32._all)
67 | _all.update(shlwapi._all)
68 | _all.update(psapi._all)
69 | _all.update(dbghelp._all)
70 | _all.update(ntdll._all)
71 | __all__ = [_x for _x in _all if not _x.startswith('_')]
72 | __all__.sort()
73 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/__init__.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | # Copyright (c) 2009-2014, Mario Vilas
 5 | # All rights reserved.
 6 | #
 7 | # Redistribution and use in source and binary forms, with or without
 8 | # modification, are permitted provided that the following conditions are met:
 9 | #
10 | #     * Redistributions of source code must retain the above copyright notice,
11 | #       this list of conditions and the following disclaimer.
12 | #     * Redistributions in binary form must reproduce the above copyright
13 | #       notice,this list of conditions and the following disclaimer in the
14 | #       documentation and/or other materials provided with the distribution.
15 | #     * Neither the name of the copyright holder nor the names of its
16 | #       contributors may be used to endorse or promote products derived from
17 | #       this software without specific prior written permission.
18 | #
19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 | # POSSIBILITY OF SUCH DAMAGE.
30 | 
31 | """
32 | Debugging API wrappers in ctypes.
33 | """
34 | 
35 | __revision__ = "$Id: __init__.py 1299 2013-12-20 09:30:55Z qvasimodo $"
36 | 
37 | import defines
38 | import kernel32
39 | import user32
40 | import advapi32
41 | import wtsapi32
42 | import shell32
43 | import shlwapi
44 | import psapi
45 | import dbghelp
46 | import ntdll
47 | import gdi32
48 | import peb_teb
49 | 
50 | from defines    import *
51 | from kernel32   import *
52 | from user32     import *
53 | from advapi32   import *
54 | from wtsapi32   import *
55 | from shell32    import *
56 | from shlwapi    import *
57 | from psapi      import *
58 | from dbghelp    import *
59 | from ntdll      import *
60 | from gdi32      import *
61 | from peb_teb    import *
62 | 
63 | # This calculates the list of exported symbols.
64 | _all = set()
65 | _all.update(defines._all)
66 | _all.update(kernel32._all)
67 | _all.update(user32._all)
68 | _all.update(advapi32._all)
69 | _all.update(wtsapi32._all)
70 | _all.update(shell32._all)
71 | _all.update(shlwapi._all)
72 | _all.update(psapi._all)
73 | _all.update(dbghelp._all)
74 | _all.update(ntdll._all)
75 | _all.update(gdi32._all)
76 | _all.update(peb_teb._all)
77 | __all__ = [_x for _x in _all if not _x.startswith('_')]
78 | __all__.sort()
79 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/psapi.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | # Copyright (c) 2009-2014, Mario Vilas
 5 | # All rights reserved.
 6 | #
 7 | # Redistribution and use in source and binary forms, with or without
 8 | # modification, are permitted provided that the following conditions are met:
 9 | #
10 | #     * Redistributions of source code must retain the above copyright notice,
11 | #       this list of conditions and the following disclaimer.
12 | #     * Redistributions in binary form must reproduce the above copyright
13 | #       notice,this list of conditions and the following disclaimer in the
14 | #       documentation and/or other materials provided with the distribution.
15 | #     * Neither the name of the copyright holder nor the names of its
16 | #       contributors may be used to endorse or promote products derived from
17 | #       this software without specific prior written permission.
18 | #
19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 | # POSSIBILITY OF SUCH DAMAGE.
30 | 
31 | """
32 | Wrapper for psapi.dll in ctypes.
33 | """
34 | 
35 | __revision__ = "$Id: psapi.py 1299 2013-12-20 09:30:55Z qvasimodo $"
36 | 
37 | from defines import *
38 | 
39 | #==============================================================================
40 | # This is used later on to calculate the list of exported symbols.
41 | _all = None
42 | _all = set(vars().keys())
43 | #==============================================================================
44 | 
45 | #--- PSAPI structures and constants -------------------------------------------
46 | 
47 | LIST_MODULES_DEFAULT    = 0x00
48 | LIST_MODULES_32BIT      = 0x01
49 | LIST_MODULES_64BIT      = 0x02
50 | LIST_MODULES_ALL        = 0x03
51 | 
52 | # typedef struct _MODULEINFO {
53 | #   LPVOID lpBaseOfDll;
54 | #   DWORD  SizeOfImage;
55 | #   LPVOID EntryPoint;
56 | # } MODULEINFO, *LPMODULEINFO;
57 | class MODULEINFO(Structure):
58 |     _fields_ = [
59 |         ("lpBaseOfDll",     LPVOID),    # remote pointer
60 |         ("SizeOfImage",     DWORD),
61 |         ("EntryPoint",      LPVOID),    # remote pointer
62 | ]
63 | LPMODULEINFO = POINTER(MODULEINFO)
64 | 
65 | 
66 | #==============================================================================
67 | # This calculates the list of exported symbols.
68 | _all = set(vars().keys()).difference(_all)
69 | __all__ = [_x for _x in _all if not _x.startswith('_')]
70 | __all__.sort()
71 | #==============================================================================
72 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/psapi.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | # Copyright (c) 2009-2014, Mario Vilas
 5 | # All rights reserved.
 6 | #
 7 | # Redistribution and use in source and binary forms, with or without
 8 | # modification, are permitted provided that the following conditions are met:
 9 | #
10 | #     * Redistributions of source code must retain the above copyright notice,
11 | #       this list of conditions and the following disclaimer.
12 | #     * Redistributions in binary form must reproduce the above copyright
13 | #       notice,this list of conditions and the following disclaimer in the
14 | #       documentation and/or other materials provided with the distribution.
15 | #     * Neither the name of the copyright holder nor the names of its
16 | #       contributors may be used to endorse or promote products derived from
17 | #       this software without specific prior written permission.
18 | #
19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 | # POSSIBILITY OF SUCH DAMAGE.
30 | 
31 | """
32 | Wrapper for psapi.dll in ctypes.
33 | """
34 | 
35 | __revision__ = "$Id: psapi.py 1299 2013-12-20 09:30:55Z qvasimodo $"
36 | 
37 | from defines import *
38 | 
39 | #==============================================================================
40 | # This is used later on to calculate the list of exported symbols.
41 | _all = None
42 | _all = set(vars().keys())
43 | #==============================================================================
44 | 
45 | #--- PSAPI structures and constants -------------------------------------------
46 | 
47 | LIST_MODULES_DEFAULT    = 0x00
48 | LIST_MODULES_32BIT      = 0x01
49 | LIST_MODULES_64BIT      = 0x02
50 | LIST_MODULES_ALL        = 0x03
51 | 
52 | # typedef struct _MODULEINFO {
53 | #   LPVOID lpBaseOfDll;
54 | #   DWORD  SizeOfImage;
55 | #   LPVOID EntryPoint;
56 | # } MODULEINFO, *LPMODULEINFO;
57 | class MODULEINFO(Structure):
58 |     _fields_ = [
59 |         ("lpBaseOfDll",     LPVOID),    # remote pointer
60 |         ("SizeOfImage",     DWORD),
61 |         ("EntryPoint",      LPVOID),    # remote pointer
62 | ]
63 | LPMODULEINFO = POINTER(MODULEINFO)
64 | 
65 | 
66 | #==============================================================================
67 | # This calculates the list of exported symbols.
68 | _all = set(vars().keys()).difference(_all)
69 | __all__ = [_x for _x in _all if not _x.startswith('_')]
70 | __all__.sort()
71 | #==============================================================================
72 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/shlwapi.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | # Copyright (c) 2009-2014, Mario Vilas
 5 | # All rights reserved.
 6 | #
 7 | # Redistribution and use in source and binary forms, with or without
 8 | # modification, are permitted provided that the following conditions are met:
 9 | #
10 | #     * Redistributions of source code must retain the above copyright notice,
11 | #       this list of conditions and the following disclaimer.
12 | #     * Redistributions in binary form must reproduce the above copyright
13 | #       notice,this list of conditions and the following disclaimer in the
14 | #       documentation and/or other materials provided with the distribution.
15 | #     * Neither the name of the copyright holder nor the names of its
16 | #       contributors may be used to endorse or promote products derived from
17 | #       this software without specific prior written permission.
18 | #
19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 | # POSSIBILITY OF SUCH DAMAGE.
30 | 
31 | """
32 | Wrapper for shlwapi.dll in ctypes.
33 | """
34 | 
35 | __revision__ = "$Id: shlwapi.py 1299 2013-12-20 09:30:55Z qvasimodo $"
36 | 
37 | from defines import *
38 | from kernel32 import *
39 | 
40 | #==============================================================================
41 | # This is used later on to calculate the list of exported symbols.
42 | _all = None
43 | _all = set(vars().keys())
44 | #==============================================================================
45 | 
46 | OS_WINDOWS                  = 0
47 | OS_NT                       = 1
48 | OS_WIN95ORGREATER           = 2
49 | OS_NT4ORGREATER             = 3
50 | OS_WIN98ORGREATER           = 5
51 | OS_WIN98_GOLD               = 6
52 | OS_WIN2000ORGREATER         = 7
53 | OS_WIN2000PRO               = 8
54 | OS_WIN2000SERVER            = 9
55 | OS_WIN2000ADVSERVER         = 10
56 | OS_WIN2000DATACENTER        = 11
57 | OS_WIN2000TERMINAL          = 12
58 | OS_EMBEDDED                 = 13
59 | OS_TERMINALCLIENT           = 14
60 | OS_TERMINALREMOTEADMIN      = 15
61 | OS_WIN95_GOLD               = 16
62 | OS_MEORGREATER              = 17
63 | OS_XPORGREATER              = 18
64 | OS_HOME                     = 19
65 | OS_PROFESSIONAL             = 20
66 | OS_DATACENTER               = 21
67 | OS_ADVSERVER                = 22
68 | OS_SERVER                   = 23
69 | OS_TERMINALSERVER           = 24
70 | OS_PERSONALTERMINALSERVER   = 25
71 | OS_FASTUSERSWITCHING        = 26
72 | OS_WELCOMELOGONUI           = 27
73 | OS_DOMAINMEMBER             = 28
74 | OS_ANYSERVER                = 29
75 | OS_WOW6432                  = 30
76 | OS_WEBSERVER                = 31
77 | OS_SMALLBUSINESSSERVER      = 32
78 | OS_TABLETPC                 = 33
79 | OS_SERVERADMINUI            = 34
80 | OS_MEDIACENTER              = 35
81 | OS_APPLIANCE                = 36
82 | 
83 | 
84 | #==============================================================================
85 | # This calculates the list of exported symbols.
86 | _all = set(vars().keys()).difference(_all)
87 | __all__ = [_x for _x in _all if not _x.startswith('_')]
88 | __all__.sort()
89 | #==============================================================================
90 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/shlwapi.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/env python
 2 | # -*- coding: utf-8 -*-
 3 | 
 4 | # Copyright (c) 2009-2014, Mario Vilas
 5 | # All rights reserved.
 6 | #
 7 | # Redistribution and use in source and binary forms, with or without
 8 | # modification, are permitted provided that the following conditions are met:
 9 | #
10 | #     * Redistributions of source code must retain the above copyright notice,
11 | #       this list of conditions and the following disclaimer.
12 | #     * Redistributions in binary form must reproduce the above copyright
13 | #       notice,this list of conditions and the following disclaimer in the
14 | #       documentation and/or other materials provided with the distribution.
15 | #     * Neither the name of the copyright holder nor the names of its
16 | #       contributors may be used to endorse or promote products derived from
17 | #       this software without specific prior written permission.
18 | #
19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
29 | # POSSIBILITY OF SUCH DAMAGE.
30 | 
31 | """
32 | Wrapper for shlwapi.dll in ctypes.
33 | """
34 | 
35 | __revision__ = "$Id: shlwapi.py 1299 2013-12-20 09:30:55Z qvasimodo $"
36 | 
37 | from defines import *
38 | from kernel32 import *
39 | 
40 | #==============================================================================
41 | # This is used later on to calculate the list of exported symbols.
42 | _all = None
43 | _all = set(vars().keys())
44 | #==============================================================================
45 | 
46 | OS_WINDOWS                  = 0
47 | OS_NT                       = 1
48 | OS_WIN95ORGREATER           = 2
49 | OS_NT4ORGREATER             = 3
50 | OS_WIN98ORGREATER           = 5
51 | OS_WIN98_GOLD               = 6
52 | OS_WIN2000ORGREATER         = 7
53 | OS_WIN2000PRO               = 8
54 | OS_WIN2000SERVER            = 9
55 | OS_WIN2000ADVSERVER         = 10
56 | OS_WIN2000DATACENTER        = 11
57 | OS_WIN2000TERMINAL          = 12
58 | OS_EMBEDDED                 = 13
59 | OS_TERMINALCLIENT           = 14
60 | OS_TERMINALREMOTEADMIN      = 15
61 | OS_WIN95_GOLD               = 16
62 | OS_MEORGREATER              = 17
63 | OS_XPORGREATER              = 18
64 | OS_HOME                     = 19
65 | OS_PROFESSIONAL             = 20
66 | OS_DATACENTER               = 21
67 | OS_ADVSERVER                = 22
68 | OS_SERVER                   = 23
69 | OS_TERMINALSERVER           = 24
70 | OS_PERSONALTERMINALSERVER   = 25
71 | OS_FASTUSERSWITCHING        = 26
72 | OS_WELCOMELOGONUI           = 27
73 | OS_DOMAINMEMBER             = 28
74 | OS_ANYSERVER                = 29
75 | OS_WOW6432                  = 30
76 | OS_WEBSERVER                = 31
77 | OS_SMALLBUSINESSSERVER      = 32
78 | OS_TABLETPC                 = 33
79 | OS_SERVERADMINUI            = 34
80 | OS_MEDIACENTER              = 35
81 | OS_APPLIANCE                = 36
82 | 
83 | 
84 | #==============================================================================
85 | # This calculates the list of exported symbols.
86 | _all = set(vars().keys()).difference(_all)
87 | __all__ = [_x for _x in _all if not _x.startswith('_')]
88 | __all__.sort()
89 | #==============================================================================
90 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/shell32.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for shell32.dll in ctypes.
 33 | """
 34 | 
 35 | # TODO
 36 | # * Add a class wrapper to SHELLEXECUTEINFO
 37 | # * More logic into ShellExecuteEx
 38 | 
 39 | __revision__ = "$Id: shell32.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 40 | 
 41 | from defines import *
 42 | 
 43 | #==============================================================================
 44 | # This is used later on to calculate the list of exported symbols.
 45 | _all = None
 46 | _all = set(vars().keys())
 47 | #==============================================================================
 48 | 
 49 | #--- Constants ----------------------------------------------------------------
 50 | 
 51 | SEE_MASK_DEFAULT            = 0x00000000
 52 | SEE_MASK_CLASSNAME          = 0x00000001
 53 | SEE_MASK_CLASSKEY           = 0x00000003
 54 | SEE_MASK_IDLIST             = 0x00000004
 55 | SEE_MASK_INVOKEIDLIST       = 0x0000000C
 56 | SEE_MASK_ICON               = 0x00000010
 57 | SEE_MASK_HOTKEY             = 0x00000020
 58 | SEE_MASK_NOCLOSEPROCESS     = 0x00000040
 59 | SEE_MASK_CONNECTNETDRV      = 0x00000080
 60 | SEE_MASK_NOASYNC            = 0x00000100
 61 | SEE_MASK_DOENVSUBST         = 0x00000200
 62 | SEE_MASK_FLAG_NO_UI         = 0x00000400
 63 | SEE_MASK_UNICODE            = 0x00004000
 64 | SEE_MASK_NO_CONSOLE         = 0x00008000
 65 | SEE_MASK_ASYNCOK            = 0x00100000
 66 | SEE_MASK_HMONITOR           = 0x00200000
 67 | SEE_MASK_NOZONECHECKS       = 0x00800000
 68 | SEE_MASK_WAITFORINPUTIDLE   = 0x02000000
 69 | SEE_MASK_FLAG_LOG_USAGE     = 0x04000000
 70 | 
 71 | SE_ERR_FNF              = 2
 72 | SE_ERR_PNF              = 3
 73 | SE_ERR_ACCESSDENIED     = 5
 74 | SE_ERR_OOM              = 8
 75 | SE_ERR_DLLNOTFOUND      = 32
 76 | SE_ERR_SHARE            = 26
 77 | SE_ERR_ASSOCINCOMPLETE  = 27
 78 | SE_ERR_DDETIMEOUT       = 28
 79 | SE_ERR_DDEFAIL          = 29
 80 | SE_ERR_DDEBUSY          = 30
 81 | SE_ERR_NOASSOC          = 31
 82 | 
 83 | SHGFP_TYPE_CURRENT = 0
 84 | SHGFP_TYPE_DEFAULT = 1
 85 | 
 86 | CSIDL_DESKTOP                   = 0x0000
 87 | CSIDL_INTERNET                  = 0x0001
 88 | CSIDL_PROGRAMS                  = 0x0002
 89 | CSIDL_CONTROLS                  = 0x0003
 90 | CSIDL_PRINTERS                  = 0x0004
 91 | CSIDL_PERSONAL                  = 0x0005
 92 | CSIDL_FAVORITES                 = 0x0006
 93 | CSIDL_STARTUP                   = 0x0007
 94 | CSIDL_RECENT                    = 0x0008
 95 | CSIDL_SENDTO                    = 0x0009
 96 | CSIDL_BITBUCKET                 = 0x000a
 97 | CSIDL_STARTMENU                 = 0x000b
 98 | CSIDL_MYDOCUMENTS               = CSIDL_PERSONAL
 99 | CSIDL_MYMUSIC                   = 0x000d
100 | CSIDL_MYVIDEO                   = 0x000e
101 | CSIDL_DESKTOPDIRECTORY          = 0x0010
102 | CSIDL_DRIVES                    = 0x0011
103 | CSIDL_NETWORK                   = 0x0012
104 | CSIDL_NETHOOD                   = 0x0013
105 | CSIDL_FONTS                     = 0x0014
106 | CSIDL_TEMPLATES                 = 0x0015
107 | CSIDL_COMMON_STARTMENU          = 0x0016
108 | CSIDL_COMMON_PROGRAMS           = 0x0017
109 | CSIDL_COMMON_STARTUP            = 0x0018
110 | CSIDL_COMMON_DESKTOPDIRECTORY   = 0x0019
111 | CSIDL_APPDATA                   = 0x001a
112 | CSIDL_PRINTHOOD                 = 0x001b
113 | CSIDL_LOCAL_APPDATA             = 0x001c
114 | CSIDL_ALTSTARTUP                = 0x001d
115 | CSIDL_COMMON_ALTSTARTUP         = 0x001e
116 | CSIDL_COMMON_FAVORITES          = 0x001f
117 | CSIDL_INTERNET_CACHE            = 0x0020
118 | CSIDL_COOKIES                   = 0x0021
119 | CSIDL_HISTORY                   = 0x0022
120 | CSIDL_COMMON_APPDATA            = 0x0023
121 | CSIDL_WINDOWS                   = 0x0024
122 | CSIDL_SYSTEM                    = 0x0025
123 | CSIDL_PROGRAM_FILES             = 0x0026
124 | CSIDL_MYPICTURES                = 0x0027
125 | CSIDL_PROFILE                   = 0x0028
126 | CSIDL_SYSTEMX86                 = 0x0029
127 | CSIDL_PROGRAM_FILESX86          = 0x002a
128 | CSIDL_PROGRAM_FILES_COMMON      = 0x002b
129 | CSIDL_PROGRAM_FILES_COMMONX86   = 0x002c
130 | CSIDL_COMMON_TEMPLATES          = 0x002d
131 | CSIDL_COMMON_DOCUMENTS          = 0x002e
132 | CSIDL_COMMON_ADMINTOOLS         = 0x002f
133 | CSIDL_ADMINTOOLS                = 0x0030
134 | CSIDL_CONNECTIONS               = 0x0031
135 | CSIDL_COMMON_MUSIC              = 0x0035
136 | CSIDL_COMMON_PICTURES           = 0x0036
137 | CSIDL_COMMON_VIDEO              = 0x0037
138 | CSIDL_RESOURCES                 = 0x0038
139 | CSIDL_RESOURCES_LOCALIZED       = 0x0039
140 | CSIDL_COMMON_OEM_LINKS          = 0x003a
141 | CSIDL_CDBURN_AREA               = 0x003b
142 | CSIDL_COMPUTERSNEARME           = 0x003d
143 | CSIDL_PROFILES                  = 0x003e
144 | 
145 | CSIDL_FOLDER_MASK               = 0x00ff
146 | 
147 | CSIDL_FLAG_PER_USER_INIT        = 0x0800
148 | CSIDL_FLAG_NO_ALIAS             = 0x1000
149 | CSIDL_FLAG_DONT_VERIFY          = 0x4000
150 | CSIDL_FLAG_CREATE               = 0x8000
151 | 
152 | CSIDL_FLAG_MASK                 = 0xff00
153 | 
154 | #--- Structures ---------------------------------------------------------------
155 | 
156 | # typedef struct _SHELLEXECUTEINFO {
157 | #   DWORD     cbSize;
158 | #   ULONG     fMask;
159 | #   HWND      hwnd;
160 | #   LPCTSTR   lpVerb;
161 | #   LPCTSTR   lpFile;
162 | #   LPCTSTR   lpParameters;
163 | #   LPCTSTR   lpDirectory;
164 | #   int       nShow;
165 | #   HINSTANCE hInstApp;
166 | #   LPVOID    lpIDList;
167 | #   LPCTSTR   lpClass;
168 | #   HKEY      hkeyClass;
169 | #   DWORD     dwHotKey;
170 | #   union {
171 | #     HANDLE hIcon;
172 | #     HANDLE hMonitor;
173 | #   } DUMMYUNIONNAME;
174 | #   HANDLE    hProcess;
175 | # } SHELLEXECUTEINFO, *LPSHELLEXECUTEINFO;
176 | 
177 | class SHELLEXECUTEINFO(Structure):
178 |     _fields_ = [
179 |         ("cbSize",       DWORD),
180 |         ("fMask",        ULONG),
181 |         ("hwnd",         HWND),
182 |         ("lpVerb",       LPSTR),
183 |         ("lpFile",       LPSTR),
184 |         ("lpParameters", LPSTR),
185 |         ("lpDirectory",  LPSTR),
186 |         ("nShow",        ctypes.c_int),
187 |         ("hInstApp",     HINSTANCE),
188 |         ("lpIDList",     LPVOID),
189 |         ("lpClass",      LPSTR),
190 |         ("hkeyClass",    HKEY),
191 |         ("dwHotKey",     DWORD),
192 |         ("hIcon",        HANDLE),
193 |         ("hProcess",     HANDLE),
194 |     ]
195 | 
196 |     def __get_hMonitor(self):
197 |         return self.hIcon
198 |     def __set_hMonitor(self, hMonitor):
199 |         self.hIcon = hMonitor
200 |     hMonitor = property(__get_hMonitor, __set_hMonitor)
201 | 
202 | LPSHELLEXECUTEINFO = POINTER(SHELLEXECUTEINFO)
203 | 
204 | 
205 | #==============================================================================
206 | # This calculates the list of exported symbols.
207 | _all = set(vars().keys()).difference(_all)
208 | __all__ = [_x for _x in _all if not _x.startswith('_')]
209 | __all__.sort()
210 | #==============================================================================
211 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/shell32.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for shell32.dll in ctypes.
 33 | """
 34 | 
 35 | # TODO
 36 | # * Add a class wrapper to SHELLEXECUTEINFO
 37 | # * More logic into ShellExecuteEx
 38 | 
 39 | __revision__ = "$Id: shell32.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 40 | 
 41 | from defines import *
 42 | from kernel32 import LocalFree
 43 | 
 44 | #==============================================================================
 45 | # This is used later on to calculate the list of exported symbols.
 46 | _all = None
 47 | _all = set(vars().keys())
 48 | #==============================================================================
 49 | 
 50 | #--- Constants ----------------------------------------------------------------
 51 | 
 52 | SEE_MASK_DEFAULT            = 0x00000000
 53 | SEE_MASK_CLASSNAME          = 0x00000001
 54 | SEE_MASK_CLASSKEY           = 0x00000003
 55 | SEE_MASK_IDLIST             = 0x00000004
 56 | SEE_MASK_INVOKEIDLIST       = 0x0000000C
 57 | SEE_MASK_ICON               = 0x00000010
 58 | SEE_MASK_HOTKEY             = 0x00000020
 59 | SEE_MASK_NOCLOSEPROCESS     = 0x00000040
 60 | SEE_MASK_CONNECTNETDRV      = 0x00000080
 61 | SEE_MASK_NOASYNC            = 0x00000100
 62 | SEE_MASK_DOENVSUBST         = 0x00000200
 63 | SEE_MASK_FLAG_NO_UI         = 0x00000400
 64 | SEE_MASK_UNICODE            = 0x00004000
 65 | SEE_MASK_NO_CONSOLE         = 0x00008000
 66 | SEE_MASK_ASYNCOK            = 0x00100000
 67 | SEE_MASK_HMONITOR           = 0x00200000
 68 | SEE_MASK_NOZONECHECKS       = 0x00800000
 69 | SEE_MASK_WAITFORINPUTIDLE   = 0x02000000
 70 | SEE_MASK_FLAG_LOG_USAGE     = 0x04000000
 71 | 
 72 | SE_ERR_FNF              = 2
 73 | SE_ERR_PNF              = 3
 74 | SE_ERR_ACCESSDENIED     = 5
 75 | SE_ERR_OOM              = 8
 76 | SE_ERR_DLLNOTFOUND      = 32
 77 | SE_ERR_SHARE            = 26
 78 | SE_ERR_ASSOCINCOMPLETE  = 27
 79 | SE_ERR_DDETIMEOUT       = 28
 80 | SE_ERR_DDEFAIL          = 29
 81 | SE_ERR_DDEBUSY          = 30
 82 | SE_ERR_NOASSOC          = 31
 83 | 
 84 | SHGFP_TYPE_CURRENT = 0
 85 | SHGFP_TYPE_DEFAULT = 1
 86 | 
 87 | CSIDL_DESKTOP                   = 0x0000
 88 | CSIDL_INTERNET                  = 0x0001
 89 | CSIDL_PROGRAMS                  = 0x0002
 90 | CSIDL_CONTROLS                  = 0x0003
 91 | CSIDL_PRINTERS                  = 0x0004
 92 | CSIDL_PERSONAL                  = 0x0005
 93 | CSIDL_FAVORITES                 = 0x0006
 94 | CSIDL_STARTUP                   = 0x0007
 95 | CSIDL_RECENT                    = 0x0008
 96 | CSIDL_SENDTO                    = 0x0009
 97 | CSIDL_BITBUCKET                 = 0x000a
 98 | CSIDL_STARTMENU                 = 0x000b
 99 | CSIDL_MYDOCUMENTS               = CSIDL_PERSONAL
100 | CSIDL_MYMUSIC                   = 0x000d
101 | CSIDL_MYVIDEO                   = 0x000e
102 | CSIDL_DESKTOPDIRECTORY          = 0x0010
103 | CSIDL_DRIVES                    = 0x0011
104 | CSIDL_NETWORK                   = 0x0012
105 | CSIDL_NETHOOD                   = 0x0013
106 | CSIDL_FONTS                     = 0x0014
107 | CSIDL_TEMPLATES                 = 0x0015
108 | CSIDL_COMMON_STARTMENU          = 0x0016
109 | CSIDL_COMMON_PROGRAMS           = 0x0017
110 | CSIDL_COMMON_STARTUP            = 0x0018
111 | CSIDL_COMMON_DESKTOPDIRECTORY   = 0x0019
112 | CSIDL_APPDATA                   = 0x001a
113 | CSIDL_PRINTHOOD                 = 0x001b
114 | CSIDL_LOCAL_APPDATA             = 0x001c
115 | CSIDL_ALTSTARTUP                = 0x001d
116 | CSIDL_COMMON_ALTSTARTUP         = 0x001e
117 | CSIDL_COMMON_FAVORITES          = 0x001f
118 | CSIDL_INTERNET_CACHE            = 0x0020
119 | CSIDL_COOKIES                   = 0x0021
120 | CSIDL_HISTORY                   = 0x0022
121 | CSIDL_COMMON_APPDATA            = 0x0023
122 | CSIDL_WINDOWS                   = 0x0024
123 | CSIDL_SYSTEM                    = 0x0025
124 | CSIDL_PROGRAM_FILES             = 0x0026
125 | CSIDL_MYPICTURES                = 0x0027
126 | CSIDL_PROFILE                   = 0x0028
127 | CSIDL_SYSTEMX86                 = 0x0029
128 | CSIDL_PROGRAM_FILESX86          = 0x002a
129 | CSIDL_PROGRAM_FILES_COMMON      = 0x002b
130 | CSIDL_PROGRAM_FILES_COMMONX86   = 0x002c
131 | CSIDL_COMMON_TEMPLATES          = 0x002d
132 | CSIDL_COMMON_DOCUMENTS          = 0x002e
133 | CSIDL_COMMON_ADMINTOOLS         = 0x002f
134 | CSIDL_ADMINTOOLS                = 0x0030
135 | CSIDL_CONNECTIONS               = 0x0031
136 | CSIDL_COMMON_MUSIC              = 0x0035
137 | CSIDL_COMMON_PICTURES           = 0x0036
138 | CSIDL_COMMON_VIDEO              = 0x0037
139 | CSIDL_RESOURCES                 = 0x0038
140 | CSIDL_RESOURCES_LOCALIZED       = 0x0039
141 | CSIDL_COMMON_OEM_LINKS          = 0x003a
142 | CSIDL_CDBURN_AREA               = 0x003b
143 | CSIDL_COMPUTERSNEARME           = 0x003d
144 | CSIDL_PROFILES                  = 0x003e
145 | 
146 | CSIDL_FOLDER_MASK               = 0x00ff
147 | 
148 | CSIDL_FLAG_PER_USER_INIT        = 0x0800
149 | CSIDL_FLAG_NO_ALIAS             = 0x1000
150 | CSIDL_FLAG_DONT_VERIFY          = 0x4000
151 | CSIDL_FLAG_CREATE               = 0x8000
152 | 
153 | CSIDL_FLAG_MASK                 = 0xff00
154 | 
155 | #--- Structures ---------------------------------------------------------------
156 | 
157 | # typedef struct _SHELLEXECUTEINFO {
158 | #   DWORD     cbSize;
159 | #   ULONG     fMask;
160 | #   HWND      hwnd;
161 | #   LPCTSTR   lpVerb;
162 | #   LPCTSTR   lpFile;
163 | #   LPCTSTR   lpParameters;
164 | #   LPCTSTR   lpDirectory;
165 | #   int       nShow;
166 | #   HINSTANCE hInstApp;
167 | #   LPVOID    lpIDList;
168 | #   LPCTSTR   lpClass;
169 | #   HKEY      hkeyClass;
170 | #   DWORD     dwHotKey;
171 | #   union {
172 | #     HANDLE hIcon;
173 | #     HANDLE hMonitor;
174 | #   } DUMMYUNIONNAME;
175 | #   HANDLE    hProcess;
176 | # } SHELLEXECUTEINFO, *LPSHELLEXECUTEINFO;
177 | 
178 | class SHELLEXECUTEINFO(Structure):
179 |     _fields_ = [
180 |         ("cbSize",       DWORD),
181 |         ("fMask",        ULONG),
182 |         ("hwnd",         HWND),
183 |         ("lpVerb",       LPSTR),
184 |         ("lpFile",       LPSTR),
185 |         ("lpParameters", LPSTR),
186 |         ("lpDirectory",  LPSTR),
187 |         ("nShow",        ctypes.c_int),
188 |         ("hInstApp",     HINSTANCE),
189 |         ("lpIDList",     LPVOID),
190 |         ("lpClass",      LPSTR),
191 |         ("hkeyClass",    HKEY),
192 |         ("dwHotKey",     DWORD),
193 |         ("hIcon",        HANDLE),
194 |         ("hProcess",     HANDLE),
195 |     ]
196 | 
197 |     def __get_hMonitor(self):
198 |         return self.hIcon
199 |     def __set_hMonitor(self, hMonitor):
200 |         self.hIcon = hMonitor
201 |     hMonitor = property(__get_hMonitor, __set_hMonitor)
202 | 
203 | LPSHELLEXECUTEINFO = POINTER(SHELLEXECUTEINFO)
204 | 
205 | 
206 | #==============================================================================
207 | # This calculates the list of exported symbols.
208 | _all = set(vars().keys()).difference(_all)
209 | __all__ = [_x for _x in _all if not _x.startswith('_')]
210 | __all__.sort()
211 | #==============================================================================
212 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/wtsapi32.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for wtsapi32.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: wtsapi32.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | from advapi32 import *
 39 | 
 40 | #==============================================================================
 41 | # This is used later on to calculate the list of exported symbols.
 42 | _all = None
 43 | _all = set(vars().keys())
 44 | #==============================================================================
 45 | 
 46 | #--- Constants ----------------------------------------------------------------
 47 | 
 48 | WTS_CURRENT_SERVER_HANDLE = 0
 49 | WTS_CURRENT_SESSION       = 1
 50 | 
 51 | #--- WTS_PROCESS_INFO structure -----------------------------------------------
 52 | 
 53 | # typedef struct _WTS_PROCESS_INFO {
 54 | #   DWORD  SessionId;
 55 | #   DWORD  ProcessId;
 56 | #   LPTSTR pProcessName;
 57 | #   PSID   pUserSid;
 58 | # } WTS_PROCESS_INFO, *PWTS_PROCESS_INFO;
 59 | 
 60 | class WTS_PROCESS_INFOA(Structure):
 61 |     _fields_ = [
 62 |         ("SessionId",    DWORD),
 63 |         ("ProcessId",    DWORD),
 64 |         ("pProcessName", LPSTR),
 65 |         ("pUserSid",     PSID),
 66 |     ]
 67 | PWTS_PROCESS_INFOA = POINTER(WTS_PROCESS_INFOA)
 68 | 
 69 | class WTS_PROCESS_INFOW(Structure):
 70 |     _fields_ = [
 71 |         ("SessionId",    DWORD),
 72 |         ("ProcessId",    DWORD),
 73 |         ("pProcessName", LPWSTR),
 74 |         ("pUserSid",     PSID),
 75 |     ]
 76 | PWTS_PROCESS_INFOW = POINTER(WTS_PROCESS_INFOW)
 77 | 
 78 | #--- WTSQuerySessionInformation enums and structures --------------------------
 79 | 
 80 | # typedef enum _WTS_INFO_CLASS {
 81 | #   WTSInitialProgram          = 0,
 82 | #   WTSApplicationName         = 1,
 83 | #   WTSWorkingDirectory        = 2,
 84 | #   WTSOEMId                   = 3,
 85 | #   WTSSessionId               = 4,
 86 | #   WTSUserName                = 5,
 87 | #   WTSWinStationName          = 6,
 88 | #   WTSDomainName              = 7,
 89 | #   WTSConnectState            = 8,
 90 | #   WTSClientBuildNumber       = 9,
 91 | #   WTSClientName              = 10,
 92 | #   WTSClientDirectory         = 11,
 93 | #   WTSClientProductId         = 12,
 94 | #   WTSClientHardwareId        = 13,
 95 | #   WTSClientAddress           = 14,
 96 | #   WTSClientDisplay           = 15,
 97 | #   WTSClientProtocolType      = 16,
 98 | #   WTSIdleTime                = 17,
 99 | #   WTSLogonTime               = 18,
100 | #   WTSIncomingBytes           = 19,
101 | #   WTSOutgoingBytes           = 20,
102 | #   WTSIncomingFrames          = 21,
103 | #   WTSOutgoingFrames          = 22,
104 | #   WTSClientInfo              = 23,
105 | #   WTSSessionInfo             = 24,
106 | #   WTSSessionInfoEx           = 25,
107 | #   WTSConfigInfo              = 26,
108 | #   WTSValidationInfo          = 27,
109 | #   WTSSessionAddressV4        = 28,
110 | #   WTSIsRemoteSession         = 29
111 | # } WTS_INFO_CLASS;
112 | 
113 | WTSInitialProgram          = 0
114 | WTSApplicationName         = 1
115 | WTSWorkingDirectory        = 2
116 | WTSOEMId                   = 3
117 | WTSSessionId               = 4
118 | WTSUserName                = 5
119 | WTSWinStationName          = 6
120 | WTSDomainName              = 7
121 | WTSConnectState            = 8
122 | WTSClientBuildNumber       = 9
123 | WTSClientName              = 10
124 | WTSClientDirectory         = 11
125 | WTSClientProductId         = 12
126 | WTSClientHardwareId        = 13
127 | WTSClientAddress           = 14
128 | WTSClientDisplay           = 15
129 | WTSClientProtocolType      = 16
130 | WTSIdleTime                = 17
131 | WTSLogonTime               = 18
132 | WTSIncomingBytes           = 19
133 | WTSOutgoingBytes           = 20
134 | WTSIncomingFrames          = 21
135 | WTSOutgoingFrames          = 22
136 | WTSClientInfo              = 23
137 | WTSSessionInfo             = 24
138 | WTSSessionInfoEx           = 25
139 | WTSConfigInfo              = 26
140 | WTSValidationInfo          = 27
141 | WTSSessionAddressV4        = 28
142 | WTSIsRemoteSession         = 29
143 | 
144 | WTS_INFO_CLASS = ctypes.c_int
145 | 
146 | # typedef enum _WTS_CONNECTSTATE_CLASS {
147 | #   WTSActive,
148 | #   WTSConnected,
149 | #   WTSConnectQuery,
150 | #   WTSShadow,
151 | #   WTSDisconnected,
152 | #   WTSIdle,
153 | #   WTSListen,
154 | #   WTSReset,
155 | #   WTSDown,
156 | #   WTSInit
157 | # } WTS_CONNECTSTATE_CLASS;
158 | 
159 | WTSActive       = 0
160 | WTSConnected    = 1
161 | WTSConnectQuery = 2
162 | WTSShadow       = 3
163 | WTSDisconnected = 4
164 | WTSIdle         = 5
165 | WTSListen       = 6
166 | WTSReset        = 7
167 | WTSDown         = 8
168 | WTSInit         = 9
169 | 
170 | WTS_CONNECTSTATE_CLASS = ctypes.c_int
171 | 
172 | # typedef struct _WTS_CLIENT_DISPLAY {
173 | #   DWORD HorizontalResolution;
174 | #   DWORD VerticalResolution;
175 | #   DWORD ColorDepth;
176 | # } WTS_CLIENT_DISPLAY, *PWTS_CLIENT_DISPLAY;
177 | class WTS_CLIENT_DISPLAY(Structure):
178 |     _fields_ = [
179 |         ("HorizontalResolution", DWORD),
180 |         ("VerticalResolution",   DWORD),
181 |         ("ColorDepth",           DWORD),
182 |     ]
183 | PWTS_CLIENT_DISPLAY = POINTER(WTS_CLIENT_DISPLAY)
184 | 
185 | # typedef struct _WTS_CLIENT_ADDRESS {
186 | #   DWORD AddressFamily;
187 | #   BYTE  Address[20];
188 | # } WTS_CLIENT_ADDRESS, *PWTS_CLIENT_ADDRESS;
189 | 
190 | # XXX TODO
191 | 
192 | # typedef struct _WTSCLIENT {
193 | #   WCHAR   ClientName[CLIENTNAME_LENGTH + 1];
194 | #   WCHAR   Domain[DOMAIN_LENGTH + 1 ];
195 | #   WCHAR   UserName[USERNAME_LENGTH + 1];
196 | #   WCHAR   WorkDirectory[MAX_PATH + 1];
197 | #   WCHAR   InitialProgram[MAX_PATH + 1];
198 | #   BYTE    EncryptionLevel;
199 | #   ULONG   ClientAddressFamily;
200 | #   USHORT  ClientAddress[CLIENTADDRESS_LENGTH + 1];
201 | #   USHORT  HRes;
202 | #   USHORT  VRes;
203 | #   USHORT  ColorDepth;
204 | #   WCHAR   ClientDirectory[MAX_PATH + 1];
205 | #   ULONG   ClientBuildNumber;
206 | #   ULONG   ClientHardwareId;
207 | #   USHORT  ClientProductId;
208 | #   USHORT  OutBufCountHost;
209 | #   USHORT  OutBufCountClient;
210 | #   USHORT  OutBufLength;
211 | #   WCHAR     DeviceId[MAX_PATH + 1];
212 | # } WTSCLIENT, *PWTSCLIENT;
213 | 
214 | # XXX TODO
215 | 
216 | # typedef struct _WTSINFO {
217 | #   WTS_CONNECTSTATE_CLASS State;
218 | #   DWORD                  SessionId;
219 | #   DWORD                  IncomingBytes;
220 | #   DWORD                  OutgoingBytes;
221 | #   DWORD                  IncomingCompressedBytes;
222 | #   DWORD                  OutgoingCompressedBytes;
223 | #   WCHAR                  WinStationName;
224 | #   WCHAR                  Domain;
225 | #   WCHAR                  UserName;
226 | #   LARGE_INTEGER          ConnectTime;
227 | #   LARGE_INTEGER          DisconnectTime;
228 | #   LARGE_INTEGER          LastInputTime;
229 | #   LARGE_INTEGER          LogonTime;
230 | #   LARGE_INTEGER          CurrentTime;
231 | # } WTSINFO, *PWTSINFO;
232 | 
233 | # XXX TODO
234 | 
235 | # typedef struct _WTSINFOEX {
236 | #   DWORD           Level;
237 | #   WTSINFOEX_LEVEL Data;
238 | # } WTSINFOEX, *PWTSINFOEX;
239 | 
240 | # XXX TODO
241 | 
242 | 
243 | #==============================================================================
244 | # This calculates the list of exported symbols.
245 | _all = set(vars().keys()).difference(_all)
246 | __all__ = [_x for _x in _all if not _x.startswith('_')]
247 | __all__.sort()
248 | #==============================================================================
249 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/wtsapi32.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for wtsapi32.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: wtsapi32.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | from advapi32 import *
 39 | 
 40 | #==============================================================================
 41 | # This is used later on to calculate the list of exported symbols.
 42 | _all = None
 43 | _all = set(vars().keys())
 44 | #==============================================================================
 45 | 
 46 | #--- Constants ----------------------------------------------------------------
 47 | 
 48 | WTS_CURRENT_SERVER_HANDLE = 0
 49 | WTS_CURRENT_SESSION       = 1
 50 | 
 51 | #--- WTS_PROCESS_INFO structure -----------------------------------------------
 52 | 
 53 | # typedef struct _WTS_PROCESS_INFO {
 54 | #   DWORD  SessionId;
 55 | #   DWORD  ProcessId;
 56 | #   LPTSTR pProcessName;
 57 | #   PSID   pUserSid;
 58 | # } WTS_PROCESS_INFO, *PWTS_PROCESS_INFO;
 59 | 
 60 | class WTS_PROCESS_INFOA(Structure):
 61 |     _fields_ = [
 62 |         ("SessionId",    DWORD),
 63 |         ("ProcessId",    DWORD),
 64 |         ("pProcessName", LPSTR),
 65 |         ("pUserSid",     PSID),
 66 |     ]
 67 | PWTS_PROCESS_INFOA = POINTER(WTS_PROCESS_INFOA)
 68 | 
 69 | class WTS_PROCESS_INFOW(Structure):
 70 |     _fields_ = [
 71 |         ("SessionId",    DWORD),
 72 |         ("ProcessId",    DWORD),
 73 |         ("pProcessName", LPWSTR),
 74 |         ("pUserSid",     PSID),
 75 |     ]
 76 | PWTS_PROCESS_INFOW = POINTER(WTS_PROCESS_INFOW)
 77 | 
 78 | #--- WTSQuerySessionInformation enums and structures --------------------------
 79 | 
 80 | # typedef enum _WTS_INFO_CLASS {
 81 | #   WTSInitialProgram          = 0,
 82 | #   WTSApplicationName         = 1,
 83 | #   WTSWorkingDirectory        = 2,
 84 | #   WTSOEMId                   = 3,
 85 | #   WTSSessionId               = 4,
 86 | #   WTSUserName                = 5,
 87 | #   WTSWinStationName          = 6,
 88 | #   WTSDomainName              = 7,
 89 | #   WTSConnectState            = 8,
 90 | #   WTSClientBuildNumber       = 9,
 91 | #   WTSClientName              = 10,
 92 | #   WTSClientDirectory         = 11,
 93 | #   WTSClientProductId         = 12,
 94 | #   WTSClientHardwareId        = 13,
 95 | #   WTSClientAddress           = 14,
 96 | #   WTSClientDisplay           = 15,
 97 | #   WTSClientProtocolType      = 16,
 98 | #   WTSIdleTime                = 17,
 99 | #   WTSLogonTime               = 18,
100 | #   WTSIncomingBytes           = 19,
101 | #   WTSOutgoingBytes           = 20,
102 | #   WTSIncomingFrames          = 21,
103 | #   WTSOutgoingFrames          = 22,
104 | #   WTSClientInfo              = 23,
105 | #   WTSSessionInfo             = 24,
106 | #   WTSSessionInfoEx           = 25,
107 | #   WTSConfigInfo              = 26,
108 | #   WTSValidationInfo          = 27,
109 | #   WTSSessionAddressV4        = 28,
110 | #   WTSIsRemoteSession         = 29
111 | # } WTS_INFO_CLASS;
112 | 
113 | WTSInitialProgram          = 0
114 | WTSApplicationName         = 1
115 | WTSWorkingDirectory        = 2
116 | WTSOEMId                   = 3
117 | WTSSessionId               = 4
118 | WTSUserName                = 5
119 | WTSWinStationName          = 6
120 | WTSDomainName              = 7
121 | WTSConnectState            = 8
122 | WTSClientBuildNumber       = 9
123 | WTSClientName              = 10
124 | WTSClientDirectory         = 11
125 | WTSClientProductId         = 12
126 | WTSClientHardwareId        = 13
127 | WTSClientAddress           = 14
128 | WTSClientDisplay           = 15
129 | WTSClientProtocolType      = 16
130 | WTSIdleTime                = 17
131 | WTSLogonTime               = 18
132 | WTSIncomingBytes           = 19
133 | WTSOutgoingBytes           = 20
134 | WTSIncomingFrames          = 21
135 | WTSOutgoingFrames          = 22
136 | WTSClientInfo              = 23
137 | WTSSessionInfo             = 24
138 | WTSSessionInfoEx           = 25
139 | WTSConfigInfo              = 26
140 | WTSValidationInfo          = 27
141 | WTSSessionAddressV4        = 28
142 | WTSIsRemoteSession         = 29
143 | 
144 | WTS_INFO_CLASS = ctypes.c_int
145 | 
146 | # typedef enum _WTS_CONNECTSTATE_CLASS {
147 | #   WTSActive,
148 | #   WTSConnected,
149 | #   WTSConnectQuery,
150 | #   WTSShadow,
151 | #   WTSDisconnected,
152 | #   WTSIdle,
153 | #   WTSListen,
154 | #   WTSReset,
155 | #   WTSDown,
156 | #   WTSInit
157 | # } WTS_CONNECTSTATE_CLASS;
158 | 
159 | WTSActive       = 0
160 | WTSConnected    = 1
161 | WTSConnectQuery = 2
162 | WTSShadow       = 3
163 | WTSDisconnected = 4
164 | WTSIdle         = 5
165 | WTSListen       = 6
166 | WTSReset        = 7
167 | WTSDown         = 8
168 | WTSInit         = 9
169 | 
170 | WTS_CONNECTSTATE_CLASS = ctypes.c_int
171 | 
172 | # typedef struct _WTS_CLIENT_DISPLAY {
173 | #   DWORD HorizontalResolution;
174 | #   DWORD VerticalResolution;
175 | #   DWORD ColorDepth;
176 | # } WTS_CLIENT_DISPLAY, *PWTS_CLIENT_DISPLAY;
177 | class WTS_CLIENT_DISPLAY(Structure):
178 |     _fields_ = [
179 |         ("HorizontalResolution", DWORD),
180 |         ("VerticalResolution",   DWORD),
181 |         ("ColorDepth",           DWORD),
182 |     ]
183 | PWTS_CLIENT_DISPLAY = POINTER(WTS_CLIENT_DISPLAY)
184 | 
185 | # typedef struct _WTS_CLIENT_ADDRESS {
186 | #   DWORD AddressFamily;
187 | #   BYTE  Address[20];
188 | # } WTS_CLIENT_ADDRESS, *PWTS_CLIENT_ADDRESS;
189 | 
190 | # XXX TODO
191 | 
192 | # typedef struct _WTSCLIENT {
193 | #   WCHAR   ClientName[CLIENTNAME_LENGTH + 1];
194 | #   WCHAR   Domain[DOMAIN_LENGTH + 1 ];
195 | #   WCHAR   UserName[USERNAME_LENGTH + 1];
196 | #   WCHAR   WorkDirectory[MAX_PATH + 1];
197 | #   WCHAR   InitialProgram[MAX_PATH + 1];
198 | #   BYTE    EncryptionLevel;
199 | #   ULONG   ClientAddressFamily;
200 | #   USHORT  ClientAddress[CLIENTADDRESS_LENGTH + 1];
201 | #   USHORT  HRes;
202 | #   USHORT  VRes;
203 | #   USHORT  ColorDepth;
204 | #   WCHAR   ClientDirectory[MAX_PATH + 1];
205 | #   ULONG   ClientBuildNumber;
206 | #   ULONG   ClientHardwareId;
207 | #   USHORT  ClientProductId;
208 | #   USHORT  OutBufCountHost;
209 | #   USHORT  OutBufCountClient;
210 | #   USHORT  OutBufLength;
211 | #   WCHAR     DeviceId[MAX_PATH + 1];
212 | # } WTSCLIENT, *PWTSCLIENT;
213 | 
214 | # XXX TODO
215 | 
216 | # typedef struct _WTSINFO {
217 | #   WTS_CONNECTSTATE_CLASS State;
218 | #   DWORD                  SessionId;
219 | #   DWORD                  IncomingBytes;
220 | #   DWORD                  OutgoingBytes;
221 | #   DWORD                  IncomingCompressedBytes;
222 | #   DWORD                  OutgoingCompressedBytes;
223 | #   WCHAR                  WinStationName;
224 | #   WCHAR                  Domain;
225 | #   WCHAR                  UserName;
226 | #   LARGE_INTEGER          ConnectTime;
227 | #   LARGE_INTEGER          DisconnectTime;
228 | #   LARGE_INTEGER          LastInputTime;
229 | #   LARGE_INTEGER          LogonTime;
230 | #   LARGE_INTEGER          CurrentTime;
231 | # } WTSINFO, *PWTSINFO;
232 | 
233 | # XXX TODO
234 | 
235 | # typedef struct _WTSINFOEX {
236 | #   DWORD           Level;
237 | #   WTSINFOEX_LEVEL Data;
238 | # } WTSINFOEX, *PWTSINFOEX;
239 | 
240 | # XXX TODO
241 | 
242 | 
243 | #==============================================================================
244 | # This calculates the list of exported symbols.
245 | _all = set(vars().keys()).difference(_all)
246 | __all__ = [_x for _x in _all if not _x.startswith('_')]
247 | __all__.sort()
248 | #==============================================================================
249 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/dbghelp.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for dbghelp.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: dbghelp.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | from version import *
 39 | from kernel32 import *
 40 | 
 41 | # DbgHelp versions and features list:
 42 | # http://msdn.microsoft.com/en-us/library/windows/desktop/ms679294(v=vs.85).aspx
 43 | 
 44 | 
 45 | # Recover the old binding of the "os" symbol.
 46 | # XXX FIXME not sure if I really need to do this!
 47 | ##from version import os
 48 | 
 49 | #------------------------------------------------------------------------------
 50 | 
 51 | #==============================================================================
 52 | # This is used later on to calculate the list of exported symbols.
 53 | _all = None
 54 | _all = set(vars().keys())
 55 | #==============================================================================
 56 | 
 57 | # SymGetHomeDirectory "type" values
 58 | hdBase = 0
 59 | hdSym  = 1
 60 | hdSrc  = 2
 61 | 
 62 | UNDNAME_32_BIT_DECODE           = 0x0800
 63 | UNDNAME_COMPLETE                = 0x0000
 64 | UNDNAME_NAME_ONLY               = 0x1000
 65 | UNDNAME_NO_ACCESS_SPECIFIERS    = 0x0080
 66 | UNDNAME_NO_ALLOCATION_LANGUAGE  = 0x0010
 67 | UNDNAME_NO_ALLOCATION_MODEL     = 0x0008
 68 | UNDNAME_NO_ARGUMENTS            = 0x2000
 69 | UNDNAME_NO_CV_THISTYPE          = 0x0040
 70 | UNDNAME_NO_FUNCTION_RETURNS     = 0x0004
 71 | UNDNAME_NO_LEADING_UNDERSCORES  = 0x0001
 72 | UNDNAME_NO_MEMBER_TYPE          = 0x0200
 73 | UNDNAME_NO_MS_KEYWORDS          = 0x0002
 74 | UNDNAME_NO_MS_THISTYPE          = 0x0020
 75 | UNDNAME_NO_RETURN_UDT_MODEL     = 0x0400
 76 | UNDNAME_NO_SPECIAL_SYMS         = 0x4000
 77 | UNDNAME_NO_THISTYPE             = 0x0060
 78 | UNDNAME_NO_THROW_SIGNATURES     = 0x0100
 79 | 
 80 | #--- IMAGEHLP_MODULE structure and related ------------------------------------
 81 | 
 82 | SYMOPT_ALLOW_ABSOLUTE_SYMBOLS       = 0x00000800
 83 | SYMOPT_ALLOW_ZERO_ADDRESS           = 0x01000000
 84 | SYMOPT_AUTO_PUBLICS                 = 0x00010000
 85 | SYMOPT_CASE_INSENSITIVE             = 0x00000001
 86 | SYMOPT_DEBUG                        = 0x80000000
 87 | SYMOPT_DEFERRED_LOADS               = 0x00000004
 88 | SYMOPT_DISABLE_SYMSRV_AUTODETECT    = 0x02000000
 89 | SYMOPT_EXACT_SYMBOLS                = 0x00000400
 90 | SYMOPT_FAIL_CRITICAL_ERRORS         = 0x00000200
 91 | SYMOPT_FAVOR_COMPRESSED             = 0x00800000
 92 | SYMOPT_FLAT_DIRECTORY               = 0x00400000
 93 | SYMOPT_IGNORE_CVREC                 = 0x00000080
 94 | SYMOPT_IGNORE_IMAGEDIR              = 0x00200000
 95 | SYMOPT_IGNORE_NT_SYMPATH            = 0x00001000
 96 | SYMOPT_INCLUDE_32BIT_MODULES        = 0x00002000
 97 | SYMOPT_LOAD_ANYTHING                = 0x00000040
 98 | SYMOPT_LOAD_LINES                   = 0x00000010
 99 | SYMOPT_NO_CPP                       = 0x00000008
100 | SYMOPT_NO_IMAGE_SEARCH              = 0x00020000
101 | SYMOPT_NO_PROMPTS                   = 0x00080000
102 | SYMOPT_NO_PUBLICS                   = 0x00008000
103 | SYMOPT_NO_UNQUALIFIED_LOADS         = 0x00000100
104 | SYMOPT_OVERWRITE                    = 0x00100000
105 | SYMOPT_PUBLICS_ONLY                 = 0x00004000
106 | SYMOPT_SECURE                       = 0x00040000
107 | SYMOPT_UNDNAME                      = 0x00000002
108 | 
109 | ##SSRVOPT_DWORD
110 | ##SSRVOPT_DWORDPTR
111 | ##SSRVOPT_GUIDPTR
112 | ##
113 | ##SSRVOPT_CALLBACK
114 | ##SSRVOPT_DOWNSTREAM_STORE
115 | ##SSRVOPT_FLAT_DEFAULT_STORE
116 | ##SSRVOPT_FAVOR_COMPRESSED
117 | ##SSRVOPT_NOCOPY
118 | ##SSRVOPT_OVERWRITE
119 | ##SSRVOPT_PARAMTYPE
120 | ##SSRVOPT_PARENTWIN
121 | ##SSRVOPT_PROXY
122 | ##SSRVOPT_RESET
123 | ##SSRVOPT_SECURE
124 | ##SSRVOPT_SETCONTEXT
125 | ##SSRVOPT_TRACE
126 | ##SSRVOPT_UNATTENDED
127 | 
128 | #    typedef enum
129 | #    {
130 | #        SymNone = 0,
131 | #        SymCoff,
132 | #        SymCv,
133 | #        SymPdb,
134 | #        SymExport,
135 | #        SymDeferred,
136 | #        SymSym,
137 | #        SymDia,
138 | #        SymVirtual,
139 | #        NumSymTypes
140 | #    } SYM_TYPE;
141 | SymNone     = 0
142 | SymCoff     = 1
143 | SymCv       = 2
144 | SymPdb      = 3
145 | SymExport   = 4
146 | SymDeferred = 5
147 | SymSym      = 6
148 | SymDia      = 7
149 | SymVirtual  = 8
150 | NumSymTypes = 9
151 | 
152 | #    typedef struct _IMAGEHLP_MODULE64 {
153 | #      DWORD    SizeOfStruct;
154 | #      DWORD64  BaseOfImage;
155 | #      DWORD    ImageSize;
156 | #      DWORD    TimeDateStamp;
157 | #      DWORD    CheckSum;
158 | #      DWORD    NumSyms;
159 | #      SYM_TYPE SymType;
160 | #      TCHAR    ModuleName[32];
161 | #      TCHAR    ImageName[256];
162 | #      TCHAR    LoadedImageName[256];
163 | #      TCHAR    LoadedPdbName[256];
164 | #      DWORD    CVSig;
165 | #      TCHAR    CVData[MAX_PATH*3];
166 | #      DWORD    PdbSig;
167 | #      GUID     PdbSig70;
168 | #      DWORD    PdbAge;
169 | #      BOOL     PdbUnmatched;
170 | #      BOOL     DbgUnmatched;
171 | #      BOOL     LineNumbers;
172 | #      BOOL     GlobalSymbols;
173 | #      BOOL     TypeInfo;
174 | #      BOOL     SourceIndexed;
175 | #      BOOL     Publics;
176 | #    } IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
177 | 
178 | class IMAGEHLP_MODULE (Structure):
179 |     _fields_ = [
180 |         ("SizeOfStruct",    DWORD),
181 |         ("BaseOfImage",     DWORD),
182 |         ("ImageSize",       DWORD),
183 |         ("TimeDateStamp",   DWORD),
184 |         ("CheckSum",        DWORD),
185 |         ("NumSyms",         DWORD),
186 |         ("SymType",         DWORD),         # SYM_TYPE
187 |         ("ModuleName",      CHAR * 32),
188 |         ("ImageName",       CHAR * 256),
189 |         ("LoadedImageName", CHAR * 256),
190 |     ]
191 | PIMAGEHLP_MODULE = POINTER(IMAGEHLP_MODULE)
192 | 
193 | class IMAGEHLP_MODULE64 (Structure):
194 |     _fields_ = [
195 |         ("SizeOfStruct",    DWORD),
196 |         ("BaseOfImage",     DWORD64),
197 |         ("ImageSize",       DWORD),
198 |         ("TimeDateStamp",   DWORD),
199 |         ("CheckSum",        DWORD),
200 |         ("NumSyms",         DWORD),
201 |         ("SymType",         DWORD),         # SYM_TYPE
202 |         ("ModuleName",      CHAR * 32),
203 |         ("ImageName",       CHAR * 256),
204 |         ("LoadedImageName", CHAR * 256),
205 |         ("LoadedPdbName",   CHAR * 256),
206 |         ("CVSig",           DWORD),
207 |         ("CVData",          CHAR * (MAX_PATH * 3)),
208 |         ("PdbSig",          DWORD),
209 |         ("PdbSig70",        GUID),
210 |         ("PdbAge",          DWORD),
211 |         ("PdbUnmatched",    BOOL),
212 |         ("DbgUnmatched",    BOOL),
213 |         ("LineNumbers",     BOOL),
214 |         ("GlobalSymbols",   BOOL),
215 |         ("TypeInfo",        BOOL),
216 |         ("SourceIndexed",   BOOL),
217 |         ("Publics",         BOOL),
218 |     ]
219 | PIMAGEHLP_MODULE64 = POINTER(IMAGEHLP_MODULE64)
220 | 
221 | class IMAGEHLP_MODULEW (Structure):
222 |     _fields_ = [
223 |         ("SizeOfStruct",    DWORD),
224 |         ("BaseOfImage",     DWORD),
225 |         ("ImageSize",       DWORD),
226 |         ("TimeDateStamp",   DWORD),
227 |         ("CheckSum",        DWORD),
228 |         ("NumSyms",         DWORD),
229 |         ("SymType",         DWORD),         # SYM_TYPE
230 |         ("ModuleName",      WCHAR * 32),
231 |         ("ImageName",       WCHAR * 256),
232 |         ("LoadedImageName", WCHAR * 256),
233 |     ]
234 | PIMAGEHLP_MODULEW = POINTER(IMAGEHLP_MODULEW)
235 | 
236 | class IMAGEHLP_MODULEW64 (Structure):
237 |     _fields_ = [
238 |         ("SizeOfStruct",    DWORD),
239 |         ("BaseOfImage",     DWORD64),
240 |         ("ImageSize",       DWORD),
241 |         ("TimeDateStamp",   DWORD),
242 |         ("CheckSum",        DWORD),
243 |         ("NumSyms",         DWORD),
244 |         ("SymType",         DWORD),         # SYM_TYPE
245 |         ("ModuleName",      WCHAR * 32),
246 |         ("ImageName",       WCHAR * 256),
247 |         ("LoadedImageName", WCHAR * 256),
248 |         ("LoadedPdbName",   WCHAR * 256),
249 |         ("CVSig",           DWORD),
250 |         ("CVData",          WCHAR * (MAX_PATH * 3)),
251 |         ("PdbSig",          DWORD),
252 |         ("PdbSig70",        GUID),
253 |         ("PdbAge",          DWORD),
254 |         ("PdbUnmatched",    BOOL),
255 |         ("DbgUnmatched",    BOOL),
256 |         ("LineNumbers",     BOOL),
257 |         ("GlobalSymbols",   BOOL),
258 |         ("TypeInfo",        BOOL),
259 |         ("SourceIndexed",   BOOL),
260 |         ("Publics",         BOOL),
261 |     ]
262 | PIMAGEHLP_MODULEW64 = POINTER(IMAGEHLP_MODULEW64)
263 | 
264 | 
265 | #==============================================================================
266 | # This calculates the list of exported symbols.
267 | _all = set(vars().keys()).difference(_all)
268 | __all__ = [_x for _x in _all if not _x.startswith('_')]
269 | __all__.sort()
270 | #==============================================================================
271 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/dbghelp.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for dbghelp.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: dbghelp.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | from version import *
 39 | from kernel32 import *
 40 | 
 41 | # DbgHelp versions and features list:
 42 | # http://msdn.microsoft.com/en-us/library/windows/desktop/ms679294(v=vs.85).aspx
 43 | 
 44 | #------------------------------------------------------------------------------
 45 | # Tries to load the newest version of dbghelp.dll if available.
 46 | 
 47 | def _load_latest_dbghelp_dll():
 48 | 
 49 |     from os import getenv
 50 |     from os.path import join
 51 | 
 52 |     if arch == ARCH_AMD64:
 53 |         if wow64:
 54 |             pathname = join(
 55 |                             getenv("ProgramFiles(x86)",
 56 |                                 getenv("ProgramFiles")),
 57 |                             "Debugging Tools for Windows (x86)",
 58 |                             "dbghelp.dll")
 59 |         else:
 60 |             pathname = join(
 61 |                             getenv("ProgramFiles"),
 62 |                             "Debugging Tools for Windows (x64)",
 63 |                             "dbghelp.dll")
 64 |     elif arch == ARCH_I386:
 65 |         pathname = join(
 66 |                         getenv("ProgramFiles"),
 67 |                         "Debugging Tools for Windows (x86)",
 68 |                         "dbghelp.dll")
 69 |     else:
 70 |         pathname = None
 71 | 
 72 |     if pathname:
 73 |         try:
 74 |             _dbghelp = ctypes.windll.LoadLibrary(pathname)
 75 |             ctypes.windll.dbghelp = _dbghelp
 76 |         except Exception:
 77 |             pass
 78 | 
 79 | _load_latest_dbghelp_dll()
 80 | 
 81 | # Recover the old binding of the "os" symbol.
 82 | # XXX FIXME not sure if I really need to do this!
 83 | ##from version import os
 84 | 
 85 | #------------------------------------------------------------------------------
 86 | 
 87 | #==============================================================================
 88 | # This is used later on to calculate the list of exported symbols.
 89 | _all = None
 90 | _all = set(vars().keys())
 91 | #==============================================================================
 92 | 
 93 | # SymGetHomeDirectory "type" values
 94 | hdBase = 0
 95 | hdSym  = 1
 96 | hdSrc  = 2
 97 | 
 98 | UNDNAME_32_BIT_DECODE           = 0x0800
 99 | UNDNAME_COMPLETE                = 0x0000
100 | UNDNAME_NAME_ONLY               = 0x1000
101 | UNDNAME_NO_ACCESS_SPECIFIERS    = 0x0080
102 | UNDNAME_NO_ALLOCATION_LANGUAGE  = 0x0010
103 | UNDNAME_NO_ALLOCATION_MODEL     = 0x0008
104 | UNDNAME_NO_ARGUMENTS            = 0x2000
105 | UNDNAME_NO_CV_THISTYPE          = 0x0040
106 | UNDNAME_NO_FUNCTION_RETURNS     = 0x0004
107 | UNDNAME_NO_LEADING_UNDERSCORES  = 0x0001
108 | UNDNAME_NO_MEMBER_TYPE          = 0x0200
109 | UNDNAME_NO_MS_KEYWORDS          = 0x0002
110 | UNDNAME_NO_MS_THISTYPE          = 0x0020
111 | UNDNAME_NO_RETURN_UDT_MODEL     = 0x0400
112 | UNDNAME_NO_SPECIAL_SYMS         = 0x4000
113 | UNDNAME_NO_THISTYPE             = 0x0060
114 | UNDNAME_NO_THROW_SIGNATURES     = 0x0100
115 | 
116 | #--- IMAGEHLP_MODULE structure and related ------------------------------------
117 | 
118 | SYMOPT_ALLOW_ABSOLUTE_SYMBOLS       = 0x00000800
119 | SYMOPT_ALLOW_ZERO_ADDRESS           = 0x01000000
120 | SYMOPT_AUTO_PUBLICS                 = 0x00010000
121 | SYMOPT_CASE_INSENSITIVE             = 0x00000001
122 | SYMOPT_DEBUG                        = 0x80000000
123 | SYMOPT_DEFERRED_LOADS               = 0x00000004
124 | SYMOPT_DISABLE_SYMSRV_AUTODETECT    = 0x02000000
125 | SYMOPT_EXACT_SYMBOLS                = 0x00000400
126 | SYMOPT_FAIL_CRITICAL_ERRORS         = 0x00000200
127 | SYMOPT_FAVOR_COMPRESSED             = 0x00800000
128 | SYMOPT_FLAT_DIRECTORY               = 0x00400000
129 | SYMOPT_IGNORE_CVREC                 = 0x00000080
130 | SYMOPT_IGNORE_IMAGEDIR              = 0x00200000
131 | SYMOPT_IGNORE_NT_SYMPATH            = 0x00001000
132 | SYMOPT_INCLUDE_32BIT_MODULES        = 0x00002000
133 | SYMOPT_LOAD_ANYTHING                = 0x00000040
134 | SYMOPT_LOAD_LINES                   = 0x00000010
135 | SYMOPT_NO_CPP                       = 0x00000008
136 | SYMOPT_NO_IMAGE_SEARCH              = 0x00020000
137 | SYMOPT_NO_PROMPTS                   = 0x00080000
138 | SYMOPT_NO_PUBLICS                   = 0x00008000
139 | SYMOPT_NO_UNQUALIFIED_LOADS         = 0x00000100
140 | SYMOPT_OVERWRITE                    = 0x00100000
141 | SYMOPT_PUBLICS_ONLY                 = 0x00004000
142 | SYMOPT_SECURE                       = 0x00040000
143 | SYMOPT_UNDNAME                      = 0x00000002
144 | 
145 | ##SSRVOPT_DWORD
146 | ##SSRVOPT_DWORDPTR
147 | ##SSRVOPT_GUIDPTR
148 | ##
149 | ##SSRVOPT_CALLBACK
150 | ##SSRVOPT_DOWNSTREAM_STORE
151 | ##SSRVOPT_FLAT_DEFAULT_STORE
152 | ##SSRVOPT_FAVOR_COMPRESSED
153 | ##SSRVOPT_NOCOPY
154 | ##SSRVOPT_OVERWRITE
155 | ##SSRVOPT_PARAMTYPE
156 | ##SSRVOPT_PARENTWIN
157 | ##SSRVOPT_PROXY
158 | ##SSRVOPT_RESET
159 | ##SSRVOPT_SECURE
160 | ##SSRVOPT_SETCONTEXT
161 | ##SSRVOPT_TRACE
162 | ##SSRVOPT_UNATTENDED
163 | 
164 | #    typedef enum
165 | #    {
166 | #        SymNone = 0,
167 | #        SymCoff,
168 | #        SymCv,
169 | #        SymPdb,
170 | #        SymExport,
171 | #        SymDeferred,
172 | #        SymSym,
173 | #        SymDia,
174 | #        SymVirtual,
175 | #        NumSymTypes
176 | #    } SYM_TYPE;
177 | SymNone     = 0
178 | SymCoff     = 1
179 | SymCv       = 2
180 | SymPdb      = 3
181 | SymExport   = 4
182 | SymDeferred = 5
183 | SymSym      = 6
184 | SymDia      = 7
185 | SymVirtual  = 8
186 | NumSymTypes = 9
187 | 
188 | #    typedef struct _IMAGEHLP_MODULE64 {
189 | #      DWORD    SizeOfStruct;
190 | #      DWORD64  BaseOfImage;
191 | #      DWORD    ImageSize;
192 | #      DWORD    TimeDateStamp;
193 | #      DWORD    CheckSum;
194 | #      DWORD    NumSyms;
195 | #      SYM_TYPE SymType;
196 | #      TCHAR    ModuleName[32];
197 | #      TCHAR    ImageName[256];
198 | #      TCHAR    LoadedImageName[256];
199 | #      TCHAR    LoadedPdbName[256];
200 | #      DWORD    CVSig;
201 | #      TCHAR    CVData[MAX_PATH*3];
202 | #      DWORD    PdbSig;
203 | #      GUID     PdbSig70;
204 | #      DWORD    PdbAge;
205 | #      BOOL     PdbUnmatched;
206 | #      BOOL     DbgUnmatched;
207 | #      BOOL     LineNumbers;
208 | #      BOOL     GlobalSymbols;
209 | #      BOOL     TypeInfo;
210 | #      BOOL     SourceIndexed;
211 | #      BOOL     Publics;
212 | #    } IMAGEHLP_MODULE64, *PIMAGEHLP_MODULE64;
213 | 
214 | class IMAGEHLP_MODULE (Structure):
215 |     _fields_ = [
216 |         ("SizeOfStruct",    DWORD),
217 |         ("BaseOfImage",     DWORD),
218 |         ("ImageSize",       DWORD),
219 |         ("TimeDateStamp",   DWORD),
220 |         ("CheckSum",        DWORD),
221 |         ("NumSyms",         DWORD),
222 |         ("SymType",         DWORD),         # SYM_TYPE
223 |         ("ModuleName",      CHAR * 32),
224 |         ("ImageName",       CHAR * 256),
225 |         ("LoadedImageName", CHAR * 256),
226 |     ]
227 | PIMAGEHLP_MODULE = POINTER(IMAGEHLP_MODULE)
228 | 
229 | class IMAGEHLP_MODULE64 (Structure):
230 |     _fields_ = [
231 |         ("SizeOfStruct",    DWORD),
232 |         ("BaseOfImage",     DWORD64),
233 |         ("ImageSize",       DWORD),
234 |         ("TimeDateStamp",   DWORD),
235 |         ("CheckSum",        DWORD),
236 |         ("NumSyms",         DWORD),
237 |         ("SymType",         DWORD),         # SYM_TYPE
238 |         ("ModuleName",      CHAR * 32),
239 |         ("ImageName",       CHAR * 256),
240 |         ("LoadedImageName", CHAR * 256),
241 |         ("LoadedPdbName",   CHAR * 256),
242 |         ("CVSig",           DWORD),
243 |         ("CVData",          CHAR * (MAX_PATH * 3)),
244 |         ("PdbSig",          DWORD),
245 |         ("PdbSig70",        GUID),
246 |         ("PdbAge",          DWORD),
247 |         ("PdbUnmatched",    BOOL),
248 |         ("DbgUnmatched",    BOOL),
249 |         ("LineNumbers",     BOOL),
250 |         ("GlobalSymbols",   BOOL),
251 |         ("TypeInfo",        BOOL),
252 |         ("SourceIndexed",   BOOL),
253 |         ("Publics",         BOOL),
254 |     ]
255 | PIMAGEHLP_MODULE64 = POINTER(IMAGEHLP_MODULE64)
256 | 
257 | class IMAGEHLP_MODULEW (Structure):
258 |     _fields_ = [
259 |         ("SizeOfStruct",    DWORD),
260 |         ("BaseOfImage",     DWORD),
261 |         ("ImageSize",       DWORD),
262 |         ("TimeDateStamp",   DWORD),
263 |         ("CheckSum",        DWORD),
264 |         ("NumSyms",         DWORD),
265 |         ("SymType",         DWORD),         # SYM_TYPE
266 |         ("ModuleName",      WCHAR * 32),
267 |         ("ImageName",       WCHAR * 256),
268 |         ("LoadedImageName", WCHAR * 256),
269 |     ]
270 | PIMAGEHLP_MODULEW = POINTER(IMAGEHLP_MODULEW)
271 | 
272 | class IMAGEHLP_MODULEW64 (Structure):
273 |     _fields_ = [
274 |         ("SizeOfStruct",    DWORD),
275 |         ("BaseOfImage",     DWORD64),
276 |         ("ImageSize",       DWORD),
277 |         ("TimeDateStamp",   DWORD),
278 |         ("CheckSum",        DWORD),
279 |         ("NumSyms",         DWORD),
280 |         ("SymType",         DWORD),         # SYM_TYPE
281 |         ("ModuleName",      WCHAR * 32),
282 |         ("ImageName",       WCHAR * 256),
283 |         ("LoadedImageName", WCHAR * 256),
284 |         ("LoadedPdbName",   WCHAR * 256),
285 |         ("CVSig",           DWORD),
286 |         ("CVData",          WCHAR * (MAX_PATH * 3)),
287 |         ("PdbSig",          DWORD),
288 |         ("PdbSig70",        GUID),
289 |         ("PdbAge",          DWORD),
290 |         ("PdbUnmatched",    BOOL),
291 |         ("DbgUnmatched",    BOOL),
292 |         ("LineNumbers",     BOOL),
293 |         ("GlobalSymbols",   BOOL),
294 |         ("TypeInfo",        BOOL),
295 |         ("SourceIndexed",   BOOL),
296 |         ("Publics",         BOOL),
297 |     ]
298 | PIMAGEHLP_MODULEW64 = POINTER(IMAGEHLP_MODULEW64)
299 | 
300 | 
301 | #==============================================================================
302 | # This calculates the list of exported symbols.
303 | _all = set(vars().keys()).difference(_all)
304 | __all__ = [_x for _x in _all if not _x.startswith('_')]
305 | __all__.sort()
306 | #==============================================================================
307 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/gdi32.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for gdi32.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: gdi32.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | 
 39 | #==============================================================================
 40 | # This is used later on to calculate the list of exported symbols.
 41 | _all = None
 42 | _all = set(vars().keys())
 43 | #==============================================================================
 44 | 
 45 | #--- Helpers ------------------------------------------------------------------
 46 | 
 47 | #--- Types --------------------------------------------------------------------
 48 | 
 49 | #--- Constants ----------------------------------------------------------------
 50 | 
 51 | # GDI object types
 52 | OBJ_PEN             = 1
 53 | OBJ_BRUSH           = 2
 54 | OBJ_DC              = 3
 55 | OBJ_METADC          = 4
 56 | OBJ_PAL             = 5
 57 | OBJ_FONT            = 6
 58 | OBJ_BITMAP          = 7
 59 | OBJ_REGION          = 8
 60 | OBJ_METAFILE        = 9
 61 | OBJ_MEMDC           = 10
 62 | OBJ_EXTPEN          = 11
 63 | OBJ_ENHMETADC       = 12
 64 | OBJ_ENHMETAFILE     = 13
 65 | OBJ_COLORSPACE      = 14
 66 | GDI_OBJ_LAST        = OBJ_COLORSPACE
 67 | 
 68 | # Ternary raster operations
 69 | SRCCOPY         = 0x00CC0020 # dest = source
 70 | SRCPAINT        = 0x00EE0086 # dest = source OR dest
 71 | SRCAND          = 0x008800C6 # dest = source AND dest
 72 | SRCINVERT       = 0x00660046 # dest = source XOR dest
 73 | SRCERASE        = 0x00440328 # dest = source AND (NOT dest)
 74 | NOTSRCCOPY      = 0x00330008 # dest = (NOT source)
 75 | NOTSRCERASE     = 0x001100A6 # dest = (NOT src) AND (NOT dest)
 76 | MERGECOPY       = 0x00C000CA # dest = (source AND pattern)
 77 | MERGEPAINT      = 0x00BB0226 # dest = (NOT source) OR dest
 78 | PATCOPY         = 0x00F00021 # dest = pattern
 79 | PATPAINT        = 0x00FB0A09 # dest = DPSnoo
 80 | PATINVERT       = 0x005A0049 # dest = pattern XOR dest
 81 | DSTINVERT       = 0x00550009 # dest = (NOT dest)
 82 | BLACKNESS       = 0x00000042 # dest = BLACK
 83 | WHITENESS       = 0x00FF0062 # dest = WHITE
 84 | NOMIRRORBITMAP  = 0x80000000 # Do not Mirror the bitmap in this call
 85 | CAPTUREBLT      = 0x40000000 # Include layered windows
 86 | 
 87 | # Region flags
 88 | ERROR               = 0
 89 | NULLREGION          = 1
 90 | SIMPLEREGION        = 2
 91 | COMPLEXREGION       = 3
 92 | RGN_ERROR           = ERROR
 93 | 
 94 | # CombineRgn() styles
 95 | RGN_AND             = 1
 96 | RGN_OR              = 2
 97 | RGN_XOR             = 3
 98 | RGN_DIFF            = 4
 99 | RGN_COPY            = 5
100 | RGN_MIN             = RGN_AND
101 | RGN_MAX             = RGN_COPY
102 | 
103 | # StretchBlt() modes
104 | BLACKONWHITE        = 1
105 | WHITEONBLACK        = 2
106 | COLORONCOLOR        = 3
107 | HALFTONE            = 4
108 | MAXSTRETCHBLTMODE   = 4
109 | STRETCH_ANDSCANS    = BLACKONWHITE
110 | STRETCH_ORSCANS     = WHITEONBLACK
111 | STRETCH_DELETESCANS = COLORONCOLOR
112 | STRETCH_HALFTONE    = HALFTONE
113 | 
114 | # PolyFill() modes
115 | ALTERNATE       = 1
116 | WINDING         = 2
117 | POLYFILL_LAST   = 2
118 | 
119 | # Layout orientation options
120 | LAYOUT_RTL                         = 0x00000001 # Right to left
121 | LAYOUT_BTT                         = 0x00000002 # Bottom to top
122 | LAYOUT_VBH                         = 0x00000004 # Vertical before horizontal
123 | LAYOUT_ORIENTATIONMASK             = LAYOUT_RTL + LAYOUT_BTT + LAYOUT_VBH
124 | LAYOUT_BITMAPORIENTATIONPRESERVED  = 0x00000008
125 | 
126 | # Stock objects
127 | WHITE_BRUSH         = 0
128 | LTGRAY_BRUSH        = 1
129 | GRAY_BRUSH          = 2
130 | DKGRAY_BRUSH        = 3
131 | BLACK_BRUSH         = 4
132 | NULL_BRUSH          = 5
133 | HOLLOW_BRUSH        = NULL_BRUSH
134 | WHITE_PEN           = 6
135 | BLACK_PEN           = 7
136 | NULL_PEN            = 8
137 | OEM_FIXED_FONT      = 10
138 | ANSI_FIXED_FONT     = 11
139 | ANSI_VAR_FONT       = 12
140 | SYSTEM_FONT         = 13
141 | DEVICE_DEFAULT_FONT = 14
142 | DEFAULT_PALETTE     = 15
143 | SYSTEM_FIXED_FONT   = 16
144 | 
145 | # Metafile functions
146 | META_SETBKCOLOR              = 0x0201
147 | META_SETBKMODE               = 0x0102
148 | META_SETMAPMODE              = 0x0103
149 | META_SETROP2                 = 0x0104
150 | META_SETRELABS               = 0x0105
151 | META_SETPOLYFILLMODE         = 0x0106
152 | META_SETSTRETCHBLTMODE       = 0x0107
153 | META_SETTEXTCHAREXTRA        = 0x0108
154 | META_SETTEXTCOLOR            = 0x0209
155 | META_SETTEXTJUSTIFICATION    = 0x020A
156 | META_SETWINDOWORG            = 0x020B
157 | META_SETWINDOWEXT            = 0x020C
158 | META_SETVIEWPORTORG          = 0x020D
159 | META_SETVIEWPORTEXT          = 0x020E
160 | META_OFFSETWINDOWORG         = 0x020F
161 | META_SCALEWINDOWEXT          = 0x0410
162 | META_OFFSETVIEWPORTORG       = 0x0211
163 | META_SCALEVIEWPORTEXT        = 0x0412
164 | META_LINETO                  = 0x0213
165 | META_MOVETO                  = 0x0214
166 | META_EXCLUDECLIPRECT         = 0x0415
167 | META_INTERSECTCLIPRECT       = 0x0416
168 | META_ARC                     = 0x0817
169 | META_ELLIPSE                 = 0x0418
170 | META_FLOODFILL               = 0x0419
171 | META_PIE                     = 0x081A
172 | META_RECTANGLE               = 0x041B
173 | META_ROUNDRECT               = 0x061C
174 | META_PATBLT                  = 0x061D
175 | META_SAVEDC                  = 0x001E
176 | META_SETPIXEL                = 0x041F
177 | META_OFFSETCLIPRGN           = 0x0220
178 | META_TEXTOUT                 = 0x0521
179 | META_BITBLT                  = 0x0922
180 | META_STRETCHBLT              = 0x0B23
181 | META_POLYGON                 = 0x0324
182 | META_POLYLINE                = 0x0325
183 | META_ESCAPE                  = 0x0626
184 | META_RESTOREDC               = 0x0127
185 | META_FILLREGION              = 0x0228
186 | META_FRAMEREGION             = 0x0429
187 | META_INVERTREGION            = 0x012A
188 | META_PAINTREGION             = 0x012B
189 | META_SELECTCLIPREGION        = 0x012C
190 | META_SELECTOBJECT            = 0x012D
191 | META_SETTEXTALIGN            = 0x012E
192 | META_CHORD                   = 0x0830
193 | META_SETMAPPERFLAGS          = 0x0231
194 | META_EXTTEXTOUT              = 0x0a32
195 | META_SETDIBTODEV             = 0x0d33
196 | META_SELECTPALETTE           = 0x0234
197 | META_REALIZEPALETTE          = 0x0035
198 | META_ANIMATEPALETTE          = 0x0436
199 | META_SETPALENTRIES           = 0x0037
200 | META_POLYPOLYGON             = 0x0538
201 | META_RESIZEPALETTE           = 0x0139
202 | META_DIBBITBLT               = 0x0940
203 | META_DIBSTRETCHBLT           = 0x0b41
204 | META_DIBCREATEPATTERNBRUSH   = 0x0142
205 | META_STRETCHDIB              = 0x0f43
206 | META_EXTFLOODFILL            = 0x0548
207 | META_SETLAYOUT               = 0x0149
208 | META_DELETEOBJECT            = 0x01f0
209 | META_CREATEPALETTE           = 0x00f7
210 | META_CREATEPATTERNBRUSH      = 0x01F9
211 | META_CREATEPENINDIRECT       = 0x02FA
212 | META_CREATEFONTINDIRECT      = 0x02FB
213 | META_CREATEBRUSHINDIRECT     = 0x02FC
214 | META_CREATEREGION            = 0x06FF
215 | 
216 | # Metafile escape codes
217 | NEWFRAME                     = 1
218 | ABORTDOC                     = 2
219 | NEXTBAND                     = 3
220 | SETCOLORTABLE                = 4
221 | GETCOLORTABLE                = 5
222 | FLUSHOUTPUT                  = 6
223 | DRAFTMODE                    = 7
224 | QUERYESCSUPPORT              = 8
225 | SETABORTPROC                 = 9
226 | STARTDOC                     = 10
227 | ENDDOC                       = 11
228 | GETPHYSPAGESIZE              = 12
229 | GETPRINTINGOFFSET            = 13
230 | GETSCALINGFACTOR             = 14
231 | MFCOMMENT                    = 15
232 | GETPENWIDTH                  = 16
233 | SETCOPYCOUNT                 = 17
234 | SELECTPAPERSOURCE            = 18
235 | DEVICEDATA                   = 19
236 | PASSTHROUGH                  = 19
237 | GETTECHNOLGY                 = 20
238 | GETTECHNOLOGY                = 20
239 | SETLINECAP                   = 21
240 | SETLINEJOIN                  = 22
241 | SETMITERLIMIT                = 23
242 | BANDINFO                     = 24
243 | DRAWPATTERNRECT              = 25
244 | GETVECTORPENSIZE             = 26
245 | GETVECTORBRUSHSIZE           = 27
246 | ENABLEDUPLEX                 = 28
247 | GETSETPAPERBINS              = 29
248 | GETSETPRINTORIENT            = 30
249 | ENUMPAPERBINS                = 31
250 | SETDIBSCALING                = 32
251 | EPSPRINTING                  = 33
252 | ENUMPAPERMETRICS             = 34
253 | GETSETPAPERMETRICS           = 35
254 | POSTSCRIPT_DATA              = 37
255 | POSTSCRIPT_IGNORE            = 38
256 | MOUSETRAILS                  = 39
257 | GETDEVICEUNITS               = 42
258 | GETEXTENDEDTEXTMETRICS       = 256
259 | GETEXTENTTABLE               = 257
260 | GETPAIRKERNTABLE             = 258
261 | GETTRACKKERNTABLE            = 259
262 | EXTTEXTOUT                   = 512
263 | GETFACENAME                  = 513
264 | DOWNLOADFACE                 = 514
265 | ENABLERELATIVEWIDTHS         = 768
266 | ENABLEPAIRKERNING            = 769
267 | SETKERNTRACK                 = 770
268 | SETALLJUSTVALUES             = 771
269 | SETCHARSET                   = 772
270 | STRETCHBLT                   = 2048
271 | METAFILE_DRIVER              = 2049
272 | GETSETSCREENPARAMS           = 3072
273 | QUERYDIBSUPPORT              = 3073
274 | BEGIN_PATH                   = 4096
275 | CLIP_TO_PATH                 = 4097
276 | END_PATH                     = 4098
277 | EXT_DEVICE_CAPS              = 4099
278 | RESTORE_CTM                  = 4100
279 | SAVE_CTM                     = 4101
280 | SET_ARC_DIRECTION            = 4102
281 | SET_BACKGROUND_COLOR         = 4103
282 | SET_POLY_MODE                = 4104
283 | SET_SCREEN_ANGLE             = 4105
284 | SET_SPREAD                   = 4106
285 | TRANSFORM_CTM                = 4107
286 | SET_CLIP_BOX                 = 4108
287 | SET_BOUNDS                   = 4109
288 | SET_MIRROR_MODE              = 4110
289 | OPENCHANNEL                  = 4110
290 | DOWNLOADHEADER               = 4111
291 | CLOSECHANNEL                 = 4112
292 | POSTSCRIPT_PASSTHROUGH       = 4115
293 | ENCAPSULATED_POSTSCRIPT      = 4116
294 | POSTSCRIPT_IDENTIFY          = 4117
295 | POSTSCRIPT_INJECTION         = 4118
296 | CHECKJPEGFORMAT              = 4119
297 | CHECKPNGFORMAT               = 4120
298 | GET_PS_FEATURESETTING        = 4121
299 | GDIPLUS_TS_QUERYVER          = 4122
300 | GDIPLUS_TS_RECORD            = 4123
301 | SPCLPASSTHROUGH2             = 4568
302 | 
303 | #--- Structures ---------------------------------------------------------------
304 | 
305 | # typedef struct _RECT {
306 | #   LONG left;
307 | #   LONG top;
308 | #   LONG right;
309 | #   LONG bottom;
310 | # }RECT, *PRECT;
311 | class RECT(Structure):
312 |     _fields_ = [
313 |         ('left',    LONG),
314 |         ('top',     LONG),
315 |         ('right',   LONG),
316 |         ('bottom',  LONG),
317 |     ]
318 | PRECT  = POINTER(RECT)
319 | LPRECT = PRECT
320 | 
321 | # typedef struct tagPOINT {
322 | #   LONG x;
323 | #   LONG y;
324 | # } POINT;
325 | class POINT(Structure):
326 |     _fields_ = [
327 |         ('x',   LONG),
328 |         ('y',   LONG),
329 |     ]
330 | PPOINT  = POINTER(POINT)
331 | LPPOINT = PPOINT
332 | 
333 | # typedef struct tagBITMAP {
334 | #   LONG   bmType;
335 | #   LONG   bmWidth;
336 | #   LONG   bmHeight;
337 | #   LONG   bmWidthBytes;
338 | #   WORD   bmPlanes;
339 | #   WORD   bmBitsPixel;
340 | #   LPVOID bmBits;
341 | # } BITMAP, *PBITMAP;
342 | class BITMAP(Structure):
343 |     _fields_ = [
344 |         ("bmType",          LONG),
345 |         ("bmWidth",         LONG),
346 |         ("bmHeight",        LONG),
347 |         ("bmWidthBytes",    LONG),
348 |         ("bmPlanes",        WORD),
349 |         ("bmBitsPixel",     WORD),
350 |         ("bmBits",          LPVOID),
351 |     ]
352 | PBITMAP  = POINTER(BITMAP)
353 | LPBITMAP = PBITMAP
354 | 
355 | 
356 | #==============================================================================
357 | # This calculates the list of exported symbols.
358 | _all = set(vars().keys()).difference(_all)
359 | __all__ = [_x for _x in _all if not _x.startswith('_')]
360 | __all__.sort()
361 | #==============================================================================
362 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/gdi32.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for gdi32.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: gdi32.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | from kernel32 import GetLastError, SetLastError
 39 | 
 40 | #==============================================================================
 41 | # This is used later on to calculate the list of exported symbols.
 42 | _all = None
 43 | _all = set(vars().keys())
 44 | #==============================================================================
 45 | 
 46 | #--- Helpers ------------------------------------------------------------------
 47 | 
 48 | #--- Types --------------------------------------------------------------------
 49 | 
 50 | #--- Constants ----------------------------------------------------------------
 51 | 
 52 | # GDI object types
 53 | OBJ_PEN             = 1
 54 | OBJ_BRUSH           = 2
 55 | OBJ_DC              = 3
 56 | OBJ_METADC          = 4
 57 | OBJ_PAL             = 5
 58 | OBJ_FONT            = 6
 59 | OBJ_BITMAP          = 7
 60 | OBJ_REGION          = 8
 61 | OBJ_METAFILE        = 9
 62 | OBJ_MEMDC           = 10
 63 | OBJ_EXTPEN          = 11
 64 | OBJ_ENHMETADC       = 12
 65 | OBJ_ENHMETAFILE     = 13
 66 | OBJ_COLORSPACE      = 14
 67 | GDI_OBJ_LAST        = OBJ_COLORSPACE
 68 | 
 69 | # Ternary raster operations
 70 | SRCCOPY         = 0x00CC0020 # dest = source
 71 | SRCPAINT        = 0x00EE0086 # dest = source OR dest
 72 | SRCAND          = 0x008800C6 # dest = source AND dest
 73 | SRCINVERT       = 0x00660046 # dest = source XOR dest
 74 | SRCERASE        = 0x00440328 # dest = source AND (NOT dest)
 75 | NOTSRCCOPY      = 0x00330008 # dest = (NOT source)
 76 | NOTSRCERASE     = 0x001100A6 # dest = (NOT src) AND (NOT dest)
 77 | MERGECOPY       = 0x00C000CA # dest = (source AND pattern)
 78 | MERGEPAINT      = 0x00BB0226 # dest = (NOT source) OR dest
 79 | PATCOPY         = 0x00F00021 # dest = pattern
 80 | PATPAINT        = 0x00FB0A09 # dest = DPSnoo
 81 | PATINVERT       = 0x005A0049 # dest = pattern XOR dest
 82 | DSTINVERT       = 0x00550009 # dest = (NOT dest)
 83 | BLACKNESS       = 0x00000042 # dest = BLACK
 84 | WHITENESS       = 0x00FF0062 # dest = WHITE
 85 | NOMIRRORBITMAP  = 0x80000000 # Do not Mirror the bitmap in this call
 86 | CAPTUREBLT      = 0x40000000 # Include layered windows
 87 | 
 88 | # Region flags
 89 | ERROR               = 0
 90 | NULLREGION          = 1
 91 | SIMPLEREGION        = 2
 92 | COMPLEXREGION       = 3
 93 | RGN_ERROR           = ERROR
 94 | 
 95 | # CombineRgn() styles
 96 | RGN_AND             = 1
 97 | RGN_OR              = 2
 98 | RGN_XOR             = 3
 99 | RGN_DIFF            = 4
100 | RGN_COPY            = 5
101 | RGN_MIN             = RGN_AND
102 | RGN_MAX             = RGN_COPY
103 | 
104 | # StretchBlt() modes
105 | BLACKONWHITE        = 1
106 | WHITEONBLACK        = 2
107 | COLORONCOLOR        = 3
108 | HALFTONE            = 4
109 | MAXSTRETCHBLTMODE   = 4
110 | STRETCH_ANDSCANS    = BLACKONWHITE
111 | STRETCH_ORSCANS     = WHITEONBLACK
112 | STRETCH_DELETESCANS = COLORONCOLOR
113 | STRETCH_HALFTONE    = HALFTONE
114 | 
115 | # PolyFill() modes
116 | ALTERNATE       = 1
117 | WINDING         = 2
118 | POLYFILL_LAST   = 2
119 | 
120 | # Layout orientation options
121 | LAYOUT_RTL                         = 0x00000001 # Right to left
122 | LAYOUT_BTT                         = 0x00000002 # Bottom to top
123 | LAYOUT_VBH                         = 0x00000004 # Vertical before horizontal
124 | LAYOUT_ORIENTATIONMASK             = LAYOUT_RTL + LAYOUT_BTT + LAYOUT_VBH
125 | LAYOUT_BITMAPORIENTATIONPRESERVED  = 0x00000008
126 | 
127 | # Stock objects
128 | WHITE_BRUSH         = 0
129 | LTGRAY_BRUSH        = 1
130 | GRAY_BRUSH          = 2
131 | DKGRAY_BRUSH        = 3
132 | BLACK_BRUSH         = 4
133 | NULL_BRUSH          = 5
134 | HOLLOW_BRUSH        = NULL_BRUSH
135 | WHITE_PEN           = 6
136 | BLACK_PEN           = 7
137 | NULL_PEN            = 8
138 | OEM_FIXED_FONT      = 10
139 | ANSI_FIXED_FONT     = 11
140 | ANSI_VAR_FONT       = 12
141 | SYSTEM_FONT         = 13
142 | DEVICE_DEFAULT_FONT = 14
143 | DEFAULT_PALETTE     = 15
144 | SYSTEM_FIXED_FONT   = 16
145 | 
146 | # Metafile functions
147 | META_SETBKCOLOR              = 0x0201
148 | META_SETBKMODE               = 0x0102
149 | META_SETMAPMODE              = 0x0103
150 | META_SETROP2                 = 0x0104
151 | META_SETRELABS               = 0x0105
152 | META_SETPOLYFILLMODE         = 0x0106
153 | META_SETSTRETCHBLTMODE       = 0x0107
154 | META_SETTEXTCHAREXTRA        = 0x0108
155 | META_SETTEXTCOLOR            = 0x0209
156 | META_SETTEXTJUSTIFICATION    = 0x020A
157 | META_SETWINDOWORG            = 0x020B
158 | META_SETWINDOWEXT            = 0x020C
159 | META_SETVIEWPORTORG          = 0x020D
160 | META_SETVIEWPORTEXT          = 0x020E
161 | META_OFFSETWINDOWORG         = 0x020F
162 | META_SCALEWINDOWEXT          = 0x0410
163 | META_OFFSETVIEWPORTORG       = 0x0211
164 | META_SCALEVIEWPORTEXT        = 0x0412
165 | META_LINETO                  = 0x0213
166 | META_MOVETO                  = 0x0214
167 | META_EXCLUDECLIPRECT         = 0x0415
168 | META_INTERSECTCLIPRECT       = 0x0416
169 | META_ARC                     = 0x0817
170 | META_ELLIPSE                 = 0x0418
171 | META_FLOODFILL               = 0x0419
172 | META_PIE                     = 0x081A
173 | META_RECTANGLE               = 0x041B
174 | META_ROUNDRECT               = 0x061C
175 | META_PATBLT                  = 0x061D
176 | META_SAVEDC                  = 0x001E
177 | META_SETPIXEL                = 0x041F
178 | META_OFFSETCLIPRGN           = 0x0220
179 | META_TEXTOUT                 = 0x0521
180 | META_BITBLT                  = 0x0922
181 | META_STRETCHBLT              = 0x0B23
182 | META_POLYGON                 = 0x0324
183 | META_POLYLINE                = 0x0325
184 | META_ESCAPE                  = 0x0626
185 | META_RESTOREDC               = 0x0127
186 | META_FILLREGION              = 0x0228
187 | META_FRAMEREGION             = 0x0429
188 | META_INVERTREGION            = 0x012A
189 | META_PAINTREGION             = 0x012B
190 | META_SELECTCLIPREGION        = 0x012C
191 | META_SELECTOBJECT            = 0x012D
192 | META_SETTEXTALIGN            = 0x012E
193 | META_CHORD                   = 0x0830
194 | META_SETMAPPERFLAGS          = 0x0231
195 | META_EXTTEXTOUT              = 0x0a32
196 | META_SETDIBTODEV             = 0x0d33
197 | META_SELECTPALETTE           = 0x0234
198 | META_REALIZEPALETTE          = 0x0035
199 | META_ANIMATEPALETTE          = 0x0436
200 | META_SETPALENTRIES           = 0x0037
201 | META_POLYPOLYGON             = 0x0538
202 | META_RESIZEPALETTE           = 0x0139
203 | META_DIBBITBLT               = 0x0940
204 | META_DIBSTRETCHBLT           = 0x0b41
205 | META_DIBCREATEPATTERNBRUSH   = 0x0142
206 | META_STRETCHDIB              = 0x0f43
207 | META_EXTFLOODFILL            = 0x0548
208 | META_SETLAYOUT               = 0x0149
209 | META_DELETEOBJECT            = 0x01f0
210 | META_CREATEPALETTE           = 0x00f7
211 | META_CREATEPATTERNBRUSH      = 0x01F9
212 | META_CREATEPENINDIRECT       = 0x02FA
213 | META_CREATEFONTINDIRECT      = 0x02FB
214 | META_CREATEBRUSHINDIRECT     = 0x02FC
215 | META_CREATEREGION            = 0x06FF
216 | 
217 | # Metafile escape codes
218 | NEWFRAME                     = 1
219 | ABORTDOC                     = 2
220 | NEXTBAND                     = 3
221 | SETCOLORTABLE                = 4
222 | GETCOLORTABLE                = 5
223 | FLUSHOUTPUT                  = 6
224 | DRAFTMODE                    = 7
225 | QUERYESCSUPPORT              = 8
226 | SETABORTPROC                 = 9
227 | STARTDOC                     = 10
228 | ENDDOC                       = 11
229 | GETPHYSPAGESIZE              = 12
230 | GETPRINTINGOFFSET            = 13
231 | GETSCALINGFACTOR             = 14
232 | MFCOMMENT                    = 15
233 | GETPENWIDTH                  = 16
234 | SETCOPYCOUNT                 = 17
235 | SELECTPAPERSOURCE            = 18
236 | DEVICEDATA                   = 19
237 | PASSTHROUGH                  = 19
238 | GETTECHNOLGY                 = 20
239 | GETTECHNOLOGY                = 20
240 | SETLINECAP                   = 21
241 | SETLINEJOIN                  = 22
242 | SETMITERLIMIT                = 23
243 | BANDINFO                     = 24
244 | DRAWPATTERNRECT              = 25
245 | GETVECTORPENSIZE             = 26
246 | GETVECTORBRUSHSIZE           = 27
247 | ENABLEDUPLEX                 = 28
248 | GETSETPAPERBINS              = 29
249 | GETSETPRINTORIENT            = 30
250 | ENUMPAPERBINS                = 31
251 | SETDIBSCALING                = 32
252 | EPSPRINTING                  = 33
253 | ENUMPAPERMETRICS             = 34
254 | GETSETPAPERMETRICS           = 35
255 | POSTSCRIPT_DATA              = 37
256 | POSTSCRIPT_IGNORE            = 38
257 | MOUSETRAILS                  = 39
258 | GETDEVICEUNITS               = 42
259 | GETEXTENDEDTEXTMETRICS       = 256
260 | GETEXTENTTABLE               = 257
261 | GETPAIRKERNTABLE             = 258
262 | GETTRACKKERNTABLE            = 259
263 | EXTTEXTOUT                   = 512
264 | GETFACENAME                  = 513
265 | DOWNLOADFACE                 = 514
266 | ENABLERELATIVEWIDTHS         = 768
267 | ENABLEPAIRKERNING            = 769
268 | SETKERNTRACK                 = 770
269 | SETALLJUSTVALUES             = 771
270 | SETCHARSET                   = 772
271 | STRETCHBLT                   = 2048
272 | METAFILE_DRIVER              = 2049
273 | GETSETSCREENPARAMS           = 3072
274 | QUERYDIBSUPPORT              = 3073
275 | BEGIN_PATH                   = 4096
276 | CLIP_TO_PATH                 = 4097
277 | END_PATH                     = 4098
278 | EXT_DEVICE_CAPS              = 4099
279 | RESTORE_CTM                  = 4100
280 | SAVE_CTM                     = 4101
281 | SET_ARC_DIRECTION            = 4102
282 | SET_BACKGROUND_COLOR         = 4103
283 | SET_POLY_MODE                = 4104
284 | SET_SCREEN_ANGLE             = 4105
285 | SET_SPREAD                   = 4106
286 | TRANSFORM_CTM                = 4107
287 | SET_CLIP_BOX                 = 4108
288 | SET_BOUNDS                   = 4109
289 | SET_MIRROR_MODE              = 4110
290 | OPENCHANNEL                  = 4110
291 | DOWNLOADHEADER               = 4111
292 | CLOSECHANNEL                 = 4112
293 | POSTSCRIPT_PASSTHROUGH       = 4115
294 | ENCAPSULATED_POSTSCRIPT      = 4116
295 | POSTSCRIPT_IDENTIFY          = 4117
296 | POSTSCRIPT_INJECTION         = 4118
297 | CHECKJPEGFORMAT              = 4119
298 | CHECKPNGFORMAT               = 4120
299 | GET_PS_FEATURESETTING        = 4121
300 | GDIPLUS_TS_QUERYVER          = 4122
301 | GDIPLUS_TS_RECORD            = 4123
302 | SPCLPASSTHROUGH2             = 4568
303 | 
304 | #--- Structures ---------------------------------------------------------------
305 | 
306 | # typedef struct _RECT {
307 | #   LONG left;
308 | #   LONG top;
309 | #   LONG right;
310 | #   LONG bottom;
311 | # }RECT, *PRECT;
312 | class RECT(Structure):
313 |     _fields_ = [
314 |         ('left',    LONG),
315 |         ('top',     LONG),
316 |         ('right',   LONG),
317 |         ('bottom',  LONG),
318 |     ]
319 | PRECT  = POINTER(RECT)
320 | LPRECT = PRECT
321 | 
322 | # typedef struct tagPOINT {
323 | #   LONG x;
324 | #   LONG y;
325 | # } POINT;
326 | class POINT(Structure):
327 |     _fields_ = [
328 |         ('x',   LONG),
329 |         ('y',   LONG),
330 |     ]
331 | PPOINT  = POINTER(POINT)
332 | LPPOINT = PPOINT
333 | 
334 | # typedef struct tagBITMAP {
335 | #   LONG   bmType;
336 | #   LONG   bmWidth;
337 | #   LONG   bmHeight;
338 | #   LONG   bmWidthBytes;
339 | #   WORD   bmPlanes;
340 | #   WORD   bmBitsPixel;
341 | #   LPVOID bmBits;
342 | # } BITMAP, *PBITMAP;
343 | class BITMAP(Structure):
344 |     _fields_ = [
345 |         ("bmType",          LONG),
346 |         ("bmWidth",         LONG),
347 |         ("bmHeight",        LONG),
348 |         ("bmWidthBytes",    LONG),
349 |         ("bmPlanes",        WORD),
350 |         ("bmBitsPixel",     WORD),
351 |         ("bmBits",          LPVOID),
352 |     ]
353 | PBITMAP  = POINTER(BITMAP)
354 | LPBITMAP = PBITMAP
355 | 
356 | 
357 | #==============================================================================
358 | # This calculates the list of exported symbols.
359 | _all = set(vars().keys()).difference(_all)
360 | __all__ = [_x for _x in _all if not _x.startswith('_')]
361 | __all__.sort()
362 | #==============================================================================
363 | 


--------------------------------------------------------------------------------
/unitracer/windows.py:
--------------------------------------------------------------------------------
  1 | from unicorn import *
  2 | from unicorn.x86_const import *
  3 | from capstone import *
  4 | from capstone.x86_const import *
  5 | 
  6 | from .unitracer import Unitracer
  7 | from .lib.util import *
  8 | from .lib.segment import GDT_32
  9 | from .lib.windows.pe import PE
 10 | from .lib.windows.i386 import *
 11 | from .lib.windows import hooks as m_hooks
 12 | from .lib.windows.hooks.tool.hook import Hook
 13 | 
 14 | from ctypes import sizeof
 15 | 
 16 | import sys
 17 | import struct
 18 | import os
 19 | import types
 20 | 
 21 | 
 22 | class Windows(Unitracer):
 23 |     ADDRESS = 0x400000
 24 | 
 25 |     STACK_BASE = 0x00d00000
 26 |     STACK_SIZE = 0x10000
 27 | 
 28 |     GDT_BASE = 0x80000000
 29 |     GDT_SIZE = 0x1000
 30 | 
 31 |     TIB_ADDR = 0x00b7d000
 32 |     TEB_ADDR = TIB_ADDR
 33 |     PEB_ADDR = 0x00b2f000
 34 |     PEB_LDR_ADDR = 0x77dff000
 35 | 
 36 |     HEAP_BASE = 0x00d50000
 37 |     HEAP_CUR = HEAP_BASE
 38 | 
 39 |     DLL_BASE = 0x70000000
 40 |     DLL_CUR = DLL_BASE
 41 | 
 42 |     dlls = []
 43 |     dll_funcs = {}
 44 |     api_hooks = {}
 45 |     hooks = []
 46 |     dll_path = [os.path.join('unitracer', 'lib', 'windows', 'dll')]
 47 | 
 48 |     verbose = True
 49 | 
 50 | 
 51 |     def __init__(self, os="Windows 7", bits=32, mem_size = 15*1024*1024):
 52 |         self.bits = bits
 53 |         self.bytes = bits/8
 54 |         self.is64 = True if bits == 64 else False
 55 |         self.os = os
 56 | 
 57 |         assert bits == 32, "currently only 32 bit is supported"
 58 | 
 59 |         self.emu = Uc(UC_ARCH_X86, UC_MODE_32)
 60 |         cs = Cs(CS_ARCH_X86, CS_MODE_32)
 61 |         self.cs = cs
 62 |         self._load_hooks()
 63 | 
 64 | 
 65 |     def _init_process(self):
 66 |         emu = self.emu
 67 |         bits = self.bits
 68 |         os = self.os
 69 | 
 70 |         self.PEB = {
 71 |             "Windows NT"        : [PEB_NT,      None],
 72 |             "Windows 2000"      : [PEB_2000,    None],
 73 |             "Windows XP"        : [PEB_XP,      PEB_XP_64],
 74 |             "Windows 2003"      : [PEB_2003,    PEB_2003_64],
 75 |             "Windows 2003 R2"   : [PEB_2003_R2, PEB_2003_R2_64],
 76 |             "Windows 2008"      : [PEB_2008,    PEB_2008_64],
 77 |             "Windows 2008 R2"   : [PEB_2008_R2, PEB_2008_R2_64],
 78 |             "Windows 7"         : [PEB_W7,      PEB_W7_64],
 79 |         }[os][self.is64]
 80 | 
 81 |         self.TEB = {
 82 |             "Windows NT"        : [TEB_NT,      None],
 83 |             "Windows 2000"      : [TEB_2000,    None],
 84 |             "Windows XP"        : [TEB_XP,      TEB_XP_64],
 85 |             "Windows 2003"      : [TEB_2003,    TEB_2003_64],
 86 |             "Windows 2003 R2"   : [TEB_2003_R2, TEB_2003_R2_64],
 87 |             "Windows 2008"      : [TEB_2008,    TEB_2008_64],
 88 |             "Windows 2008 R2"   : [TEB_2008_R2, TEB_2008_R2_64],
 89 |             "Windows 7"         : [TEB_W7,      TEB_W7_64],
 90 |         }[os][self.is64]
 91 | 
 92 |         if bits == 32:
 93 |             # init Thread Information Block
 94 |             teb = self.TEB()
 95 |             peb = self.PEB()
 96 | 
 97 |             # setup peb, teb
 98 |             peb.ImageBaseAddress = self.ADDRESS
 99 |             peb.Ldr = self.PEB_LDR_ADDR
100 |             peb.ProcessHeap = self.HEAP_BASE
101 | 
102 |             teb.NtTib.StackBase = self.STACK_BASE
103 |             teb.NtTib.StackLimit = self.STACK_BASE - self.STACK_SIZE
104 |             teb.NtTib.Self = self.TEB_ADDR
105 |             teb.ThreadLocalStoragePointer = self.TEB_ADDR
106 |             teb.ProcessEnvironmentBlock = self.PEB_ADDR
107 | 
108 |             emu.mem_map(self.PEB_ADDR, align(sizeof(peb)))
109 |             emu.mem_write(self.PEB_ADDR, struct2str(peb))
110 | 
111 |             emu.mem_map(self.TEB_ADDR, align(sizeof(teb)))
112 |             emu.mem_write(self.TEB_ADDR, struct2str(teb))
113 | 
114 |             # init Global Descriptor Table
115 |             gdt = GDT_32(emu, self.GDT_BASE, self.GDT_SIZE)
116 | 
117 |             # cs : 0x0023 (index:4)
118 |             flags = GDT_32.gdt_entry_flags(gr=1, sz=1, pr=1, privl=3, ex=1, dc=0, rw=1, ac=1)
119 |             selector = gdt.set_entry(4, 0x0, 0xffffffff, flags)
120 |             emu.reg_write(UC_X86_REG_CS, selector)
121 | 
122 |             # ds, es, gs : 0x002b (index:5)
123 |             flags = GDT_32.gdt_entry_flags(gr=1, sz=1, pr=1, privl=3, ex=0, dc=0, rw=1, ac=1)
124 |             selector = gdt.set_entry(5, 0x0, 0xffffffff, flags)
125 |             emu.reg_write(UC_X86_REG_DS, selector)
126 |             emu.reg_write(UC_X86_REG_ES, selector)
127 |             emu.reg_write(UC_X86_REG_GS, selector)
128 | 
129 |             # ss
130 |             flags = GDT_32.gdt_entry_flags(gr=1, sz=1, pr=1, privl=0, ex=0, dc=1, rw=1, ac=1)
131 |             selector = gdt.set_entry(6, 0x0, 0xffffffff, flags, rpl=0)
132 |             emu.reg_write(UC_X86_REG_SS, selector)
133 | 
134 |             # fs : 0x0053 (index:10)
135 |             flags = GDT_32.gdt_entry_flags(gr=0, sz=1, pr=1, privl=3, ex=0, dc=0, rw=1, ac=1) # 0x4f3
136 |             selector = gdt.set_entry(10, self.TIB_ADDR, 0xfff, flags)
137 |             emu.reg_write(UC_X86_REG_FS, selector)
138 | 
139 |             self.gdt = gdt
140 | 
141 | 
142 |     def _init_ldr(self, dlls=None, exe_ldr=None):
143 |         emu = self.emu
144 |         containsPE = False
145 | 
146 |         if dlls == None:
147 |             dlls = ["ntdll.dll", "ntdll.dll", "kernel32.dll"]
148 | 
149 |         # allocate processheap
150 |         emu.mem_map(self.HEAP_BASE, 0x10000)
151 | 
152 |         # create LDR_DATA_TABLE_ENTRY
153 |         ldrs = []
154 |         for dll in dlls:
155 |             dllpath = self._find_dll(dll)
156 |             if not dllpath:
157 |                 raise IOError, "{} does not exist".format(dll)
158 | 
159 |             pe = PE(dllpath)
160 | 
161 |             dllbase = self.load_dll(dll)
162 |             dll_name = os.path.basename(dll)
163 |             fulldllname = "C:\\Windows\\System32\\{}".format(dll_name).encode("UTF-16LE")
164 |             basedllname = dll_name.encode("UTF-16LE")
165 | 
166 |             ldr_module = LDR_MODULE()
167 | 
168 |             ldr_module.addr = self._alloc(sizeof(ldr_module))
169 |             ldr_module.fulldllname = fulldllname
170 |             ldr_module.basedllname = basedllname
171 | 
172 |             ldr_module.BaseAddress = dllbase
173 |             ldr_module.EntryPoint = pe.entrypoint
174 |             ldr_module.SizeOfImage = pe.imagesize
175 | 
176 |             ldr_module.FullDllName.Length = len(fulldllname)
177 |             ldr_module.FullDllName.MaximumLength = len(fulldllname)+2
178 |             ldr_module.FullDllName.Buffer = self._alloc(len(fulldllname)+2)
179 |             ldr_module.BaseDllName.Length = len(basedllname)
180 |             ldr_module.BaseDllName.MaximumLength = len(basedllname)+2
181 |             ldr_module.BaseDllName.Buffer = self._alloc(len(basedllname)+2)
182 | 
183 |             ldrs.append(ldr_module)
184 | 
185 |         if exe_ldr:
186 |             ldrs.insert(0, exe_ldr)
187 | 
188 |         # setup PEB_LDR_DATA
189 |         ldr_data = PEB_LDR_DATA()
190 |         ldr_data.addr = self.PEB_LDR_ADDR
191 |         ldr_data.InLoadOrderModuleList.Flink = ldrs[0].addr
192 |         ldr_data.InLoadOrderModuleList.Blink = ldrs[-1].addr
193 |         ldr_data.InMemoryOrderModuleList.Flink = ldrs[0].addr+0x8
194 |         ldr_data.InMemoryOrderModuleList.Blink = ldrs[-1].addr+0x8
195 |         ldr_data.InInitializationOrderModuleList.Flink = ldrs[0].addr+0x10
196 |         ldr_data.InInitializationOrderModuleList.Blink = ldrs[-1].addr+0x10
197 | 
198 |         # link table entries
199 |         for i in range(len(ldrs)):
200 |             n = (i+1)%len(ldrs)
201 |             p = (i-1+len(ldrs))%len(ldrs)
202 | 
203 |             ldrs[i].InLoadOrderModuleList.Flink = ldrs[n].addr
204 |             ldrs[i].InLoadOrderModuleList.Blink = ldrs[p].addr
205 |             ldrs[i].InMemoryOrderModuleList.Flink = ldrs[n].addr+0x8
206 |             ldrs[i].InMemoryOrderModuleList.Blink = ldrs[p].addr+0x8
207 |             ldrs[i].InInitializationOrderModuleList.Flink = ldrs[n].addr+0x10
208 |             ldrs[i].InInitializationOrderModuleList.Blink = ldrs[p].addr+0x10
209 | 
210 |         ldrs[0].InLoadOrderModuleList.Blink = ldr_data.addr+0xc
211 |         ldrs[-1].InLoadOrderModuleList.Flink = ldr_data.addr+0xc
212 |         ldrs[0].InMemoryOrderModuleList.Blink = ldr_data.addr+0x14
213 |         ldrs[-1].InMemoryOrderModuleList.Flink = ldr_data.addr+0x14
214 |         ldrs[0].InInitializationOrderModuleList.Blink = ldr_data.addr+0x1c
215 |         ldrs[-1].InInitializationOrderModuleList.Flink = ldr_data.addr+0x1c
216 | 
217 |         # write data
218 |         emu.mem_map(self.PEB_LDR_ADDR, align(sizeof(ldr_data)))
219 |         emu.mem_write(self.PEB_LDR_ADDR, struct2str(ldr_data))
220 | 
221 |         for ldr_module in ldrs:
222 |             emu.mem_write(ldr_module.FullDllName.Buffer, ldr_module.fulldllname)
223 |             emu.mem_write(ldr_module.BaseDllName.Buffer, ldr_module.basedllname)
224 |             emu.mem_write(ldr_module.addr, struct2str(ldr_module))
225 | 
226 |         self.ldr_data = ldr_data
227 |         self.ldrs = ldrs
228 | 
229 | 
230 |     def _alloc(self, size):
231 |         ret = self.HEAP_CUR
232 |         self.HEAP_CUR += size
233 |         return ret
234 | 
235 | 
236 |     def _find_dll(self, dllname):
237 |         dll_path = self.dll_path
238 |         path = None
239 |         for d in dll_path:
240 |             p = os.path.join(d, dllname)
241 |             if os.path.exists(p):
242 |                 path = p
243 |                 break
244 |         return path
245 | 
246 | 
247 |     def load_dll(self, dllname):
248 |         dlls = self.dlls
249 |         emu = self.emu
250 |         base = self.DLL_CUR
251 | 
252 |         path = self._find_dll(dllname)
253 |         dlldata = self._load_dll(path, base)
254 |         size = align(len(dlldata))
255 |         emu.mem_map(base, size)
256 |         emu.mem_write(base, dlldata)
257 |         dlls.append([dllname, base])
258 |         self.DLL_CUR += size
259 | 
260 |         print("{0} is loaded @ 0x{1:08x}".format(dllname, base))
261 | 
262 |         return base
263 | 
264 | 
265 |     def _load_dll(self, path, base, analysis=True):
266 |         dll_funcs = self.dll_funcs
267 | 
268 |         dll = PE(path)
269 |         data = bytearray(dll.mapped_data)
270 | 
271 |         for name, addr in dll.exports.items():
272 |             data[addr] = '\xc3'
273 |             dll_funcs[name] = base + addr
274 | 
275 |         return str(data)
276 | 
277 | 
278 |     def _hook_code(self, uc, address, size, userdata):
279 |         api_hooks = self.api_hooks
280 |         hooks = self.hooks
281 |         dll_funcs = self.dll_funcs
282 |         cs = self.cs
283 | 
284 |         for hook in hooks:
285 |             hook(self, address, size, userdata)
286 | 
287 |         if self.verbose:
288 |             code = uc.mem_read(address, size)
289 |             for insn in cs.disasm(str(code), address):
290 |                 print('0x{0:08x}: \t{1}\t{2}'.format(insn.address, insn.mnemonic, insn.op_str))
291 | 
292 |         if address in dll_funcs.values():
293 |             func = {v:k for k, v in dll_funcs.items()}[address]
294 |             if func in api_hooks.keys():
295 |                 hook = api_hooks[func]
296 |                 if isinstance(hook, Hook):
297 |                     # predefined hook
298 |                     hook.hook(self)
299 |                 elif isinstance(hook, types.FunctionType):
300 |                     # user defined hook
301 |                     hook(self)
302 |                 else:
303 |                     print("unknown hook type: {}".format(type(hook)))
304 |             else:
305 |                 print("unregistered function: {}".format(func))
306 | 
307 |     def _load_hooks(self):
308 |         api_hooks = self.api_hooks
309 |         for n in m_hooks.hooks:
310 |             api_hooks[n] = getattr(m_hooks, n)
311 |         self.api_hooks = api_hooks
312 | 
313 | 
314 |     def load_code(self, data):
315 |         emu = self.emu
316 |         ADDRESS = self.ADDRESS
317 | 
318 |         self.size = len(data)
319 |         self.entry = self.ADDRESS + 0
320 |         self._init_ldr(["ntdll.dll", "ntdll.dll", "kernel32.dll"])
321 |         self._init_process()
322 | 
323 |         # map shellcode
324 |         emu.mem_map(ADDRESS, align(len(data)))
325 |         emu.mem_write(ADDRESS, data)
326 |         emu.reg_write(UC_X86_REG_EIP, ADDRESS)
327 | 
328 |         # init stack
329 |         STACK_BASE = self.STACK_BASE
330 |         STACK_SIZE = self.STACK_SIZE
331 |         emu.mem_map(STACK_BASE - STACK_SIZE, align(STACK_SIZE))
332 |         print("stack: 0x{0:08x}-0x{1:08x}".format(STACK_BASE - STACK_SIZE, STACK_BASE))
333 |         emu.reg_write(self.ucreg('sp'), STACK_BASE)
334 |         emu.reg_write(self.ucreg('bp'), STACK_BASE)
335 | 
336 |         # mu.hook_add(UC_HOOK_CODE, self._hook_code, None, DLL_BASE, DLL_BASE + 6 * PageSize)
337 |         emu.hook_add(UC_HOOK_CODE, self._hook_code)
338 | 
339 | 
340 |     def load_pe(self, fname):
341 |         emu = self.emu
342 |         ADDRESS = self.ADDRESS
343 |         dll_funcs = self.dll_funcs
344 | 
345 |         pe = PE(fname)
346 |         dlls = pe.imports.keys()
347 | 
348 |         self.STACK_SIZE = pe.stacksize
349 |         
350 |         exe_ldr = LDR_MODULE()
351 |         pe_name = os.path.basename(fname)
352 |         fulldllname = "C:\\Users\\victim\\{}".format(pe_name).encode("UTF-16LE")
353 |         basedllname = pe_name.encode("UTF-16LE")
354 | 
355 |         exe_ldr.addr = self._alloc(sizeof(exe_ldr))
356 |         exe_ldr.fulldllname = fulldllname
357 |         exe_ldr.basedllname = basedllname
358 | 
359 |         exe_ldr.BaseAddress = ADDRESS
360 |         exe_ldr.EntryPoint = pe.entrypoint
361 |         exe_ldr.SizeOfImage = pe.imagesize
362 | 
363 |         exe_ldr.FullDllName.Length = len(fulldllname)
364 |         exe_ldr.FullDllName.MaximumLength = len(fulldllname)+2
365 |         exe_ldr.FullDllName.Buffer = self._alloc(len(fulldllname)+2)
366 |         exe_ldr.BaseDllName.Length = len(basedllname)
367 |         exe_ldr.BaseDllName.MaximumLength = len(basedllname)+2
368 |         exe_ldr.BaseDllName.Buffer = self._alloc(len(basedllname)+2)
369 | 
370 |         self._init_ldr(dlls, exe_ldr)
371 |         self._init_process()
372 | 
373 |         # rewrite IAT
374 |         data = bytearray(pe.mapped_data)
375 |         for dllname in pe.imports:
376 |             for api, addr in pe.imports[dllname].items():
377 |                 overwritten = False
378 |                 if api in dll_funcs:
379 |                     offset = addr - pe.imagebase
380 |                     data[offset:offset+4] = p32(dll_funcs[api])
381 |         data = str(data)
382 | 
383 |         # map PE
384 |         emu.mem_map(ADDRESS, align(len(data)))
385 |         emu.mem_write(ADDRESS, data)
386 |         self.size = len(data)
387 |         self.entry = ADDRESS + pe.entrypoint
388 | 
389 |         # init stack
390 |         STACK_BASE = self.STACK_BASE
391 |         STACK_SIZE = self.STACK_SIZE
392 |         emu.mem_map(STACK_BASE - STACK_SIZE, align(STACK_SIZE))
393 |         print("stack: 0x{0:08x}-0x{1:08x}".format(STACK_BASE - STACK_SIZE, STACK_BASE))
394 |         emu.reg_write(self.ucreg('sp'), STACK_BASE)
395 |         emu.reg_write(self.ucreg('bp'), STACK_BASE)
396 | 
397 |         # mu.hook_add(UC_HOOK_CODE, self._hook_code, None, DLL_BASE, DLL_BASE + 6 * PageSize)
398 |         emu.hook_add(UC_HOOK_CODE, self._hook_code)
399 | 
400 | 
401 |     def start(self, offset):
402 |         emu = self.emu
403 |         entry = self.entry
404 | 
405 |         try:
406 |             emu.emu_start(entry, entry + self.size)
407 |         except UcError as e:
408 |             print("ERROR: %s" % e)
409 |             self.dumpregs(["eax", "ebx", "ecx", "edx", "edi", "esi", "esp", "ebp", "eip"])
410 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/ntdll.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for ntdll.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: ntdll.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | 
 39 | #==============================================================================
 40 | # This is used later on to calculate the list of exported symbols.
 41 | _all = None
 42 | _all = set(vars().keys())
 43 | _all.add('peb_teb')
 44 | #==============================================================================
 45 | 
 46 | from peb_teb import *
 47 | 
 48 | #--- Types --------------------------------------------------------------------
 49 | 
 50 | SYSDBG_COMMAND          = DWORD
 51 | PROCESSINFOCLASS        = DWORD
 52 | THREADINFOCLASS         = DWORD
 53 | FILE_INFORMATION_CLASS  = DWORD
 54 | 
 55 | #--- Constants ----------------------------------------------------------------
 56 | 
 57 | # DEP flags for ProcessExecuteFlags
 58 | MEM_EXECUTE_OPTION_ENABLE               = 1
 59 | MEM_EXECUTE_OPTION_DISABLE              = 2
 60 | MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4
 61 | MEM_EXECUTE_OPTION_PERMANENT            = 8
 62 | 
 63 | # SYSTEM_INFORMATION_CLASS
 64 | # http://www.informit.com/articles/article.aspx?p=22442&seqNum=4
 65 | SystemBasicInformation                  = 1     # 0x002C
 66 | SystemProcessorInformation              = 2     # 0x000C
 67 | SystemPerformanceInformation            = 3     # 0x0138
 68 | SystemTimeInformation                   = 4     # 0x0020
 69 | SystemPathInformation                   = 5     # not implemented
 70 | SystemProcessInformation                = 6     # 0x00F8 + per process
 71 | SystemCallInformation                   = 7     # 0x0018 + (n * 0x0004)
 72 | SystemConfigurationInformation          = 8     # 0x0018
 73 | SystemProcessorCounters                 = 9     # 0x0030 per cpu
 74 | SystemGlobalFlag                        = 10    # 0x0004
 75 | SystemInfo10                            = 11    # not implemented
 76 | SystemModuleInformation                 = 12    # 0x0004 + (n * 0x011C)
 77 | SystemLockInformation                   = 13    # 0x0004 + (n * 0x0024)
 78 | SystemInfo13                            = 14    # not implemented
 79 | SystemPagedPoolInformation              = 15    # checked build only
 80 | SystemNonPagedPoolInformation           = 16    # checked build only
 81 | SystemHandleInformation                 = 17    # 0x0004 + (n * 0x0010)
 82 | SystemObjectInformation                 = 18    # 0x0038+ + (n * 0x0030+)
 83 | SystemPagefileInformation               = 19    # 0x0018+ per page file
 84 | SystemInstemulInformation               = 20    # 0x0088
 85 | SystemInfo20                            = 21    # invalid info class
 86 | SystemCacheInformation                  = 22    # 0x0024
 87 | SystemPoolTagInformation                = 23    # 0x0004 + (n * 0x001C)
 88 | SystemProcessorStatistics               = 24    # 0x0000, or 0x0018 per cpu
 89 | SystemDpcInformation                    = 25    # 0x0014
 90 | SystemMemoryUsageInformation1           = 26    # checked build only
 91 | SystemLoadImage                         = 27    # 0x0018, set mode only
 92 | SystemUnloadImage                       = 28    # 0x0004, set mode only
 93 | SystemTimeAdjustmentInformation         = 29    # 0x000C, 0x0008 writeable
 94 | SystemMemoryUsageInformation2           = 30    # checked build only
 95 | SystemInfo30                            = 31    # checked build only
 96 | SystemInfo31                            = 32    # checked build only
 97 | SystemCrashDumpInformation              = 33    # 0x0004
 98 | SystemExceptionInformation              = 34    # 0x0010
 99 | SystemCrashDumpStateInformation         = 35    # 0x0008
100 | SystemDebuggerInformation               = 36    # 0x0002
101 | SystemThreadSwitchInformation           = 37    # 0x0030
102 | SystemRegistryQuotaInformation          = 38    # 0x000C
103 | SystemLoadDriver                        = 39    # 0x0008, set mode only
104 | SystemPrioritySeparationInformation     = 40    # 0x0004, set mode only
105 | SystemInfo40                            = 41    # not implemented
106 | SystemInfo41                            = 42    # not implemented
107 | SystemInfo42                            = 43    # invalid info class
108 | SystemInfo43                            = 44    # invalid info class
109 | SystemTimeZoneInformation               = 45    # 0x00AC
110 | SystemLookasideInformation              = 46    # n * 0x0020
111 | # info classes specific to Windows 2000
112 | # WTS = Windows Terminal Server
113 | SystemSetTimeSlipEvent                  = 47    # set mode only
114 | SystemCreateSession                     = 48    # WTS, set mode only
115 | SystemDeleteSession                     = 49    # WTS, set mode only
116 | SystemInfo49                            = 50    # invalid info class
117 | SystemRangeStartInformation             = 51    # 0x0004
118 | SystemVerifierInformation               = 52    # 0x0068
119 | SystemAddVerifier                       = 53    # set mode only
120 | SystemSessionProcessesInformation       = 54    # WTS
121 | 
122 | # NtQueryInformationProcess constants (from MSDN)
123 | ##ProcessBasicInformation = 0
124 | ##ProcessDebugPort        = 7
125 | ##ProcessWow64Information = 26
126 | ##ProcessImageFileName    = 27
127 | 
128 | # PROCESS_INFORMATION_CLASS
129 | # http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Process/PROCESS_INFORMATION_CLASS.html
130 | ProcessBasicInformation             = 0
131 | ProcessQuotaLimits                  = 1
132 | ProcessIoCounters                   = 2
133 | ProcessVmCounters                   = 3
134 | ProcessTimes                        = 4
135 | ProcessBasePriority                 = 5
136 | ProcessRaisePriority                = 6
137 | ProcessDebugPort                    = 7
138 | ProcessExceptionPort                = 8
139 | ProcessAccessToken                  = 9
140 | ProcessLdtInformation               = 10
141 | ProcessLdtSize                      = 11
142 | ProcessDefaultHardErrorMode         = 12
143 | ProcessIoPortHandlers               = 13
144 | ProcessPooledUsageAndLimits         = 14
145 | ProcessWorkingSetWatch              = 15
146 | ProcessUserModeIOPL                 = 16
147 | ProcessEnableAlignmentFaultFixup    = 17
148 | ProcessPriorityClass                = 18
149 | ProcessWx86Information              = 19
150 | ProcessHandleCount                  = 20
151 | ProcessAffinityMask                 = 21
152 | ProcessPriorityBoost                = 22
153 | 
154 | ProcessWow64Information             = 26
155 | ProcessImageFileName                = 27
156 | 
157 | # http://www.codeproject.com/KB/security/AntiReverseEngineering.aspx
158 | ProcessDebugObjectHandle            = 30
159 | 
160 | ProcessExecuteFlags                 = 34
161 | 
162 | # THREAD_INFORMATION_CLASS
163 | ThreadBasicInformation              = 0
164 | ThreadTimes                         = 1
165 | ThreadPriority                      = 2
166 | ThreadBasePriority                  = 3
167 | ThreadAffinityMask                  = 4
168 | ThreadImpersonationToken            = 5
169 | ThreadDescriptorTableEntry          = 6
170 | ThreadEnableAlignmentFaultFixup     = 7
171 | ThreadEventPair                     = 8
172 | ThreadQuerySetWin32StartAddress     = 9
173 | ThreadZeroTlsCell                   = 10
174 | ThreadPerformanceCount              = 11
175 | ThreadAmILastThread                 = 12
176 | ThreadIdealProcessor                = 13
177 | ThreadPriorityBoost                 = 14
178 | ThreadSetTlsArrayAddress            = 15
179 | ThreadIsIoPending                   = 16
180 | ThreadHideFromDebugger              = 17
181 | 
182 | # OBJECT_INFORMATION_CLASS
183 | ObjectBasicInformation              = 0
184 | ObjectNameInformation               = 1
185 | ObjectTypeInformation               = 2
186 | ObjectAllTypesInformation           = 3
187 | ObjectHandleInformation             = 4
188 | 
189 | # FILE_INFORMATION_CLASS
190 | FileDirectoryInformation            = 1
191 | FileFullDirectoryInformation        = 2
192 | FileBothDirectoryInformation        = 3
193 | FileBasicInformation                = 4
194 | FileStandardInformation             = 5
195 | FileInternalInformation             = 6
196 | FileEaInformation                   = 7
197 | FileAccessInformation               = 8
198 | FileNameInformation                 = 9
199 | FileRenameInformation               = 10
200 | FileLinkInformation                 = 11
201 | FileNamesInformation                = 12
202 | FileDispositionInformation          = 13
203 | FilePositionInformation             = 14
204 | FileFullEaInformation               = 15
205 | FileModeInformation                 = 16
206 | FileAlignmentInformation            = 17
207 | FileAllInformation                  = 18
208 | FileAllocationInformation           = 19
209 | FileEndOfFileInformation            = 20
210 | FileAlternateNameInformation        = 21
211 | FileStreamInformation               = 22
212 | FilePipeInformation                 = 23
213 | FilePipeLocalInformation            = 24
214 | FilePipeRemoteInformation           = 25
215 | FileMailslotQueryInformation        = 26
216 | FileMailslotSetInformation          = 27
217 | FileCompressionInformation          = 28
218 | FileCopyOnWriteInformation          = 29
219 | FileCompletionInformation           = 30
220 | FileMoveClusterInformation          = 31
221 | FileQuotaInformation                = 32
222 | FileReparsePointInformation         = 33
223 | FileNetworkOpenInformation          = 34
224 | FileObjectIdInformation             = 35
225 | FileTrackingInformation             = 36
226 | FileOleDirectoryInformation         = 37
227 | FileContentIndexInformation         = 38
228 | FileInheritContentIndexInformation  = 37
229 | FileOleInformation                  = 39
230 | FileMaximumInformation              = 40
231 | 
232 | # From http://www.nirsoft.net/kernel_struct/vista/EXCEPTION_DISPOSITION.html
233 | # typedef enum _EXCEPTION_DISPOSITION
234 | # {
235 | #          ExceptionContinueExecution = 0,
236 | #          ExceptionContinueSearch = 1,
237 | #          ExceptionNestedException = 2,
238 | #          ExceptionCollidedUnwind = 3
239 | # } EXCEPTION_DISPOSITION;
240 | ExceptionContinueExecution  = 0
241 | ExceptionContinueSearch     = 1
242 | ExceptionNestedException    = 2
243 | ExceptionCollidedUnwind     = 3
244 | 
245 | #--- PROCESS_BASIC_INFORMATION structure --------------------------------------
246 | 
247 | # From MSDN:
248 | #
249 | # typedef struct _PROCESS_BASIC_INFORMATION {
250 | #     PVOID Reserved1;
251 | #     PPEB PebBaseAddress;
252 | #     PVOID Reserved2[2];
253 | #     ULONG_PTR UniqueProcessId;
254 | #     PVOID Reserved3;
255 | # } PROCESS_BASIC_INFORMATION;
256 | ##class PROCESS_BASIC_INFORMATION(Structure):
257 | ##    _fields_ = [
258 | ##        ("Reserved1",       PVOID),
259 | ##        ("PebBaseAddress",  PPEB),
260 | ##        ("Reserved2",       PVOID * 2),
261 | ##        ("UniqueProcessId", ULONG_PTR),
262 | ##        ("Reserved3",       PVOID),
263 | ##]
264 | 
265 | # From http://catch22.net/tuts/tips2
266 | # (Only valid for 32 bits)
267 | #
268 | # typedef struct
269 | # {
270 | #     ULONG      ExitStatus;
271 | #     PVOID      PebBaseAddress;
272 | #     ULONG      AffinityMask;
273 | #     ULONG      BasePriority;
274 | #     ULONG_PTR  UniqueProcessId;
275 | #     ULONG_PTR  InheritedFromUniqueProcessId;
276 | # } PROCESS_BASIC_INFORMATION;
277 | 
278 | # My own definition follows:
279 | class PROCESS_BASIC_INFORMATION(Structure):
280 |     _fields_ = [
281 |         ("ExitStatus",                      SIZE_T),
282 |         ("PebBaseAddress",                  PVOID),     # PPEB
283 |         ("AffinityMask",                    KAFFINITY),
284 |         ("BasePriority",                    SDWORD),
285 |         ("UniqueProcessId",                 ULONG_PTR),
286 |         ("InheritedFromUniqueProcessId",    ULONG_PTR),
287 | ]
288 | 
289 | #--- THREAD_BASIC_INFORMATION structure ---------------------------------------
290 | 
291 | # From http://undocumented.ntinternals.net/UserMode/Structures/THREAD_BASIC_INFORMATION.html
292 | #
293 | # typedef struct _THREAD_BASIC_INFORMATION {
294 | #   NTSTATUS ExitStatus;
295 | #   PVOID TebBaseAddress;
296 | #   CLIENT_ID ClientId;
297 | #   KAFFINITY AffinityMask;
298 | #   KPRIORITY Priority;
299 | #   KPRIORITY BasePriority;
300 | # } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
301 | class THREAD_BASIC_INFORMATION(Structure):
302 |     _fields_ = [
303 |         ("ExitStatus",      NTSTATUS),
304 |         ("TebBaseAddress",  PVOID),     # PTEB
305 |         ("ClientId",        CLIENT_ID),
306 |         ("AffinityMask",    KAFFINITY),
307 |         ("Priority",        SDWORD),
308 |         ("BasePriority",    SDWORD),
309 | ]
310 | 
311 | #--- FILE_NAME_INFORMATION structure ------------------------------------------
312 | 
313 | # typedef struct _FILE_NAME_INFORMATION {
314 | #     ULONG FileNameLength;
315 | #     WCHAR FileName[1];
316 | # } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
317 | class FILE_NAME_INFORMATION(Structure):
318 |     _fields_ = [
319 |         ("FileNameLength",  ULONG),
320 |         ("FileName",        WCHAR * 1),
321 |     ]
322 | 
323 | #--- SYSDBG_MSR structure and constants ---------------------------------------
324 | 
325 | SysDbgReadMsr  = 16
326 | SysDbgWriteMsr = 17
327 | 
328 | class SYSDBG_MSR(Structure):
329 |     _fields_ = [
330 |         ("Address", ULONG),
331 |         ("Data",    ULONGLONG),
332 | ]
333 | 
334 | #--- IO_STATUS_BLOCK structure ------------------------------------------------
335 | 
336 | # typedef struct _IO_STATUS_BLOCK {
337 | #     union {
338 | #         NTSTATUS Status;
339 | #         PVOID Pointer;
340 | #     };
341 | #     ULONG_PTR Information;
342 | # } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
343 | class IO_STATUS_BLOCK(Structure):
344 |     _fields_ = [
345 |         ("Status",      NTSTATUS),
346 |         ("Information", ULONG_PTR),
347 |     ]
348 |     def __get_Pointer(self):
349 |         return PVOID(self.Status)
350 |     def __set_Pointer(self, ptr):
351 |         self.Status = ptr.value
352 |     Pointer = property(__get_Pointer, __set_Pointer)
353 | 
354 | PIO_STATUS_BLOCK = POINTER(IO_STATUS_BLOCK)
355 | 
356 | 
357 | #==============================================================================
358 | # This calculates the list of exported symbols.
359 | _all = set(vars().keys()).difference(_all)
360 | __all__ = [_x for _x in _all if not _x.startswith('_')]
361 | __all__.sort()
362 | #==============================================================================
363 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/ntdll.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | Wrapper for ntdll.dll in ctypes.
 33 | """
 34 | 
 35 | __revision__ = "$Id: ntdll.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | 
 39 | #==============================================================================
 40 | # This is used later on to calculate the list of exported symbols.
 41 | _all = None
 42 | _all = set(vars().keys())
 43 | _all.add('peb_teb')
 44 | #==============================================================================
 45 | 
 46 | from peb_teb import *
 47 | 
 48 | #--- Types --------------------------------------------------------------------
 49 | 
 50 | SYSDBG_COMMAND          = DWORD
 51 | PROCESSINFOCLASS        = DWORD
 52 | THREADINFOCLASS         = DWORD
 53 | FILE_INFORMATION_CLASS  = DWORD
 54 | 
 55 | #--- Constants ----------------------------------------------------------------
 56 | 
 57 | # DEP flags for ProcessExecuteFlags
 58 | MEM_EXECUTE_OPTION_ENABLE               = 1
 59 | MEM_EXECUTE_OPTION_DISABLE              = 2
 60 | MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4
 61 | MEM_EXECUTE_OPTION_PERMANENT            = 8
 62 | 
 63 | # SYSTEM_INFORMATION_CLASS
 64 | # http://www.informit.com/articles/article.aspx?p=22442&seqNum=4
 65 | SystemBasicInformation                  = 1     # 0x002C
 66 | SystemProcessorInformation              = 2     # 0x000C
 67 | SystemPerformanceInformation            = 3     # 0x0138
 68 | SystemTimeInformation                   = 4     # 0x0020
 69 | SystemPathInformation                   = 5     # not implemented
 70 | SystemProcessInformation                = 6     # 0x00F8 + per process
 71 | SystemCallInformation                   = 7     # 0x0018 + (n * 0x0004)
 72 | SystemConfigurationInformation          = 8     # 0x0018
 73 | SystemProcessorCounters                 = 9     # 0x0030 per cpu
 74 | SystemGlobalFlag                        = 10    # 0x0004
 75 | SystemInfo10                            = 11    # not implemented
 76 | SystemModuleInformation                 = 12    # 0x0004 + (n * 0x011C)
 77 | SystemLockInformation                   = 13    # 0x0004 + (n * 0x0024)
 78 | SystemInfo13                            = 14    # not implemented
 79 | SystemPagedPoolInformation              = 15    # checked build only
 80 | SystemNonPagedPoolInformation           = 16    # checked build only
 81 | SystemHandleInformation                 = 17    # 0x0004 + (n * 0x0010)
 82 | SystemObjectInformation                 = 18    # 0x0038+ + (n * 0x0030+)
 83 | SystemPagefileInformation               = 19    # 0x0018+ per page file
 84 | SystemInstemulInformation               = 20    # 0x0088
 85 | SystemInfo20                            = 21    # invalid info class
 86 | SystemCacheInformation                  = 22    # 0x0024
 87 | SystemPoolTagInformation                = 23    # 0x0004 + (n * 0x001C)
 88 | SystemProcessorStatistics               = 24    # 0x0000, or 0x0018 per cpu
 89 | SystemDpcInformation                    = 25    # 0x0014
 90 | SystemMemoryUsageInformation1           = 26    # checked build only
 91 | SystemLoadImage                         = 27    # 0x0018, set mode only
 92 | SystemUnloadImage                       = 28    # 0x0004, set mode only
 93 | SystemTimeAdjustmentInformation         = 29    # 0x000C, 0x0008 writeable
 94 | SystemMemoryUsageInformation2           = 30    # checked build only
 95 | SystemInfo30                            = 31    # checked build only
 96 | SystemInfo31                            = 32    # checked build only
 97 | SystemCrashDumpInformation              = 33    # 0x0004
 98 | SystemExceptionInformation              = 34    # 0x0010
 99 | SystemCrashDumpStateInformation         = 35    # 0x0008
100 | SystemDebuggerInformation               = 36    # 0x0002
101 | SystemThreadSwitchInformation           = 37    # 0x0030
102 | SystemRegistryQuotaInformation          = 38    # 0x000C
103 | SystemLoadDriver                        = 39    # 0x0008, set mode only
104 | SystemPrioritySeparationInformation     = 40    # 0x0004, set mode only
105 | SystemInfo40                            = 41    # not implemented
106 | SystemInfo41                            = 42    # not implemented
107 | SystemInfo42                            = 43    # invalid info class
108 | SystemInfo43                            = 44    # invalid info class
109 | SystemTimeZoneInformation               = 45    # 0x00AC
110 | SystemLookasideInformation              = 46    # n * 0x0020
111 | # info classes specific to Windows 2000
112 | # WTS = Windows Terminal Server
113 | SystemSetTimeSlipEvent                  = 47    # set mode only
114 | SystemCreateSession                     = 48    # WTS, set mode only
115 | SystemDeleteSession                     = 49    # WTS, set mode only
116 | SystemInfo49                            = 50    # invalid info class
117 | SystemRangeStartInformation             = 51    # 0x0004
118 | SystemVerifierInformation               = 52    # 0x0068
119 | SystemAddVerifier                       = 53    # set mode only
120 | SystemSessionProcessesInformation       = 54    # WTS
121 | 
122 | # NtQueryInformationProcess constants (from MSDN)
123 | ##ProcessBasicInformation = 0
124 | ##ProcessDebugPort        = 7
125 | ##ProcessWow64Information = 26
126 | ##ProcessImageFileName    = 27
127 | 
128 | # PROCESS_INFORMATION_CLASS
129 | # http://undocumented.ntinternals.net/UserMode/Undocumented%20Functions/NT%20Objects/Process/PROCESS_INFORMATION_CLASS.html
130 | ProcessBasicInformation             = 0
131 | ProcessQuotaLimits                  = 1
132 | ProcessIoCounters                   = 2
133 | ProcessVmCounters                   = 3
134 | ProcessTimes                        = 4
135 | ProcessBasePriority                 = 5
136 | ProcessRaisePriority                = 6
137 | ProcessDebugPort                    = 7
138 | ProcessExceptionPort                = 8
139 | ProcessAccessToken                  = 9
140 | ProcessLdtInformation               = 10
141 | ProcessLdtSize                      = 11
142 | ProcessDefaultHardErrorMode         = 12
143 | ProcessIoPortHandlers               = 13
144 | ProcessPooledUsageAndLimits         = 14
145 | ProcessWorkingSetWatch              = 15
146 | ProcessUserModeIOPL                 = 16
147 | ProcessEnableAlignmentFaultFixup    = 17
148 | ProcessPriorityClass                = 18
149 | ProcessWx86Information              = 19
150 | ProcessHandleCount                  = 20
151 | ProcessAffinityMask                 = 21
152 | ProcessPriorityBoost                = 22
153 | 
154 | ProcessWow64Information             = 26
155 | ProcessImageFileName                = 27
156 | 
157 | # http://www.codeproject.com/KB/security/AntiReverseEngineering.aspx
158 | ProcessDebugObjectHandle            = 30
159 | 
160 | ProcessExecuteFlags                 = 34
161 | 
162 | # THREAD_INFORMATION_CLASS
163 | ThreadBasicInformation              = 0
164 | ThreadTimes                         = 1
165 | ThreadPriority                      = 2
166 | ThreadBasePriority                  = 3
167 | ThreadAffinityMask                  = 4
168 | ThreadImpersonationToken            = 5
169 | ThreadDescriptorTableEntry          = 6
170 | ThreadEnableAlignmentFaultFixup     = 7
171 | ThreadEventPair                     = 8
172 | ThreadQuerySetWin32StartAddress     = 9
173 | ThreadZeroTlsCell                   = 10
174 | ThreadPerformanceCount              = 11
175 | ThreadAmILastThread                 = 12
176 | ThreadIdealProcessor                = 13
177 | ThreadPriorityBoost                 = 14
178 | ThreadSetTlsArrayAddress            = 15
179 | ThreadIsIoPending                   = 16
180 | ThreadHideFromDebugger              = 17
181 | 
182 | # OBJECT_INFORMATION_CLASS
183 | ObjectBasicInformation              = 0
184 | ObjectNameInformation               = 1
185 | ObjectTypeInformation               = 2
186 | ObjectAllTypesInformation           = 3
187 | ObjectHandleInformation             = 4
188 | 
189 | # FILE_INFORMATION_CLASS
190 | FileDirectoryInformation            = 1
191 | FileFullDirectoryInformation        = 2
192 | FileBothDirectoryInformation        = 3
193 | FileBasicInformation                = 4
194 | FileStandardInformation             = 5
195 | FileInternalInformation             = 6
196 | FileEaInformation                   = 7
197 | FileAccessInformation               = 8
198 | FileNameInformation                 = 9
199 | FileRenameInformation               = 10
200 | FileLinkInformation                 = 11
201 | FileNamesInformation                = 12
202 | FileDispositionInformation          = 13
203 | FilePositionInformation             = 14
204 | FileFullEaInformation               = 15
205 | FileModeInformation                 = 16
206 | FileAlignmentInformation            = 17
207 | FileAllInformation                  = 18
208 | FileAllocationInformation           = 19
209 | FileEndOfFileInformation            = 20
210 | FileAlternateNameInformation        = 21
211 | FileStreamInformation               = 22
212 | FilePipeInformation                 = 23
213 | FilePipeLocalInformation            = 24
214 | FilePipeRemoteInformation           = 25
215 | FileMailslotQueryInformation        = 26
216 | FileMailslotSetInformation          = 27
217 | FileCompressionInformation          = 28
218 | FileCopyOnWriteInformation          = 29
219 | FileCompletionInformation           = 30
220 | FileMoveClusterInformation          = 31
221 | FileQuotaInformation                = 32
222 | FileReparsePointInformation         = 33
223 | FileNetworkOpenInformation          = 34
224 | FileObjectIdInformation             = 35
225 | FileTrackingInformation             = 36
226 | FileOleDirectoryInformation         = 37
227 | FileContentIndexInformation         = 38
228 | FileInheritContentIndexInformation  = 37
229 | FileOleInformation                  = 39
230 | FileMaximumInformation              = 40
231 | 
232 | # From http://www.nirsoft.net/kernel_struct/vista/EXCEPTION_DISPOSITION.html
233 | # typedef enum _EXCEPTION_DISPOSITION
234 | # {
235 | #          ExceptionContinueExecution = 0,
236 | #          ExceptionContinueSearch = 1,
237 | #          ExceptionNestedException = 2,
238 | #          ExceptionCollidedUnwind = 3
239 | # } EXCEPTION_DISPOSITION;
240 | ExceptionContinueExecution  = 0
241 | ExceptionContinueSearch     = 1
242 | ExceptionNestedException    = 2
243 | ExceptionCollidedUnwind     = 3
244 | 
245 | #--- PROCESS_BASIC_INFORMATION structure --------------------------------------
246 | 
247 | # From MSDN:
248 | #
249 | # typedef struct _PROCESS_BASIC_INFORMATION {
250 | #     PVOID Reserved1;
251 | #     PPEB PebBaseAddress;
252 | #     PVOID Reserved2[2];
253 | #     ULONG_PTR UniqueProcessId;
254 | #     PVOID Reserved3;
255 | # } PROCESS_BASIC_INFORMATION;
256 | ##class PROCESS_BASIC_INFORMATION(Structure):
257 | ##    _fields_ = [
258 | ##        ("Reserved1",       PVOID),
259 | ##        ("PebBaseAddress",  PPEB),
260 | ##        ("Reserved2",       PVOID * 2),
261 | ##        ("UniqueProcessId", ULONG_PTR),
262 | ##        ("Reserved3",       PVOID),
263 | ##]
264 | 
265 | # From http://catch22.net/tuts/tips2
266 | # (Only valid for 32 bits)
267 | #
268 | # typedef struct
269 | # {
270 | #     ULONG      ExitStatus;
271 | #     PVOID      PebBaseAddress;
272 | #     ULONG      AffinityMask;
273 | #     ULONG      BasePriority;
274 | #     ULONG_PTR  UniqueProcessId;
275 | #     ULONG_PTR  InheritedFromUniqueProcessId;
276 | # } PROCESS_BASIC_INFORMATION;
277 | 
278 | # My own definition follows:
279 | class PROCESS_BASIC_INFORMATION(Structure):
280 |     _fields_ = [
281 |         ("ExitStatus",                      SIZE_T),
282 |         ("PebBaseAddress",                  PVOID),     # PPEB
283 |         ("AffinityMask",                    KAFFINITY),
284 |         ("BasePriority",                    SDWORD),
285 |         ("UniqueProcessId",                 ULONG_PTR),
286 |         ("InheritedFromUniqueProcessId",    ULONG_PTR),
287 | ]
288 | 
289 | #--- THREAD_BASIC_INFORMATION structure ---------------------------------------
290 | 
291 | # From http://undocumented.ntinternals.net/UserMode/Structures/THREAD_BASIC_INFORMATION.html
292 | #
293 | # typedef struct _THREAD_BASIC_INFORMATION {
294 | #   NTSTATUS ExitStatus;
295 | #   PVOID TebBaseAddress;
296 | #   CLIENT_ID ClientId;
297 | #   KAFFINITY AffinityMask;
298 | #   KPRIORITY Priority;
299 | #   KPRIORITY BasePriority;
300 | # } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
301 | class THREAD_BASIC_INFORMATION(Structure):
302 |     _fields_ = [
303 |         ("ExitStatus",      NTSTATUS),
304 |         ("TebBaseAddress",  PVOID),     # PTEB
305 |         ("ClientId",        CLIENT_ID),
306 |         ("AffinityMask",    KAFFINITY),
307 |         ("Priority",        SDWORD),
308 |         ("BasePriority",    SDWORD),
309 | ]
310 | 
311 | #--- FILE_NAME_INFORMATION structure ------------------------------------------
312 | 
313 | # typedef struct _FILE_NAME_INFORMATION {
314 | #     ULONG FileNameLength;
315 | #     WCHAR FileName[1];
316 | # } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
317 | class FILE_NAME_INFORMATION(Structure):
318 |     _fields_ = [
319 |         ("FileNameLength",  ULONG),
320 |         ("FileName",        WCHAR * 1),
321 |     ]
322 | 
323 | #--- SYSDBG_MSR structure and constants ---------------------------------------
324 | 
325 | SysDbgReadMsr  = 16
326 | SysDbgWriteMsr = 17
327 | 
328 | class SYSDBG_MSR(Structure):
329 |     _fields_ = [
330 |         ("Address", ULONG),
331 |         ("Data",    ULONGLONG),
332 | ]
333 | 
334 | #--- IO_STATUS_BLOCK structure ------------------------------------------------
335 | 
336 | # typedef struct _IO_STATUS_BLOCK {
337 | #     union {
338 | #         NTSTATUS Status;
339 | #         PVOID Pointer;
340 | #     };
341 | #     ULONG_PTR Information;
342 | # } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
343 | class IO_STATUS_BLOCK(Structure):
344 |     _fields_ = [
345 |         ("Status",      NTSTATUS),
346 |         ("Information", ULONG_PTR),
347 |     ]
348 |     def __get_Pointer(self):
349 |         return PVOID(self.Status)
350 |     def __set_Pointer(self, ptr):
351 |         self.Status = ptr.value
352 |     Pointer = property(__get_Pointer, __set_Pointer)
353 | 
354 | PIO_STATUS_BLOCK = POINTER(IO_STATUS_BLOCK)
355 | 
356 | 
357 | #==============================================================================
358 | # This calculates the list of exported symbols.
359 | _all = set(vars().keys()).difference(_all)
360 | __all__ = [_x for _x in _all if not _x.startswith('_')]
361 | __all__.sort()
362 | #==============================================================================
363 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/amd64/context_i386.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | CONTEXT structure for i386.
 33 | """
 34 | 
 35 | __revision__ = "$Id: context_i386.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | from version import ARCH_I386
 39 | 
 40 | #==============================================================================
 41 | # This is used later on to calculate the list of exported symbols.
 42 | _all = None
 43 | _all = set(vars().keys())
 44 | #==============================================================================
 45 | 
 46 | #--- CONTEXT structures and constants -----------------------------------------
 47 | 
 48 | # The following values specify the type of access in the first parameter
 49 | # of the exception record when the exception code specifies an access
 50 | # violation.
 51 | EXCEPTION_READ_FAULT        = 0     # exception caused by a read
 52 | EXCEPTION_WRITE_FAULT       = 1     # exception caused by a write
 53 | EXCEPTION_EXECUTE_FAULT     = 8     # exception caused by an instruction fetch
 54 | 
 55 | CONTEXT_i386                = 0x00010000    # this assumes that i386 and
 56 | CONTEXT_i486                = 0x00010000    # i486 have identical context records
 57 | 
 58 | CONTEXT_CONTROL             = (CONTEXT_i386 | 0x00000001L) # SS:SP, CS:IP, FLAGS, BP
 59 | CONTEXT_INTEGER             = (CONTEXT_i386 | 0x00000002L) # AX, BX, CX, DX, SI, DI
 60 | CONTEXT_SEGMENTS            = (CONTEXT_i386 | 0x00000004L) # DS, ES, FS, GS
 61 | CONTEXT_FLOATING_POINT      = (CONTEXT_i386 | 0x00000008L) # 387 state
 62 | CONTEXT_DEBUG_REGISTERS     = (CONTEXT_i386 | 0x00000010L) # DB 0-3,6,7
 63 | CONTEXT_EXTENDED_REGISTERS  = (CONTEXT_i386 | 0x00000020L) # cpu specific extensions
 64 | 
 65 | CONTEXT_FULL = (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS)
 66 | 
 67 | CONTEXT_ALL = (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | \
 68 |                 CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS | \
 69 |                 CONTEXT_EXTENDED_REGISTERS)
 70 | 
 71 | SIZE_OF_80387_REGISTERS     = 80
 72 | MAXIMUM_SUPPORTED_EXTENSION = 512
 73 | 
 74 | # typedef struct _FLOATING_SAVE_AREA {
 75 | #     DWORD   ControlWord;
 76 | #     DWORD   StatusWord;
 77 | #     DWORD   TagWord;
 78 | #     DWORD   ErrorOffset;
 79 | #     DWORD   ErrorSelector;
 80 | #     DWORD   DataOffset;
 81 | #     DWORD   DataSelector;
 82 | #     BYTE    RegisterArea[SIZE_OF_80387_REGISTERS];
 83 | #     DWORD   Cr0NpxState;
 84 | # } FLOATING_SAVE_AREA;
 85 | class FLOATING_SAVE_AREA(Structure):
 86 |     _pack_ = 1
 87 |     _fields_ = [
 88 |         ('ControlWord',     DWORD),
 89 |         ('StatusWord',      DWORD),
 90 |         ('TagWord',         DWORD),
 91 |         ('ErrorOffset',     DWORD),
 92 |         ('ErrorSelector',   DWORD),
 93 |         ('DataOffset',      DWORD),
 94 |         ('DataSelector',    DWORD),
 95 |         ('RegisterArea',    BYTE * SIZE_OF_80387_REGISTERS),
 96 |         ('Cr0NpxState',     DWORD),
 97 |     ]
 98 | 
 99 |     _integer_members = ('ControlWord', 'StatusWord', 'TagWord', 'ErrorOffset', 'ErrorSelector', 'DataOffset', 'DataSelector', 'Cr0NpxState')
100 | 
101 |     @classmethod
102 |     def from_dict(cls, fsa):
103 |         'Instance a new structure from a Python dictionary.'
104 |         fsa = dict(fsa)
105 |         s = cls()
106 |         for key in cls._integer_members:
107 |             setattr(s, key, fsa.get(key))
108 |         ra = fsa.get('RegisterArea', None)
109 |         if ra is not None:
110 |             for index in xrange(0, SIZE_OF_80387_REGISTERS):
111 |                 s.RegisterArea[index] = ra[index]
112 |         return s
113 | 
114 |     def to_dict(self):
115 |         'Convert a structure into a Python dictionary.'
116 |         fsa = dict()
117 |         for key in self._integer_members:
118 |             fsa[key] = getattr(self, key)
119 |         ra = [ self.RegisterArea[index] for index in xrange(0, SIZE_OF_80387_REGISTERS) ]
120 |         ra = tuple(ra)
121 |         fsa['RegisterArea'] = ra
122 |         return fsa
123 | 
124 | PFLOATING_SAVE_AREA = POINTER(FLOATING_SAVE_AREA)
125 | LPFLOATING_SAVE_AREA = PFLOATING_SAVE_AREA
126 | 
127 | # typedef struct _CONTEXT {
128 | #     DWORD ContextFlags;
129 | #     DWORD   Dr0;
130 | #     DWORD   Dr1;
131 | #     DWORD   Dr2;
132 | #     DWORD   Dr3;
133 | #     DWORD   Dr6;
134 | #     DWORD   Dr7;
135 | #     FLOATING_SAVE_AREA FloatSave;
136 | #     DWORD   SegGs;
137 | #     DWORD   SegFs;
138 | #     DWORD   SegEs;
139 | #     DWORD   SegDs;
140 | #     DWORD   Edi;
141 | #     DWORD   Esi;
142 | #     DWORD   Ebx;
143 | #     DWORD   Edx;
144 | #     DWORD   Ecx;
145 | #     DWORD   Eax;
146 | #     DWORD   Ebp;
147 | #     DWORD   Eip;
148 | #     DWORD   SegCs;
149 | #     DWORD   EFlags;
150 | #     DWORD   Esp;
151 | #     DWORD   SegSs;
152 | #     BYTE    ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
153 | # } CONTEXT;
154 | class CONTEXT(Structure):
155 |     arch = ARCH_I386
156 | 
157 |     _pack_ = 1
158 | 
159 |     # Context Frame
160 |     #
161 |     #  This frame has a several purposes: 1) it is used as an argument to
162 |     #  NtContinue, 2) is is used to constuct a call frame for APC delivery,
163 |     #  and 3) it is used in the user level thread creation routines.
164 |     #
165 |     #  The layout of the record conforms to a standard call frame.
166 | 
167 |     _fields_ = [
168 | 
169 |         # The flags values within this flag control the contents of
170 |         # a CONTEXT record.
171 |         #
172 |         # If the context record is used as an input parameter, then
173 |         # for each portion of the context record controlled by a flag
174 |         # whose value is set, it is assumed that that portion of the
175 |         # context record contains valid context. If the context record
176 |         # is being used to modify a threads context, then only that
177 |         # portion of the threads context will be modified.
178 |         #
179 |         # If the context record is used as an IN OUT parameter to capture
180 |         # the context of a thread, then only those portions of the thread's
181 |         # context corresponding to set flags will be returned.
182 |         #
183 |         # The context record is never used as an OUT only parameter.
184 | 
185 |         ('ContextFlags',        DWORD),
186 | 
187 |         # This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
188 |         # set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
189 |         # included in CONTEXT_FULL.
190 | 
191 |         ('Dr0',                 DWORD),
192 |         ('Dr1',                 DWORD),
193 |         ('Dr2',                 DWORD),
194 |         ('Dr3',                 DWORD),
195 |         ('Dr6',                 DWORD),
196 |         ('Dr7',                 DWORD),
197 | 
198 |         # This section is specified/returned if the
199 |         # ContextFlags word contains the flag CONTEXT_FLOATING_POINT.
200 | 
201 |         ('FloatSave',           FLOATING_SAVE_AREA),
202 | 
203 |         # This section is specified/returned if the
204 |         # ContextFlags word contains the flag CONTEXT_SEGMENTS.
205 | 
206 |         ('SegGs',               DWORD),
207 |         ('SegFs',               DWORD),
208 |         ('SegEs',               DWORD),
209 |         ('SegDs',               DWORD),
210 | 
211 |         # This section is specified/returned if the
212 |         # ContextFlags word contains the flag CONTEXT_INTEGER.
213 | 
214 |         ('Edi',                 DWORD),
215 |         ('Esi',                 DWORD),
216 |         ('Ebx',                 DWORD),
217 |         ('Edx',                 DWORD),
218 |         ('Ecx',                 DWORD),
219 |         ('Eax',                 DWORD),
220 | 
221 |         # This section is specified/returned if the
222 |         # ContextFlags word contains the flag CONTEXT_CONTROL.
223 | 
224 |         ('Ebp',                 DWORD),
225 |         ('Eip',                 DWORD),
226 |         ('SegCs',               DWORD),         # MUST BE SANITIZED
227 |         ('EFlags',              DWORD),         # MUST BE SANITIZED
228 |         ('Esp',                 DWORD),
229 |         ('SegSs',               DWORD),
230 | 
231 |         # This section is specified/returned if the ContextFlags word
232 |         # contains the flag CONTEXT_EXTENDED_REGISTERS.
233 |         # The format and contexts are processor specific.
234 | 
235 |         ('ExtendedRegisters',   BYTE * MAXIMUM_SUPPORTED_EXTENSION),
236 |     ]
237 | 
238 |     _ctx_debug   = ('Dr0', 'Dr1', 'Dr2', 'Dr3', 'Dr6', 'Dr7')
239 |     _ctx_segs    = ('SegGs', 'SegFs', 'SegEs', 'SegDs', )
240 |     _ctx_int     = ('Edi', 'Esi', 'Ebx', 'Edx', 'Ecx', 'Eax')
241 |     _ctx_ctrl    = ('Ebp', 'Eip', 'SegCs', 'EFlags', 'Esp', 'SegSs')
242 | 
243 |     @classmethod
244 |     def from_dict(cls, ctx):
245 |         'Instance a new structure from a Python dictionary.'
246 |         ctx = Context(ctx)
247 |         s = cls()
248 |         ContextFlags = ctx['ContextFlags']
249 |         setattr(s, 'ContextFlags', ContextFlags)
250 |         if (ContextFlags & CONTEXT_DEBUG_REGISTERS) == CONTEXT_DEBUG_REGISTERS:
251 |             for key in s._ctx_debug:
252 |                 setattr(s, key, ctx[key])
253 |         if (ContextFlags & CONTEXT_FLOATING_POINT) == CONTEXT_FLOATING_POINT:
254 |             fsa = ctx['FloatSave']
255 |             s.FloatSave = FLOATING_SAVE_AREA.from_dict(fsa)
256 |         if (ContextFlags & CONTEXT_SEGMENTS) == CONTEXT_SEGMENTS:
257 |             for key in s._ctx_segs:
258 |                 setattr(s, key, ctx[key])
259 |         if (ContextFlags & CONTEXT_INTEGER) == CONTEXT_INTEGER:
260 |             for key in s._ctx_int:
261 |                 setattr(s, key, ctx[key])
262 |         if (ContextFlags & CONTEXT_CONTROL) == CONTEXT_CONTROL:
263 |             for key in s._ctx_ctrl:
264 |                 setattr(s, key, ctx[key])
265 |         if (ContextFlags & CONTEXT_EXTENDED_REGISTERS) == CONTEXT_EXTENDED_REGISTERS:
266 |             er = ctx['ExtendedRegisters']
267 |             for index in xrange(0, MAXIMUM_SUPPORTED_EXTENSION):
268 |                 s.ExtendedRegisters[index] = er[index]
269 |         return s
270 | 
271 |     def to_dict(self):
272 |         'Convert a structure into a Python native type.'
273 |         ctx = Context()
274 |         ContextFlags = self.ContextFlags
275 |         ctx['ContextFlags'] = ContextFlags
276 |         if (ContextFlags & CONTEXT_DEBUG_REGISTERS) == CONTEXT_DEBUG_REGISTERS:
277 |             for key in self._ctx_debug:
278 |                 ctx[key] = getattr(self, key)
279 |         if (ContextFlags & CONTEXT_FLOATING_POINT) == CONTEXT_FLOATING_POINT:
280 |             ctx['FloatSave'] = self.FloatSave.to_dict()
281 |         if (ContextFlags & CONTEXT_SEGMENTS) == CONTEXT_SEGMENTS:
282 |             for key in self._ctx_segs:
283 |                 ctx[key] = getattr(self, key)
284 |         if (ContextFlags & CONTEXT_INTEGER) == CONTEXT_INTEGER:
285 |             for key in self._ctx_int:
286 |                 ctx[key] = getattr(self, key)
287 |         if (ContextFlags & CONTEXT_CONTROL) == CONTEXT_CONTROL:
288 |             for key in self._ctx_ctrl:
289 |                 ctx[key] = getattr(self, key)
290 |         if (ContextFlags & CONTEXT_EXTENDED_REGISTERS) == CONTEXT_EXTENDED_REGISTERS:
291 |             er = [ self.ExtendedRegisters[index] for index in xrange(0, MAXIMUM_SUPPORTED_EXTENSION) ]
292 |             er = tuple(er)
293 |             ctx['ExtendedRegisters'] = er
294 |         return ctx
295 | 
296 | PCONTEXT = POINTER(CONTEXT)
297 | LPCONTEXT = PCONTEXT
298 | 
299 | class Context(dict):
300 |     """
301 |     Register context dictionary for the i386 architecture.
302 |     """
303 | 
304 |     arch = CONTEXT.arch
305 | 
306 |     def __get_pc(self):
307 |         return self['Eip']
308 |     def __set_pc(self, value):
309 |         self['Eip'] = value
310 |     pc = property(__get_pc, __set_pc)
311 | 
312 |     def __get_sp(self):
313 |         return self['Esp']
314 |     def __set_sp(self, value):
315 |         self['Esp'] = value
316 |     sp = property(__get_sp, __set_sp)
317 | 
318 |     def __get_fp(self):
319 |         return self['Ebp']
320 |     def __set_fp(self, value):
321 |         self['Ebp'] = value
322 |     fp = property(__get_fp, __set_fp)
323 | 
324 | #--- LDT_ENTRY structure ------------------------------------------------------
325 | 
326 | # typedef struct _LDT_ENTRY {
327 | #   WORD LimitLow;
328 | #   WORD BaseLow;
329 | #   union {
330 | #     struct {
331 | #       BYTE BaseMid;
332 | #       BYTE Flags1;
333 | #       BYTE Flags2;
334 | #       BYTE BaseHi;
335 | #     } Bytes;
336 | #     struct {
337 | #       DWORD BaseMid  :8;
338 | #       DWORD Type  :5;
339 | #       DWORD Dpl  :2;
340 | #       DWORD Pres  :1;
341 | #       DWORD LimitHi  :4;
342 | #       DWORD Sys  :1;
343 | #       DWORD Reserved_0  :1;
344 | #       DWORD Default_Big  :1;
345 | #       DWORD Granularity  :1;
346 | #       DWORD BaseHi  :8;
347 | #     } Bits;
348 | #   } HighWord;
349 | # } LDT_ENTRY,
350 | #  *PLDT_ENTRY;
351 | 
352 | class _LDT_ENTRY_BYTES_(Structure):
353 |     _pack_ = 1
354 |     _fields_ = [
355 |         ('BaseMid',         BYTE),
356 |         ('Flags1',          BYTE),
357 |         ('Flags2',          BYTE),
358 |         ('BaseHi',          BYTE),
359 |     ]
360 | 
361 | class _LDT_ENTRY_BITS_(Structure):
362 |     _pack_ = 1
363 |     _fields_ = [
364 |         ('BaseMid',         DWORD,  8),
365 |         ('Type',            DWORD,  5),
366 |         ('Dpl',             DWORD,  2),
367 |         ('Pres',            DWORD,  1),
368 |         ('LimitHi',         DWORD,  4),
369 |         ('Sys',             DWORD,  1),
370 |         ('Reserved_0',      DWORD,  1),
371 |         ('Default_Big',     DWORD,  1),
372 |         ('Granularity',     DWORD,  1),
373 |         ('BaseHi',          DWORD,  8),
374 |     ]
375 | 
376 | class _LDT_ENTRY_HIGHWORD_(Union):
377 |     _pack_ = 1
378 |     _fields_ = [
379 |         ('Bytes',           _LDT_ENTRY_BYTES_),
380 |         ('Bits',            _LDT_ENTRY_BITS_),
381 |     ]
382 | 
383 | class LDT_ENTRY(Structure):
384 |     _pack_ = 1
385 |     _fields_ = [
386 |         ('LimitLow',        WORD),
387 |         ('BaseLow',         WORD),
388 |         ('HighWord',        _LDT_ENTRY_HIGHWORD_),
389 |     ]
390 | 
391 | PLDT_ENTRY = POINTER(LDT_ENTRY)
392 | LPLDT_ENTRY = PLDT_ENTRY
393 | 
394 | 
395 | #==============================================================================
396 | # This calculates the list of exported symbols.
397 | _all = set(vars().keys()).difference(_all)
398 | __all__ = [_x for _x in _all if not _x.startswith('_')]
399 | __all__.sort()
400 | #==============================================================================
401 | 


--------------------------------------------------------------------------------
/unitracer/lib/windows/i386/context_i386.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/env python
  2 | # -*- coding: utf-8 -*-
  3 | 
  4 | # Copyright (c) 2009-2014, Mario Vilas
  5 | # All rights reserved.
  6 | #
  7 | # Redistribution and use in source and binary forms, with or without
  8 | # modification, are permitted provided that the following conditions are met:
  9 | #
 10 | #     * Redistributions of source code must retain the above copyright notice,
 11 | #       this list of conditions and the following disclaimer.
 12 | #     * Redistributions in binary form must reproduce the above copyright
 13 | #       notice,this list of conditions and the following disclaimer in the
 14 | #       documentation and/or other materials provided with the distribution.
 15 | #     * Neither the name of the copyright holder nor the names of its
 16 | #       contributors may be used to endorse or promote products derived from
 17 | #       this software without specific prior written permission.
 18 | #
 19 | # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 20 | # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 21 | # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 22 | # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 23 | # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 24 | # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 25 | # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 26 | # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 27 | # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 28 | # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 29 | # POSSIBILITY OF SUCH DAMAGE.
 30 | 
 31 | """
 32 | CONTEXT structure for i386.
 33 | """
 34 | 
 35 | __revision__ = "$Id: context_i386.py 1299 2013-12-20 09:30:55Z qvasimodo $"
 36 | 
 37 | from defines import *
 38 | from version import ARCH_I386
 39 | 
 40 | #==============================================================================
 41 | # This is used later on to calculate the list of exported symbols.
 42 | _all = None
 43 | _all = set(vars().keys())
 44 | #==============================================================================
 45 | 
 46 | #--- CONTEXT structures and constants -----------------------------------------
 47 | 
 48 | # The following values specify the type of access in the first parameter
 49 | # of the exception record when the exception code specifies an access
 50 | # violation.
 51 | EXCEPTION_READ_FAULT        = 0     # exception caused by a read
 52 | EXCEPTION_WRITE_FAULT       = 1     # exception caused by a write
 53 | EXCEPTION_EXECUTE_FAULT     = 8     # exception caused by an instruction fetch
 54 | 
 55 | CONTEXT_i386                = 0x00010000    # this assumes that i386 and
 56 | CONTEXT_i486                = 0x00010000    # i486 have identical context records
 57 | 
 58 | CONTEXT_CONTROL             = (CONTEXT_i386 | 0x00000001L) # SS:SP, CS:IP, FLAGS, BP
 59 | CONTEXT_INTEGER             = (CONTEXT_i386 | 0x00000002L) # AX, BX, CX, DX, SI, DI
 60 | CONTEXT_SEGMENTS            = (CONTEXT_i386 | 0x00000004L) # DS, ES, FS, GS
 61 | CONTEXT_FLOATING_POINT      = (CONTEXT_i386 | 0x00000008L) # 387 state
 62 | CONTEXT_DEBUG_REGISTERS     = (CONTEXT_i386 | 0x00000010L) # DB 0-3,6,7
 63 | CONTEXT_EXTENDED_REGISTERS  = (CONTEXT_i386 | 0x00000020L) # cpu specific extensions
 64 | 
 65 | CONTEXT_FULL = (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS)
 66 | 
 67 | CONTEXT_ALL = (CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | \
 68 |                 CONTEXT_FLOATING_POINT | CONTEXT_DEBUG_REGISTERS | \
 69 |                 CONTEXT_EXTENDED_REGISTERS)
 70 | 
 71 | SIZE_OF_80387_REGISTERS     = 80
 72 | MAXIMUM_SUPPORTED_EXTENSION = 512
 73 | 
 74 | # typedef struct _FLOATING_SAVE_AREA {
 75 | #     DWORD   ControlWord;
 76 | #     DWORD   StatusWord;
 77 | #     DWORD   TagWord;
 78 | #     DWORD   ErrorOffset;
 79 | #     DWORD   ErrorSelector;
 80 | #     DWORD   DataOffset;
 81 | #     DWORD   DataSelector;
 82 | #     BYTE    RegisterArea[SIZE_OF_80387_REGISTERS];
 83 | #     DWORD   Cr0NpxState;
 84 | # } FLOATING_SAVE_AREA;
 85 | class FLOATING_SAVE_AREA(Structure):
 86 |     _pack_ = 1
 87 |     _fields_ = [
 88 |         ('ControlWord',     DWORD),
 89 |         ('StatusWord',      DWORD),
 90 |         ('TagWord',         DWORD),
 91 |         ('ErrorOffset',     DWORD),
 92 |         ('ErrorSelector',   DWORD),
 93 |         ('DataOffset',      DWORD),
 94 |         ('DataSelector',    DWORD),
 95 |         ('RegisterArea',    BYTE * SIZE_OF_80387_REGISTERS),
 96 |         ('Cr0NpxState',     DWORD),
 97 |     ]
 98 | 
 99 |     _integer_members = ('ControlWord', 'StatusWord', 'TagWord', 'ErrorOffset', 'ErrorSelector', 'DataOffset', 'DataSelector', 'Cr0NpxState')
100 | 
101 |     @classmethod
102 |     def from_dict(cls, fsa):
103 |         'Instance a new structure from a Python dictionary.'
104 |         fsa = dict(fsa)
105 |         s = cls()
106 |         for key in cls._integer_members:
107 |             setattr(s, key, fsa.get(key))
108 |         ra = fsa.get('RegisterArea', None)
109 |         if ra is not None:
110 |             for index in xrange(0, SIZE_OF_80387_REGISTERS):
111 |                 s.RegisterArea[index] = ra[index]
112 |         return s
113 | 
114 |     def to_dict(self):
115 |         'Convert a structure into a Python dictionary.'
116 |         fsa = dict()
117 |         for key in self._integer_members:
118 |             fsa[key] = getattr(self, key)
119 |         ra = [ self.RegisterArea[index] for index in xrange(0, SIZE_OF_80387_REGISTERS) ]
120 |         ra = tuple(ra)
121 |         fsa['RegisterArea'] = ra
122 |         return fsa
123 | 
124 | PFLOATING_SAVE_AREA = POINTER(FLOATING_SAVE_AREA)
125 | LPFLOATING_SAVE_AREA = PFLOATING_SAVE_AREA
126 | 
127 | # typedef struct _CONTEXT {
128 | #     DWORD ContextFlags;
129 | #     DWORD   Dr0;
130 | #     DWORD   Dr1;
131 | #     DWORD   Dr2;
132 | #     DWORD   Dr3;
133 | #     DWORD   Dr6;
134 | #     DWORD   Dr7;
135 | #     FLOATING_SAVE_AREA FloatSave;
136 | #     DWORD   SegGs;
137 | #     DWORD   SegFs;
138 | #     DWORD   SegEs;
139 | #     DWORD   SegDs;
140 | #     DWORD   Edi;
141 | #     DWORD   Esi;
142 | #     DWORD   Ebx;
143 | #     DWORD   Edx;
144 | #     DWORD   Ecx;
145 | #     DWORD   Eax;
146 | #     DWORD   Ebp;
147 | #     DWORD   Eip;
148 | #     DWORD   SegCs;
149 | #     DWORD   EFlags;
150 | #     DWORD   Esp;
151 | #     DWORD   SegSs;
152 | #     BYTE    ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];
153 | # } CONTEXT;
154 | class CONTEXT(Structure):
155 |     arch = ARCH_I386
156 | 
157 |     _pack_ = 1
158 | 
159 |     # Context Frame
160 |     #
161 |     #  This frame has a several purposes: 1) it is used as an argument to
162 |     #  NtContinue, 2) is is used to constuct a call frame for APC delivery,
163 |     #  and 3) it is used in the user level thread creation routines.
164 |     #
165 |     #  The layout of the record conforms to a standard call frame.
166 | 
167 |     _fields_ = [
168 | 
169 |         # The flags values within this flag control the contents of
170 |         # a CONTEXT record.
171 |         #
172 |         # If the context record is used as an input parameter, then
173 |         # for each portion of the context record controlled by a flag
174 |         # whose value is set, it is assumed that that portion of the
175 |         # context record contains valid context. If the context record
176 |         # is being used to modify a threads context, then only that
177 |         # portion of the threads context will be modified.
178 |         #
179 |         # If the context record is used as an IN OUT parameter to capture
180 |         # the context of a thread, then only those portions of the thread's
181 |         # context corresponding to set flags will be returned.
182 |         #
183 |         # The context record is never used as an OUT only parameter.
184 | 
185 |         ('ContextFlags',        DWORD),
186 | 
187 |         # This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
188 |         # set in ContextFlags.  Note that CONTEXT_DEBUG_REGISTERS is NOT
189 |         # included in CONTEXT_FULL.
190 | 
191 |         ('Dr0',                 DWORD),
192 |         ('Dr1',                 DWORD),
193 |         ('Dr2',                 DWORD),
194 |         ('Dr3',                 DWORD),
195 |         ('Dr6',                 DWORD),
196 |         ('Dr7',                 DWORD),
197 | 
198 |         # This section is specified/returned if the
199 |         # ContextFlags word contains the flag CONTEXT_FLOATING_POINT.
200 | 
201 |         ('FloatSave',           FLOATING_SAVE_AREA),
202 | 
203 |         # This section is specified/returned if the
204 |         # ContextFlags word contains the flag CONTEXT_SEGMENTS.
205 | 
206 |         ('SegGs',               DWORD),
207 |         ('SegFs',               DWORD),
208 |         ('SegEs',               DWORD),
209 |         ('SegDs',               DWORD),
210 | 
211 |         # This section is specified/returned if the
212 |         # ContextFlags word contains the flag CONTEXT_INTEGER.
213 | 
214 |         ('Edi',                 DWORD),
215 |         ('Esi',                 DWORD),
216 |         ('Ebx',                 DWORD),
217 |         ('Edx',                 DWORD),
218 |         ('Ecx',                 DWORD),
219 |         ('Eax',                 DWORD),
220 | 
221 |         # This section is specified/returned if the
222 |         # ContextFlags word contains the flag CONTEXT_CONTROL.
223 | 
224 |         ('Ebp',                 DWORD),
225 |         ('Eip',                 DWORD),
226 |         ('SegCs',               DWORD),         # MUST BE SANITIZED
227 |         ('EFlags',              DWORD),         # MUST BE SANITIZED
228 |         ('Esp',                 DWORD),
229 |         ('SegSs',               DWORD),
230 | 
231 |         # This section is specified/returned if the ContextFlags word
232 |         # contains the flag CONTEXT_EXTENDED_REGISTERS.
233 |         # The format and contexts are processor specific.
234 | 
235 |         ('ExtendedRegisters',   BYTE * MAXIMUM_SUPPORTED_EXTENSION),
236 |     ]
237 | 
238 |     _ctx_debug   = ('Dr0', 'Dr1', 'Dr2', 'Dr3', 'Dr6', 'Dr7')
239 |     _ctx_segs    = ('SegGs', 'SegFs', 'SegEs', 'SegDs', )
240 |     _ctx_int     = ('Edi', 'Esi', 'Ebx', 'Edx', 'Ecx', 'Eax')
241 |     _ctx_ctrl    = ('Ebp', 'Eip', 'SegCs', 'EFlags', 'Esp', 'SegSs')
242 | 
243 |     @classmethod
244 |     def from_dict(cls, ctx):
245 |         'Instance a new structure from a Python dictionary.'
246 |         ctx = Context(ctx)
247 |         s = cls()
248 |         ContextFlags = ctx['ContextFlags']
249 |         setattr(s, 'ContextFlags', ContextFlags)
250 |         if (ContextFlags & CONTEXT_DEBUG_REGISTERS) == CONTEXT_DEBUG_REGISTERS:
251 |             for key in s._ctx_debug:
252 |                 setattr(s, key, ctx[key])
253 |         if (ContextFlags & CONTEXT_FLOATING_POINT) == CONTEXT_FLOATING_POINT:
254 |             fsa = ctx['FloatSave']
255 |             s.FloatSave = FLOATING_SAVE_AREA.from_dict(fsa)
256 |         if (ContextFlags & CONTEXT_SEGMENTS) == CONTEXT_SEGMENTS:
257 |             for key in s._ctx_segs:
258 |                 setattr(s, key, ctx[key])
259 |         if (ContextFlags & CONTEXT_INTEGER) == CONTEXT_INTEGER:
260 |             for key in s._ctx_int:
261 |                 setattr(s, key, ctx[key])
262 |         if (ContextFlags & CONTEXT_CONTROL) == CONTEXT_CONTROL:
263 |             for key in s._ctx_ctrl:
264 |                 setattr(s, key, ctx[key])
265 |         if (ContextFlags & CONTEXT_EXTENDED_REGISTERS) == CONTEXT_EXTENDED_REGISTERS:
266 |             er = ctx['ExtendedRegisters']
267 |             for index in xrange(0, MAXIMUM_SUPPORTED_EXTENSION):
268 |                 s.ExtendedRegisters[index] = er[index]
269 |         return s
270 | 
271 |     def to_dict(self):
272 |         'Convert a structure into a Python native type.'
273 |         ctx = Context()
274 |         ContextFlags = self.ContextFlags
275 |         ctx['ContextFlags'] = ContextFlags
276 |         if (ContextFlags & CONTEXT_DEBUG_REGISTERS) == CONTEXT_DEBUG_REGISTERS:
277 |             for key in self._ctx_debug:
278 |                 ctx[key] = getattr(self, key)
279 |         if (ContextFlags & CONTEXT_FLOATING_POINT) == CONTEXT_FLOATING_POINT:
280 |             ctx['FloatSave'] = self.FloatSave.to_dict()
281 |         if (ContextFlags & CONTEXT_SEGMENTS) == CONTEXT_SEGMENTS:
282 |             for key in self._ctx_segs:
283 |                 ctx[key] = getattr(self, key)
284 |         if (ContextFlags & CONTEXT_INTEGER) == CONTEXT_INTEGER:
285 |             for key in self._ctx_int:
286 |                 ctx[key] = getattr(self, key)
287 |         if (ContextFlags & CONTEXT_CONTROL) == CONTEXT_CONTROL:
288 |             for key in self._ctx_ctrl:
289 |                 ctx[key] = getattr(self, key)
290 |         if (ContextFlags & CONTEXT_EXTENDED_REGISTERS) == CONTEXT_EXTENDED_REGISTERS:
291 |             er = [ self.ExtendedRegisters[index] for index in xrange(0, MAXIMUM_SUPPORTED_EXTENSION) ]
292 |             er = tuple(er)
293 |             ctx['ExtendedRegisters'] = er
294 |         return ctx
295 | 
296 | PCONTEXT = POINTER(CONTEXT)
297 | LPCONTEXT = PCONTEXT
298 | 
299 | class Context(dict):
300 |     """
301 |     Register context dictionary for the i386 architecture.
302 |     """
303 | 
304 |     arch = CONTEXT.arch
305 | 
306 |     def __get_pc(self):
307 |         return self['Eip']
308 |     def __set_pc(self, value):
309 |         self['Eip'] = value
310 |     pc = property(__get_pc, __set_pc)
311 | 
312 |     def __get_sp(self):
313 |         return self['Esp']
314 |     def __set_sp(self, value):
315 |         self['Esp'] = value
316 |     sp = property(__get_sp, __set_sp)
317 | 
318 |     def __get_fp(self):
319 |         return self['Ebp']
320 |     def __set_fp(self, value):
321 |         self['Ebp'] = value
322 |     fp = property(__get_fp, __set_fp)
323 | 
324 | #--- LDT_ENTRY structure ------------------------------------------------------
325 | 
326 | # typedef struct _LDT_ENTRY {
327 | #   WORD LimitLow;
328 | #   WORD BaseLow;
329 | #   union {
330 | #     struct {
331 | #       BYTE BaseMid;
332 | #       BYTE Flags1;
333 | #       BYTE Flags2;
334 | #       BYTE BaseHi;
335 | #     } Bytes;
336 | #     struct {
337 | #       DWORD BaseMid  :8;
338 | #       DWORD Type  :5;
339 | #       DWORD Dpl  :2;
340 | #       DWORD Pres  :1;
341 | #       DWORD LimitHi  :4;
342 | #       DWORD Sys  :1;
343 | #       DWORD Reserved_0  :1;
344 | #       DWORD Default_Big  :1;
345 | #       DWORD Granularity  :1;
346 | #       DWORD BaseHi  :8;
347 | #     } Bits;
348 | #   } HighWord;
349 | # } LDT_ENTRY,
350 | #  *PLDT_ENTRY;
351 | 
352 | class _LDT_ENTRY_BYTES_(Structure):
353 |     _pack_ = 1
354 |     _fields_ = [
355 |         ('BaseMid',         BYTE),
356 |         ('Flags1',          BYTE),
357 |         ('Flags2',          BYTE),
358 |         ('BaseHi',          BYTE),
359 |     ]
360 | 
361 | class _LDT_ENTRY_BITS_(Structure):
362 |     _pack_ = 1
363 |     _fields_ = [
364 |         ('BaseMid',         DWORD,  8),
365 |         ('Type',            DWORD,  5),
366 |         ('Dpl',             DWORD,  2),
367 |         ('Pres',            DWORD,  1),
368 |         ('LimitHi',         DWORD,  4),
369 |         ('Sys',             DWORD,  1),
370 |         ('Reserved_0',      DWORD,  1),
371 |         ('Default_Big',     DWORD,  1),
372 |         ('Granularity',     DWORD,  1),
373 |         ('BaseHi',          DWORD,  8),
374 |     ]
375 | 
376 | class _LDT_ENTRY_HIGHWORD_(Union):
377 |     _pack_ = 1
378 |     _fields_ = [
379 |         ('Bytes',           _LDT_ENTRY_BYTES_),
380 |         ('Bits',            _LDT_ENTRY_BITS_),
381 |     ]
382 | 
383 | class LDT_ENTRY(Structure):
384 |     _pack_ = 1
385 |     _fields_ = [
386 |         ('LimitLow',        WORD),
387 |         ('BaseLow',         WORD),
388 |         ('HighWord',        _LDT_ENTRY_HIGHWORD_),
389 |     ]
390 | 
391 | PLDT_ENTRY = POINTER(LDT_ENTRY)
392 | LPLDT_ENTRY = PLDT_ENTRY
393 | 
394 | 
395 | #==============================================================================
396 | # This calculates the list of exported symbols.
397 | _all = set(vars().keys()).difference(_all)
398 | __all__ = [_x for _x in _all if not _x.startswith('_')]
399 | __all__.sort()
400 | #==============================================================================
401 | 


--------------------------------------------------------------------------------