Welcome to PythonForWindows’s documentation!¶
Description¶
PythonForWindows is a base of code aimed to make interaction with Windows
(on X86/X64) easier (for both 32 and 64 bits Python).
Its goal is to offer abstractions around some of the OS features in a (I hope) pythonic way.
It also tries to make the barrier between python and native execution thinner in both ways.
There is no external dependencies but it relies heavily on the ctypes
module.
Some of this code is clean (IMHO) and some parts are just a wreck that works for now. Let’s say that the codebase evolves with my needs and my curiosity.
If you have any issue, question, suggestion do not hesitate to contact me. I am always glad to have feedbacks from people using this project.
Examples are available on the github page and in the Samples of code.
Installation¶
Installing from Pypi¶
PythonForWindows is available on Pypi an this can be installed with:
python -m pip install PythonForWindows
Installing using setup.py¶
You can also install PythonForWindows by cloning it and using the setup.py
at the root of the project:
python setup.py install
Python3¶
python3 support is still in beta. All the tests pass on master, but I did not test it heavily on real case. Do not hesitate report bugs and issues.
Documentation¶
- 1. The
windows
module - 2. The
windows
objects- 2.1. Processes and Threads
- 2.2. PEB Exploration
- 2.3. PEFile - Parsing loaded PE
- 2.4. Token
- 2.5. Exception and Context related structures
- 2.6. Registry
- 2.7. Network
- 2.8. Service
- 2.9. Volume – The logical drives
- 2.10. WMI – Make request to WMI
- 2.11. Handle – Processes handles
- 2.12. System Module – Loaded kernel modules
- 2.13. Object Manager – Kernel objects
- 2.14. Device Manager
- 2.15. Task scheduler
- 2.16. Event Log
- 2.17. ETW – Event Tracing for Windows
- 3.
windows.native_exec
– Native Code Execution - 4.
windows.winproxy
– Windows API - 5.
windows.security
– Security Descriptor & related - 6.
windows.pipe
– Inter-Process Communication - 7.
windows.utils
– Windows Utilities - 8.
windows.wintrust
– Checking signature - 9.
windows.debug
– Debugging - 10.
windows.com
- Component Object Model - 11.
windows.crypto
– CryptoAPI - 12.
windows.alpc
– Advanced Local Procedure Call - 13.
windows.rpc
– ALPC-based Windows RPC - 14.
windows.generated_def
– generated Windows defines and structures - 15. IAT hooking
- 16. Early Work In Progress
- 17. Internals
- 18. Samples of code
- 18.1. Processes
- 18.2. Token
- 18.3.
windows.system
- 18.4. Services
- 18.5.
Network
- socket exploration - 18.6.
Registry
- 18.7. Scheduled tasks
- 18.8. Event Log
- 18.9. Object manager
- 18.10. Device manager
- 18.11.
windows.wintrust
- 18.12.
VectoredException()
- 18.13. Debugging
- 18.14. Symbols
- 18.15. WMI
- 18.16.
windows.com
- 18.17.
windows.crypto
- 18.18.
windows.alpc
- 18.19.
windows.rpc
- 18.20.
windows.pipe
- 18.21.
windows.security
- 18.22. ETW (Event Tracing for Windows)