Welcome to PythonForWindows’s documentation!

Description

PythonForWindows is a base of code aimed to make interaction with Windows (on X86/X64) easier (for both 32 and 64 bits Python). Its goal is to offer abstractions around some of the OS features in a (I hope) pythonic way. It also tries to make the barrier between python and native execution thinner in both ways. There is no external dependencies but it relies heavily on the ctypes module.

Some of this code is clean (IMHO) and some parts are just a wreck that works for now. Let’s say that the codebase evolves with my needs and my curiosity.

If you have any issue, question, suggestion do not hesitate to contact me. I am always glad to have feedbacks from people using this project.

Examples are available on the github page and in the Samples of code.

Installation

Installing from Pypi

PythonForWindows is available on Pypi an this can be installed with:

python -m pip install PythonForWindows

Installing using setup.py

You can also install PythonForWindows by cloning it and using the setup.py at the root of the project:

python setup.py install

Python3

python3 support is still in beta. All the tests pass on master, but I did not test it heavily on real case. Do not hesitate report bugs and issues.

Documentation

• 1. The windows module
  • 1.1. The system object
• 2. The windows objects
  • 2.1. Processes and Threads
  • 2.2. PEB Exploration
  • 2.3. PEFile - Parsing loaded PE
  • 2.4. Token
  • 2.5. Exception and Context related structures
  • 2.6. Registry
  • 2.7. Network
  • 2.8. Service
  • 2.9. Volume – The logical drives
  • 2.10. WMI – Make request to WMI
  • 2.11. Handle – Processes handles
  • 2.12. System Module – Loaded kernel modules
  • 2.13. Object Manager – Kernel objects
  • 2.14. Device Manager
  • 2.15. Task scheduler
  • 2.16. Event Log
  • 2.17. ETW – Event Tracing for Windows
• 3. windows.native_exec – Native Code Execution
  • 3.1. windows.native_exec.cpuid – Interface to native CPUID
  • 3.2. windows.native_exec.simple_x86 – X86 Assembler
  • 3.3. windows.native_exec.simple_x64 – X64 Assembler
  • 3.4. windows.native_exec.nativeutils – Native utility functions
• 4. windows.winproxy – Windows API
  • 4.1. Example: VirtualAlloc
  • 4.2. Helper functions
  • 4.3. WinproxyError
  • 4.4. Functions in windows.winproxy
• 5. windows.security – Security Descriptor & related
  • 5.1. Token
  • 5.2. SecurityDescriptor
  • 5.3. Acl
  • 5.4. Ace
• 6. windows.pipe – Inter-Process Communication
  • 6.1. Helper functions
  • 6.2. PipeConnection
• 7. windows.utils – Windows Utilities
  • 7.1. Context Managers
  • 7.2. Helper functions
• 8. windows.wintrust – Checking signature
  • 8.1. API
• 9. windows.debug – Debugging
  • 9.1. Debugger
  • 9.2. SymbolDebugger
  • 9.3. LocalDebugger
  • 9.4. Breakpoint
  • 9.5. windows.debug.symbols – Using symbols
• 10. windows.com - Component Object Model
  • 10.1. Using a COM interface
  • 10.2. Implementing a COM interface
  • 10.3. API
• 11. windows.crypto – CryptoAPI
  • 11.1. Encryption
  • 11.2. Certificate
  • 11.3. Generating componants
• 12. windows.alpc – Advanced Local Procedure Call
  • 12.1. ALPC Message
  • 12.2. ALPC client
  • 12.3. ALPC Server
• 13. windows.rpc – ALPC-based Windows RPC
  • 13.1. RPCClient
  • 13.2. Epmapper
  • 13.3. Ndr
• 14. windows.generated_def – generated Windows defines and structures
  • 14.1. WinDef
  • 14.2. Ntstatus
  • 14.3. Winstructs
  • 14.4. WinEnums
  • 14.5. WinError
  • 14.6. Example
• 15. IAT hooking
  • 15.1. Putting an IAT hook
  • 15.2. Hook protocol
  • 15.3. windows.hooks
• 16. Early Work In Progress
• 17. Internals
  • 17.1. remotectypes.py
  • 17.2. syswow64.py – Crossing the heaven gate
• 18. Samples of code
  • 18.1. Processes
  • 18.2. Token
  • 18.3. windows.system
  • 18.4. Services
  • 18.5. Network - socket exploration
  • 18.6. Registry
  • 18.7. Scheduled tasks
  • 18.8. Event Log
  • 18.9. Object manager
  • 18.10. Device manager
  • 18.11. windows.wintrust
  • 18.12. VectoredException()
  • 18.13. Debugging
  • 18.14. Symbols
  • 18.15. WMI
  • 18.16. windows.com
  • 18.17. windows.crypto
  • 18.18. windows.alpc
  • 18.19. windows.rpc
  • 18.20. windows.pipe
  • 18.21. windows.security
  • 18.22. ETW (Event Tracing for Windows)

Indices and tables

• Module Index
• Search Page
• Index