7. windows.utils
– Windows Utilities¶
7.1. Context Managers¶
windows.utils
provides some context managers wrapping standard contextual operations
like VirtualProtect
or SysWow Redirection
7.1.1. VirtualProtected¶
7.1.2. DisableWow64FsRedirection¶
7.2. Helper functions¶
-
windows.utils.
sprint
(struct, name='struct', hexa=True)[source]¶ Print recursively the content of a
ctypes
structure- Example:
>>> cert <Certificate "YOLO2" serial="6f 1d 3e 7d d9 77 59 a9 4c 1c 53 dc 80 db 0c fe"> >>> windows.utils.sprint(cert) struct.dwCertEncodingType -> 0x1L struct.pbCertEncoded<deref> -> 0x30 struct.cbCertEncoded -> 0x1a7L struct.pCertInfo<deref>.dwVersion -> 0x2L struct.pCertInfo<deref>.SerialNumber.cbData -> 0x10L struct.pCertInfo<deref>.SerialNumber.pbData<deref> -> 0xfe struct.pCertInfo<deref>.SignatureAlgorithm.pszObjId -> '1.2.840.113549.1.1.5' struct.pCertInfo<deref>.SignatureAlgorithm.Parameters.cbData -> 0x2L struct.pCertInfo<deref>.SignatureAlgorithm.Parameters.pbData<deref> -> 0x5 struct.pCertInfo<deref>.Issuer.cbData -> 0x12L struct.pCertInfo<deref>.Issuer.pbData<deref> -> 0x30 struct.pCertInfo<deref>.NotBefore.dwLowDateTime -> 0x718ddc00L struct.pCertInfo<deref>.NotBefore.dwHighDateTime -> 0x1d249bbL struct.pCertInfo<deref>.NotAfter.dwLowDateTime -> 0x34ef0c00L struct.pCertInfo<deref>.NotAfter.dwHighDateTime -> 0x1d368bfL ...
-
windows.utils.
enable_privilege
(lpszPrivilege, bEnablePrivilege)[source]¶ Enable or disable a privilege:
enable_privilege(SE_DEBUG_NAME, True)
-
windows.utils.
check_debug
()[source]¶ Check that kernel is in debug mode (beware of NOUMEX):
https://msdn.microsoft.com/en-us/library/windows/hardware/ff556253(v=vs.85).aspx#_______noumex______
-
windows.utils.
create_process
(path, args=None, dwCreationFlags=0, show_windows=True)[source]¶ A convenient wrapper arround
windows.winproxy.CreateProcessA()
-
windows.utils.
create_console
()[source]¶ Create a new console displaying STDOUT. Useful in injection of GUI process
-
windows.utils.
create_file_from_handle
(handle, mode='r')[source]¶ Return a Python
file
around aWindows
HANDLE