1. The windows module

The windows module is the module installed by setup.py.

This module exports some objects representing the current state of the system. It also offers some submodules aimed to help the interfacing with Windows and native code execution.

The defaults objects accessible in windows are:

• system of type windows.winobject.system.System
• current_process of type windows.winobject.process.CurrentProcess
• current_thread of type windows.winobject.process.CurrentThread

The submodules that you might use by themself are:

• windows.generated_def
• windows.native_exec
• windows.winproxy
• windows.security
• windows.wintrust
• windows.crypto
• windows.utils
• windows.debug
• windows.alpc
• windows.pipe
• windows.rpc
• windows.com

1.1. The system object

Note

See sample windows.system

class windows.winobject.system.System

The state of the current Windows system Python is running on

bitness

The bitness of the system

Type:int – 32 or 64

computer_name

The name of the computer

Type:str

device_manager

An object to query the device&driver configured on the computer.

Type:DeviceManager

etw

An object to interact with ETW (Event Tracing for Windows)

Type:EtwManager

event_log

An object to open Event channel/publisher and evtx file

Type:EvtlogManager

handles

The list of system handles

Type:[Handle] – A list of Hanlde

logicaldrives

List of logical drives [C:, …]

Type:[LogicalDrive] – A list of LogicalDrive

modules

The list of system modules

Type:[SystemModule] – A list of SystemModule or SystemModuleWow64

network = <windows.winobject.network.Network object>

Object of class windows.winobject.network.Network

object_manager

An object to query the objects in the kernel object manager.

Type:ObjectManager

processes

The list of running processes

Type:[WinProcess] – A list of Process

product_type

The product type, value might be:

• VER_NT_WORKSTATION(0x1L)
• VER_NT_DOMAIN_CONTROLLER(0x2L)
• VER_NT_SERVER(0x3L)

Type:long or int (or subclass)

registry = <windows.winobject.registry.Registry object>

Object of class windows.winobject.registry.Registry

services

An object to query, list and explore services

Type:ServiceManager

task_scheduler

An object able to manage scheduled tasks on the local system

Type:TaskService

threads

The list of running threads

Type:[WinThread] – A list of Thread

version

The version of the system

Type:(int, int) – (Major, Minor)

version_name

The name of the system version, values are:

• Windows Server 2016
• Windows 10
• Windows Server 2012 R2
• Windows 8.1
• Windows Server 2012
• Windows 8
• Windows Server 2008
• Windows 7
• Windows Server 2008
• Windows Vista
• Windows XP Professional x64 Edition
• TODO: version (5.2) + is_workstation + bitness == 32 (don’t even know if possible..)
• Windows Server 2003 R2
• Windows Server 2003
• Windows XP
• Windows 2000
• “Unknow Windows <version={0} | is_workstation={1}>”.format(version, is_workstation)

Type:str

wmi

An object to perform wmi requests to various namespaces

Type:WmiManager