12. `windows.alpc` – Advanced Local Procedure Call¶

The windows.alpc module regroups the classes that permits to send and receive ALPC messages over an ALPC port and the classes representing these messages.

Note

See samples:

simple alpc communication

advanced alpc communication

12.1. ALPC Message¶

class windows.alpc.AlpcMessage(msg_or_size=4096, attributes=None)[source]¶

Represent a full ALPC Message: a AlpcMessagePort and a MessageAttribute

property allocated_attributes¶

The list of allocated attributes

Type:: [Flag]

property context_attribute¶

The ALPC_MESSAGE_CONTEXT_ATTRIBUTE of the message:

Type:: ALPC_CONTEXT_ATTR

property context_is_valid¶: True if ALPC_MESSAGE_CONTEXT_ATTRIBUTE is a ValidAttributes

property data¶: The data of the message (located after the PORT_MESSAGE header)

property handle_attribute¶

The ALPC_MESSAGE_HANDLE_ATTRIBUTE of the message:

Type:: ALPC_HANDLE_ATTR

property handle_is_valid¶: True if ALPC_MESSAGE_HANDLE_ATTRIBUTE is a ValidAttributes

property security_attribute¶

The ALPC_MESSAGE_SECURITY_ATTRIBUTE of the message

Type:: ALPC_SECURITY_ATTR

property security_is_valid¶: True if ALPC_MESSAGE_SECURITY_ATTRIBUTE is a ValidAttributes

property type¶: The type of the message (PORT_MESSAGE.u2.s2.Type)

property valid_attributes¶

The list of valid attributes

Type:: [Flag]

property view_attribute¶

The ALPC_MESSAGE_VIEW_ATTRIBUTE of the message:

Type:: ALPC_DATA_VIEW_ATTR

property view_is_valid¶: True if ALPC_MESSAGE_VIEW_ATTRIBUTE is a ValidAttributes

class windows.alpc.AlpcMessagePort[source]¶

The effective ALPC Message composed of a PORT_MESSAGE structure followed by the data

property data¶: The data of the message (located after the header)

property datalen¶: The length of the data

classmethod from_buffer(object, offset=0) → C instance[source]¶: create a C instance from a writeable buffer

class windows.alpc.MessageAttribute[source]¶

The attributes of an ALPC message

property allocated_list¶

The list of allocated attributes

Type:: [Flag]

is_allocated(attribute)[source]¶: Return True if attribute is allocated

is_valid(attribute)[source]¶: Return True if attribute is valid

property valid_list¶

The list of valid attributes

Type:: [Flag]

classmethod with_all_attributes()[source]¶

Create a new MessageAttribute with the following attributes allocated:

ALPC_MESSAGE_SECURITY_ATTRIBUTE
ALPC_MESSAGE_VIEW_ATTRIBUTE
ALPC_MESSAGE_CONTEXT_ATTRIBUTE
ALPC_MESSAGE_HANDLE_ATTRIBUTE
ALPC_MESSAGE_TOKEN_ATTRIBUTE
ALPC_MESSAGE_DIRECT_ATTRIBUTE
ALPC_MESSAGE_WORK_ON_BEHALF_ATTRIBUTE

Returns:: MessageAttribute

classmethod with_attributes(attributes)[source]¶

Create a new MessageAttribute with attributes allocated

Returns:: MessageAttribute

12.2. ALPC client¶

class windows.alpc.AlpcClient(port_name=None)[source]¶

An ALPC client able to connect to a port and send/receive messages

connect_to_port(port_name, connect_message=None, port_attr=None, port_attr_flags=65536, obj_attr=None, flags=ALPC_MSGFLG_SYNC_REQUEST(0x20000), timeout=None)[source]¶

Connect to the ALPC port port_name. Most of the parameters have defauls value is None is passed.

Parameters:

connect_message (AlpcMessage) – The message send with the connection request, if not None the function will return an AlpcMessage
port_attr (ALPC_PORT_ATTRIBUTES) – The port attributes, one with default value will be used if this parameter is None
port_attr_flags (int) – ALPC_PORT_ATTRIBUTES.Flags used if port_attr is None (MUTUALY EXCLUSINVE WITH port_attr)
obj_attr (OBJECT_ATTRIBUTES) – The attributes of the port (can be None)
flags (int) – The flags for NtAlpcConnectPort()
timeout (int) – The timeout of the request

port_name¶: The name of the ALPC port the client is connect to.

recv(receive_msg=None, flags=0)¶

Receive a message into alpc_message with flags.

Parameters:

receive_msg (AlpcMessage or None) – The message to send. If receive_msg is a None it create and return a simple AlpcMessage
flags (int) – The flags for NtAlpcSendWaitReceivePort()

send(alpc_message, flags=0)¶

Send the alpc_message with flags

Parameters:

alpc_message (AlpcMessage or str) – The message to send. If alpc_message is a str it build an AlpcMessage with the message as data.
flags (int) – The flags for NtAlpcSendWaitReceivePort()

send_receive(alpc_message, receive_msg=None, flags=ALPC_MSGFLG_SYNC_REQUEST(0x20000), timeout=None)¶

Send and receive a message with flags.

Parameters:

alpc_message (AlpcMessage or str) – The message to send. If alpc_message is a str it build an AlpcMessage with the message as data.
receive_msg (AlpcMessage or None) – The message to send. If receive_msg is a None it create and return a simple AlpcMessage
flags (int) – The flags for NtAlpcSendWaitReceivePort()

12.3. ALPC Server¶

class windows.alpc.AlpcServer(port_name=None)[source]¶

An ALPC server able to create a port, accept connections and send/receive messages

accept_connection(msg, port_attr=None, port_context=None)[source]¶

Accept the connection for a LPC_CONNECTION_REQUEST message. msg.MessageId must be the same as the connection requesting message.

Parameters:

msg (AlpcMessage) – The response message.
port_attr (ALPC_PORT_ATTRIBUTES) – The attributes of the port, one with default value will be used if this parameter is None
port_context (PVOID) – A value that will be copied in ALPC_CONTEXT_ATTR.PortContext of every message on this connection.

create_port(port_name, msglen=None, port_attr_flags=0, obj_attr=None, port_attr=None)[source]¶

Create the ALPC port port_name. Most of the parameters have defauls value is None is passed.

Parameters:

port_name (str) – The port’s name to create.
msglen (int) – ALPC_PORT_ATTRIBUTES.MaxMessageLength used if port_attr is None (MUTUALY EXCLUSINVE WITH port_attr)
port_attr_flags (int) – ALPC_PORT_ATTRIBUTES.Flags used if port_attr is None (MUTUALY EXCLUSINVE WITH port_attr)
obj_attr (OBJECT_ATTRIBUTES) – The attributes of the port, one with default value will be used if this parameter is None
port_attr (ALPC_PORT_ATTRIBUTES) – The port attributes, one with default value will be used if this parameter is None

recv(receive_msg=None, flags=0)¶

Receive a message into alpc_message with flags.

Parameters:

receive_msg (AlpcMessage or None) – The message to send. If receive_msg is a None it create and return a simple AlpcMessage
flags (int) – The flags for NtAlpcSendWaitReceivePort()

send(alpc_message, flags=0)¶

Send the alpc_message with flags

Parameters:

alpc_message (AlpcMessage or str) – The message to send. If alpc_message is a str it build an AlpcMessage with the message as data.
flags (int) – The flags for NtAlpcSendWaitReceivePort()

send_receive(alpc_message, receive_msg=None, flags=ALPC_MSGFLG_SYNC_REQUEST(0x20000), timeout=None)¶

Send and receive a message with flags.

Parameters:

alpc_message (AlpcMessage or str) – The message to send. If alpc_message is a str it build an AlpcMessage with the message as data.
receive_msg (AlpcMessage or None) – The message to send. If receive_msg is a None it create and return a simple AlpcMessage
flags (int) – The flags for NtAlpcSendWaitReceivePort()

12. `windows.alpc` – Advanced Local Procedure Call¶

12.1. ALPC Message¶

12.2. ALPC client¶

12.3. ALPC Server¶

Table of Contents

Previous topic

Next topic

This Page

12. windows.alpc – Advanced Local Procedure Call¶

12.1. ALPC Message¶

12.2. ALPC client¶

12.3. ALPC Server¶

12. `windows.alpc` – Advanced Local Procedure Call¶