Welcome to PythonForWindows’s documentation!

Description

PythonForWindows is a base of code aimed to make interaction with Windows (on X86/X64) easier (for both 32 and 64 bits Python). Its goal is to offer abstractions around some of the OS features in a (I hope) pythonic way. It also tries to make the barrier between python and native execution thinner in both ways. There is no external dependencies but it relies heavily on the ctypes module.

Let’s say that the codebase evolves with my needs, my researches and my curiosity.

If you have any issue, question, suggestion do not hesitate to contact me. I am always glad to have feedbacks from people using this project.

Examples are available on the github page and in the Samples of code.

Installation

Installing from Pypi

PythonForWindows is available on Pypi an this can be installed with:

python -m pip install PythonForWindows

Installing using setup.py

You can also install PythonForWindows by cloning it and using the setup.py at the root of the project:

python setup.py install

Encoding & unicode

PythonForWindows support python2.7 & python3 and is currently tested for Python2.7, 3.6 & 3.11 via Github Workflow

Since 1.0.0, the code uses “wide APIs” whenever possible and accept/returns python3 str (py2.7 unicode type) almost everywhere. Any functions/APIs not accepting unicode string can be considered a bug if its not stated explicitly in the documentation.

Python2

PythonForWindows continues to support python2.7 as its the only way to have it running on Windows XP & Windows Server 2003 which are sadly still seen in production. Encoding errors at print time might be awkward for unicode string on python2, see the PythonForWindows encoding guide in the documentation.

Documentation

• 1. The windows module
  • 1.1. The system object
• 2. The windows objects
  • 2.1. Processes and Threads
  • 2.2. PEB Exploration
  • 2.3. PEFile - Parsing loaded PE
  • 2.4. Token
  • 2.5. Exception and Context related structures
  • 2.6. Registry
  • 2.7. Network
  • 2.8. Service
  • 2.9. Volume – The logical drives
  • 2.10. WMI – Make request to WMI
  • 2.11. Handle – Processes handles
  • 2.12. System Module – Loaded kernel modules
  • 2.13. Object Manager – Kernel objects
  • 2.14. Device Manager
  • 2.15. Task scheduler
  • 2.16. Event Log
  • 2.17. ETW – Event Tracing for Windows
• 3. windows.native_exec – Native Code Execution
  • create_function()
  • 3.1. windows.native_exec.cpuid – Interface to native CPUID
  • 3.2. windows.native_exec.simple_x86 – X86 Assembler
  • 3.3. windows.native_exec.simple_x64 – X64 Assembler
  • 3.4. windows.native_exec.nativeutils – Native utility functions
• 4. windows.winproxy – Windows API
  • 4.1. Example: VirtualAlloc
  • 4.2. Helper functions
  • 4.3. WinproxyError
• 5. windows.security – Security Descriptor & related
  • 5.1. Token
  • 5.2. SecurityDescriptor
  • 5.3. Acl
  • 5.4. Ace
• 6. windows.pipe – Inter-Process Communication
  • 6.1. Helper functions
  • 6.2. PipeConnection
• 7. windows.utils – Windows Utilities
  • 7.1. Context Managers
  • 7.2. Helper functions
• 8. windows.wintrust – Checking signature
  • 8.1. API
• 9. windows.debug – Debugging
  • 9.1. Debugger
  • 9.2. SymbolDebugger
  • 9.3. LocalDebugger
  • 9.4. Breakpoint
  • 9.5. windows.debug.symbols – Using symbols
• 10. windows.com - Component Object Model
  • 10.1. Using a COM interface
  • 10.2. Implementing a COM interface
  • 10.3. API
• 11. windows.crypto – CryptoAPI
  • 11.1. Encryption
  • 11.2. Certificate
  • 11.3. Generating componants
• 12. windows.alpc – Advanced Local Procedure Call
  • 12.1. ALPC Message
  • 12.2. ALPC client
  • 12.3. ALPC Server
• 13. windows.rpc – ALPC-based Windows RPC
  • 13.1. RPCClient
  • 13.2. Epmapper
  • 13.3. Ndr
• 14. windows.generated_def – generated Windows defines and structures
  • 14.1. WinDef
  • 14.2. Ntstatus
  • 14.3. Winstructs
  • 14.4. WinEnums
  • 14.5. Functions
  • 14.6. WinError
  • 14.7. Interfaces
  • Flag
  • StrFlag
  • 14.8. Example
• 15. IAT hooking
  • 15.1. Putting an IAT hook
  • 15.2. Hook protocol
  • 15.3. windows.hooks
• 16. Early Work In Progress
• 17. Internals
  • 17.1. remotectypes.py
  • 17.2. syswow64.py – Crossing the heaven gate
• 18. Samples of code
  • 18.1. Processes
  • 18.2. Token
  • 18.3. windows.system
  • 18.4. Services
  • 18.5. Network - socket exploration
  • 18.6. Registry
  • 18.7. Scheduled tasks
  • 18.8. Event Log
  • 18.9. Object manager
  • 18.10. Device manager
  • 18.11. windows.wintrust
  • 18.12. VectoredException()
  • 18.13. Debugging
  • 18.14. Symbols
  • 18.15. WMI
  • 18.16. windows.com
  • 18.17. windows.crypto
  • 18.18. windows.alpc
  • 18.19. windows.rpc
  • 18.20. windows.pipe
  • 18.21. windows.security
  • 18.22. ETW (Event Tracing for Windows)
• 19. Python, Windows & encoding
  • 19.1. What does this additional configuration does ?
  • 19.2. The case of __repr__
  • 19.3. Sample of test

Indices and tables

• Module Index

• Search Page

• Index