7. windows.utils
– Windows Utilities¶
7.1. Context Managers¶
windows.utils
provides some context managers wrapping standard contextual operations
like VirtualProtect
or SysWow Redirection
7.1.1. VirtualProtected¶
7.1.2. DisableWow64FsRedirection¶
7.2. Helper functions¶
- windows.utils.sprint(struct, name='struct', hexa=True)[source]¶
Print recursively the content of a
ctypes
structure- Example:
>>> cert <Certificate "YOLO2" serial="6f 1d 3e 7d d9 77 59 a9 4c 1c 53 dc 80 db 0c fe"> >>> windows.utils.sprint(cert) struct.dwCertEncodingType -> 0x1L struct.pbCertEncoded<deref> -> 0x30 struct.cbCertEncoded -> 0x1a7L struct.pCertInfo<deref>.dwVersion -> 0x2L struct.pCertInfo<deref>.SerialNumber.cbData -> 0x10L struct.pCertInfo<deref>.SerialNumber.pbData<deref> -> 0xfe struct.pCertInfo<deref>.SignatureAlgorithm.pszObjId -> '1.2.840.113549.1.1.5' struct.pCertInfo<deref>.SignatureAlgorithm.Parameters.cbData -> 0x2L struct.pCertInfo<deref>.SignatureAlgorithm.Parameters.pbData<deref> -> 0x5 struct.pCertInfo<deref>.Issuer.cbData -> 0x12L struct.pCertInfo<deref>.Issuer.pbData<deref> -> 0x30 struct.pCertInfo<deref>.NotBefore.dwLowDateTime -> 0x718ddc00L struct.pCertInfo<deref>.NotBefore.dwHighDateTime -> 0x1d249bbL struct.pCertInfo<deref>.NotAfter.dwLowDateTime -> 0x34ef0c00L struct.pCertInfo<deref>.NotAfter.dwHighDateTime -> 0x1d368bfL ...
- windows.utils.enable_privilege(lpszPrivilege, bEnablePrivilege)[source]¶
Enable or disable a privilege:
enable_privilege(SE_DEBUG_NAME, True)
- windows.utils.check_debug()[source]¶
Check that kernel is in debug mode (beware of NOUMEX):
https://msdn.microsoft.com/en-us/library/windows/hardware/ff556253(v=vs.85).aspx#_______noumex______
- windows.utils.create_process(path, args=None, dwCreationFlags=0, show_windows=True)[source]¶
A convenient wrapper arround
windows.winproxy.CreateProcessW()
- windows.utils.create_console()[source]¶
Create a new console displaying STDOUT. Useful in injection of GUI process
- windows.utils.create_file_from_handle(handle, mode='r')[source]¶
Return a Python
file
around aWindows
HANDLE
- windows.utils.get_short_path(path)[source]¶
Return the short path form for
path
- Raise:
WinproxyError
ifpath
does not exists- Parameters:
path (
str
|unicode
) – a valid Windows path- Returns:
str
|unicode
– same type aspath
parameter
- windows.utils.get_long_path(path)[source]¶
Return the long path form for
path
.- Raise:
WinproxyError
ifpath
does not exists- Parameters:
path (
str
|unicode
) – a valid Windows path- Returns:
str
|unicode
– same type aspath
parameter