1. The windows module

The windows module is the module installed by setup.py.

This module exports some objects representing the current state of the system. It also offers some submodules aimed to help the interfacing with Windows and native code execution.

The defaults objects accessible in windows are:

• system of type windows.winobject.system.System

• current_process of type windows.winobject.process.CurrentProcess

• current_thread of type windows.winobject.process.CurrentThread

The submodules that you might use by themself are:

• windows.generated_def

• windows.native_exec

• windows.winproxy

• windows.security

• windows.wintrust

• windows.crypto

• windows.utils

• windows.debug

• windows.alpc

• windows.pipe

• windows.rpc

• windows.com

1.1. The system object

Note

See sample windows.system

class windows.winobject.system.System

Bases: object

The state of the current Windows system Python is running on

property bitness

The bitness of the system

Type:

int – 32 or 64

property computer_name

The name of the computer

Type:

str

property device_manager

An object to query the device&driver configured on the computer.

Type:

DeviceManager

property environ

A unicode version of os.environ Same as os.environ on py3 Custom dict built on GetEnvironmentStringsW() on py2

Type:

dict – {unicode: unicode}

property etw

An object to interact with ETW (Event Tracing for Windows)

Type:

EtwManager

property event_log

An object to open Event channel/publisher and evtx file

Type:

EvtlogManager

property handles

The list of system handles

Type:

[Handle] – A list of Hanlde

property logicaldrives

List of logical drives [C:, …]

Type:

[LogicalDrive] – A list of LogicalDrive

property modules

The list of system modules

Type:

[SystemModule] – A list of SystemModule or SystemModuleWow64

network = <windows.winobject.network.Network object>

Object of class windows.winobject.network.Network

property object_manager

An object to query the objects in the kernel object manager.

Type:

ObjectManager

property processes

The list of running processes

Type:

[WinProcess] – A list of Process

property product_type

The product type, value might be:

• VER_NT_WORKSTATION(0x1L)

• VER_NT_DOMAIN_CONTROLLER(0x2L)

• VER_NT_SERVER(0x3L)

Type:

long or int (or subclass)

registry = <windows.winobject.registry.Registry object>

Object of class windows.winobject.registry.Registry

property services

An object to query, list and explore services

Type:

ServiceManager

property task_scheduler

An object able to manage scheduled tasks on the local system

Type:

TaskService

property threads

The list of running threads

Type:

[WinThread] – A list of Thread

property version

The version of the system

Type:

(int, int) – (Major, Minor)

property version_name

The name of the system version, values are:

• Windows Server 2016

• Windows 10

• Windows Server 2012 R2

• Windows 8.1

• Windows Server 2012

• Windows 8

• Windows Server 2008

• Windows 7

• Windows Server 2008

• Windows Vista

• Windows XP Professional x64 Edition

• TODO: version (5.2) + is_workstation + bitness == 32 (don’t even know if possible..)

• Windows Server 2003 R2

• Windows Server 2003

• Windows XP

• Windows 2000

• “Unknow Windows <version={0} | is_workstation={1}>”.format(version, is_workstation)

Type:

str

property wmi

An object to perform wmi requests to various namespaces

Type:

WmiManager