2. The windows objects

Through the system object many classes representing various Windows parts are accessible.

This sections describes them by group of relation.

• 2.1. Processes and Threads
  • 2.1.1. CurrentProcess
    • CurrentProcess
  • 2.1.2. CurrentThread
    • CurrentThread
  • 2.1.3. WinProcess
    • WinProcess
  • 2.1.4. WinThread
    • WinThread
    • DeadThread
• 2.2. PEB Exploration
  • 2.2.1. PEB
    • PEB
  • 2.2.2. LoadedModule
    • LoadedModule
  • 2.2.3. ApiSetMap
    • ApiSetMap
    • ApiSetMapVersion2
    • ApiSetMapVersion4
    • ApiSetMapVersion6
• 2.3. PEFile - Parsing loaded PE
  • 2.3.1. windows.pe_parse
    • GetPEFile()
    • 2.3.1.1. PEFile
    • 2.3.1.2. IATEntry
• 2.4. Token
  • 2.4.1. Token
    • Token
  • 2.4.2. TokenGroups
    • TokenGroups
  • 2.4.3. TokenPrivileges
    • TokenPrivileges
  • 2.4.4. TokenSecurityAttributesInformation
    • TokenSecurityAttributesInformation
  • 2.4.5. TokenSecurityAttributeV1
    • TokenSecurityAttributeV1
• 2.5. Exception and Context related structures
  • 2.5.1. Exception Records
    • EEXCEPTION_RECORD
    • EEXCEPTION_RECORD32
    • EEXCEPTION_RECORD64
  • 2.5.2. EXCEPTION DEBUG INFO
    • EEXCEPTION_DEBUG_INFO32
    • EEXCEPTION_DEBUG_INFO64
  • 2.5.3. Context
    • ECONTEXT32
    • ECONTEXTWOW64
    • ECONTEXT64
    • EEflags
    • EDr7
  • 2.5.4. EXCEPTION POINTERS
    • EEXCEPTION_POINTERS
  • 2.5.5. Vectored Exception
    • VectoredException
• 2.6. Registry
  • 2.6.1. Registry
    • Registry
  • 2.6.2. PyHKey
    • PyHKey
  • 2.6.3. KeyValue
    • KeyValue
• 2.7. Network
  • Network
    • firewall
    • ipv4
    • ipv6
  • 2.7.1. Connections
    • TCP4Connection
    • TCP6Connection
  • 2.7.2. Firewall
    • Firewall
    • FirewallRule
• 2.8. Service
  • 2.8.1. ServiceManager
    • ServiceManager
  • 2.8.2. Service
    • Service
• 2.9. Volume – The logical drives
  • LogicalDrive
    • name
    • handle
    • path
    • type
    • wait()
• 2.10. WMI – Make request to WMI
  • 2.10.1. WmiManager
    • WmiManager
  • 2.10.2. WmiNamespace
    • WmiNamespace
  • 2.10.3. WmiObject
    • WmiObject
  • 2.10.4. WmiCallResult
    • WmiCallResult
  • 2.10.5. WmiEnumeration
    • WmiEnumeration
• 2.11. Handle – Processes handles
  • Handle
    • infos
    • local_handle
    • name
    • process
    • type
• 2.12. System Module – Loaded kernel modules
  • 2.12.1. SystemModule
    • SystemModule
  • 2.12.2. SystemModuleWow64
    • SystemModuleWow64
  • 2.12.3. BaseSystemModule
    • BaseSystemModule
• 2.13. Object Manager – Kernel objects
  • 2.13.1. ObjectManager
    • ObjectManager
  • 2.13.2. KernelObject
    • KernelObject
• 2.14. Device Manager
  • 2.14.1. DeviceManager
    • DeviceManager
  • 2.14.2. DeviceClass
    • DeviceClass
  • 2.14.3. DeviceInformationSet
    • DeviceInformationSet
  • 2.14.4. DeviceInstance
    • DeviceInstance
  • 2.14.5. LogicalConfiguration
    • LogicalConfiguration
  • 2.14.6. ResourceDescriptor
    • ResourceDescriptor
    • 2.14.6.1. Concrete ResourceDescriptor
• 2.15. Task scheduler
  • 2.15.1. TaskService
    • TaskService
  • 2.15.2. TaskFolder
    • TaskFolder
  • 2.15.3. Task
    • Task
  • 2.15.4. TaskDefinition
    • TaskDefinition
    • 2.15.4.1. TaskPrincipal
    • 2.15.4.2. TaskRegistrationInfo
  • 2.15.5. Action
    • 2.15.5.1. Action
    • 2.15.5.2. ExecAction
    • 2.15.5.3. ComHandlerAction
  • 2.15.6. Trigger
    • Trigger
  • 2.15.7. Collections
    • 2.15.7.1. TaskFolderCollection
    • 2.15.7.2. TaskCollection
    • 2.15.7.3. ActionCollection
    • 2.15.7.4. TriggerCollection
• 2.16. Event Log
  • 2.16.1. EvtlogManager
    • EvtlogManager
  • 2.16.2. Channel
    • 2.16.2.1. EvtChannel
    • 2.16.2.2. ChannelConfig
  • 2.16.3. Publisher
    • 2.16.3.1. EvtPublisher
    • 2.16.3.2. PublisherMetadata
  • 2.16.4. EvtFile
    • EvtFile
  • 2.16.5. Event
    • 2.16.5.1. EvtEvent
    • 2.16.5.2. EventMetadata
    • 2.16.5.3. EvtQuery
  • 2.16.6. TODO
    • PropertyArray
• 2.17. ETW – Event Tracing for Windows
  • 2.17.1. EtwManager
    • EtwManager
  • 2.17.2. Tracing Events
    • 2.17.2.1. EtwTrace
    • 2.17.2.2. EventTraceProperties
    • 2.17.2.3. EventRecord