Package vtrace :: Package platforms :: Module win32
[hide private]
[frames] | no frames]

Module win32

source code

Win32 Platform Module

Classes [hide private]
  MSR
  SERVICE_STATUS_PROCESS
  ENUM_SERVICE_STATUS_PROCESS
  EXCEPTION_RECORD
  EXCEPTION_DEBUG_INFO
  CREATE_THREAD_DEBUG_INFO
  CREATE_PROCESS_DEBUG_INFO
  EXIT_THREAD_DEBUG_INFO
  EXIT_PROCESS_DEBUG_INFO
  LOAD_DLL_DEBUG_INFO
  UNLOAD_DLL_DEBUG_INFO
  OUTPUT_DEBUG_STRING_INFO
  RIP_INFO
  DBG_EVENT_UNION
  DEBUG_EVENT
  FloatSavex86
  CONTEXTx64
  M128A
  ExtendedXmmx86
  CONTEXTx86
  MEMORY_BASIC_INFORMATION
  STARTUPINFO
Passed into CreateProcess
  PROCESS_INFORMATION
  SYMBOL_INFO
  IMAGEHLP_MODULE64
  IMAGEHLP_STACK_FRAME
  IMAGE_DEBUG_DIRECTORY
  SYSTEM_HANDLE
  UNICODE_STRING
  OBJECT_TYPE_INFORMATION
  LUID
  TOKEN_PRIVILEGES
  WindowsMixin
A mixin to handle all non-arch specific win32 stuff.
  Windowsi386Trace
  WindowsAmd64Trace
  VARIANT_guts
  VARIANT
  Win32SymbolParser
Functions [hide private]
 
wrmsr(msrid, value) source code
 
rdmsr(msrid) source code
 
getFormatMessage(err, isNtStatusCode)
Given an error code look up via win32 FormatMessage API.
source code
 
getServicesList()
Get a list of (pid, servicename, displayname) tuples for the currently running services.
source code
 
getTokenElevationType(handle=-1) source code
 
getDebugPrivileges() source code
 
buildSystemHandleInformation(count)
Dynamically build the structure definition for the handle info list.
source code
 
buildFindChildrenParams(count) source code
 
raiseWin32Error(name) source code
 
GetModuleFileNameEx(phandle, mhandle) source code
Variables [hide private]
  platdir = os.path.dirname(__file__)
  LPVOID = c_size_t
  HANDLE = c_size_t
  SIZE_T = c_size_t
  QWORD = c_ulonglong
  DWORD = c_ulong
  WORD = c_ushort
  BOOL = c_ulong
  BYTE = c_ubyte
  NULL = 0
  INFINITE = 0xffffffff
  EXCEPTION_MAXIMUM_PARAMETERS = 15
  EXCEPTION_DEBUG_EVENT = 1
  CREATE_THREAD_DEBUG_EVENT = 2
  CREATE_PROCESS_DEBUG_EVENT = 3
  EXIT_THREAD_DEBUG_EVENT = 4
  EXIT_PROCESS_DEBUG_EVENT = 5
  LOAD_DLL_DEBUG_EVENT = 6
  UNLOAD_DLL_DEBUG_EVENT = 7
  OUTPUT_DEBUG_STRING_EVENT = 8
  RIP_EVENT = 9
  SYMFLAG_VALUEPRESENT = 0x00000001
  SYMFLAG_REGISTER = 0x00000008
  SYMFLAG_REGREL = 0x00000010
  SYMFLAG_FRAMEREL = 0x00000020
  SYMFLAG_PARAMETER = 0x00000040
  SYMFLAG_LOCAL = 0x00000080
  SYMFLAG_CONSTANT = 0x00000100
  SYMFLAG_EXPORT = 0x00000200
  SYMFLAG_FORWARDER = 0x00000400
  SYMFLAG_FUNCTION = 0x00000800
  SYMFLAG_VIRTUAL = 0x00001000
  SYMFLAG_THUNK = 0x00002000
  SYMFLAG_TLSREL = 0x00004000
  SYMOPT_CASE_INSENSITIVE = 0x00000001
  SYMOPT_UNDNAME = 0x00000002
  SYMOPT_DEFERRED_LOADS = 0x00000004
  SYMOPT_NO_CPP = 0x00000008
  SYMOPT_LOAD_LINES = 0x00000010
  SYMOPT_OMAP_FIND_NEAREST = 0x00000020
  SYMOPT_LOAD_ANYTHING = 0x00000040
  SYMOPT_IGNORE_CVREC = 0x00000080
  SYMOPT_NO_UNQUALIFIED_LOADS = 0x00000100
  SYMOPT_FAIL_CRITICAL_ERRORS = 0x00000200
  SYMOPT_EXACT_SYMBOLS = 0x00000400
  SYMOPT_ALLOW_ABSOLUTE_SYMBOLS = 0x00000800
  SYMOPT_IGNORE_NT_SYMPATH = 0x00001000
  SYMOPT_INCLUDE_32BIT_MODULES = 0x00002000
  SYMOPT_PUBLICS_ONLY = 0x00004000
  SYMOPT_NO_PUBLICS = 0x00008000
  SYMOPT_AUTO_PUBLICS = 0x00010000
  SYMOPT_NO_IMAGE_SEARCH = 0x00020000
  SYMOPT_SECURE = 0x00040000
  SYMOPT_NO_PROMPTS = 0x00080000
  SYMOPT_OVERWRITE = 0x00100000
  SYMOPT_DEBUG = 0x80000000
  EXCEPTION_WAIT_0 = 0x00000000L
  EXCEPTION_ABANDONED_WAIT_0 = 0x00000080L
  EXCEPTION_USER_APC = 0x000000C0L
  EXCEPTION_TIMEOUT = 0x00000102L
  EXCEPTION_PENDING = 0x00000103L
  DBG_EXCEPTION_HANDLED = 0x00010001L
  DBG_CONTINUE = 0x00010002L
  EXCEPTION_SEGMENT_NOTIFICATION = 0x40000005L
  DBG_TERMINATE_THREAD = 0x40010003L
  DBG_TERMINATE_PROCESS = 0x40010004L
  DBG_CONTROL_C = 0x40010005L
  DBG_CONTROL_BREAK = 0x40010008L
  DBG_COMMAND_EXCEPTION = 0x40010009L
  EXCEPTION_GUARD_PAGE_VIOLATION = 0x80000001L
  EXCEPTION_DATATYPE_MISALIGNMENT = 0x80000002L
  EXCEPTION_BREAKPOINT = 0x80000003L
  EXCEPTION_SINGLE_STEP = 0x80000004L
  DBG_EXCEPTION_NOT_HANDLED = 0x80010001L
  STATUS_BUFFER_OVERFLOW = 0x80000005L
  STATUS_SUCCESS = 0x00000000L
  STATUS_INFO_LENGTH_MISMATCH = 0xC0000004L
  EXCEPTION_ACCESS_VIOLATION = 0xC0000005L
  EXCEPTION_IN_PAGE_ERROR = 0xC0000006L
  EXCEPTION_INVALID_HANDLE = 0xC0000008L
  EXCEPTION_NO_MEMORY = 0xC0000017L
  EXCEPTION_ILLEGAL_INSTRUCTION = 0xC000001DL
  EXCEPTION_NONCONTINUABLE_EXCEPTION = 0xC0000025L
  EXCEPTION_INVALID_DISPOSITION = 0xC0000026L
  EXCEPTION_ARRAY_BOUNDS_EXCEEDED = 0xC000008CL
  EXCEPTION_FLOAT_DENORMAL_OPERAND = 0xC000008DL
  EXCEPTION_FLOAT_DIVIDE_BY_ZERO = 0xC000008EL
  EXCEPTION_FLOAT_INEXACT_RESULT = 0xC000008FL
  EXCEPTION_FLOAT_INVALID_OPERATION = 0xC0000090L
  EXCEPTION_FLOAT_OVERFLOW = 0xC0000091L
  EXCEPTION_FLOAT_STACK_CHECK = 0xC0000092L
  EXCEPTION_FLOAT_UNDERFLOW = 0xC0000093L
  EXCEPTION_INTEGER_DIVIDE_BY_ZERO = 0xC0000094L
  EXCEPTION_INTEGER_OVERFLOW = 0xC0000095L
  EXCEPTION_PRIVILEGED_INSTRUCTION = 0xC0000096L
  EXCEPTION_STACK_OVERFLOW = 0xC00000FDL
  EXCEPTION_CONTROL_C_EXIT = 0xC000013AL
  EXCEPTION_FLOAT_MULTIPLE_FAULTS = 0xC00002B4L
  EXCEPTION_FLOAT_MULTIPLE_TRAPS = 0xC00002B5L
  EXCEPTION_REG_NAT_CONSUMPTION = 0xC00002C9L
  CONTEXT_i386 = 0x00010000
  CONTEXT_i486 = 0x00010000
  CONTEXT_AMD64 = 0x00100000
  CONTEXT_CONTROL = 0x00000001L
  CONTEXT_INTEGER = 0x00000002L
  CONTEXT_SEGMENTS = 0x00000004L
  CONTEXT_FLOATING_POINT = 0x00000008L
  CONTEXT_DEBUG_REGISTERS = 0x00000010L
  CONTEXT_EXTENDED_REGISTERS = 0x00000020L
  CONTEXT_FULL = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEG...
  CONTEXT_ALL = CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGM...
  THREAD_ALL_ACCESS = 0x001f03ff
  PROCESS_ALL_ACCESS = 0x001f0fff
  PAGE_NOACCESS = 0x01
  PAGE_READONLY = 0x02
  PAGE_READWRITE = 0x04
  PAGE_WRITECOPY = 0x08
  PAGE_EXECUTE = 0x10
  PAGE_EXECUTE_READ = 0x20
  PAGE_EXECUTE_READWRITE = 0x40
  PAGE_EXECUTE_WRITECOPY = 0x80
  PAGE_GUARD = 0x100
  PAGE_NOCACHE = 0x200
  PAGE_WRITECOMBINE = 0x400
  perm_lookup = {PAGE_NOACCESS: 0, PAGE_READONLY: e_mem.MM_READ,...
  perm_rev_lookup = {0: PAGE_NOACCESS, e_mem.MM_READ: PAGE_READO...
  MEM_COMMIT = 0x1000
  MEM_FREE = 0x10000
  MEM_RESERVE = 0x2000
  MEM_IMAGE = 0x1000000
  MEM_MAPPED = 0x40000
  MEM_PRIVATE = 0x20000
  DEBUG_ONLY_THIS_PROCESS = 0x02
  MAX_PATH = 260
  SysDbgQueryModuleInformation = 0
  SysDbgQueryTraceInformation = 1
  SysDbgSetTracepoint = 2
  SysDbgSetSpecialCall = 3
  SysDbgClearSpecialCalls = 4
  SysDbgQuerySpecialCalls = 5
  SysDbgBreakPoint = 6
  SysDbgQueryVersion = 7
  SysDbgReadVirtual = 8
  SysDbgWriteVirtual = 9
  SysDbgReadPhysical = 10
  SysDbgWritePhysical = 11
  SysDbgReadControlSpace = 12
  SysDbgWriteControlSpace = 13
  SysDbgReadIoSpace = 14
  SysDbgWriteIoSpace = 15
  SysDbgReadMsr = 16
  SysDbgWriteMsr = 17
  SysDbgReadBusData = 18
  SysDbgWriteBusData = 19
  SysDbgCheckLowMemory = 20
  SysDbgEnableKernelDebugger = 21
  SysDbgDisableKernelDebugger = 22
  SysDbgGetAutoKdEnable = 23
  SysDbgSetAutoKdEnable = 24
  SysDbgGetPrintBufferSize = 25
  SysDbgSetPrintBufferSize = 26
  SysDbgGetKdUmExceptionEnable = 27
  SysDbgSetKdUmExceptionEnable = 28
  SysDbgGetTriageDump = 29
  SysDbgGetKdBlockEnable = 30
  SysDbgSetKdBlockEnable = 31
  SysDbgRegisterForUmBreakInfo = 32
  SysDbgGetUmBreakPid = 33
  SysDbgClearUmBreakPid = 34
  SysDbgGetUmAttachPid = 35
  SysDbgClearUmAttachPid = 36
  SC_MANAGER_ALL_ACCESS = 0xF003F
  SC_MANAGER_CREATE_SERVICE = 0x0002
  SC_MANAGER_CONNECT = 0x0001
  SC_MANAGER_ENUMERATE_SERVICE = 0x0004
  SC_MANAGER_LOCK = 0x0008
  SC_MANAGER_MODIFY_BOOT_CONFIG = 0x0020
  SC_MANAGER_QUERY_LOCK_STATUS = 0x0010
  SC_ENUM_PROCESS_INFO = 0
  SERVICE_WIN32 = 0x30
  SERVICE_ACTIVE = 0x01
  SERVICE_INNACTIVE = 0x02
  SERVICE_STATE_ALL = 0x03
  IMAGE_DIRECTORY_ENTRY_EXPORT = 0
  IMAGE_DIRECTORY_ENTRY_IMPORT = 1
  IMAGE_DIRECTORY_ENTRY_RESOURCE = 2
  IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3
  IMAGE_DIRECTORY_ENTRY_SECURITY = 4
  IMAGE_DIRECTORY_ENTRY_BASERELOC = 5
  IMAGE_DIRECTORY_ENTRY_DEBUG = 6
  IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7
  IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7
  IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8
  IMAGE_DIRECTORY_ENTRY_TLS = 9
  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10
  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11
  IMAGE_DIRECTORY_ENTRY_IAT = 12
  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13
  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14
  IMAGE_DEBUG_TYPE_UNKNOWN = 0
  IMAGE_DEBUG_TYPE_COFF = 1
  IMAGE_DEBUG_TYPE_CODEVIEW = 2
  IMAGE_DEBUG_TYPE_FPO = 3
  IMAGE_DEBUG_TYPE_MISC = 4
  IMAGE_DEBUG_TYPE_EXCEPTION = 5
  IMAGE_DEBUG_TYPE_FIXUP = 6
  IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7
  IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8
  IMAGE_DEBUG_TYPE_BORLAND = 9
  IMAGE_DEBUG_TYPE_RESERVED10 = 10
  IMAGE_DEBUG_TYPE_CLSID = 11
  SSRVOPT_CALLBACK = 0x0001
  SSRVOPT_DWORD = 0x0002
  SSRVOPT_DWORDPTR = 0x0004
  SSRVOPT_GUIDPTR = 0x0008
  SSRVOPT_OLDGUIDPTR = 0x0010
  SSRVOPT_UNATTENDED = 0x0020
  SSRVOPT_NOCOPY = 0x0040
  SSRVOPT_PARENTWIN = 0x0080
  SSRVOPT_PARAMTYPE = 0x0100
  SSRVOPT_SECURE = 0x0200
  SSRVOPT_TRACE = 0x0400
  SSRVOPT_SETCONTEXT = 0x0800
  SSRVOPT_PROXY = 0x1000
  SSRVOPT_DOWNSTREAM_STORE = 0x2000
  TI_GET_SYMTAG = 0
  TI_GET_SYMNAME = 1
  TI_GET_LENGTH = 2
  TI_GET_TYPE = 3
  TI_GET_TYPEID = 4
  TI_GET_BASETYPE = 5
  TI_GET_ARRAYINDEXTYPEID = 6
  TI_FINDCHILDREN = 7
  TI_GET_DATAKIND = 8
  TI_GET_ADDRESSOFFSET = 9
  TI_GET_OFFSET = 10
  TI_GET_VALUE = 11
  TI_GET_COUNT = 12
  TI_GET_CHILDRENCOUNT = 13
  TI_GET_BITPOSITION = 14
  TI_GET_VIRTUALBASECLASS = 15
  TI_GET_VIRTUALTABLESHAPEID = 16
  TI_GET_VIRTUALBASEPOINTEROFFSET = 17
  TI_GET_CLASSPARENTID = 18
  TI_GET_NESTED = 19
  TI_GET_SYMINDEX = 20
  TI_GET_LEXICALPARENT = 21
  TI_GET_ADDRESS = 22
  TI_GET_THISADJUST = 23
  TI_GET_UDTKIND = 24
  TI_IS_EQUIV_TO = 25
  TI_GET_CALLING_CONVENTION = 26
  SymTagNull = 0
  SymTagExe = 1
  SymTagCompiland = 2
  SymTagCompilandDetails = 3
  SymTagCompilandEnv = 4
  SymTagFunction = 5
  SymTagBlock = 6
  SymTagData = 7
  SymTagAnnotation = 8
  SymTagLabel = 9
  SymTagPublicSymbol = 10
  SymTagUDT = 11
  SymTagEnum = 12
  SymTagFunctionType = 13
  SymTagPointerType = 14
  SymTagArrayType = 15
  SymTagBaseType = 16
  SymTagTypedef = 17
  SymTagBaseClass = 18
  SymTagFriend = 19
  SymTagFunctionArgType = 20
  SymTagFuncDebugStart = 21
  SymTagFuncDebugEnd = 22
  SymTagUsingNamespace = 23
  SymTagVTableShape = 24
  SymTagVTable = 25
  SymTagCustom = 26
  SymTagThunk = 27
  SymTagCustomType = 28
  SymTagManagedType = 29
  SymTagDimension = 30
  SymTagMax = 31
  NT_LIST_HANDLES = 16
  ACCESS_MASK = c_ulong
  PSYSTEM_HANDLE = POINTER(SYSTEM_HANDLE)
  ObjectBasicInformation = 0
  ObjectNameInformation = 1
  ObjectTypeInformation = 2
  ObjectAllTypesInformation = 3
  ObjectHandleInformation = 4
  ProcessBasicInformation = 0
  ProcessDebugPort = 7
  ProcessWow64Information = 26
  ProcessImageFileName = 27
  ProcessExecuteFlags = 34
  PUNICODE_STRING = POINTER(UNICODE_STRING)
  object_type_map = {"File": vtrace.FD_FILE, "Directory": vtrace...
  kernel32 = windll.kernel32
  IsWow64Process = getattr(kernel32, 'IsWow64Process', None)
  psapi = windll.psapi
  ntdll = windll.ntdll
  SYMCALLBACK = WINFUNCTYPE(BOOL, POINTER(SYMBOL_INFO), c_ulong,...
  PDBCALLBACK = WINFUNCTYPE(BOOL, c_char_p, LPVOID)
  arch_name = envi.getCurrentArch()
  symsrv = windll.LoadLibrary(os.path.join(platdir, "windll", ar...
  dbghelp = windll.LoadLibrary(os.path.join(platdir, "windll", a...
  advapi32 = windll.advapi32
  x = ...
  SE_PRIVILEGE_ENABLED = 0x00000002
  TOKEN_ADJUST_PRIVILEGES = 0x00000020
  TOKEN_QUERY = 0x00000008
  dbgprivdone = False
  TokenUser = 1
  TokenGroups = 2
  TokenPrivileges = 3
  TokenOwner = 4
  TokenPrimaryGroup = 5
  TokenDefaultDacl = 6
  TokenSource = 7
  TokenType = 8
  TokenImpersonationLevel = 9
  TokenStatistics = 10
  TokenRestrictedSids = 11
  TokenSessionId = 12
  TokenGroupsAndPrivileges = 13
  TokenSessionReference = 14
  TokenSandBoxInert = 15
  TokenAuditPolicy = 16
  TokenOrigin = 17
  TokenElevationType = 18
  TokenLinkedToken = 19
  TokenElevation = 20
  TokenHasRestrictions = 21
  TokenAccessInformation = 22
  TokenVirtualizationAllowed = 23
  TokenVirtualizationEnabled = 24
  TokenIntegrityLevel = 25
  TokenUIAccess = 26
  TokenMandatoryPolicy = 27
  TokenLogonSid = 28
  MaxTokenInfoClass = 29
  TokenElevationTypeDefault = 1
  TokenElevationTypeFull = 2
  TokenElevationTypeLimited = 3
  av_einfo_perms = [e_mem.MM_READ, e_mem.MM_WRITE, None, None, N...
  reserved = {'None': True, 'True': True, 'False': True,}
  VT_EMPTY = 0
  VT_NULL = 1
  VT_I2 = 2
  VT_I4 = 3
  VT_R4 = 4
  VT_R8 = 5
  VT_CY = 6
  VT_DATE = 7
  VT_BSTR = 8
  VT_DISPATCH = 9
  VT_ERROR = 10
  VT_BOOL = 11
  VT_VARIANT = 12
  VT_UNKNOWN = 13
  VT_I1 = 16
  VT_UI1 = 17
  VT_UI2 = 18
  VT_UI4 = 19
  VT_INT = 20
  VT_UINT = 21
Variables Details [hide private]

CONTEXT_FULL

Value:
CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS

CONTEXT_ALL

Value:
CONTEXT_CONTROL | CONTEXT_INTEGER | CONTEXT_SEGMENTS | CONTEXT_FLOATIN\
G_POINT | CONTEXT_DEBUG_REGISTERS | CONTEXT_EXTENDED_REGISTERS

perm_lookup

Value:
{PAGE_NOACCESS: 0, PAGE_READONLY: e_mem.MM_READ, PAGE_READWRITE: e_mem\
.MM_READ | e_mem.MM_WRITE, PAGE_WRITECOPY: e_mem.MM_READ | e_mem.MM_WR\
ITE, PAGE_EXECUTE: e_mem.MM_EXEC, PAGE_EXECUTE_READ: e_mem.MM_EXEC | e\
_mem.MM_READ, PAGE_EXECUTE_READWRITE: e_mem.MM_EXEC | e_mem.MM_READ | \
e_mem.MM_WRITE, PAGE_EXECUTE_WRITECOPY: e_mem.MM_EXEC | e_mem.MM_READ \
| e_mem.MM_WRITE,}

perm_rev_lookup

Value:
{0: PAGE_NOACCESS, e_mem.MM_READ: PAGE_READONLY, e_mem.MM_READ | e_mem\
.MM_WRITE: PAGE_READWRITE, e_mem.MM_EXEC: PAGE_EXECUTE, e_mem.MM_EXEC \
| e_mem.MM_READ: PAGE_EXECUTE_READ, e_mem.MM_EXEC | e_mem.MM_READ | e_\
mem.MM_WRITE: PAGE_EXECUTE_READWRITE,}

object_type_map

Value:
{"File": vtrace.FD_FILE, "Directory": vtrace.FD_FILE, "Event": vtrace.\
FD_EVENT, "KeyedEvent": vtrace.FD_EVENT, "Mutant": vtrace.FD_LOCK, "Se\
maphore": vtrace.FD_LOCK, "Key": vtrace.FD_REGKEY, "Port": vtrace.FD_U\
NKNOWN, "Section": vtrace.FD_UNKNOWN, "IoCompletion": vtrace.FD_UNKNOW\
N, "Desktop": vtrace.FD_UNKNOWN, "WindowStation": vtrace.FD_UNKNOWN,}

SYMCALLBACK

Value:
WINFUNCTYPE(BOOL, POINTER(SYMBOL_INFO), c_ulong, LPVOID)

symsrv

Value:
windll.LoadLibrary(os.path.join(platdir, "windll", arch_name, "symsrv.\
dll"))

dbghelp

Value:
windll.LoadLibrary(os.path.join(platdir, "windll", arch_name, "dbghelp\
.dll"))

x

Value:
'''
BOOL WINAPI EnumServicesStatusEx(
  __in         SC_HANDLE hSCManager,
  __in         SC_ENUM_TYPE InfoLevel,
  __in         DWORD dwServiceType,
  __in         DWORD dwServiceState,
  __out_opt    LPBYTE lpServices,
  __in         DWORD cbBufSize,
...

av_einfo_perms

Value:
[e_mem.MM_READ, e_mem.MM_WRITE, None, None, None, None, None, None, e_\
mem.MM_EXEC]