winappdbg.win32.defines

Source Code for Module winappdbg.win32.defines

1 #!/usr/bin/env python 2 # -*- coding: utf-8 -*- 3 4 # Copyright (c) 2009-2014, Mario Vilas 5 # All rights reserved. 6 # 7 # Redistribution and use in source and binary forms, with or without 8 # modification, are permitted provided that the following conditions are met: 9 # 10 # * Redistributions of source code must retain the above copyright notice, 11 # this list of conditions and the following disclaimer. 12 # * Redistributions in binary form must reproduce the above copyright 13 # notice,this list of conditions and the following disclaimer in the 14 # documentation and/or other materials provided with the distribution. 15 # * Neither the name of the copyright holder nor the names of its 16 # contributors may be used to endorse or promote products derived from 17 # this software without specific prior written permission. 18 # 19 # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 23 # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 # POSSIBILITY OF SUCH DAMAGE. 30 31 """ 32 Common definitions. 33 """ 34 35 # TODO 36 # + add TCHAR and related types? 37 38 __revision__ = "$Id: defines.py 1299 2013-12-20 09:30:55Z qvasimodo $" 39 40 import ctypes 41 import functools 42 43 #------------------------------------------------------------------------------ 44 45 # Some stuff from ctypes we'll be using very frequently. 46 addressof = ctypes.addressof 47 sizeof = ctypes.sizeof 48 SIZEOF = ctypes.sizeof 49 POINTER = ctypes.POINTER 50 Structure = ctypes.Structure 51 Union = ctypes.Union 52 WINFUNCTYPE = ctypes.WINFUNCTYPE 53 windll = ctypes.windll 54 55 # The IronPython implementation of byref() was giving me problems, 56 # so I'm replacing it with the slower pointer() function. 57 try: 58 ctypes.c_void_p(ctypes.byref(ctypes.c_char())) # this fails in IronPython 59 byref = ctypes.byref 60 except TypeError: 61 byref = ctypes.pointer 62 63 # XXX DEBUG 64 # The following code can be enabled to make the Win32 API wrappers log to 65 # standard output the dll and function names, the parameter values and the 66 # return value for each call. 67 68 ##WIN32_VERBOSE_MODE = True 69 WIN32_VERBOSE_MODE = False 70 71 if WIN32_VERBOSE_MODE:

72 73 - class WinDllHook(object):

74 - def __getattr__(self, name):

75 if name.startswith('_'): 76 return object.__getattr__(self, name) 77 return WinFuncHook(name)

78

79 - class WinFuncHook(object):

80 - def __init__(self, name):

81 self.__name = name

82

83 - def __getattr__(self, name):

84 if name.startswith('_'): 85 return object.__getattr__(self, name) 86 return WinCallHook(self.__name, name)

87

88 - class WinCallHook(object):

89 - def __init__(self, dllname, funcname):

90 self.__dllname = dllname 91 self.__funcname = funcname 92 self.__func = getattr(getattr(ctypes.windll, dllname), funcname)

93

94 - def __copy_attribute(self, attribute):

95 try: 96 value = getattr(self, attribute) 97 setattr(self.__func, attribute, value) 98 except AttributeError: 99 try: 100 delattr(self.__func, attribute) 101 except AttributeError: 102 pass

103

104 - def __call__(self, *argv):

105 self.__copy_attribute('argtypes') 106 self.__copy_attribute('restype') 107 self.__copy_attribute('errcheck') 108 print "-"*10 109 print "%s ! %s %r" % (self.__dllname, self.__funcname, argv) 110 retval = self.__func(*argv) 111 print "== %r" % (retval,) 112 return retval

113 114 windll = WinDllHook() 115 116 #============================================================================== 117 # This is used later on to calculate the list of exported symbols. 118 _all = None 119 _all = set(vars().keys())

120 #============================================================================== 121 122 -def RaiseIfZero(result, func = None, arguments = ()):

123 """ 124 Error checking for most Win32 API calls. 125 126 The function is assumed to return an integer, which is C{0} on error. 127 In that case the C{WindowsError} exception is raised. 128 """ 129 if not result: 130 raise ctypes.WinError() 131 return result

132

133 -def RaiseIfNotZero(result, func = None, arguments = ()):

134 """ 135 Error checking for some odd Win32 API calls. 136 137 The function is assumed to return an integer, which is zero on success. 138 If the return value is nonzero the C{WindowsError} exception is raised. 139 140 This is mostly useful for free() like functions, where the return value is 141 the pointer to the memory block on failure or a C{NULL} pointer on success. 142 """ 143 if result: 144 raise ctypes.WinError() 145 return result

146

147 -def RaiseIfNotErrorSuccess(result, func = None, arguments = ()):

148 """ 149 Error checking for Win32 Registry API calls. 150 151 The function is assumed to return a Win32 error code. If the code is not 152 C{ERROR_SUCCESS} then a C{WindowsError} exception is raised. 153 """ 154 if result != ERROR_SUCCESS: 155 raise ctypes.WinError(result) 156 return result

157

158 -class GuessStringType(object):

159 """ 160 Decorator that guesses the correct version (A or W) to call 161 based on the types of the strings passed as parameters. 162 163 Calls the B{ANSI} version if the only string types are ANSI. 164 165 Calls the B{Unicode} version if Unicode or mixed string types are passed. 166 167 The default if no string arguments are passed depends on the value of the 168 L{t_default} class variable. 169 170 @type fn_ansi: function 171 @ivar fn_ansi: ANSI version of the API function to call. 172 @type fn_unicode: function 173 @ivar fn_unicode: Unicode (wide) version of the API function to call. 174 175 @type t_default: type 176 @cvar t_default: Default string type to use. 177 Possible values are: 178 - type('') for ANSI 179 - type(u'') for Unicode 180 """ 181 182 # ANSI and Unicode types 183 t_ansi = type('') 184 t_unicode = type(u'') 185 186 # Default is ANSI for Python 2.x 187 t_default = t_ansi 188

189 - def __init__(self, fn_ansi, fn_unicode):

190 """ 191 @type fn_ansi: function 192 @param fn_ansi: ANSI version of the API function to call. 193 @type fn_unicode: function 194 @param fn_unicode: Unicode (wide) version of the API function to call. 195 """ 196 self.fn_ansi = fn_ansi 197 self.fn_unicode = fn_unicode 198 199 # Copy the wrapped function attributes. 200 try: 201 self.__name__ = self.fn_ansi.__name__[:-1] # remove the A or W 202 except AttributeError: 203 pass 204 try: 205 self.__module__ = self.fn_ansi.__module__ 206 except AttributeError: 207 pass 208 try: 209 self.__doc__ = self.fn_ansi.__doc__ 210 except AttributeError: 211 pass

212

213 - def __call__(self, *argv, **argd):

214 215 # Shortcut to self.t_ansi 216 t_ansi = self.t_ansi 217 218 # Get the types of all arguments for the function 219 v_types = [ type(item) for item in argv ] 220 v_types.extend( [ type(value) for (key, value) in argd.iteritems() ] ) 221 222 # Get the appropriate function for the default type 223 if self.t_default == t_ansi: 224 fn = self.fn_ansi 225 else: 226 fn = self.fn_unicode 227 228 # If at least one argument is a Unicode string... 229 if self.t_unicode in v_types: 230 231 # If al least one argument is an ANSI string, 232 # convert all ANSI strings to Unicode 233 if t_ansi in v_types: 234 argv = list(argv) 235 for index in xrange(len(argv)): 236 if v_types[index] == t_ansi: 237 argv[index] = unicode(argv[index]) 238 for (key, value) in argd.items(): 239 if type(value) == t_ansi: 240 argd[key] = unicode(value) 241 242 # Use the W version 243 fn = self.fn_unicode 244 245 # If at least one argument is an ANSI string, 246 # but there are no Unicode strings... 247 elif t_ansi in v_types: 248 249 # Use the A version 250 fn = self.fn_ansi 251 252 # Call the function and return the result 253 return fn(*argv, **argd)

254

255 -class DefaultStringType(object):

256 """ 257 Decorator that uses the default version (A or W) to call 258 based on the configuration of the L{GuessStringType} decorator. 259 260 @see: L{GuessStringType.t_default} 261 262 @type fn_ansi: function 263 @ivar fn_ansi: ANSI version of the API function to call. 264 @type fn_unicode: function 265 @ivar fn_unicode: Unicode (wide) version of the API function to call. 266 """ 267

268 - def __init__(self, fn_ansi, fn_unicode):

269 """ 270 @type fn_ansi: function 271 @param fn_ansi: ANSI version of the API function to call. 272 @type fn_unicode: function 273 @param fn_unicode: Unicode (wide) version of the API function to call. 274 """ 275 self.fn_ansi = fn_ansi 276 self.fn_unicode = fn_unicode 277 278 # Copy the wrapped function attributes. 279 try: 280 self.__name__ = self.fn_ansi.__name__[:-1] # remove the A or W 281 except AttributeError: 282 pass 283 try: 284 self.__module__ = self.fn_ansi.__module__ 285 except AttributeError: 286 pass 287 try: 288 self.__doc__ = self.fn_ansi.__doc__ 289 except AttributeError: 290 pass

291

292 - def __call__(self, *argv, **argd):

293 294 # Get the appropriate function based on the default. 295 if GuessStringType.t_default == GuessStringType.t_ansi: 296 fn = self.fn_ansi 297 else: 298 fn = self.fn_unicode 299 300 # Call the function and return the result 301 return fn(*argv, **argd)

302

303 -def MakeANSIVersion(fn):

304 """ 305 Decorator that generates an ANSI version of a Unicode (wide) only API call. 306 307 @type fn: callable 308 @param fn: Unicode (wide) version of the API function to call. 309 """ 310 @functools.wraps(fn) 311 def wrapper(*argv, **argd): 312 t_ansi = GuessStringType.t_ansi 313 t_unicode = GuessStringType.t_unicode 314 v_types = [ type(item) for item in argv ] 315 v_types.extend( [ type(value) for (key, value) in argd.iteritems() ] ) 316 if t_ansi in v_types: 317 argv = list(argv) 318 for index in xrange(len(argv)): 319 if v_types[index] == t_ansi: 320 argv[index] = t_unicode(argv[index]) 321 for key, value in argd.items(): 322 if type(value) == t_ansi: 323 argd[key] = t_unicode(value) 324 return fn(*argv, **argd)

325 return wrapper 326

327 -def MakeWideVersion(fn):

328 """ 329 Decorator that generates a Unicode (wide) version of an ANSI only API call. 330 331 @type fn: callable 332 @param fn: ANSI version of the API function to call. 333 """ 334 @functools.wraps(fn) 335 def wrapper(*argv, **argd): 336 t_ansi = GuessStringType.t_ansi 337 t_unicode = GuessStringType.t_unicode 338 v_types = [ type(item) for item in argv ] 339 v_types.extend( [ type(value) for (key, value) in argd.iteritems() ] ) 340 if t_unicode in v_types: 341 argv = list(argv) 342 for index in xrange(len(argv)): 343 if v_types[index] == t_unicode: 344 argv[index] = t_ansi(argv[index]) 345 for key, value in argd.items(): 346 if type(value) == t_unicode: 347 argd[key] = t_ansi(value) 348 return fn(*argv, **argd)

349 return wrapper 350 351 #--- Types -------------------------------------------------------------------- 352 # http://msdn.microsoft.com/en-us/library/aa383751(v=vs.85).aspx 353 354 # Map of basic C types to Win32 types 355 LPVOID = ctypes.c_void_p 356 CHAR = ctypes.c_char 357 WCHAR = ctypes.c_wchar 358 BYTE = ctypes.c_ubyte 359 SBYTE = ctypes.c_byte 360 WORD = ctypes.c_uint16 361 SWORD = ctypes.c_int16 362 DWORD = ctypes.c_uint32 363 SDWORD = ctypes.c_int32 364 QWORD = ctypes.c_uint64 365 SQWORD = ctypes.c_int64 366 SHORT = ctypes.c_short 367 USHORT = ctypes.c_ushort 368 INT = ctypes.c_int 369 UINT = ctypes.c_uint 370 LONG = ctypes.c_long 371 ULONG = ctypes.c_ulong 372 LONGLONG = ctypes.c_int64 # c_longlong 373 ULONGLONG = ctypes.c_uint64 # c_ulonglong 374 LPSTR = ctypes.c_char_p 375 LPWSTR = ctypes.c_wchar_p 376 INT8 = ctypes.c_int8 377 INT16 = ctypes.c_int16 378 INT32 = ctypes.c_int32 379 INT64 = ctypes.c_int64 380 UINT8 = ctypes.c_uint8 381 UINT16 = ctypes.c_uint16 382 UINT32 = ctypes.c_uint32 383 UINT64 = ctypes.c_uint64 384 LONG32 = ctypes.c_int32 385 LONG64 = ctypes.c_int64 386 ULONG32 = ctypes.c_uint32 387 ULONG64 = ctypes.c_uint64 388 DWORD32 = ctypes.c_uint32 389 DWORD64 = ctypes.c_uint64 390 BOOL = ctypes.c_int 391 FLOAT = ctypes.c_float 392 393 # Map size_t to SIZE_T 394 try: 395 SIZE_T = ctypes.c_size_t 396 SSIZE_T = ctypes.c_ssize_t 397 except AttributeError: 398 # Size of a pointer 399 SIZE_T = {1:BYTE, 2:WORD, 4:DWORD, 8:QWORD}[sizeof(LPVOID)] 400 SSIZE_T = {1:SBYTE, 2:SWORD, 4:SDWORD, 8:SQWORD}[sizeof(LPVOID)] 401 PSIZE_T = POINTER(SIZE_T) 402 403 # Not really pointers but pointer-sized integers 404 DWORD_PTR = SIZE_T 405 ULONG_PTR = SIZE_T 406 LONG_PTR = SIZE_T 407 408 # Other Win32 types, more may be added as needed 409 PVOID = LPVOID 410 PPVOID = POINTER(PVOID) 411 PSTR = LPSTR 412 PWSTR = LPWSTR 413 PCHAR = LPSTR 414 PWCHAR = LPWSTR 415 LPBYTE = POINTER(BYTE) 416 LPSBYTE = POINTER(SBYTE) 417 LPWORD = POINTER(WORD) 418 LPSWORD = POINTER(SWORD) 419 LPDWORD = POINTER(DWORD) 420 LPSDWORD = POINTER(SDWORD) 421 LPULONG = POINTER(ULONG) 422 LPLONG = POINTER(LONG) 423 PDWORD = LPDWORD 424 PDWORD_PTR = POINTER(DWORD_PTR) 425 PULONG = LPULONG 426 PLONG = LPLONG 427 CCHAR = CHAR 428 BOOLEAN = BYTE 429 PBOOL = POINTER(BOOL) 430 LPBOOL = PBOOL 431 TCHAR = CHAR # XXX ANSI by default? 432 UCHAR = BYTE 433 DWORDLONG = ULONGLONG 434 LPDWORD32 = POINTER(DWORD32) 435 LPULONG32 = POINTER(ULONG32) 436 LPDWORD64 = POINTER(DWORD64) 437 LPULONG64 = POINTER(ULONG64) 438 PDWORD32 = LPDWORD32 439 PULONG32 = LPULONG32 440 PDWORD64 = LPDWORD64 441 PULONG64 = LPULONG64 442 ATOM = WORD 443 HANDLE = LPVOID 444 PHANDLE = POINTER(HANDLE) 445 LPHANDLE = PHANDLE 446 HMODULE = HANDLE 447 HINSTANCE = HANDLE 448 HTASK = HANDLE 449 HKEY = HANDLE 450 PHKEY = POINTER(HKEY) 451 HDESK = HANDLE 452 HRSRC = HANDLE 453 HSTR = HANDLE 454 HWINSTA = HANDLE 455 HKL = HANDLE 456 HDWP = HANDLE 457 HFILE = HANDLE 458 HRESULT = LONG 459 HGLOBAL = HANDLE 460 HLOCAL = HANDLE 461 HGDIOBJ = HANDLE 462 HDC = HGDIOBJ 463 HRGN = HGDIOBJ 464 HBITMAP = HGDIOBJ 465 HPALETTE = HGDIOBJ 466 HPEN = HGDIOBJ 467 HBRUSH = HGDIOBJ 468 HMF = HGDIOBJ 469 HEMF = HGDIOBJ 470 HENHMETAFILE = HGDIOBJ 471 HMETAFILE = HGDIOBJ 472 HMETAFILEPICT = HGDIOBJ 473 HWND = HANDLE 474 NTSTATUS = LONG 475 PNTSTATUS = POINTER(NTSTATUS) 476 KAFFINITY = ULONG_PTR 477 RVA = DWORD 478 RVA64 = QWORD 479 WPARAM = DWORD 480 LPARAM = LPVOID 481 LRESULT = LPVOID 482 ACCESS_MASK = DWORD 483 REGSAM = ACCESS_MASK 484 PACCESS_MASK = POINTER(ACCESS_MASK) 485 PREGSAM = POINTER(REGSAM) 486 487 # Since the SID is an opaque structure, let's treat its pointers as void* 488 PSID = PVOID

489 490 # typedef union _LARGE_INTEGER { 491 # struct { 492 # DWORD LowPart; 493 # LONG HighPart; 494 # } ; 495 # struct { 496 # DWORD LowPart; 497 # LONG HighPart; 498 # } u; 499 # LONGLONG QuadPart; 500 # } LARGE_INTEGER, 501 # *PLARGE_INTEGER; 502 503 # XXX TODO 504 505 # typedef struct _FLOAT128 { 506 # __int64 LowPart; 507 # __int64 HighPart; 508 # } FLOAT128; 509 -class FLOAT128 (Structure):

510 _fields_ = [ 511 ("LowPart", QWORD), 512 ("HighPart", QWORD), 513 ]

514 PFLOAT128 = POINTER(FLOAT128)

515 516 # typedef struct DECLSPEC_ALIGN(16) _M128A { 517 # ULONGLONG Low; 518 # LONGLONG High; 519 # } M128A, *PM128A; 520 -class M128A(Structure):

521 _fields_ = [ 522 ("Low", ULONGLONG), 523 ("High", LONGLONG), 524 ]

525 PM128A = POINTER(M128A) 526 527 #--- Constants ---------------------------------------------------------------- 528 529 NULL = None 530 INFINITE = -1 531 TRUE = 1 532 FALSE = 0 533 534 # http://blogs.msdn.com/oldnewthing/archive/2004/08/26/220873.aspx 535 ANYSIZE_ARRAY = 1 536 537 # Invalid handle value is -1 casted to void pointer. 538 try: 539 INVALID_HANDLE_VALUE = ctypes.c_void_p(-1).value #-1 #0xFFFFFFFF 540 except TypeError: 541 if sizeof(ctypes.c_void_p) == 4: 542 INVALID_HANDLE_VALUE = 0xFFFFFFFF 543 elif sizeof(ctypes.c_void_p) == 8: 544 INVALID_HANDLE_VALUE = 0xFFFFFFFFFFFFFFFF 545 else: 546 raise 547 548 MAX_MODULE_NAME32 = 255 549 MAX_PATH = 260 550 551 # Error codes 552 # TODO maybe add more error codes? 553 # if they're too many they could be pickled instead, 554 # or at the very least put in a new file 555 ERROR_SUCCESS = 0 556 ERROR_INVALID_FUNCTION = 1 557 ERROR_FILE_NOT_FOUND = 2 558 ERROR_PATH_NOT_FOUND = 3 559 ERROR_ACCESS_DENIED = 5 560 ERROR_INVALID_HANDLE = 6 561 ERROR_NOT_ENOUGH_MEMORY = 8 562 ERROR_INVALID_DRIVE = 15 563 ERROR_NO_MORE_FILES = 18 564 ERROR_BAD_LENGTH = 24 565 ERROR_HANDLE_EOF = 38 566 ERROR_HANDLE_DISK_FULL = 39 567 ERROR_NOT_SUPPORTED = 50 568 ERROR_FILE_EXISTS = 80 569 ERROR_INVALID_PARAMETER = 87 570 ERROR_BUFFER_OVERFLOW = 111 571 ERROR_DISK_FULL = 112 572 ERROR_CALL_NOT_IMPLEMENTED = 120 573 ERROR_SEM_TIMEOUT = 121 574 ERROR_INSUFFICIENT_BUFFER = 122 575 ERROR_INVALID_NAME = 123 576 ERROR_MOD_NOT_FOUND = 126 577 ERROR_PROC_NOT_FOUND = 127 578 ERROR_DIR_NOT_EMPTY = 145 579 ERROR_BAD_THREADID_ADDR = 159 580 ERROR_BAD_ARGUMENTS = 160 581 ERROR_BAD_PATHNAME = 161 582 ERROR_ALREADY_EXISTS = 183 583 ERROR_INVALID_FLAG_NUMBER = 186 584 ERROR_ENVVAR_NOT_FOUND = 203 585 ERROR_FILENAME_EXCED_RANGE = 206 586 ERROR_MORE_DATA = 234 587 588 WAIT_TIMEOUT = 258 589 590 ERROR_NO_MORE_ITEMS = 259 591 ERROR_PARTIAL_COPY = 299 592 ERROR_INVALID_ADDRESS = 487 593 ERROR_THREAD_NOT_IN_PROCESS = 566 594 ERROR_CONTROL_C_EXIT = 572 595 ERROR_UNHANDLED_EXCEPTION = 574 596 ERROR_ASSERTION_FAILURE = 668 597 ERROR_WOW_ASSERTION = 670 598 599 ERROR_DBG_EXCEPTION_NOT_HANDLED = 688 600 ERROR_DBG_REPLY_LATER = 689 601 ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 690 602 ERROR_DBG_TERMINATE_THREAD = 691 603 ERROR_DBG_TERMINATE_PROCESS = 692 604 ERROR_DBG_CONTROL_C = 693 605 ERROR_DBG_PRINTEXCEPTION_C = 694 606 ERROR_DBG_RIPEXCEPTION = 695 607 ERROR_DBG_CONTROL_BREAK = 696 608 ERROR_DBG_COMMAND_EXCEPTION = 697 609 ERROR_DBG_EXCEPTION_HANDLED = 766 610 ERROR_DBG_CONTINUE = 767 611 612 ERROR_ELEVATION_REQUIRED = 740 613 ERROR_NOACCESS = 998 614 615 ERROR_CIRCULAR_DEPENDENCY = 1059 616 ERROR_SERVICE_DOES_NOT_EXIST = 1060 617 ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 1061 618 ERROR_SERVICE_NOT_ACTIVE = 1062 619 ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 1063 620 ERROR_EXCEPTION_IN_SERVICE = 1064 621 ERROR_DATABASE_DOES_NOT_EXIST = 1065 622 ERROR_SERVICE_SPECIFIC_ERROR = 1066 623 ERROR_PROCESS_ABORTED = 1067 624 ERROR_SERVICE_DEPENDENCY_FAIL = 1068 625 ERROR_SERVICE_LOGON_FAILED = 1069 626 ERROR_SERVICE_START_HANG = 1070 627 ERROR_INVALID_SERVICE_LOCK = 1071 628 ERROR_SERVICE_MARKED_FOR_DELETE = 1072 629 ERROR_SERVICE_EXISTS = 1073 630 ERROR_ALREADY_RUNNING_LKG = 1074 631 ERROR_SERVICE_DEPENDENCY_DELETED = 1075 632 ERROR_BOOT_ALREADY_ACCEPTED = 1076 633 ERROR_SERVICE_NEVER_STARTED = 1077 634 ERROR_DUPLICATE_SERVICE_NAME = 1078 635 ERROR_DIFFERENT_SERVICE_ACCOUNT = 1079 636 ERROR_CANNOT_DETECT_DRIVER_FAILURE = 1080 637 ERROR_CANNOT_DETECT_PROCESS_ABORT = 1081 638 ERROR_NO_RECOVERY_PROGRAM = 1082 639 ERROR_SERVICE_NOT_IN_EXE = 1083 640 ERROR_NOT_SAFEBOOT_SERVICE = 1084 641 642 ERROR_DEBUGGER_INACTIVE = 1284 643 644 ERROR_PRIVILEGE_NOT_HELD = 1314 645 646 ERROR_NONE_MAPPED = 1332 647 648 RPC_S_SERVER_UNAVAILABLE = 1722 649 650 # Standard access rights 651 DELETE = 0x00010000L 652 READ_CONTROL = 0x00020000L 653 WRITE_DAC = 0x00040000L 654 WRITE_OWNER = 0x00080000L 655 SYNCHRONIZE = 0x00100000L 656 STANDARD_RIGHTS_REQUIRED = 0x000F0000L 657 STANDARD_RIGHTS_READ = READ_CONTROL 658 STANDARD_RIGHTS_WRITE = READ_CONTROL 659 STANDARD_RIGHTS_EXECUTE = READ_CONTROL 660 STANDARD_RIGHTS_ALL = 0x001F0000L 661 SPECIFIC_RIGHTS_ALL = 0x0000FFFFL

662 663 #--- Structures --------------------------------------------------------------- 664 665 # typedef struct _LSA_UNICODE_STRING { 666 # USHORT Length; 667 # USHORT MaximumLength; 668 # PWSTR Buffer; 669 # } LSA_UNICODE_STRING, 670 # *PLSA_UNICODE_STRING, 671 # UNICODE_STRING, 672 # *PUNICODE_STRING; 673 -class UNICODE_STRING(Structure):

674 _fields_ = [ 675 ("Length", USHORT), 676 ("MaximumLength", USHORT), 677 ("Buffer", PVOID), 678 ]

679

680 # From MSDN: 681 # 682 # typedef struct _GUID { 683 # DWORD Data1; 684 # WORD Data2; 685 # WORD Data3; 686 # BYTE Data4[8]; 687 # } GUID; 688 -class GUID(Structure):

689 _fields_ = [ 690 ("Data1", DWORD), 691 ("Data2", WORD), 692 ("Data3", WORD), 693 ("Data4", BYTE * 8), 694 ]

695

696 # From MSDN: 697 # 698 # typedef struct _LIST_ENTRY { 699 # struct _LIST_ENTRY *Flink; 700 # struct _LIST_ENTRY *Blink; 701 # } LIST_ENTRY, *PLIST_ENTRY, *RESTRICTED_POINTER PRLIST_ENTRY; 702 -class LIST_ENTRY(Structure):

703 _fields_ = [ 704 ("Flink", PVOID), # POINTER(LIST_ENTRY) 705 ("Blink", PVOID), # POINTER(LIST_ENTRY) 706 ]

707 708 #============================================================================== 709 # This calculates the list of exported symbols. 710 _all = set(vars().keys()).difference(_all) 711 ##__all__ = [_x for _x in _all if not _x.startswith('_')] 712 ##__all__.sort() 713 #============================================================================== 714