Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Package win32 :: Module ntdll
[hide private]
[frames] | no frames]

Module ntdll

source code

Wrapper for ntdll.dll in ctypes.

Classes [hide private]
  CURDIR
  PTEB
  PEXCEPTION_REGISTRATION_RECORD
  RTL_ACTIVATION_CONTEXT_STACK_FRAME
  PTEB_ACTIVE_FRAME
  GDI_TEB_BATCH
  Wx86ThreadState
  PRTL_CRITICAL_SECTION
  PPEBLOCKROUTINE
  PNTTIB
  PPEB_FREE_BLOCK
  PRTL_USER_PROCESS_PARAMETERS
  RTL_CRITICAL_SECTION
  EXCEPTION_DISPOSITION
  TEB_ACTIVE_FRAME_CONTEXT
  PTEB_ACTIVE_FRAME_CONTEXT
  PEB_FREE_BLOCK
  CLIENT_ID
  RTL_CRITICAL_SECTION_DEBUG
  PPEB
  RTL_DRIVE_LETTER_CURDIR
  TEB_ACTIVE_FRAME
  NT_TIB
  PPS_POST_PROCESS_INIT_ROUTINE
  PEB
  PRTL_CRITICAL_SECTION_DEBUG
  PEB_32
  EXCEPTION_REGISTRATION_RECORD
  PPEB_LDR_DATA
  PROCESSOR_NUMBER
  PEB_LDR_DATA
  ACTIVATION_CONTEXT_STACK
  PEXCEPTION_DISPOSITION
  LDR_MODULE
  TEB
  RTL_USER_PROCESS_PARAMETERS
  SYSDBG_COMMAND
  PROCESSINFOCLASS
  THREADINFOCLASS
  FILE_INFORMATION_CLASS
  PROCESS_BASIC_INFORMATION
  THREAD_BASIC_INFORMATION
  FILE_NAME_INFORMATION
  SYSDBG_MSR
  IO_STATUS_BLOCK
  PIO_STATUS_BLOCK
Functions [hide private]
 
RtlNtStatusToDosError(Status) source code
 
NtSystemDebugControl(Command, InputBuffer=None, InputBufferLength=None, OutputBuffer=None, OutputBufferLength=None) source code
 
ZwSystemDebugControl(Command, InputBuffer=None, InputBufferLength=None, OutputBuffer=None, OutputBufferLength=None) source code
 
NtQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformationLength=None) source code
 
ZwQueryInformationProcess(ProcessHandle, ProcessInformationClass, ProcessInformationLength=None) source code
 
NtQueryInformationThread(ThreadHandle, ThreadInformationClass, ThreadInformationLength=None) source code
 
ZwQueryInformationThread(ThreadHandle, ThreadInformationClass, ThreadInformationLength=None) source code
 
NtQueryInformationFile(FileHandle, FileInformationClass, FileInformation, Length) source code
 
ZwQueryInformationFile(FileHandle, FileInformationClass, FileInformation, Length) source code
 
CsrGetProcessId() source code
Variables [hide private]
  __revision__ = '$Id: ntdll.py 1299 2013-12-20 09:30:55Z qvasim...
  ERROR_CANNOT_DETECT_PROCESS_ABORT = 1081
  STANDARD_RIGHTS_WRITE = 131072
  ERROR_PROC_NOT_FOUND = 127
  ERROR_ENVVAR_NOT_FOUND = 203
  FLG_HEAP_VALIDATE_PARAMETERS = 64
  ERROR_CONTROL_C_EXIT = 572
  ERROR_DBG_REPLY_LATER = 689
  ERROR_CALL_NOT_IMPLEMENTED = 120
  ERROR_INVALID_PARAMETER = 87
  ANYSIZE_ARRAY = 1
  ImageUsesLargePages = 1
  ERROR_FILE_NOT_FOUND = 2
  ERROR_DBG_CONTROL_BREAK = 696
  ERROR_SERVICE_NEVER_STARTED = 1077
  ERROR_WOW_ASSERTION = 670
  ERROR_NOT_ENOUGH_MEMORY = 8
  FLG_HEAP_ENABLE_TAIL_CHECK = 16
  ERROR_DBG_TERMINATE_THREAD = 691
  FLG_ENABLE_HANDLE_TYPE_TAGGING = 16777216
  ERROR_INSUFFICIENT_BUFFER = 122
  DbgSafeThunkCall = 1
  ERROR_HANDLE_DISK_FULL = 39
  ERROR_BAD_LENGTH = 24
  RtlDisableUserStackWalk = 256
  ERROR_SERVICE_DEPENDENCY_FAIL = 1068
  FLG_HEAP_PAGE_ALLOCS = 33554432
  FLG_HEAP_ENABLE_CALL_TRACING = 1048576
  FLG_POOL_ENABLE_TAIL_CHECK = 256
  STANDARD_RIGHTS_REQUIRED = 983040
  ERROR_INVALID_ADDRESS = 487
  FLG_DISABLE_PAGE_KERNEL_STACKS = 524288
  ERROR_SERVICE_NOT_ACTIVE = 1062
  DbgSuppressDebugMsg = 128
  ProcessUsingVEH = 4
  ERROR_PARTIAL_COPY = 299
  ERROR_THREAD_NOT_IN_PROCESS = 566
  ERROR_DIR_NOT_EMPTY = 145
  FLG_DEBUG_INITIAL_COMMAND = 4
  ProcessUsingFTH = 16
  ERROR_NO_RECOVERY_PROGRAM = 1082
  IsImageDynamicallyRelocated = 8
  INFINITE = -1
  ERROR_DBG_EXCEPTION_HANDLED = 766
  ERROR_MOD_NOT_FOUND = 126
  ERROR_SERVICE_START_HANG = 1070
  ERROR_BUFFER_OVERFLOW = 111
  FLG_ENABLE_DBGPRINT_BUFFERING = 134217728
  DbgWerInShipAssertCode = 16
  TRUE = 1
  ERROR_ALREADY_EXISTS = 183
  FLG_EARLY_CRITICAL_SECTION_EVT = 268435456
  ERROR_DIFFERENT_SERVICE_ACCOUNT = 1079
  WIN32_VERBOSE_MODE = False
  ERROR_INVALID_HANDLE = 6
  ERROR_INVALID_FUNCTION = 1
  ERROR_BAD_THREADID_ADDR = 159
  FLG_ENABLE_EXCEPTION_LOGGING = 8388608
  ERROR_INVALID_NAME = 123
  DELETE = 65536
  MAX_MODULE_NAME32 = 255
  ERROR_DBG_CONTROL_C = 693
  ERROR_SERVICE_EXISTS = 1073
  IsLegacyProcess = 4
  SPECIFIC_RIGHTS_ALL = 65535
  FLG_VALID_BITS = 4194303
  FLG_POOL_ENABLE_TAGGING = 1024
  ERROR_SERVICE_LOGON_FAILED = 1069
  ERROR_DATABASE_DOES_NOT_EXIST = 1065
  ERROR_INVALID_SERVICE_LOCK = 1071
  ERROR_PROCESS_ABORTED = 1067
  STANDARD_RIGHTS_EXECUTE = 131072
  FALSE = 0
  ProcessUsingVCH = 8
  WinFuncHook
  ERROR_DISK_FULL = 112
  ERROR_ELEVATION_REQUIRED = 740
  ERROR_SERVICE_DEPENDENCY_DELETED = 1075
  ERROR_DBG_RIPEXCEPTION = 695
  ERROR_DBG_TERMINATE_PROCESS = 692
  ERROR_DBG_EXCEPTION_NOT_HANDLED = 688
  FLG_DISABLE_DLL_VERIFICATION = 2147483648
  READ_CONTROL = 131072
  DbgClonedThread = 64
  FLG_HEAP_ENABLE_FREE_CHECK = 32
  ERROR_DBG_PRINTEXCEPTION_C = 694
  ERROR_UNHANDLED_EXCEPTION = 574
  FLG_USER_STACK_TRACE_DB = 4096
  ERROR_NOT_SUPPORTED = 50
  ERROR_BAD_PATHNAME = 161
  ERROR_MORE_DATA = 234
  ERROR_ACCESS_DENIED = 5
  STANDARD_RIGHTS_ALL = 2031616
  STANDARD_RIGHTS_READ = 131072
  DbgInDebugPrint = 2
  MAX_PATH = 260
  ERROR_DBG_CONTINUE = 767
  ERROR_CIRCULAR_DEPENDENCY = 1059
  ERROR_SERVICE_MARKED_FOR_DELETE = 1072
  WRITE_DAC = 262144
  ERROR_DUPLICATE_SERVICE_NAME = 1078
  ERROR_FILENAME_EXCED_RANGE = 206
  ERROR_BAD_ARGUMENTS = 160
  WRITE_OWNER = 524288
  WinCallHook
  FLG_HEAP_ENABLE_TAGGING = 2048
  FLG_MAINTAIN_OBJECT_TYPELIST = 16384
  ERROR_SERVICE_CANNOT_ACCEPT_CTRL = 1061
  INVALID_HANDLE_VALUE = 4294967295
  ERROR_SERVICE_DOES_NOT_EXIST = 1060
  ERROR_NO_MORE_FILES = 18
  ERROR_SERVICE_SPECIFIC_ERROR = 1066
  windll = WinDllHook()
  ERROR_HANDLE_EOF = 38
  RtlExceptionAttached = 512
  ProcessInitializing = 2
  FLG_SHOW_LDR_SNAPS = 2
  FLG_HEAP_ENABLE_TAG_BY_DLL = 32768
  ERROR_CANNOT_DETECT_DRIVER_FAILURE = 1080
  DbgRanProcessInit = 32
  RtlInitialThread = 1024
  FLG_STOP_ON_HUNG_GUI = 8
  ERROR_PRIVILEGE_NOT_HELD = 1314
  ERROR_DBG_UNABLE_TO_PROVIDE_HANDLE = 690
  FLG_KERNEL_STACK_TRACE_DB = 8192
  SYNCHRONIZE = 1048576
  FLG_ENABLE_CLOSE_EXCEPTION = 4194304
  ERROR_FAILED_SERVICE_CONTROLLER_CONNECT = 1063
  ERROR_NONE_MAPPED = 1332
  HeapTracingEnabled = 1
  FLG_STOP_ON_EXCEPTION = 1
  RPC_S_SERVER_UNAVAILABLE = 1722
  ERROR_FILE_EXISTS = 80
  ERROR_INVALID_DRIVE = 15
  CritSecTracingEnabled = 2
  ERROR_SERVICE_NOT_IN_EXE = 1083
  ERROR_INVALID_FLAG_NUMBER = 186
  ERROR_SUCCESS = 0
  ERROR_NOT_SAFEBOOT_SERVICE = 1084
  FLG_POOL_ENABLE_FREE_CHECK = 512
  SkipPatchingUser32Forwarders = 16
  DbgSkipThreadAttach = 8
  ERROR_ALREADY_RUNNING_LKG = 1074
  ERROR_EXCEPTION_IN_SERVICE = 1064
  DbgHasFiberData = 4
  ERROR_DEBUGGER_INACTIVE = 1284
  ERROR_PATH_NOT_FOUND = 3
  ERROR_ASSERTION_FAILURE = 668
  os
  FLG_DEBUG_WINLOGON = 67108864
  FLG_ENABLE_CSRDEBUG = 131072
  FLG_ENABLE_KDEBUG_SYMBOL_LOAD = 262144
  ERROR_NOACCESS = 998
  FLG_HEAP_DISABLE_COALESCING = 2097152
  ERROR_BOOT_ALREADY_ACCEPTED = 1076
  FLG_HEAP_VALIDATE_ALL = 128
  WinDllHook
  ERROR_DBG_COMMAND_EXCEPTION = 697
  NULL = None
hash(x)
  ERROR_SEM_TIMEOUT = 121
  IsProtectedProcess = 2
  ProcessInJob = 1
  WAIT_TIMEOUT = 258
  ERROR_NO_MORE_ITEMS = 259
  FLG_IGNORE_DEBUG_PRIV = 65536
  MEM_EXECUTE_OPTION_ENABLE = 1
  MEM_EXECUTE_OPTION_DISABLE = 2
  MEM_EXECUTE_OPTION_ATL7_THUNK_EMULATION = 4
  MEM_EXECUTE_OPTION_PERMANENT = 8
  SystemBasicInformation = 1
  SystemProcessorInformation = 2
  SystemPerformanceInformation = 3
  SystemTimeInformation = 4
  SystemPathInformation = 5
  SystemProcessInformation = 6
  SystemCallInformation = 7
  SystemConfigurationInformation = 8
  SystemProcessorCounters = 9
  SystemGlobalFlag = 10
  SystemInfo10 = 11
  SystemModuleInformation = 12
  SystemLockInformation = 13
  SystemInfo13 = 14
  SystemPagedPoolInformation = 15
  SystemNonPagedPoolInformation = 16
  SystemHandleInformation = 17
  SystemObjectInformation = 18
  SystemPagefileInformation = 19
  SystemInstemulInformation = 20
  SystemInfo20 = 21
  SystemCacheInformation = 22
  SystemPoolTagInformation = 23
  SystemProcessorStatistics = 24
  SystemDpcInformation = 25
  SystemMemoryUsageInformation1 = 26
  SystemLoadImage = 27
  SystemUnloadImage = 28
  SystemTimeAdjustmentInformation = 29
  SystemMemoryUsageInformation2 = 30
  SystemInfo30 = 31
  SystemInfo31 = 32
  SystemCrashDumpInformation = 33
  SystemExceptionInformation = 34
  SystemCrashDumpStateInformation = 35
  SystemDebuggerInformation = 36
  SystemThreadSwitchInformation = 37
  SystemRegistryQuotaInformation = 38
  SystemLoadDriver = 39
  SystemPrioritySeparationInformation = 40
  SystemInfo40 = 41
  SystemInfo41 = 42
  SystemInfo42 = 43
  SystemInfo43 = 44
  SystemTimeZoneInformation = 45
  SystemLookasideInformation = 46
  SystemSetTimeSlipEvent = 47
  SystemCreateSession = 48
  SystemDeleteSession = 49
  SystemInfo49 = 50
  SystemRangeStartInformation = 51
  SystemVerifierInformation = 52
  SystemAddVerifier = 53
  SystemSessionProcessesInformation = 54
  ProcessBasicInformation = 0
  ProcessQuotaLimits = 1
  ProcessIoCounters = 2
  ProcessVmCounters = 3
  ProcessTimes = 4
  ProcessBasePriority = 5
  ProcessRaisePriority = 6
  ProcessDebugPort = 7
  ProcessExceptionPort = 8
  ProcessAccessToken = 9
  ProcessLdtInformation = 10
  ProcessLdtSize = 11
  ProcessDefaultHardErrorMode = 12
  ProcessIoPortHandlers = 13
  ProcessPooledUsageAndLimits = 14
  ProcessWorkingSetWatch = 15
  ProcessUserModeIOPL = 16
  ProcessEnableAlignmentFaultFixup = 17
  ProcessPriorityClass = 18
  ProcessWx86Information = 19
  ProcessHandleCount = 20
  ProcessAffinityMask = 21
  ProcessPriorityBoost = 22
  ProcessWow64Information = 26
  ProcessImageFileName = 27
  ProcessDebugObjectHandle = 30
  ProcessExecuteFlags = 34
  ThreadBasicInformation = 0
  ThreadTimes = 1
  ThreadPriority = 2
  ThreadBasePriority = 3
  ThreadAffinityMask = 4
  ThreadImpersonationToken = 5
  ThreadDescriptorTableEntry = 6
  ThreadEnableAlignmentFaultFixup = 7
  ThreadEventPair = 8
  ThreadQuerySetWin32StartAddress = 9
  ThreadZeroTlsCell = 10
  ThreadPerformanceCount = 11
  ThreadAmILastThread = 12
  ThreadIdealProcessor = 13
  ThreadPriorityBoost = 14
  ThreadSetTlsArrayAddress = 15
  ThreadIsIoPending = 16
  ThreadHideFromDebugger = 17
  ObjectBasicInformation = 0
  ObjectNameInformation = 1
  ObjectTypeInformation = 2
  ObjectAllTypesInformation = 3
  ObjectHandleInformation = 4
  FileDirectoryInformation = 1
  FileFullDirectoryInformation = 2
  FileBothDirectoryInformation = 3
  FileBasicInformation = 4
  FileStandardInformation = 5
  FileInternalInformation = 6
  FileEaInformation = 7
  FileAccessInformation = 8
  FileNameInformation = 9
  FileRenameInformation = 10
  FileLinkInformation = 11
  FileNamesInformation = 12
  FileDispositionInformation = 13
  FilePositionInformation = 14
  FileFullEaInformation = 15
  FileModeInformation = 16
  FileAlignmentInformation = 17
  FileAllInformation = 18
  FileAllocationInformation = 19
  FileEndOfFileInformation = 20
  FileAlternateNameInformation = 21
  FileStreamInformation = 22
  FilePipeInformation = 23
  FilePipeLocalInformation = 24
  FilePipeRemoteInformation = 25
  FileMailslotQueryInformation = 26
  FileMailslotSetInformation = 27
  FileCompressionInformation = 28
  FileCopyOnWriteInformation = 29
  FileCompletionInformation = 30
  FileMoveClusterInformation = 31
  FileQuotaInformation = 32
  FileReparsePointInformation = 33
  FileNetworkOpenInformation = 34
  FileObjectIdInformation = 35
  FileTrackingInformation = 36
  FileOleDirectoryInformation = 37
  FileContentIndexInformation = 38
  FileInheritContentIndexInformation = 37
  FileOleInformation = 39
  FileMaximumInformation = 40
  ExceptionContinueExecution = 0
  ExceptionContinueSearch = 1
  ExceptionNestedException = 2
  ExceptionCollidedUnwind = 3
  SysDbgReadMsr = 16
  SysDbgWriteMsr = 17
  _all = set(['ACTIVATION_CONTEXT_STACK', 'CLIENT_ID', 'CURDIR',...
  __package__ = 'winappdbg.win32'
  _x = 'SystemPerformanceInformation'
Variables Details [hide private]

__revision__

Value:
'$Id: ntdll.py 1299 2013-12-20 09:30:55Z qvasimodo $'

_all

Value:
set(['ACTIVATION_CONTEXT_STACK',
     'CLIENT_ID',
     'CURDIR',
     'CritSecTracingEnabled',
     'CsrGetProcessId',
     'DbgClonedThread',
     'DbgHasFiberData',
     'DbgInDebugPrint',
...

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Fri Dec 20 17:54:47 2013 http://epydoc.sourceforge.net