Package vtrace :: Package platforms :: Module win32

[frames] | no frames]

Module win32

Win32 Platform Module

Classes

MSR

SERVICE_STATUS_PROCESS

ENUM_SERVICE_STATUS_PROCESS

EXCEPTION_RECORD

EXCEPTION_DEBUG_INFO

CREATE_THREAD_DEBUG_INFO

CREATE_PROCESS_DEBUG_INFO

EXIT_THREAD_DEBUG_INFO

EXIT_PROCESS_DEBUG_INFO

LOAD_DLL_DEBUG_INFO

UNLOAD_DLL_DEBUG_INFO

OUTPUT_DEBUG_STRING_INFO

RIP_INFO

DBG_EVENT_UNION

DEBUG_EVENT

FloatSavex86

CONTEXTx64

M128A

ExtendedXmmx86

CONTEXTx86

MEMORY_BASIC_INFORMATION

STARTUPINFO
Passed into CreateProcess

PROCESS_INFORMATION

SYMBOL_INFO

IMAGEHLP_MODULE64

IMAGEHLP_STACK_FRAME

IMAGE_DEBUG_DIRECTORY

SYSTEM_HANDLE

PSYSTEM_HANDLE

UNICODE_STRING

PUNICODE_STRING

OBJECT_TYPE_INFORMATION

LUID

TOKEN_PRIVILEGES

WindowsMixin
A mixin to handle all non-arch specific win32 stuff.

Windowsi386Trace

WindowsAmd64Trace

VARIANT_guts

VARIANT

Win32SymbolParser

Functions

wrmsr(msrid, value)

source code

rdmsr(msrid)

source code

getServicesList()
Get a list of (pid, servicename, displayname) tuples for the currently running services.

source code

getTokenElevationType(handle=-1)

source code

getDebugPrivileges()

source code

buildSystemHandleInformation(count)
Dynamically build the structure definition for the handle info list.

source code

buildFindChildrenParams(count)

source code

raiseWin32Error(name)

source code

GetModuleFileNameEx(phandle, mhandle)

source code

Variables

platdir = '/home/rdsears/vdb/vtrace/platforms'

NULL = 0

INFINITE = 4294967295

EXCEPTION_MAXIMUM_PARAMETERS = 15

EXCEPTION_DEBUG_EVENT = 1

CREATE_THREAD_DEBUG_EVENT = 2

CREATE_PROCESS_DEBUG_EVENT = 3

EXIT_THREAD_DEBUG_EVENT = 4

EXIT_PROCESS_DEBUG_EVENT = 5

LOAD_DLL_DEBUG_EVENT = 6

UNLOAD_DLL_DEBUG_EVENT = 7

OUTPUT_DEBUG_STRING_EVENT = 8

RIP_EVENT = 9

SYMFLAG_VALUEPRESENT = 1

SYMFLAG_REGISTER = 8

SYMFLAG_REGREL = 16

SYMFLAG_FRAMEREL = 32

SYMFLAG_PARAMETER = 64

SYMFLAG_LOCAL = 128

SYMFLAG_CONSTANT = 256

SYMFLAG_EXPORT = 512

SYMFLAG_FORWARDER = 1024

SYMFLAG_FUNCTION = 2048

SYMFLAG_VIRTUAL = 4096

SYMFLAG_THUNK = 8192

SYMFLAG_TLSREL = 16384

SYMOPT_CASE_INSENSITIVE = 1

SYMOPT_UNDNAME = 2

SYMOPT_DEFERRED_LOADS = 4

SYMOPT_NO_CPP = 8

SYMOPT_LOAD_LINES = 16

SYMOPT_OMAP_FIND_NEAREST = 32

SYMOPT_LOAD_ANYTHING = 64

SYMOPT_IGNORE_CVREC = 128

SYMOPT_NO_UNQUALIFIED_LOADS = 256

SYMOPT_FAIL_CRITICAL_ERRORS = 512

SYMOPT_EXACT_SYMBOLS = 1024

SYMOPT_ALLOW_ABSOLUTE_SYMBOLS = 2048

SYMOPT_IGNORE_NT_SYMPATH = 4096

SYMOPT_INCLUDE_32BIT_MODULES = 8192

SYMOPT_PUBLICS_ONLY = 16384

SYMOPT_NO_PUBLICS = 32768

SYMOPT_AUTO_PUBLICS = 65536

SYMOPT_NO_IMAGE_SEARCH = 131072

SYMOPT_SECURE = 262144

SYMOPT_NO_PROMPTS = 524288

SYMOPT_OVERWRITE = 1048576

SYMOPT_DEBUG = 2147483648

EXCEPTION_WAIT_0 = 0

EXCEPTION_ABANDONED_WAIT_0 = 128

EXCEPTION_USER_APC = 192

EXCEPTION_TIMEOUT = 258

EXCEPTION_PENDING = 259

DBG_EXCEPTION_HANDLED = 65537

DBG_CONTINUE = 65538

EXCEPTION_SEGMENT_NOTIFICATION = 1073741829

DBG_TERMINATE_THREAD = 1073807363

DBG_TERMINATE_PROCESS = 1073807364

DBG_CONTROL_C = 1073807365

DBG_CONTROL_BREAK = 1073807368

DBG_COMMAND_EXCEPTION = 1073807369

EXCEPTION_GUARD_PAGE_VIOLATION = 2147483649

EXCEPTION_DATATYPE_MISALIGNMENT = 2147483650

EXCEPTION_BREAKPOINT = 2147483651

EXCEPTION_SINGLE_STEP = 2147483652

DBG_EXCEPTION_NOT_HANDLED = 2147549185

EXCEPTION_ACCESS_VIOLATION = 3221225477

EXCEPTION_IN_PAGE_ERROR = 3221225478

EXCEPTION_INVALID_HANDLE = 3221225480

EXCEPTION_NO_MEMORY = 3221225495

EXCEPTION_ILLEGAL_INSTRUCTION = 3221225501

EXCEPTION_NONCONTINUABLE_EXCEPTION = 3221225509

EXCEPTION_INVALID_DISPOSITION = 3221225510

EXCEPTION_ARRAY_BOUNDS_EXCEEDED = 3221225612

EXCEPTION_FLOAT_DENORMAL_OPERAND = 3221225613

EXCEPTION_FLOAT_DIVIDE_BY_ZERO = 3221225614

EXCEPTION_FLOAT_INEXACT_RESULT = 3221225615

EXCEPTION_FLOAT_INVALID_OPERATION = 3221225616

EXCEPTION_FLOAT_OVERFLOW = 3221225617

EXCEPTION_FLOAT_STACK_CHECK = 3221225618

EXCEPTION_FLOAT_UNDERFLOW = 3221225619

EXCEPTION_INTEGER_DIVIDE_BY_ZERO = 3221225620

EXCEPTION_INTEGER_OVERFLOW = 3221225621

EXCEPTION_PRIVILEGED_INSTRUCTION = 3221225622

EXCEPTION_STACK_OVERFLOW = 3221225725

EXCEPTION_CONTROL_C_EXIT = 3221225786

EXCEPTION_FLOAT_MULTIPLE_FAULTS = 3221226164

EXCEPTION_FLOAT_MULTIPLE_TRAPS = 3221226165

EXCEPTION_REG_NAT_CONSUMPTION = 3221226185

CONTEXT_i386 = 65536

CONTEXT_i486 = 65536

CONTEXT_AMD64 = 1048576

CONTEXT_CONTROL = 1

CONTEXT_INTEGER = 2

CONTEXT_SEGMENTS = 4

CONTEXT_FLOATING_POINT = 8

CONTEXT_DEBUG_REGISTERS = 16

CONTEXT_EXTENDED_REGISTERS = 32

CONTEXT_FULL = 7

CONTEXT_ALL = 63

THREAD_ALL_ACCESS = 2032639

PROCESS_ALL_ACCESS = 2035711

PAGE_NOACCESS = 1

PAGE_READONLY = 2

PAGE_READWRITE = 4

PAGE_WRITECOPY = 8

PAGE_EXECUTE = 16

PAGE_EXECUTE_READ = 32

PAGE_EXECUTE_READWRITE = 64

PAGE_EXECUTE_WRITECOPY = 128

PAGE_GUARD = 256

PAGE_NOCACHE = 512

PAGE_WRITECOMBINE = 1024

perm_lookup = {1: 0, 2: 4, 4: 6, 8: 6, 16: 1, 32: 5, 64: 7, 12...

perm_rev_lookup = {0: 1, 1: 16, 4: 2, 5: 32, 6: 4, 7: 64}

MEM_COMMIT = 4096

MEM_FREE = 65536

MEM_RESERVE = 8192

MEM_IMAGE = 16777216

MEM_MAPPED = 262144

MEM_PRIVATE = 131072

DEBUG_ONLY_THIS_PROCESS = 2

MAX_PATH = 260

SysDbgQueryModuleInformation = 0

SysDbgQueryTraceInformation = 1

SysDbgSetTracepoint = 2

SysDbgSetSpecialCall = 3

SysDbgClearSpecialCalls = 4

SysDbgQuerySpecialCalls = 5

SysDbgBreakPoint = 6

SysDbgQueryVersion = 7

SysDbgReadVirtual = 8

SysDbgWriteVirtual = 9

SysDbgReadPhysical = 10

SysDbgWritePhysical = 11

SysDbgReadControlSpace = 12

SysDbgWriteControlSpace = 13

SysDbgReadIoSpace = 14

SysDbgWriteIoSpace = 15

SysDbgReadMsr = 16

SysDbgWriteMsr = 17

SysDbgReadBusData = 18

SysDbgWriteBusData = 19

SysDbgCheckLowMemory = 20

SysDbgEnableKernelDebugger = 21

SysDbgDisableKernelDebugger = 22

SysDbgGetAutoKdEnable = 23

SysDbgSetAutoKdEnable = 24

SysDbgGetPrintBufferSize = 25

SysDbgSetPrintBufferSize = 26

SysDbgGetKdUmExceptionEnable = 27

SysDbgSetKdUmExceptionEnable = 28

SysDbgGetTriageDump = 29

SysDbgGetKdBlockEnable = 30

SysDbgSetKdBlockEnable = 31

SysDbgRegisterForUmBreakInfo = 32

SysDbgGetUmBreakPid = 33

SysDbgClearUmBreakPid = 34

SysDbgGetUmAttachPid = 35

SysDbgClearUmAttachPid = 36

SC_MANAGER_ALL_ACCESS = 983103

SC_MANAGER_CREATE_SERVICE = 2

SC_MANAGER_CONNECT = 1

SC_MANAGER_ENUMERATE_SERVICE = 4

SC_MANAGER_LOCK = 8

SC_MANAGER_MODIFY_BOOT_CONFIG = 32

SC_MANAGER_QUERY_LOCK_STATUS = 16

SC_ENUM_PROCESS_INFO = 0

SERVICE_WIN32 = 48

SERVICE_ACTIVE = 1

SERVICE_INNACTIVE = 2

SERVICE_STATE_ALL = 3

IMAGE_DIRECTORY_ENTRY_EXPORT = 0

IMAGE_DIRECTORY_ENTRY_IMPORT = 1

IMAGE_DIRECTORY_ENTRY_RESOURCE = 2

IMAGE_DIRECTORY_ENTRY_EXCEPTION = 3

IMAGE_DIRECTORY_ENTRY_SECURITY = 4

IMAGE_DIRECTORY_ENTRY_BASERELOC = 5

IMAGE_DIRECTORY_ENTRY_DEBUG = 6

IMAGE_DIRECTORY_ENTRY_COPYRIGHT = 7

IMAGE_DIRECTORY_ENTRY_ARCHITECTURE = 7

IMAGE_DIRECTORY_ENTRY_GLOBALPTR = 8

IMAGE_DIRECTORY_ENTRY_TLS = 9

IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG = 10

IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT = 11

IMAGE_DIRECTORY_ENTRY_IAT = 12

IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT = 13

IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR = 14

IMAGE_DEBUG_TYPE_UNKNOWN = 0

IMAGE_DEBUG_TYPE_COFF = 1

IMAGE_DEBUG_TYPE_CODEVIEW = 2

IMAGE_DEBUG_TYPE_FPO = 3

IMAGE_DEBUG_TYPE_MISC = 4

IMAGE_DEBUG_TYPE_EXCEPTION = 5

IMAGE_DEBUG_TYPE_FIXUP = 6

IMAGE_DEBUG_TYPE_OMAP_TO_SRC = 7

IMAGE_DEBUG_TYPE_OMAP_FROM_SRC = 8

IMAGE_DEBUG_TYPE_BORLAND = 9

IMAGE_DEBUG_TYPE_RESERVED10 = 10

IMAGE_DEBUG_TYPE_CLSID = 11

SSRVOPT_CALLBACK = 1

SSRVOPT_DWORD = 2

SSRVOPT_DWORDPTR = 4

SSRVOPT_GUIDPTR = 8

SSRVOPT_OLDGUIDPTR = 16

SSRVOPT_UNATTENDED = 32

SSRVOPT_NOCOPY = 64

SSRVOPT_PARENTWIN = 128

SSRVOPT_PARAMTYPE = 256

SSRVOPT_SECURE = 512

SSRVOPT_TRACE = 1024

SSRVOPT_SETCONTEXT = 2048

SSRVOPT_PROXY = 4096

SSRVOPT_DOWNSTREAM_STORE = 8192

TI_GET_SYMTAG = 0

TI_GET_SYMNAME = 1

TI_GET_LENGTH = 2

TI_GET_TYPE = 3

TI_GET_TYPEID = 4

TI_GET_BASETYPE = 5

TI_GET_ARRAYINDEXTYPEID = 6

TI_FINDCHILDREN = 7

TI_GET_DATAKIND = 8

TI_GET_ADDRESSOFFSET = 9

TI_GET_OFFSET = 10

TI_GET_VALUE = 11

TI_GET_COUNT = 12

TI_GET_CHILDRENCOUNT = 13

TI_GET_BITPOSITION = 14

TI_GET_VIRTUALBASECLASS = 15

TI_GET_VIRTUALTABLESHAPEID = 16

TI_GET_VIRTUALBASEPOINTEROFFSET = 17

TI_GET_CLASSPARENTID = 18

TI_GET_NESTED = 19

TI_GET_SYMINDEX = 20

TI_GET_LEXICALPARENT = 21

TI_GET_ADDRESS = 22

TI_GET_THISADJUST = 23

TI_GET_UDTKIND = 24

TI_IS_EQUIV_TO = 25

TI_GET_CALLING_CONVENTION = 26

SymTagNull = 0

SymTagExe = 1

SymTagCompiland = 2

SymTagCompilandDetails = 3

SymTagCompilandEnv = 4

SymTagFunction = 5

SymTagBlock = 6

SymTagData = 7

SymTagAnnotation = 8

SymTagLabel = 9

SymTagPublicSymbol = 10

SymTagUDT = 11

SymTagEnum = 12

SymTagFunctionType = 13

SymTagPointerType = 14

SymTagArrayType = 15

SymTagBaseType = 16

SymTagTypedef = 17

SymTagBaseClass = 18

SymTagFriend = 19

SymTagFunctionArgType = 20

SymTagFuncDebugStart = 21

SymTagFuncDebugEnd = 22

SymTagUsingNamespace = 23

SymTagVTableShape = 24

SymTagVTable = 25

SymTagCustom = 26

SymTagThunk = 27

SymTagCustomType = 28

SymTagManagedType = 29

SymTagDimension = 30

SymTagMax = 31

NT_LIST_HANDLES = 16

ObjectBasicInformation = 0

ObjectNameInformation = 1

ObjectTypeInformation = 2

ObjectAllTypesInformation = 3

ObjectHandleInformation = 4

ProcessBasicInformation = 0

ProcessDebugPort = 7

ProcessWow64Information = 26

ProcessImageFileName = 27

ProcessExecuteFlags = 34

object_type_map = {'Desktop': 0, 'Directory': 1, 'Event': 5, '...

kernel32 = None
hash(x)

IsWow64Process = None
hash(x)

psapi = None
hash(x)

ntdll = None
hash(x)

SYMCALLBACK = WINFUNCTYPE(BOOL, POINTER(SYMBOL_INFO), c_ulong,...

PDBCALLBACK = WINFUNCTYPE(BOOL, c_char_p, LPVOID)

arch_name = envi.getCurrentArch()

symsrv = windll.LoadLibrary(os.path.join(platdir, "windll", ar...

dbghelp = None
hash(x)

advapi32 = None
hash(x)

x = '\nBOOL WINAPI EnumServicesStatusEx(\n __in SC_HA...

SE_PRIVILEGE_ENABLED = 2

TOKEN_ADJUST_PRIVILEGES = 32

TOKEN_QUERY = 8

dbgprivdone = False

TokenUser = 1

TokenGroups = 2

TokenPrivileges = 3

TokenOwner = 4

TokenPrimaryGroup = 5

TokenDefaultDacl = 6

TokenSource = 7

TokenType = 8

TokenImpersonationLevel = 9

TokenStatistics = 10

TokenRestrictedSids = 11

TokenSessionId = 12

TokenGroupsAndPrivileges = 13

TokenSessionReference = 14

TokenSandBoxInert = 15

TokenAuditPolicy = 16

TokenOrigin = 17

TokenElevationType = 18

TokenLinkedToken = 19

TokenElevation = 20

TokenHasRestrictions = 21

TokenAccessInformation = 22

TokenVirtualizationAllowed = 23

TokenVirtualizationEnabled = 24

TokenIntegrityLevel = 25

TokenUIAccess = 26

TokenMandatoryPolicy = 27

TokenLogonSid = 28

MaxTokenInfoClass = 29

TokenElevationTypeDefault = 1

TokenElevationTypeFull = 2

TokenElevationTypeLimited = 3

av_einfo_perms = [4, 2, None, None, None, None, None, None, 1]

reserved = {'False': True, 'None': True, 'True': True}

VT_EMPTY = 0

VT_NULL = 1

VT_I2 = 2

VT_I4 = 3

VT_R4 = 4

VT_R8 = 5

VT_CY = 6

VT_DATE = 7

VT_BSTR = 8

VT_DISPATCH = 9

VT_ERROR = 10

VT_BOOL = 11

VT_VARIANT = 12

VT_UNKNOWN = 13

VT_I1 = 16

VT_UI1 = 17

VT_UI2 = 18

VT_UI4 = 19

VT_INT = 20

VT_UINT = 21

__package__ = 'vtrace.platforms'

Variables Details

perm_lookup

Value:

{1: 0, 2: 4, 4: 6, 8: 6, 16: 1, 32: 5, 64: 7, 128: 7}

object_type_map

Value:

{'Desktop': 0,
 'Directory': 1,
 'Event': 5,
 'File': 1,
 'IoCompletion': 0,
 'Key': 7,
 'KeyedEvent': 5,
 'Mutant': 4,
...

SYMCALLBACK

Value:

WINFUNCTYPE(BOOL, POINTER(SYMBOL_INFO), c_ulong, LPVOID)

symsrv

Value:

windll.LoadLibrary(os.path.join(platdir, "windll", arch_name, "symsrv.
dll"))

x

Value:

'''
BOOL WINAPI EnumServicesStatusEx(
  __in         SC_HANDLE hSCManager,
  __in         SC_ENUM_TYPE InfoLevel,
  __in         DWORD dwServiceType,
  __in         DWORD dwServiceState,
  __out_opt    LPBYTE lpServices,
  __in         DWORD cbBufSize,
...