/
winKernel.py
359 lines (308 loc) · 11.5 KB
/
winKernel.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
#winKernel.py
#A part of NonVisual Desktop Access (NVDA)
#Copyright (C) 2006-2007 NVDA Contributors <http://www.nvda-project.org/>
#This file is covered by the GNU General Public License.
#See the file COPYING for more details.
import contextlib
import ctypes
import ctypes.wintypes
from ctypes import *
from ctypes.wintypes import *
kernel32=ctypes.windll.kernel32
advapi32 = windll.advapi32
#Constants
INFINITE = 0xffffffff
#Process control
PROCESS_ALL_ACCESS=0x1F0FFF
PROCESS_TERMINATE=0x1
PROCESS_VM_OPERATION=0x8
PROCESS_VM_READ=0x10
PROCESS_VM_WRITE=0X20
SYNCHRONIZE=0x100000
PROCESS_QUERY_INFORMATION=0x400
READ_CONTROL=0x20000
MEM_COMMIT=0x1000
MEM_RELEASE=0x8000
PAGE_READWRITE=0x4
MAXIMUM_ALLOWED = 0x2000000
STARTF_USESTDHANDLES = 0x00000100
#Console handles
STD_INPUT_HANDLE=-10
STD_OUTPUT_HANDLE=-11
STD_ERROR_HANDLE=-12
LOCALE_USER_DEFAULT=0x0400
LOCALE_NAME_USER_DEFAULT=None
DATE_LONGDATE=0x00000002
TIME_NOSECONDS=0x00000002
# Wait return types
WAIT_ABANDONED = 0x00000080L
WAIT_IO_COMPLETION = 0x000000c0L
WAIT_OBJECT_0 = 0x00000000L
WAIT_TIMEOUT = 0x00000102L
WAIT_FAILED = 0xffffffff
# Image file machine constants
IMAGE_FILE_MACHINE_UNKNOWN = 0
def GetStdHandle(handleID):
h=kernel32.GetStdHandle(handleID)
if h==0:
raise WinError()
return h
GENERIC_READ=0x80000000
GENERIC_WRITE=0x40000000
FILE_SHARE_READ=1
FILE_SHARE_WRITE=2
FILE_SHARE_DELETE=4
OPEN_EXISTING=3
def CreateFile(fileName,desiredAccess,shareMode,securityAttributes,creationDisposition,flags,templateFile):
res=kernel32.CreateFileW(fileName,desiredAccess,shareMode,securityAttributes,creationDisposition,flags,templateFile)
if res==0:
raise ctypes.WinError()
return res
def createEvent(eventAttributes=None, manualReset=False, initialState=False, name=None):
res = kernel32.CreateEventW(eventAttributes, manualReset, initialState, name)
if res==0:
raise ctypes.WinError()
return res
def createWaitableTimer(securityAttributes=None, manualReset=False, name=None):
"""Wrapper to the kernel32 CreateWaitableTimer function.
Consult https://msdn.microsoft.com/en-us/library/windows/desktop/ms682492.aspx for Microsoft's documentation.
In contrast with the original function, this wrapper assumes the following defaults.
@param securityAttributes: Defaults to C{None};
The timer object gets a default security descriptor and the handle cannot be inherited.
The ACLs in the default security descriptor for a timer come from the primary or impersonation token of the creator.
@type securityAttributes: pointer to L{SECURITY_ATTRIBUTES}
@param manualReset: Defaults to C{False} which means the timer is a synchronization timer.
If C{True}, the timer is a manual-reset notification timer.
@type manualReset: bool
@param name: Defaults to C{None}, the timer object is created without a name.
@type name: unicode
"""
res = kernel32.CreateWaitableTimerW(securityAttributes, manualReset, name)
if res==0:
raise ctypes.WinError()
return res
def setWaitableTimer(handle, dueTime, period=0, completionRoutine=None, arg=None, resume=False):
"""Wrapper to the kernel32 SETWaitableTimer function.
Consult https://msdn.microsoft.com/en-us/library/windows/desktop/ms686289.aspx for Microsoft's documentation.
@param handle: A handle to the timer object.
@type handle: int
@param dueTime: Relative time (in miliseconds).
Note that the original function requires relative time to be supplied as a negative nanoseconds value.
@type dueTime: int
@param period: Defaults to 0, timer is only executed once.
Value should be supplied in miliseconds.
@type period: int
@param completionRoutine: The function to be executed when the timer elapses.
@type completionRoutine: L{PAPCFUNC}
@param arg: Defaults to C{None}; a pointer to a structure that is passed to the completion routine.
@type arg: L{ctypes.c_void_p}
@param resume: Defaults to C{False}; the system is not restored.
If this parameter is TRUE, restores a system in suspended power conservation mode
when the timer state is set to signaled.
@type resume: bool
"""
res = kernel32.SetWaitableTimer(
handle,
# due time is in 100 nanosecond intervals, relative time should be negated.
byref(LARGE_INTEGER(dueTime*-10000)),
period,
completionRoutine,
arg,
resume
)
if res==0:
raise ctypes.WinError()
return True
def openProcess(*args):
return kernel32.OpenProcess(*args)
def closeHandle(*args):
return kernel32.CloseHandle(*args)
#added by Rui Batista to use on Say_battery_status script
#copied from platform sdk documentation (with required changes to work in python)
class SYSTEM_POWER_STATUS(ctypes.Structure):
_fields_ = [("ACLineStatus", ctypes.c_byte), ("BatteryFlag", ctypes.c_byte), ("BatteryLifePercent", ctypes.c_byte), ("Reserved1", ctypes.c_byte), ("BatteryLifeTime", ctypes.wintypes.DWORD), ("BatteryFullLiveTime", ctypes.wintypes.DWORD)]
def GetSystemPowerStatus(sps):
return kernel32.GetSystemPowerStatus(ctypes.byref(sps))
def getThreadLocale():
return kernel32.GetThreadLocale()
class SYSTEMTIME(ctypes.Structure):
_fields_ = (
("wYear", WORD),
("wMonth", WORD),
("wDayOfWeek", WORD),
("wDay", WORD),
("wHour", WORD),
("wMinute", WORD),
("wSecond", WORD),
("wMilliseconds", WORD)
)
def GetDateFormat(Locale,dwFlags,date,lpFormat):
"""@Deprecated: use GetDateFormatEx instead."""
if date is not None:
date=SYSTEMTIME(date.year,date.month,0,date.day,date.hour,date.minute,date.second,0)
lpDate=byref(date)
else:
lpDate=None
bufferLength=kernel32.GetDateFormatW(Locale, dwFlags, lpDate, lpFormat, None, 0)
buf=ctypes.create_unicode_buffer("", bufferLength)
kernel32.GetDateFormatW(Locale, dwFlags, lpDate, lpFormat, buf, bufferLength)
return buf.value
def GetDateFormatEx(Locale,dwFlags,date,lpFormat):
if date is not None:
date=SYSTEMTIME(date.year,date.month,0,date.day,date.hour,date.minute,date.second,0)
lpDate=byref(date)
else:
lpDate=None
bufferLength=kernel32.GetDateFormatEx(Locale, dwFlags, lpDate, lpFormat, None, 0, None)
buf=ctypes.create_unicode_buffer("", bufferLength)
kernel32.GetDateFormatEx(Locale, dwFlags, lpDate, lpFormat, buf, bufferLength, None)
return buf.value
def GetTimeFormat(Locale,dwFlags,date,lpFormat):
"""@Deprecated: use GetTimeFormatEx instead."""
if date is not None:
date=SYSTEMTIME(date.year,date.month,0,date.day,date.hour,date.minute,date.second,0)
lpTime=byref(date)
else:
lpTime=None
bufferLength=kernel32.GetTimeFormatW(Locale,dwFlags,lpTime,lpFormat, None, 0)
buf=ctypes.create_unicode_buffer("", bufferLength)
kernel32.GetTimeFormatW(Locale,dwFlags,lpTime,lpFormat, buf, bufferLength)
return buf.value
def GetTimeFormatEx(Locale,dwFlags,date,lpFormat):
if date is not None:
date=SYSTEMTIME(date.year,date.month,0,date.day,date.hour,date.minute,date.second,0)
lpTime=byref(date)
else:
lpTime=None
bufferLength=kernel32.GetTimeFormatEx(Locale,dwFlags,lpTime,lpFormat, None, 0)
buf=ctypes.create_unicode_buffer("", bufferLength)
kernel32.GetTimeFormatEx(Locale,dwFlags,lpTime,lpFormat, buf, bufferLength)
return buf.value
def openProcess(*args):
return kernel32.OpenProcess(*args)
def virtualAllocEx(*args):
res = kernel32.VirtualAllocEx(*args)
if res == 0:
raise WinError()
return res
def virtualFreeEx(*args):
return kernel32.VirtualFreeEx(*args)
def readProcessMemory(*args):
return kernel32.ReadProcessMemory(*args)
def writeProcessMemory(*args):
return kernel32.WriteProcessMemory(*args)
def waitForSingleObject(handle,timeout):
res = kernel32.WaitForSingleObject(handle,timeout)
if res==WAIT_FAILED:
raise ctypes.WinError()
return res
def waitForSingleObjectEx(handle,timeout, alertable):
res = kernel32.WaitForSingleObjectEx(handle,timeout, alertable)
if res==WAIT_FAILED:
raise ctypes.WinError()
return res
SHUTDOWN_NORETRY = 0x00000001
def SetProcessShutdownParameters(level, flags):
res = kernel32.SetProcessShutdownParameters(level, flags)
if res == 0:
raise ctypes.WinError()
def GetExitCodeProcess(process):
exitCode = ctypes.wintypes.DWORD()
if not kernel32.GetExitCodeProcess(process, ctypes.byref(exitCode)):
raise ctypes.WinError()
return exitCode.value
def TerminateProcess(process, exitCode):
if not kernel32.TerminateProcess(process, exitCode):
raise ctypes.WinError()
DRIVE_UNKNOWN = 0
DRIVE_NO_ROOT_DIR = 1
DRIVE_REMOVABLE = 2
DRIVE_FIXED = 3
DRIVE_REMOTE = 4
DRIVE_CDROM = 5
DRIVE_RAMDISK = 6
def GetDriveType(rootPathName):
return kernel32.GetDriveTypeW(rootPathName)
class SECURITY_ATTRIBUTES(Structure):
_fields_ = (
("nLength", DWORD),
("lpSecurityDescriptor", LPVOID),
("bInheritHandle", BOOL)
)
def __init__(self, **kwargs):
super(SECURITY_ATTRIBUTES, self).__init__(nLength=sizeof(self), **kwargs)
def CreatePipe(pipeAttributes, size):
read = ctypes.wintypes.HANDLE()
write = ctypes.wintypes.HANDLE()
if kernel32.CreatePipe(ctypes.byref(read), ctypes.byref(write), byref(pipeAttributes) if pipeAttributes else None, ctypes.wintypes.DWORD(size)) == 0:
raise ctypes.WinError()
return read.value, write.value
class STARTUPINFOW(Structure):
_fields_=(
('cb',DWORD),
('lpReserved',LPWSTR),
('lpDesktop',LPWSTR),
('lpTitle',LPWSTR),
('dwX',DWORD),
('dwY',DWORD),
('dwXSize',DWORD),
('dwYSize',DWORD),
('dwXCountChars',DWORD),
('dwYCountChars',DWORD),
('dwFillAttribute',DWORD),
('dwFlags',DWORD),
('wShowWindow',WORD),
('cbReserved2',WORD),
('lpReserved2',POINTER(c_byte)),
('hSTDInput',HANDLE),
('hSTDOutput',HANDLE),
('hSTDError',HANDLE),
)
def __init__(self, **kwargs):
super(STARTUPINFOW, self).__init__(cb=sizeof(self), **kwargs)
STARTUPINFO = STARTUPINFOW
class PROCESS_INFORMATION(Structure):
_fields_=(
('hProcess',HANDLE),
('hThread',HANDLE),
('dwProcessID',DWORD),
('dwThreadID',DWORD),
)
def CreateProcessAsUser(token, applicationName, commandLine, processAttributes, threadAttributes, inheritHandles, creationFlags, environment, currentDirectory, startupInfo, processInformation):
if advapi32.CreateProcessAsUserW(token, applicationName, commandLine, processAttributes, threadAttributes, inheritHandles, creationFlags, environment, currentDirectory, byref(startupInfo), byref(processInformation)) == 0:
raise WinError()
def GetCurrentProcess():
return kernel32.GetCurrentProcess()
def OpenProcessToken(ProcessHandle, DesiredAccess):
token = HANDLE()
if advapi32.OpenProcessToken(ProcessHandle, DesiredAccess, byref(token)) == 0:
raise WinError()
return token.value
DUPLICATE_SAME_ACCESS = 0x00000002
def DuplicateHandle(sourceProcessHandle, sourceHandle, targetProcessHandle, desiredAccess, inheritHandle, options):
targetHandle = HANDLE()
if kernel32.DuplicateHandle(sourceProcessHandle, sourceHandle, targetProcessHandle, byref(targetHandle), desiredAccess, inheritHandle, options) == 0:
raise WinError()
return targetHandle.value
PAPCFUNC = ctypes.WINFUNCTYPE(None, ctypes.wintypes.ULONG)
THREAD_SET_CONTEXT = 16
GMEM_MOVEABLE=2
class HGLOBAL(HANDLE):
def __init__(self,h,autoFree=True):
super(HGLOBAL,self).__init__(h)
self._autoFree=autoFree
def __del__(self):
if self and self._autoFree:
windll.kernel32.GlobalFree(self)
@classmethod
def alloc(cls,flags,size):
h=windll.kernel32.GlobalAlloc(flags,size)
return cls(h)
@contextlib.contextmanager
def lock(self):
try:
yield windll.kernel32.GlobalLock(self)
finally:
windll.kernel32.GlobalUnlock(self)
def forget(self):
self.value=None