Accessing windows structures through ctypes.
Rajat
rajat.dudeja at gmail.com
Thu Jul 2 02:50:43 EDT 2009
> > Using ctypes can I access the windows structures like:
>
> > PROCESS_INFORMATION_BLOCK, Process Environment Block(PEB),
> > PEB_LDR_DATA, etc?
>
> ctypes.wintypes lists all of the Windows structures included with the
> module.
>
> You should be able to use ctypes.Structure class to roll your own:
Thanks Alex. As you suggested, I'm trying to implemenet the below
structure, windows PEB, in Python:
typedef struct _PEB {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[21];
PPEB_LDR_DATA LoaderData;
PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
BYTE Reserved3[520];
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
BYTE Reserved4[136];
ULONG SessionId;
} PEB;
My equivalent Python structure is:
class PEB(Structure):
_fields_ = [("Reserved1", wintypes.BYTE * 2),
("BeingDebugged", wintypes.BYTE),
("Reserved2", wintypes.BYTE * 2),
("Reserved3", c_void_p),
("Ldr", pointer(PEB_LDR_DATA)),
("ProcessParameters", pointer
(RTL_USER_PROCESS_PARAMETERS)),
("Reserved4", wintypes.BYTE * 104),
("Reserved5", c_void_p),
(),
("Reserved6", wintypes.BYTE),
("Reserved7", c_void_p),
("SessionId", c_ulong)]
I'm not sure what needs to go in the above empty tuple for
"PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine" (in Original
PEB).
Please suggest.
More information about the Python-list
mailing list