Accessing windows structures through ctypes.
Enrico
4564 at 755189.45
Thu Jul 2 03:42:09 EDT 2009
"Rajat" <rajat.dudeja at gmail.com> ha scritto nel messaggio
news:8c8b5cf2-bc77-4633-96ca-e3b908430492 at z14g2000yqa.googlegroups.com...
>
> > > Using ctypes can I access the windows structures like:
> >
> > > PROCESS_INFORMATION_BLOCK, Process Environment Block(PEB),
> > > PEB_LDR_DATA, etc?
> >
> > ctypes.wintypes lists all of the Windows structures included with the
> > module.
> >
> > You should be able to use ctypes.Structure class to roll your own:
>
> Thanks Alex. As you suggested, I'm trying to implemenet the below
> structure, windows PEB, in Python:
>
> typedef struct _PEB {
> BYTE Reserved1[2];
> BYTE BeingDebugged;
> BYTE Reserved2[21];
> PPEB_LDR_DATA LoaderData;
> PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
> BYTE Reserved3[520];
> PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
> BYTE Reserved4[136];
> ULONG SessionId;
> } PEB;
>
> My equivalent Python structure is:
> class PEB(Structure):
> _fields_ = [("Reserved1", wintypes.BYTE * 2),
> ("BeingDebugged", wintypes.BYTE),
> ("Reserved2", wintypes.BYTE * 2),
> ("Reserved3", c_void_p),
> ("Ldr", pointer(PEB_LDR_DATA)),
> ("ProcessParameters", pointer
> (RTL_USER_PROCESS_PARAMETERS)),
> ("Reserved4", wintypes.BYTE * 104),
> ("Reserved5", c_void_p),
> (),
> ("Reserved6", wintypes.BYTE),
> ("Reserved7", c_void_p),
> ("SessionId", c_ulong)]
>
> I'm not sure what needs to go in the above empty tuple for
> "PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine" (in Original
> PEB).
>
> Please suggest.
PostProcessInitRoutine should be a callback function or something similar.
It should be enough to define a type
PostProcessInitRoutine = WINFUNCTYPE(...parameters...)
and use this.
Regards,
Enrico
More information about the Python-list
mailing list