ctypes: point to buffer in structure

Tim Roberts timr at probo.com
Mon Jul 11 07:12:31 CEST 2011

Jesse R <jessrobe at gmail.com> wrote:
>Hey I've been trying to convert this to run through ctypes and i'm
>having a hard time
>    HANDLE ProcessId;
>    UNICODE_STRING ImageName;
>class SYSTEM_PROCESS_ID_INFORMATION(ctypes.Structure):
>    _fields_ = [('pid', ctypes.c_ulong),
>                    ('imageName', ctypes.c_wchar_p)]
>does anyone know how to get this working?

UNICODE_STRING is not just a pointer to wide characters.  It is itself a

typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR  Buffer;

So, I think you want fields of ctypes.c_ulong, ctypes.c_ushort,
ctypes.c_ushort, and ctypes.c_wchar_p.  MaximumLength gives the allocated
size of the buffer.  Length gives the length of the string currently held
in the buffer.  It can be less than the maximum length, and the buffer does
NOT necessarily contain a zero-terminator.

UNICODE_STRING and ANSI_STRING are used in kernel programming to avoid the
potential ambiguities of counted strings.
Tim Roberts, timr at probo.com
Providenza & Boekelheide, Inc.

More information about the Python-list mailing list