def entries(self):
"""Todo: better name ?"""
path = self.fullname
utf16_len = len(path) * 2
obj_attr = OBJECT_ATTRIBUTES()
obj_attr.Length = ctypes.sizeof(obj_attr)
obj_attr.RootDirectory = None
obj_attr.ObjectName = pointer(LSA_UNICODE_STRING(utf16_len, utf16_len, path))
obj_attr.Attributes = OBJ_CASE_INSENSITIVE
obj_attr.SecurityDescriptor = 0
obj_attr.SecurityQualityOfService = 0
res = HANDLE()
x = winproxy.NtOpenDirectoryObject(res, DIRECTORY_QUERY | READ_CONTROL , obj_attr)
size = 0x1000
buf = ctypes.c_buffer(size)
rres = ULONG()
ctx = ULONG()
while True:
try:
winproxy.NtQueryDirectoryObject(res, buf, size, False, False, ctx, rres)
break
except windows.generated_def.ntstatus.NtStatusException as e:
if e.code == STATUS_NO_MORE_ENTRIES:
return {}
if e.code == STATUS_MORE_ENTRIES:
size *= 2
buf = ctypes.c_buffer(size)
continue
raise
t = OBJECT_DIRECTORY_INFORMATION.from_buffer(buf)
t = POBJECT_DIRECTORY_INFORMATION(t)
res = {}
for v in t:
if v.Name.Buffer is None:
break
x = KernelObject(path, v.Name.Buffer, v.TypeName.Buffer)
res[x.name] = x
return res
评论列表
文章目录
