def CreateFile(path, access=GENERIC_READ | GENERIC_WRITE, mode=0, security_attributes=NULL, creation=OPEN_EXISTING, flags=FILE_ATTRIBUTE_NORMAL, template_file = NULL):
"""See: CreateFile function
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
"""
CreateFile_Fn = windll.kernel32.CreateFileA
CreateFile_Fn.argtypes = [
wintypes.LPCSTR, # _In_ LPCTSTR lpFileName
wintypes.DWORD, # _In_ DWORD dwDesiredAccess
wintypes.DWORD, # _In_ DWORD dwShareMode
LPSECURITY_ATTRIBUTES, # _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes
wintypes.DWORD, # _In_ DWORD dwCreationDisposition
wintypes.DWORD, # _In_ DWORD dwFlagsAndAttributes
wintypes.HANDLE] # _In_opt_ HANDLE hTemplateFile
CreateFile_Fn.restype = wintypes.HANDLE
handle = wintypes.HANDLE(CreateFile_Fn(path,
access,
mode,
security_attributes,
creation,
flags,
template_file))
return handle
python类LPCSTR的实例源码
def open_device(self, access=GENERIC_READ | GENERIC_WRITE, mode=0, creation=OPEN_EXISTING, flags=FILE_ATTRIBUTE_NORMAL):
"""See: CreateFile function
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
"""
CreateFile_Fn = windll.kernel32.CreateFileA
CreateFile_Fn.argtypes = [
wintypes.LPCSTR, # _In_ LPCTSTR lpFileName
wintypes.DWORD, # _In_ DWORD dwDesiredAccess
wintypes.DWORD, # _In_ DWORD dwShareMode
LPSECURITY_ATTRIBUTES, # _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes
wintypes.DWORD, # _In_ DWORD dwCreationDisposition
wintypes.DWORD, # _In_ DWORD dwFlagsAndAttributes
wintypes.HANDLE] # _In_opt_ HANDLE hTemplateFile
CreateFile_Fn.restype = wintypes.HANDLE
self.handle = wintypes.HANDLE(CreateFile_Fn('\\\\.\\' + self.name,
access,
mode,
NULL,
creation,
flags,
NULL))
def open_device(self, access=GENERIC_READ | GENERIC_WRITE, mode=0, creation=OPEN_EXISTING, flags=FILE_ATTRIBUTE_NORMAL):
"""See: CreateFile function
http://msdn.microsoft.com/en-us/library/windows/desktop/aa363858(v=vs.85).aspx
"""
CreateFile_Fn = windll.kernel32.CreateFileA
CreateFile_Fn.argtypes = [
wintypes.LPCSTR, # _In_ LPCTSTR lpFileName
wintypes.DWORD, # _In_ DWORD dwDesiredAccess
wintypes.DWORD, # _In_ DWORD dwShareMode
LPSECURITY_ATTRIBUTES, # _In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes
wintypes.DWORD, # _In_ DWORD dwCreationDisposition
wintypes.DWORD, # _In_ DWORD dwFlagsAndAttributes
wintypes.HANDLE] # _In_opt_ HANDLE hTemplateFile
CreateFile_Fn.restype = wintypes.HANDLE
self.handle = wintypes.HANDLE(CreateFile_Fn('\\\\.\\' + self.name,
access,
mode,
NULL,
creation,
flags,
NULL))
def create_spora_mutex():
"""
Creates a mutex just like the notorious Spora ransomware
This prevents the execution of known Spora variants
Based on Minerva's blog post:
https://www.minerva-labs.com/post/vaccinating-against-spora-ransomware-a-proof-of-concept-tool-by-minerva
"""
try:
vol_serial = int(subprocess.check_output(['cmd', '/c', 'vol'])[-11:-2].replace("-", ""), 16)
spora_mutex = 'm' + str(vol_serial)
_CreateMutex = ctypes.windll.kernel32.CreateMutexA
_CreateMutex.argtypes = [wintypes.LPCVOID, wintypes.BOOL, wintypes.LPCSTR]
_CreateMutex.restype = wintypes.HANDLE
ret = _CreateMutex(None, False, spora_mutex)
except Exception as e:
print "Got exception {0} while creating {1}".format(e, "Spora mutex")
def CreateNamedPipe(name, open_mode, pipe_mode, max_instances, out_buffer_size, in_buffer_size, default_time_out, security_attributes):
"""See: CreateNamedPipe function
https://msdn.microsoft.com/en-us/library/windows/desktop/aa365150(v=vs.85).aspx
"""
CreateNamedPipe_Fn = windll.kernel32.CreateNamedPipe
CreateNamedPipe_Fn.argtypes = [
wintypes.LPCSTR, #LPCTSTR lpName,
wintypes.DWORD, #_In_ DWORD dwOpenMode,
wintypes.DWORD, #_In_ DWORD dwPipeMode,
wintypes.DWORD, #_In_ DWORD nMaxInstances,
wintypes.DWORD, #_In_ DWORD nOutBufferSize,
wintypes.DWORD, #_In_ DWORD nInBufferSize,
wintypes.DWORD, #_In_ DWORD nDefaultTimeOut,
LPSECURITY_ATTRIBUTES #_In_opt_ LPSECURITY_ATTRIBUTES lpSecurityAttributes
]
CreateNamedPipe_Fn.restype = wintypes.HANDLE
handle = wintypes.HANDLE(CreateNamedPipe_Fn(
name,
open_mode,
pipe_mode,
max_instances,
out_buffer_size,
in_buffer_size,
default_time_out,
security_attributes
))
return handle
def genwinmap(codepage):
MultiByteToWideChar = ctypes.windll.kernel32.MultiByteToWideChar
MultiByteToWideChar.argtypes = [wintypes.UINT, wintypes.DWORD,
wintypes.LPCSTR, ctypes.c_int,
wintypes.LPWSTR, ctypes.c_int]
MultiByteToWideChar.restype = ctypes.c_int
enc2uni = {}
for i in range(32) + [127]:
enc2uni[i] = (i, 'CONTROL CHARACTER')
for i in range(256):
buf = ctypes.create_unicode_buffer(2)
ret = MultiByteToWideChar(
codepage, 0,
chr(i), 1,
buf, 2)
assert ret == 1, "invalid code page"
assert buf[1] == '\x00'
try:
name = unicodedata.name(buf[0])
except ValueError:
try:
name = enc2uni[i][1]
except KeyError:
name = ''
enc2uni[i] = (ord(buf[0]), name)
return enc2uni
def genwinmap(codepage):
MultiByteToWideChar = ctypes.windll.kernel32.MultiByteToWideChar
MultiByteToWideChar.argtypes = [wintypes.UINT, wintypes.DWORD,
wintypes.LPCSTR, ctypes.c_int,
wintypes.LPWSTR, ctypes.c_int]
MultiByteToWideChar.restype = ctypes.c_int
enc2uni = {}
for i in range(32) + [127]:
enc2uni[i] = (i, 'CONTROL CHARACTER')
for i in range(256):
buf = ctypes.create_unicode_buffer(2)
ret = MultiByteToWideChar(
codepage, 0,
chr(i), 1,
buf, 2)
assert ret == 1, "invalid code page"
assert buf[1] == '\x00'
try:
name = unicodedata.name(buf[0])
except ValueError:
try:
name = enc2uni[i][1]
except KeyError:
name = ''
enc2uni[i] = (ord(buf[0]), name)
return enc2uni
