python类LPCVOID的实例源码

def WriteFile(file, buffer, number_of_bytes_to_write, number_of_bytes_written, overlapped):
    """See: WriteFile function 
        https://msdn.microsoft.com/en-us/library/windows/desktop/aa365747(v=vs.85).aspx
    """
    WriteFile_Fn = windll.kernel32.WriteFile
    WriteFile_Fn.argtypes = [
        wintypes.HANDLE,    # _In_        HANDLE       hFile,
        wintypes.LPCVOID,   # _In_        LPCVOID      lpBuffer,
        wintypes.DWORD,     # _In_        DWORD        nNumberOfBytesToWrite,
        LPDWORD,            # _Out_opt_   LPDWORD      lpNumberOfBytesWritten,
        LPOVERLAPPED        # _Inout_opt_ LPOVERLAPPED lpOverlapped
    ]
    WriteFile_Fn.restype = wintypes.BOOL
    ret = wintypes.BOOL(WriteFile_Fn(
        file, 
        buffer, 
        number_of_bytes_to_write, 
        number_of_bytes_written, 
        overlapped
    ))
    return ret

def control_service(service_handle, control, service_status):
    """See: ControlService function
    https://msdn.microsoft.com/en-us/library/windows/desktop/ms682108(v=vs.85).aspx
    """
    ControlService_Fn = windll.Advapi32.ControlService      #BOOL WINAPI ControlService(
    ControlService_Fn.argtypes = [                          #
        wintypes.SC_HANDLE,                                 #   _In_  SC_HANDLE        hService,
        wintypes.DWORD,                                     #   _In_  DWORD            dwControl,
        wintypes.LPCVOID                                    #   _Out_ LPSERVICE_STATUS lpServiceStatus
    ]
    ControlService_Fn.restype = wintypes.BOOL
    bool = ControlService_Fn(
        service_handle,
        control,
        service_status
    )
    return bool

def control_service(service_handle, control, service_status):
    """See: ControlService function
    https://msdn.microsoft.com/en-us/library/windows/desktop/ms682108(v=vs.85).aspx
    """
    ControlService_Fn = windll.Advapi32.ControlService      #BOOL WINAPI ControlService(
    ControlService_Fn.argtypes = [                          #
        wintypes.SC_HANDLE,                                 #   _In_  SC_HANDLE        hService,
        wintypes.DWORD,                                     #   _In_  DWORD            dwControl,
        wintypes.LPCVOID                                    #   _Out_ LPSERVICE_STATUS lpServiceStatus
    ]
    ControlService_Fn.restype = wintypes.BOOL
    bool = ControlService_Fn(
        service_handle,
        control,
        service_status
    )
    return bool

def create_spora_mutex():
    """
    Creates a mutex just like the notorious Spora ransomware
    This prevents the execution of known Spora variants

    Based on Minerva's blog post:
    https://www.minerva-labs.com/post/vaccinating-against-spora-ransomware-a-proof-of-concept-tool-by-minerva
    """
    try:
        vol_serial = int(subprocess.check_output(['cmd', '/c', 'vol'])[-11:-2].replace("-", ""), 16)
        spora_mutex = 'm' + str(vol_serial)
        _CreateMutex = ctypes.windll.kernel32.CreateMutexA
        _CreateMutex.argtypes = [wintypes.LPCVOID, wintypes.BOOL, wintypes.LPCSTR]
        _CreateMutex.restype = wintypes.HANDLE

        ret = _CreateMutex(None, False, spora_mutex)
    except Exception as e:
        print "Got exception {0} while creating {1}".format(e, "Spora mutex")