def load_settings(cls, b):
a = cls()
ctypes.memmove(ctypes.addressof(a.start_of_settings), bytes(b),
min(len(b), ctypes.sizeof(a)))
return a
python类addressof()的实例源码
def read(cls, byte_object):
a = cls()
a.body_length = len(byte_object) - ctypes.sizeof(Command)
ctypes.memmove(ctypes.addressof(a), bytes(byte_object),
min(len(byte_object), ctypes.sizeof(cls)))
return a
def __bytes__(self):
length = self.body_length + ctypes.sizeof(Command)
a = ctypes.create_string_buffer(length)
ctypes.memmove(ctypes.addressof(a), ctypes.addressof(self), length)
return bytes(a)
def __new__(self):
b = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"\
" 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"\
" 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00"\
" 00 00 00 00 00 00 00"
byte_object = bytes([int(a, 16) for a in b.split(" ")])
a = super().__new__(self)
ctypes.memmove(ctypes.addressof(a.set_settings_request),
bytes(byte_object), len(byte_object))
return a
# Should equal 2 for off, 1 for on.
def load_payload(self, b):
self.body_length = len(b) + 8 # II from position, length
ctypes.memmove(ctypes.addressof(self.data_reply.data), bytes(b),
len(b))
self.command.packet_length = self.body_length
def get_attribute(self, attribute):
if not self.is_allocated(attribute):
raise ValueError("Cannot get non-allocated attribute <{0}>".format(attribute))
offset = ctypes.sizeof(self)
for sflag, struct in self.ATTRIBUTE_BY_FLAG:
if sflag == attribute:
# print("Attr {0:#x} was at offet {1:#x}".format(attribute, offset))
return struct.from_address(ctypes.addressof(self) + offset)
elif self.is_allocated(sflag):
offset += ctypes.sizeof(struct)
raise ValueError("ALPC Attribute <{0}> not found :(".format(attribute))
def get_raw(self):
x = DWORD.from_address(ctypes.addressof(self))
return x.value
def set_raw(self, value):
x = DWORD.from_address(ctypes.addressof(self))
x.value = value
return None
def EEFlags(self):
"""Enhanced view of the Eflags (you also have ``EFlags`` for the raw value)
:type: :class:`EEflags`
"""
off = type(self).EFlags.offset
x = EEflags.from_address(ctypes.addressof(self) + off)
x.self = self
return x
def EDr7(self):
"""Enhanced view of the DR7 register (you also have ``Dr7`` for the raw value)
:type: :class:`EDr7`
"""
off = type(self).Dr7.offset
x = EDr7.from_address(ctypes.addressof(self) + off)
x.self = self
return x
def get_DataDirectory(self):
# This won't work if we load a PE32 in a 64bit process
# PE32 .NET...
# return self.get_OptionalHeader().DataDirectory
DataDirectory_type = IMAGE_DATA_DIRECTORY * IMAGE_NUMBEROF_DIRECTORY_ENTRIES
SizeOfOptionalHeader = self.get_NT_HEADER().FileHeader.SizeOfOptionalHeader
if self.target is None:
opt_header_addr = ctypes.addressof(self.get_NT_HEADER().OptionalHeader)
else:
opt_header_addr = self.get_NT_HEADER().OptionalHeader._base_addr
DataDirectory_addr = opt_header_addr + SizeOfOptionalHeader - ctypes.sizeof(DataDirectory_type)
return self.transformers.create_structure_at(DataDirectory_type, DataDirectory_addr)
def sections(self):
nt_header = self.get_NT_HEADER()
nb_section = nt_header.FileHeader.NumberOfSections
SizeOfOptionalHeader = self.get_NT_HEADER().FileHeader.SizeOfOptionalHeader
if self.target is None:
opt_header_addr = ctypes.addressof(self.get_NT_HEADER().OptionalHeader)
else:
opt_header_addr = self.get_NT_HEADER().OptionalHeader._base_addr
base_section = opt_header_addr + SizeOfOptionalHeader
#pe_section_type = IMAGE_SECTION_HEADER
return [PESection.create(self, base_section + (sizeof(IMAGE_SECTION_HEADER) * i)) for i in range(nb_section)]
#sections_array = self.transformers.create_structure_at((self.PESection * nb_section), base_section)
#return list(sections_array)
def NtProtectVirtualMemory_32_to_64(ProcessHandle, BaseAddress, NumberOfBytesToProtect, NewAccessProtection, OldAccessProtection=None):
if OldAccessProtection is None:
XOldAccessProtection = DWORD()
OldAccessProtection = ctypes.addressof(XOldAccessProtection)
return NtProtectVirtualMemory_32_to_64.ctypes_function(ProcessHandle, BaseAddress, NumberOfBytesToProtect, NewAccessProtection, OldAccessProtection)
def x86_cpuid(req):
"""Performs a CPUID in 32bits mode
:rtype: :class:`X86CpuidResult`
"""
cpuid_res = X86CpuidResult()
do_cpuid32(req, ctypes.addressof(cpuid_res))
return cpuid_res
def x64_cpuid(req):
"""Performs a CPUID in 64bits mode
:rtype: :class:`X86CpuidResult`
"""
cpuid_res = X64CpuidResult()
do_cpuid64(req, ctypes.addressof(cpuid_res))
# For now assembler cannot do 32bits register in x64
return X86CpuidResult(cpuid_res.RAX, cpuid_res.RBX, cpuid_res.RCX, cpuid_res.RDX)
def raw_value(self):
# Bypass our own 'value' implementation
# Even if we are a subclass of c_ulonglong
my_addr = ctypes.addressof(self)
return ctypes.c_ulong.from_address(my_addr).value
def get_kernel_modules():
if windows.current_process.is_wow_64:
return get_kernel_modules_syswow64()
cbsize = DWORD()
winproxy.NtQuerySystemInformation(SystemModuleInformation, None, 0, byref(cbsize))
raw_buffer = (cbsize.value * c_char)()
buffer = SYSTEM_MODULE_INFORMATION.from_address(ctypes.addressof(raw_buffer))
winproxy.NtQuerySystemInformation(SystemModuleInformation, byref(raw_buffer), sizeof(raw_buffer), byref(cbsize))
modules = (SYSTEM_MODULE * buffer.ModulesCount).from_address(addressof(buffer) + SYSTEM_MODULE_INFORMATION.Modules.offset)
return list(modules)
def get_kernel_modules_syswow64():
cbsize = DWORD()
windows.syswow64.NtQuerySystemInformation_32_to_64(SystemModuleInformation, None, 0, ctypes.addressof(cbsize))
raw_buffer = (cbsize.value * c_char)()
buffer = SYSTEM_MODULE_INFORMATION64.from_address(ctypes.addressof(raw_buffer))
windows.syswow64.NtQuerySystemInformation_32_to_64(SystemModuleInformation, byref(raw_buffer), sizeof(raw_buffer), byref(cbsize))
modules = (SYSTEM_MODULE64 * buffer.ModulesCount).from_address(addressof(buffer) + SYSTEM_MODULE_INFORMATION64.Modules.offset)
return list(modules)
# String stuff
def __init__(self):
self.verify_implem(self.IMPLEMENT)
vtable, implems = self._create_vtable(self.IMPLEMENT)
self.vtable = vtable
self.implems = implems
self.vtable_pointer = ctypes.pointer(self.vtable)
self._as_parameter_ = ctypes.addressof(self.vtable_pointer)
def readBytes(self, address, size):
debug("Read %s bytes at %s" % (size, formatAddress(address)))
buffer = create_string_buffer(size)
io_desc = ptrace_io_desc(
piod_op=PIOD_READ_D,
piod_offs=address,
piod_addr=addressof(buffer),
piod_len=size)
ptrace_io(self.pid, io_desc)
return buffer.raw
