«

Hi,

Using ctypes can I access the windows structures like:

PROCESS_INFORMATION_BLOCK, Process Environment Block(PEB),
PEB_LDR_DATA, etc?


Regards,
Rajat

On Jul 2, 3:42*pm, Rajat <rajat.dud...@gmail.com> wrote:
> Using ctypes can I access the windows structures like:
>
> PROCESS_INFORMATION_BLOCK, Process Environment Block(PEB),
> PEB_LDR_DATA, etc?

ctypes.wintypes lists all of the Windows structures included with the
module.

You should be able to use ctypes.Structure class to roll your own:

http://docs.python.org/library/ctype...red-data-types
http://code.activestate.com/recipes/208699/
http://msdn.microsoft.com/en-us/libr...55(VS.85).aspx

> > Using ctypes can I access the windows structures like:
>
> > PROCESS_INFORMATION_BLOCK, Process Environment Block(PEB),
> > PEB_LDR_DATA, etc?
>
> ctypes.wintypes lists all of the Windows structures included with the
> module.
>
> You should be able to use ctypes.Structure class to roll your own:

Thanks Alex. As you suggested, I'm trying to implemenet the below
structure, windows PEB, in Python:

typedef struct _PEB {
BYTE Reserved1[2];
BYTE BeingDebugged;
BYTE Reserved2[21];
PPEB_LDR_DATA LoaderData;
PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
BYTE Reserved3[520];
PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine;
BYTE Reserved4[136];
ULONG SessionId;
} PEB;

My equivalent Python structure is:
class PEB(Structure):
_fields_ = [("Reserved1", wintypes.BYTE * 2),
("BeingDebugged", wintypes.BYTE),
("Reserved2", wintypes.BYTE * 2),
("Reserved3", c_void_p),
("Ldr", pointer(PEB_LDR_DATA)),
("ProcessParameters", pointer
(RTL_USER_PROCESS_PARAMETERS)),
("Reserved4", wintypes.BYTE * 104),
("Reserved5", c_void_p),
(),
("Reserved6", wintypes.BYTE),
("Reserved7", c_void_p),
("SessionId", c_ulong)]

I'm not sure what needs to go in the above empty tuple for
"PPS_POST_PROCESS_INIT_ROUTINE PostProcessInitRoutine" (in Original
PEB).

Please suggest.