/PythonForWindows

A codebase aimed to make interaction with Windows and native execution easier

Primary LanguagePythonBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

PythonForWindows

PythonForWindows is a base of code aimed to make interaction with Windows (on X86/X64) easier (for both 32 and 64 bits Python). Its goal is to offer abstractions around some of the OS features in a (I hope) pythonic way. It also tries to make the barrier between python and native execution thinner in both ways. There is no external dependencies but it relies heavily on the ctypes module.

Some of this code is clean (IMHO) and some parts are just a wreck that works for now. Let's say that the codebase evolves with my needs and my curiosity.

Complete online documentation is available here You can find some examples of code in the samples directory or online.

Parts of PythonForWindows are used in the LKD project.

Overview

Processes / Threads

PythonForWindows offers objects around processes and allows you to:

  • Retrieve basic process informations (pid, name, ppid, bitness, ...)
  • Perform basic interprocess operation (allocation, create thread, read/write memory)
  • Explore the PEB (Process Environment Block)
  • Execute native and Python code in the context of a process.

I try my best to make those features available for every cross-bitness processes (32 <-> 64 in both ways). This involves relying on non-documented Windows functions/behaviours and also injecting code in the 64bits world of a Syswow64 process. All those operations are also available for the current_process.

You can also make some operation on threads (suspend/resume/wait/get(or set) context/ kill)

IAT Hook

This codebase is born from my need to have IAT hooks implemented in Python. So the features is present (See online documentation about IAT hooks).

Winproxy

A wrapper around some Windows functions. Arguments name and order are the same, but some have default values and the functions raise exception on call error (I don't like 'if' around all my call).

Native execution

To make the barrier between native and Python code, PythonForWindows allows you to create native function callable from Python (thanks ctypes) and also embed a simple x86/x64 assembler.

Other stuff

Some code are just explorations and need improvements like:

  • Wintrust
  • WMI
  • Exception
  • COM