ctypes: point to buffer in structure

J

Jesse R

Hey I've been trying to convert this to run through ctypes and i'm
having a hard time

typedef struct _SYSTEM_PROCESS_ID_INFORMATION
{
HANDLE ProcessId;
UNICODE_STRING ImageName;
} SYSTEM_PROCESS_IMAGE_NAME_INFORMATION,
*PSYSTEM_PROCESS_IMAGE_NAME_INFORMATION;

to

class SYSTEM_PROCESS_ID_INFORMATION(ctypes.Structure):
_fields_ = [('pid', ctypes.c_ulong),
('imageName', ctypes.c_wchar_p)]

processNameBuffer = ctypes.create_unicode_buffer(0x100)
pidInfo = SYSTEM_PROCESS_ID_INFORMATION(pid,
ctypes.byref(processNameBuffer))
status = ntdll.NtQuerySystemInformation(0x58, ctypes.byref(pidInfo),
ctypes.sizeof(pidInfo), None)

does anyone know how to get this working?
 
W

Wanderer

Jesse R said:
Hey I've been trying to convert this to run through ctypes and i'm
having a hard time
Click to expand...
typedef struct _SYSTEM_PROCESS_ID_INFORMATION
{
   HANDLE ProcessId;
   UNICODE_STRING ImageName;
} SYSTEM_PROCESS_IMAGE_NAME_INFORMATION,
*PSYSTEM_PROCESS_IMAGE_NAME_INFORMATION;
to
Click to expand...

class SYSTEM_PROCESS_ID_INFORMATION(ctypes.Structure):
   _fields_ = [('pid', ctypes.c_ulong),
                   ('imageName', ctypes.c_wchar_p)]
...
does anyone know how to get this working?
Click to expand...

UNICODE_STRING is not just a pointer to wide characters.  It is itself a
structure:

typedef struct _UNICODE_STRING {
    USHORT Length;
    USHORT MaximumLength;
    PWSTR  Buffer;

} UNICODE_STRING;

So, I think you want fields of ctypes.c_ulong, ctypes.c_ushort,
ctypes.c_ushort, and ctypes.c_wchar_p.  MaximumLength gives the allocated
size of the buffer.  Length gives the length of the string currently held
in the buffer.  It can be less than the maximum length, and the buffer does
NOT necessarily contain a zero-terminator.

UNICODE_STRING and ANSI_STRING are used in kernel programming to avoid the
potential ambiguities of counted strings.
Click to expand...

if UNICODE_STRING is a structure you will want a structure for it

class UNICODE_STRING(ctypes.Structure):
_fields_ = [("Length", ctypes.c_ushort),
("MaximumLength" ,ctypes.c_ushort),
("Buffer", ctypes.c_wchar_p)]

class SYSTEM_PROCESS_ID_INFORMATION(ctypes.Structure):
_fields_ = [("pid", ctypes.c_ulong),
("imageName", UNICODE_STRING)]
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

change volume of single audio device 2
ctypes to customize MSN now playing status 0
ctypes: how to make a structure pointer to point to a buffer 1
Sending arrays of a structure as an argument via ctypes 1
dynamic allocation file buffer 26
Help with ctypes pointer return values 2
Help with PAM and ctypes 3
How to get the local mac address? 24

Members online

No members online now.
Total: 67 (members: 1, guests: 66)
Robots: 605

Forum statistics

Threads
473,982
Messages
2,570,185
Members
46,738
Latest member
JinaMacvit

Latest Threads

Top