Update rpc doc + sample + new rpc function + new winfunc definition file + fix setup.py

Author: hakril

ctypes_generation/definitions/winfunc_notdoc.txt

@@ -0,0 +1,6 @@
+NTSTATUS WINAPI TpCallbackSendAlpcMessageOnCompletion(
+    _In_ HANDLE TpHandle,
+    _In_ HANDLE PortHandle,
+    _In_ ULONG Flags,
+    _In_opt_ PPORT_MESSAGE SendMessage,
+);

ctypes_generation/generate.py

@@ -742,6 +742,7 @@ class DefGenerator(InitialDefGenerator):
 
 functions = FuncGenerator(from_here("definitions\\winfunc.txt"), from_here(r"..\windows\generated_def\\winfuncs.py"), dependances=[structs])
 functions.append_input_file(from_here("definitions\\wintrust_crypt_func.txt"))
+functions.append_input_file(from_here("definitions\\winfunc_notdoc.txt"))
 
 com = InitialCOMGenerator(from_here("definitions\\com\\*.txt"), DEFAULT_INTERFACE_TO_IID, from_here(r"..\windows\generated_def\\interfaces.py"), dependances=[structs, defs_with_ntstatus])
 

docs/source/rpc.rst

@@ -13,7 +13,10 @@ The :mod:`windows.rpc` allows to perform the basic for MS-RPC:
 
 .. note::
 
-    See UAC POC
+    See samples:
+
+        * :ref:`sample_rpc_uac`
+        * :ref:`sample_rpc_lsass`
 
 
 RPCClient

docs/source/sample.rst

@@ -581,8 +581,8 @@ Ouput::
 
 .. _wmi_request:
 
-Make WMI requests
-"""""""""""""""""
+WMI requests
+""""""""""""
 
 
 .. literalinclude:: ..\..\samples\wmi\wmi_request.py
@@ -634,8 +634,8 @@ Output::
     * NET_FW_PROFILE2_PUBLIC(0x4L) -> True
 
 
-``windows.crypto``
-""""""""""""""""""
+:mod:`windows.crypto`
+"""""""""""""""""""""
 
 
 .. _sample_crypto_encryption:
@@ -734,8 +734,8 @@ Ouput::
 
 
 
-``windows.alpc``
-""""""""""""""""
+:mod:`windows.alpc`
+"""""""""""""""""""
 
 .. _sample_alpc:
 
@@ -849,3 +849,81 @@ Output::
     - TOKEN.AuthenticationId -> 0x48989L
     - TOKEN.ModifiedId -> 0x48995L
     BYE
+
+
+
+
+:mod:`windows.rpc`
+""""""""""""""""""
+
+.. _sample_rpc_uac:
+
+Manual UAC
+''''''''''
+
+.. literalinclude:: ..\..\samples\rpc\uac.py
+
+
+Output::
+
+    (cmd λ) python samples\rpc\uac.py
+    Namespace(cmdline='', creationflags=CREATE_UNICODE_ENVIRONMENT(0x400L), target='C:\\Python27\\python.exe', uacflags=17)
+    # UAC pop - asking to execute python.exe | Clicking Yes
+    Return value = 0x6
+    Created process is <WinProcess "python.exe" pid 19304 at 0x455f7d0>
+    * bitness is 32
+    * integrity: SECURITY_MANDATORY_HIGH_RID(0x3000L)
+    * elevated: True
+
+    # The new python.exe in another window
+    >>> windows.current_process.token.integrity
+    SECURITY_MANDATORY_HIGH_RID(0x3000L)
+    >>> windows.current_process.token.is_elevated
+    True
+
+.. _sample_rpc_lsass:
+
+Manual ``LsarEnumeratePrivileges``
+''''''''''''''''''''''''''''''''''
+
+.. literalinclude:: ..\..\samples\rpc\lsass.py
+
+Output::
+
+    (cmd λ) python samples\rpc\lsass.py
+    (2, u'SeCreateTokenPrivilege')
+    (3, u'SeAssignPrimaryTokenPrivilege')
+    (4, u'SeLockMemoryPrivilege')
+    (5, u'SeIncreaseQuotaPrivilege')
+    (6, u'SeMachineAccountPrivilege')
+    (7, u'SeTcbPrivilege')
+    (8, u'SeSecurityPrivilege')
+    (9, u'SeTakeOwnershipPrivilege')
+    (10, u'SeLoadDriverPrivilege')
+    (11, u'SeSystemProfilePrivilege')
+    (12, u'SeSystemtimePrivilege')
+    (13, u'SeProfileSingleProcessPrivilege')
+    (14, u'SeIncreaseBasePriorityPrivilege')
+    (15, u'SeCreatePagefilePrivilege')
+    (16, u'SeCreatePermanentPrivilege')
+    (17, u'SeBackupPrivilege')
+    (18, u'SeRestorePrivilege')
+    (19, u'SeShutdownPrivilege')
+    (20, u'SeDebugPrivilege')
+    (21, u'SeAuditPrivilege')
+    (22, u'SeSystemEnvironmentPrivilege')
+    (23, u'SeChangeNotifyPrivilege')
+    (24, u'SeRemoteShutdownPrivilege')
+    (25, u'SeUndockPrivilege')
+    (26, u'SeSyncAgentPrivilege')
+    (27, u'SeEnableDelegationPrivilege')
+    (28, u'SeManageVolumePrivilege')
+    (29, u'SeImpersonatePrivilege')
+    (30, u'SeCreateGlobalPrivilege')
+    (31, u'SeTrustedCredManAccessPrivilege')
+    (32, u'SeRelabelPrivilege')
+    (33, u'SeIncreaseWorkingSetPrivilege')
+    (34, u'SeTimeZonePrivilege')
+    (35, u'SeCreateSymbolicLinkPrivilege')
+    (36, u'SeDelegateSessionUserImpersonatePrivilege')
+

samples/native_utils.py

@@ -14,7 +14,7 @@
 
 dll = "KERNEL32.DLL\x00".encode("utf-16-le")
 api = "LoadLibraryA\x00"
-dll_to_load = "SUCE"
+dll_to_load = "MyDLLToLoad"
 
 
 RemoteManualLoadLibray = x64.MultipleInstr()

samples/rpc/uac.py

@@ -22,7 +22,7 @@ class NdrUACStartupInfo(ndr.NdrStructure):
                 ndr.NdrLong,
                 NDRPoint]
 
-class UACParameters(ndr.NdrParameters):
+class RAiLaunchAdminProcessParameters(ndr.NdrParameters):
     MEMBERS = [ndr.NdrUniquePTR(ndr.NdrWString),
                 ndr.NdrUniquePTR(ndr.NdrWString),
                 ndr.NdrLong,
@@ -51,7 +51,7 @@ class NdrProcessInformation(ndr.NdrParameters):
 iid = client.bind(UAC_UIID)
 
 # Marshalling parameters.
-parameters = UACParameters.pack([
+parameters = RAiLaunchAdminProcessParameters.pack([
     params.target + "\x00", # Application Path
     params.cmdline + "\x00", # Commandline
     params.uacflags, # UAC-Request Flag

setup.py

@@ -15,12 +15,11 @@
     keywords = 'windows python',
     url = '',
     packages = ['windows',
+                'windows.crypto',
+                'windows.debug',
                 'windows.generated_def',
                 'windows.native_exec',
-                'windows.utils',
-                'windows.winobject',
-                'windows.debug',
-                'windows.crypto',
                 'windows.rpc',
-                'windows.test'],
+                'windows.utils',
+                'windows.winobject'],
 )

windows/generated_def/winfuncs.py

@@ -6,7 +6,7 @@
 from winstructs import *
 
 
-functions = ['ExitProcess', 'TerminateProcess', 'GetLastError', 'GetCurrentProcess', 'CreateFileA', 'CreateFileW', 'NtCreateFile', 'LdrLoadDll', 'NtQuerySystemInformation', 'NtQueryInformationProcess', 'NtQueryVirtualMemory', 'NtCreateThreadEx', 'NtQueryInformationThread', 'GetExitCodeThread', 'GetExitCodeProcess', 'VirtualAlloc', 'VirtualAllocEx', 'NtProtectVirtualMemory', 'VirtualFree', 'VirtualFreeEx', 'VirtualProtect', 'VirtualProtectEx', 'VirtualQuery', 'VirtualQueryEx', 'QueryWorkingSet', 'QueryWorkingSetEx', 'GetModuleFileNameA', 'GetModuleFileNameW', 'CreateThread', 'CreateRemoteThread', 'VirtualProtect', 'CreateProcessA', 'CreateProcessW', 'CreateProcessAsUserA', 'CreateProcessAsUserW', 'GetThreadContext', 'NtGetContextThread', 'SetThreadContext', 'NtSetContextThread', 'OpenThread', 'OpenProcess', 'CloseHandle', 'ReadProcessMemory', 'NtWow64ReadVirtualMemory64', 'NtReadVirtualMemory', 'WriteProcessMemory', 'NtWow64WriteVirtualMemory64', 'CreateToolhelp32Snapshot', 'Thread32First', 'Thread32Next', 'Process32First', 'Process32Next', 'Process32FirstW', 'Process32NextW', 'GetProcAddress', 'LoadLibraryA', 'LoadLibraryW', 'OpenProcessToken', 'OpenThreadToken', 'LookupPrivilegeValueA', 'LookupPrivilegeValueW', 'LookupPrivilegeNameA', 'LookupPrivilegeNameW', 'AdjustTokenPrivileges', 'FindResourceA', 'FindResourceW', 'SizeofResource', 'LoadResource', 'LockResource', 'GetVersionExA', 'GetVersionExW', 'GetVersion', 'GetCurrentThread', 'GetCurrentThreadId', 'GetCurrentProcessorNumber', 'AllocConsole', 'FreeConsole', 'GetStdHandle', 'SetStdHandle', 'SetThreadAffinityMask', 'ReadFile', 'WriteFile', 'GetExtendedTcpTable', 'GetExtendedUdpTable', 'SetTcpEntry', 'AddVectoredContinueHandler', 'AddVectoredExceptionHandler', 'TerminateThread', 'ExitThread', 'RemoveVectoredExceptionHandler', 'ResumeThread', 'SuspendThread', 'WaitForSingleObject', 'GetThreadId', 'LoadLibraryExA', 'LoadLibraryExW', 'SymInitialize', 'SymFromName', 'SymLoadModuleEx', 'SymSetOptions', 'SymGetTypeInfo', 'DeviceIoControl', 'GetTokenInformation', 'RegOpenKeyExA', 'RegOpenKeyExW', 'RegGetValueA', 'RegGetValueW', 'RegCloseKey', 'Wow64DisableWow64FsRedirection', 'Wow64RevertWow64FsRedirection', 'Wow64EnableWow64FsRedirection', 'Wow64GetThreadContext', 'SetConsoleCtrlHandler', 'WinVerifyTrust', 'GlobalAlloc', 'GlobalFree', 'GlobalUnlock', 'GlobalLock', 'OpenClipboard', 'EmptyClipboard', 'CloseClipboard', 'SetClipboardData', 'GetClipboardData', 'EnumClipboardFormats', 'GetClipboardFormatNameA', 'GetClipboardFormatNameW', 'WinVerifyTrust', 'OpenProcessToken', 'OpenThreadToken', 'GetTokenInformation', 'SetTokenInformation', 'GetSidIdentifierAuthority', 'GetSidSubAuthority', 'GetSidSubAuthorityCount', 'GetLengthSid', 'CreateWellKnownSid', 'DebugBreak', 'WaitForDebugEvent', 'ContinueDebugEvent', 'DebugActiveProcess', 'DebugActiveProcessStop', 'DebugSetProcessKillOnExit', 'DebugBreakProcess', 'GetProcessId', 'Wow64SetThreadContext', 'GetMappedFileNameW', 'GetMappedFileNameA', 'RtlInitString', 'RtlInitUnicodeString', 'RtlAnsiStringToUnicodeString', 'RtlDecompressBuffer', 'NtCreateSection', 'NtOpenSection', 'NtMapViewOfSection', 'NtUnmapViewOfSection', 'OpenEventA', 'OpenEventW', 'NtOpenEvent', 'NtAlpcCreatePort', 'NtAlpcQueryInformation', 'NtAlpcConnectPort', 'NtAlpcConnectPortEx', 'NtAlpcAcceptConnectPort', 'AlpcInitializeMessageAttribute', 'AlpcGetMessageAttribute', 'NtAlpcSendWaitReceivePort', 'NtAlpcDisconnectPort', 'NtAlpcCreatePortSection', 'NtAlpcDeletePortSection', 'NtAlpcCreateResourceReserve', 'NtAlpcDeleteResourceReserve', 'NtAlpcCreateSectionView', 'NtAlpcDeleteSectionView', 'NtAlpcCreateSecurityContext', 'NtAlpcDeleteSecurityContext', 'NtAlpcRevokeSecurityContext', 'lstrcmpA', 'lstrcmpW', 'CreateFileMappingA', 'CreateFileMappingW', 'MapViewOfFile', 'OpenSCManagerA', 'OpenSCManagerW', 'CloseServiceHandle', 'EnumServicesStatusExA', 'EnumServicesStatusExW', 'StartServiceA', 'StartServiceW', 'OpenServiceA', 'OpenServiceW', 'EnumWindows', 'GetWindowTextA', 'GetWindowTextW', 'GetWindowModuleFileNameA', 'GetWindowModuleFileNameW', 'CryptCATAdminCalcHashFromFileHandle', 'CryptCATAdminEnumCatalogFromHash', 'CryptCATAdminAcquireContext', 'CryptCATCatalogInfoFromContext', 'CryptCATAdminReleaseCatalogContext', 'CryptCATAdminReleaseContext', 'GetLogicalDriveStringsA', 'GetLogicalDriveStringsW', 'GetVolumeInformationA', 'GetVolumeInformationW', 'GetVolumeNameForVolumeMountPointA', 'GetVolumeNameForVolumeMountPointW', 'GetDriveTypeA', 'GetDriveTypeW', 'QueryDosDeviceA', 'QueryDosDeviceW', 'NtQueryObject', 'DuplicateHandle', 'ZwDuplicateObject', 'GetModuleBaseNameA', 'GetModuleBaseNameW', 'GetProcessImageFileNameA', 'GetProcessImageFileNameW', 'GetFileVersionInfoA', 'GetFileVersionInfoW', 'GetFileVersionInfoSizeA', 'GetFileVersionInfoSizeW', 'VerQueryValueA', 'VerQueryValueW', 'GetSystemMetrics', 'GetComputerNameA', 'GetComputerNameW', 'LookupAccountSidA', 'LookupAccountSidW', 'CoInitializeEx', 'CoInitializeSecurity', 'CoCreateInstance', 'GetInterfaceInfo', 'GetIfTable', 'GetIpAddrTable', 'NtOpenDirectoryObject', 'NtQueryDirectoryObject', 'NtQuerySymbolicLinkObject', 'NtOpenSymbolicLinkObject', 'GetProcessTimes', 'GetShortPathNameA', 'GetShortPathNameW', 'GetLongPathNameA', 'GetLongPathNameW', 'GetProcessDEPPolicy', 'GetCursorPos', 'WindowFromPoint', 'GetWindowRect', 'GetNamedSecurityInfoA', 'GetNamedSecurityInfoW', 'GetSecurityInfo', 'ConvertStringSidToSidA', 'ConvertStringSidToSidW', 'ConvertSidToStringSidA', 'ConvertSidToStringSidW', 'LocalFree', 'RegQueryValueExA', 'RegQueryValueExW', 'ShellExecuteA', 'ShellExecuteW', 'InitializeProcThreadAttributeList', 'UpdateProcThreadAttribute', 'DeleteProcThreadAttributeList', 'MessageBoxA', 'MessageBoxW', 'GetWindowsDirectoryA', 'GetWindowsDirectoryW', 'RtlGetUnloadEventTraceEx', 'CryptQueryObject', 'CryptMsgGetParam', 'CryptDecodeObject', 'CertFindCertificateInStore', 'CertGetNameStringA', 'CertGetNameStringW', 'CertGetCertificateChain', 'CertCreateSelfSignCertificate', 'CertStrToNameA', 'CertStrToNameW', 'CertOpenStore', 'CertAddCertificateContextToStore', 'PFXExportCertStoreEx', 'PFXImportCertStore', 'CryptGenKey', 'CryptDestroyKey', 'CryptAcquireContextA', 'CryptAcquireContextW', 'CryptReleaseContext', 'CryptExportKey', 'CertGetCertificateContextProperty', 'CertEnumCertificateContextProperties', 'CryptEncryptMessage', 'CryptDecryptMessage', 'CryptAcquireCertificatePrivateKey', 'CertDuplicateCertificateContext', 'CertEnumCertificatesInStore', 'CryptEncodeObjectEx', 'CertCreateCertificateContext', 'CertCompareCertificate']
+functions = ['ExitProcess', 'TerminateProcess', 'GetLastError', 'GetCurrentProcess', 'CreateFileA', 'CreateFileW', 'NtCreateFile', 'LdrLoadDll', 'NtQuerySystemInformation', 'NtQueryInformationProcess', 'NtQueryVirtualMemory', 'NtCreateThreadEx', 'NtQueryInformationThread', 'GetExitCodeThread', 'GetExitCodeProcess', 'VirtualAlloc', 'VirtualAllocEx', 'NtProtectVirtualMemory', 'VirtualFree', 'VirtualFreeEx', 'VirtualProtect', 'VirtualProtectEx', 'VirtualQuery', 'VirtualQueryEx', 'QueryWorkingSet', 'QueryWorkingSetEx', 'GetModuleFileNameA', 'GetModuleFileNameW', 'CreateThread', 'CreateRemoteThread', 'VirtualProtect', 'CreateProcessA', 'CreateProcessW', 'CreateProcessAsUserA', 'CreateProcessAsUserW', 'GetThreadContext', 'NtGetContextThread', 'SetThreadContext', 'NtSetContextThread', 'OpenThread', 'OpenProcess', 'CloseHandle', 'ReadProcessMemory', 'NtWow64ReadVirtualMemory64', 'NtReadVirtualMemory', 'WriteProcessMemory', 'NtWow64WriteVirtualMemory64', 'CreateToolhelp32Snapshot', 'Thread32First', 'Thread32Next', 'Process32First', 'Process32Next', 'Process32FirstW', 'Process32NextW', 'GetProcAddress', 'LoadLibraryA', 'LoadLibraryW', 'OpenProcessToken', 'OpenThreadToken', 'LookupPrivilegeValueA', 'LookupPrivilegeValueW', 'LookupPrivilegeNameA', 'LookupPrivilegeNameW', 'AdjustTokenPrivileges', 'FindResourceA', 'FindResourceW', 'SizeofResource', 'LoadResource', 'LockResource', 'GetVersionExA', 'GetVersionExW', 'GetVersion', 'GetCurrentThread', 'GetCurrentThreadId', 'GetCurrentProcessorNumber', 'AllocConsole', 'FreeConsole', 'GetStdHandle', 'SetStdHandle', 'SetThreadAffinityMask', 'ReadFile', 'WriteFile', 'GetExtendedTcpTable', 'GetExtendedUdpTable', 'SetTcpEntry', 'AddVectoredContinueHandler', 'AddVectoredExceptionHandler', 'TerminateThread', 'ExitThread', 'RemoveVectoredExceptionHandler', 'ResumeThread', 'SuspendThread', 'WaitForSingleObject', 'GetThreadId', 'LoadLibraryExA', 'LoadLibraryExW', 'SymInitialize', 'SymFromName', 'SymLoadModuleEx', 'SymSetOptions', 'SymGetTypeInfo', 'DeviceIoControl', 'GetTokenInformation', 'RegOpenKeyExA', 'RegOpenKeyExW', 'RegGetValueA', 'RegGetValueW', 'RegCloseKey', 'Wow64DisableWow64FsRedirection', 'Wow64RevertWow64FsRedirection', 'Wow64EnableWow64FsRedirection', 'Wow64GetThreadContext', 'SetConsoleCtrlHandler', 'WinVerifyTrust', 'GlobalAlloc', 'GlobalFree', 'GlobalUnlock', 'GlobalLock', 'OpenClipboard', 'EmptyClipboard', 'CloseClipboard', 'SetClipboardData', 'GetClipboardData', 'EnumClipboardFormats', 'GetClipboardFormatNameA', 'GetClipboardFormatNameW', 'WinVerifyTrust', 'OpenProcessToken', 'OpenThreadToken', 'GetTokenInformation', 'SetTokenInformation', 'GetSidIdentifierAuthority', 'GetSidSubAuthority', 'GetSidSubAuthorityCount', 'GetLengthSid', 'CreateWellKnownSid', 'DebugBreak', 'WaitForDebugEvent', 'ContinueDebugEvent', 'DebugActiveProcess', 'DebugActiveProcessStop', 'DebugSetProcessKillOnExit', 'DebugBreakProcess', 'GetProcessId', 'Wow64SetThreadContext', 'GetMappedFileNameW', 'GetMappedFileNameA', 'RtlInitString', 'RtlInitUnicodeString', 'RtlAnsiStringToUnicodeString', 'RtlDecompressBuffer', 'NtCreateSection', 'NtOpenSection', 'NtMapViewOfSection', 'NtUnmapViewOfSection', 'OpenEventA', 'OpenEventW', 'NtOpenEvent', 'NtAlpcCreatePort', 'NtAlpcQueryInformation', 'NtAlpcConnectPort', 'NtAlpcConnectPortEx', 'NtAlpcAcceptConnectPort', 'AlpcInitializeMessageAttribute', 'AlpcGetMessageAttribute', 'NtAlpcSendWaitReceivePort', 'NtAlpcDisconnectPort', 'NtAlpcCreatePortSection', 'NtAlpcDeletePortSection', 'NtAlpcCreateResourceReserve', 'NtAlpcDeleteResourceReserve', 'NtAlpcCreateSectionView', 'NtAlpcDeleteSectionView', 'NtAlpcCreateSecurityContext', 'NtAlpcDeleteSecurityContext', 'NtAlpcRevokeSecurityContext', 'lstrcmpA', 'lstrcmpW', 'CreateFileMappingA', 'CreateFileMappingW', 'MapViewOfFile', 'OpenSCManagerA', 'OpenSCManagerW', 'CloseServiceHandle', 'EnumServicesStatusExA', 'EnumServicesStatusExW', 'StartServiceA', 'StartServiceW', 'OpenServiceA', 'OpenServiceW', 'EnumWindows', 'GetWindowTextA', 'GetWindowTextW', 'GetWindowModuleFileNameA', 'GetWindowModuleFileNameW', 'CryptCATAdminCalcHashFromFileHandle', 'CryptCATAdminEnumCatalogFromHash', 'CryptCATAdminAcquireContext', 'CryptCATCatalogInfoFromContext', 'CryptCATAdminReleaseCatalogContext', 'CryptCATAdminReleaseContext', 'GetLogicalDriveStringsA', 'GetLogicalDriveStringsW', 'GetVolumeInformationA', 'GetVolumeInformationW', 'GetVolumeNameForVolumeMountPointA', 'GetVolumeNameForVolumeMountPointW', 'GetDriveTypeA', 'GetDriveTypeW', 'QueryDosDeviceA', 'QueryDosDeviceW', 'NtQueryObject', 'DuplicateHandle', 'ZwDuplicateObject', 'GetModuleBaseNameA', 'GetModuleBaseNameW', 'GetProcessImageFileNameA', 'GetProcessImageFileNameW', 'GetFileVersionInfoA', 'GetFileVersionInfoW', 'GetFileVersionInfoSizeA', 'GetFileVersionInfoSizeW', 'VerQueryValueA', 'VerQueryValueW', 'GetSystemMetrics', 'GetComputerNameA', 'GetComputerNameW', 'LookupAccountSidA', 'LookupAccountSidW', 'CoInitializeEx', 'CoInitializeSecurity', 'CoCreateInstance', 'GetInterfaceInfo', 'GetIfTable', 'GetIpAddrTable', 'NtOpenDirectoryObject', 'NtQueryDirectoryObject', 'NtQuerySymbolicLinkObject', 'NtOpenSymbolicLinkObject', 'GetProcessTimes', 'GetShortPathNameA', 'GetShortPathNameW', 'GetLongPathNameA', 'GetLongPathNameW', 'GetProcessDEPPolicy', 'GetCursorPos', 'WindowFromPoint', 'GetWindowRect', 'GetNamedSecurityInfoA', 'GetNamedSecurityInfoW', 'GetSecurityInfo', 'ConvertStringSidToSidA', 'ConvertStringSidToSidW', 'ConvertSidToStringSidA', 'ConvertSidToStringSidW', 'LocalFree', 'RegQueryValueExA', 'RegQueryValueExW', 'ShellExecuteA', 'ShellExecuteW', 'InitializeProcThreadAttributeList', 'UpdateProcThreadAttribute', 'DeleteProcThreadAttributeList', 'MessageBoxA', 'MessageBoxW', 'GetWindowsDirectoryA', 'GetWindowsDirectoryW', 'RtlGetUnloadEventTraceEx', 'CryptQueryObject', 'CryptMsgGetParam', 'CryptDecodeObject', 'CertFindCertificateInStore', 'CertGetNameStringA', 'CertGetNameStringW', 'CertGetCertificateChain', 'CertCreateSelfSignCertificate', 'CertStrToNameA', 'CertStrToNameW', 'CertOpenStore', 'CertAddCertificateContextToStore', 'PFXExportCertStoreEx', 'PFXImportCertStore', 'CryptGenKey', 'CryptDestroyKey', 'CryptAcquireContextA', 'CryptAcquireContextW', 'CryptReleaseContext', 'CryptExportKey', 'CertGetCertificateContextProperty', 'CertEnumCertificateContextProperties', 'CryptEncryptMessage', 'CryptDecryptMessage', 'CryptAcquireCertificatePrivateKey', 'CertDuplicateCertificateContext', 'CertEnumCertificatesInStore', 'CryptEncodeObjectEx', 'CertCreateCertificateContext', 'CertCompareCertificate', 'TpCallbackSendAlpcMessageOnCompletion']
 
 
 #def ExitProcess(uExitCode):
@@ -1498,3 +1498,8 @@
 #    return CertCompareCertificate.ctypes_function(dwCertEncodingType, pCertId1, pCertId2)
 CertCompareCertificatePrototype = WINFUNCTYPE(BOOL, DWORD, PCERT_INFO, PCERT_INFO)
 CertCompareCertificateParams = ((1, 'dwCertEncodingType'), (1, 'pCertId1'), (1, 'pCertId2'))
+
+#def TpCallbackSendAlpcMessageOnCompletion(TpHandle, PortHandle, Flags, SendMessage):
+#    return TpCallbackSendAlpcMessageOnCompletion.ctypes_function(TpHandle, PortHandle, Flags, SendMessage)
+TpCallbackSendAlpcMessageOnCompletionPrototype = WINFUNCTYPE(NTSTATUS, HANDLE, HANDLE, ULONG, PPORT_MESSAGE)
+TpCallbackSendAlpcMessageOnCompletionParams = ((1, 'TpHandle'), (1, 'PortHandle'), (1, 'Flags'), (1, 'SendMessage'))

windows/winproxy.py

@@ -953,11 +953,17 @@ def NtMapViewOfSection(SectionHandle, ProcessHandle, BaseAddress, ZeroBits, Comm
 def NtUnmapViewOfSection(ProcessHandle, BaseAddress):
     return NtUnmapViewOfSection.ctypes_function(ProcessHandle, BaseAddress)
 
+
 @NtdllProxy("RtlGetUnloadEventTraceEx", no_error_check)
 def RtlGetUnloadEventTraceEx(ElementSize, ElementCount, EventTrace):
     return RtlGetUnloadEventTraceEx.ctypes_function(ElementSize, ElementCount, EventTrace)
 
 
+@NtdllProxy("TpCallbackSendAlpcMessageOnCompletion")
+def TpCallbackSendAlpcMessageOnCompletion(TpHandle, PortHandle, Flags, SendMessage):
+    return TpCallbackSendAlpcMessageOnCompletion.ctypes_function(TpHandle, PortHandle, Flags, SendMessage)
+
+
 
 # ##### ADVAPI32 ####### #