Added some samples output + document change Kernel32Error -> WinproxyError + fix sample/readme/doc related

Author: hakril

README.md

@@ -50,31 +50,31 @@ You can also make some operation on threads (suspend/resume/wait/get(or set) con
 32
 >>> windows.current_process.token.integrity
 SECURITY_MANDATORY_MEDIUM_RID(0x2000L)
->>> calc = [p for p in windows.system.processes if p.name == "calc.exe"][0]
->>> calc
-<WinProcess "calc.exe" pid 6960 at 0x37391f0>
->>> calc.bitness
+>>> proc = [p for p in windows.system.processes if p.name == "notepad.exe"][0]
+>>> proc
+<WinProcess "notepad.exe" pid 16520 at 0x544e410>
+>>> proc.bitness
 64
->>> calc.peb.modules[:3]
-[<RemoteLoadedModule64 "calc.exe" at 0x3671e90>, <RemoteLoadedModule64 "ntdll.dll" at 0x3671030>, <RemoteLoadedModule64 "kernel32.dll" at 0x3671080>]
->>> k32 = calc.peb.modules[2]
+>>> proc.peb.modules[:3]
+[<RemoteLoadedModule64 "notepad.exe" at 0x3671e90>, <RemoteLoadedModule64 "ntdll.dll" at 0x3671030>, <RemoteLoadedModule64 "kernel32.dll" at 0x3671080>]
+>>> k32 = proc.peb.modules[2]
 >>> hex(k32.pe.exports["CreateFileW"])
 '0x7ffee6761550L'
->>> calc.threads[0]
-<WinThread 3932 owner "calc.exe" at 0x3646350>
->>> hex(calc.threads[0].context.Rip)
+>>> proc.threads[0]
+<WinThread 17688 owner "notepad.exe" at 0x53b47f0>
+>>> hex(proc.threads[0].context.Rip)
 '0x7ffee68b54b0L'
->>> calc.execute_python("import os")
+>>> proc.execute_python("import os")
 True
->>> calc.execute_python("exit(os.getpid() + 1)")
+>>> proc.execute_python("exit(os.getpid() + 1)")
 # execute_python raise if process died
 Traceback (most recent call last):
 ...
-WindowsError: <WinProcess "calc.exe" pid 6960 (DEAD) at 0x37391f0> died during execution of python command
+WindowsError: <WinProcess "notepad.exe" pid 16520 (DEAD) at 0x579f610> died during execution of python command
 >>> calc
-<WinProcess "calc.exe" pid 6960 (DEAD) at 0x37391f0>
+<WinProcess "notepad.exe" pid 16520 (DEAD) at 0x579f610>
 >>> calc.exit_code
-6961L
+16521L
 ```
 
 ### System information
@@ -126,7 +126,7 @@ but some have default values and the functions raise exception on call error (I
 # Help on function VirtualAlloc in module windows.winproxy:
 # VirtualAlloc(lpAddress=0, dwSize=NeededParameter, flAllocationType=MEM_COMMIT(0x1000L), flProtect=PAGE_EXECUTE_READWRITE(0x40L))
 #     Errcheck:
-#     raise Kernel32Error if result is 0
+#     raise WinproxyError if result is 0
 
 # Positional arguments
 >>> windows.winproxy.VirtualAlloc(0, 0x1000)
@@ -158,8 +158,8 @@ File "windows\winproxy.py", line 264, in VirtualAlloc
 File "windows\winproxy.py", line 133, in perform_call
     return self._cprototyped(*args)
 File "windows\winproxy.py", line 59, in kernel32_error_check
-    raise Kernel32Error(func_name)
-windows.winproxy.Kernel32Error: VirtualAlloc: [Error 8] Not enough storage is available to process this command.
+    raise WinproxyError(func_name)
+windows.winproxy.error.WinproxyError: VirtualAlloc: [Error 87] The parameter is incorrect.
 """
 ```
 
@@ -212,10 +212,11 @@ To extract/play with even more information about the system, PythonForWindows is
 ```python
 >>> import windows
 >>> windows.system.wmi.select
-<bound method WmiRequester.select of <windows.winobject.wmi.WmiRequester object at 0x036BA590>>
->>> windows.system.wmi.select("Win32_Process", ["Name", "Handle"])[:4]
-[{'Handle': u'0', 'Name': u'System Idle Process'}, {'Handle': u'4', 'Name': u'System'}, {'Handle': u'412', 'Name': u'smss.exe'}, {'Handle': u'528', 'Name': u'csrss.exe'}]
-# Get WMI data for current process
+<bound method WmiNamespace.select of <WmiNamespace "root\cimv2">>
+>>> windows.system.wmi.select("Win32_Process")[:3]
+[<WmiObject instance of "Win32_Process">, <WmiObject instance of "Win32_Process">, <WmiObject instance of "Win32_Process">]# Get WMI data for current process
+>>> windows.system.wmi.select("Win32_Process")[42]["Name"]
+u'svchost.exe'
 >>> wmi_cp = [p for p in windows.system.wmi.select("Win32_Process") if int(p["Handle"]) == windows.current_process.pid][0]
 >>> wmi_cp["CommandLine"], wmi_cp["HandleCount"]
 (u'"C:\\Python27\\python.exe"', 227)
@@ -388,20 +389,20 @@ import windows
 import windows.debug
 import windows.test
 import windows.native_exec.simple_x86 as x86
+import windows.generated_def as gdef
 
-from windows.test import pop_calc_32
-from windows.generated_def import EXCEPTION_ACCESS_VIOLATION
+from windows.test import pop_proc_32
 
 class MyDebugger(windows.debug.Debugger):
     def on_exception(self, exception):
         code = exception.ExceptionRecord.ExceptionCode
         addr = exception.ExceptionRecord.ExceptionAddress
         print("Got exception {0} at 0x{1:x}".format(code, addr))
-        if code == EXCEPTION_ACCESS_VIOLATION:
+        if code == gdef.EXCEPTION_ACCESS_VIOLATION:
             print("Access Violation: kill target process")
             self.current_process.exit()
 
-calc = windows.test.pop_calc_32(dwCreationFlags=DEBUG_PROCESS)
+calc = windows.test.pop_proc_32(dwCreationFlags=gdef.DEBUG_PROCESS)
 d = MyDebugger(calc)
 calc.execute(x86.assemble("int3; mov [0x42424242], EAX; ret"))
 d.loop()

docs/source/sample.rst

@@ -431,7 +431,7 @@ Ouput::
     \xc6\x12x\x1am\xc8\x01t\xac\xa6\xf3#\x02\xd4J \x8eZ\xbb\x10W\xe1 0;\x06\t*\x86H\x86\xf7\r\x01\x07\x010\x14\x06\x08*
     \x86H\x86\xf7\r\x03\x07\x04\x08\x14F\x04\xad\xed9\xed<\x80\x18\x80]6\xccTV\xbc\xb8*\x84QY!~\xb3\n\x1aV\xd4\rf\xd1n:')
 
-    (cmd λ) python crypto\encryption_demo.py decrypt decrypt --password BADPASS message.crypt mykey.pfx
+    (cmd λ) python crypto\encryption_demo.py decrypt --password BADPASS message.crypt mykey.pfx
     Traceback (most recent call last):
     File "..\samples\encryption_demo.py", line 103, in <module>
         res.func(**res.__dict__)
@@ -444,8 +444,8 @@ Ouput::
     File "c:\users\hakril\documents\work\pythonforwindows\windows\winproxy.py", line 148, in perform_call
         return self._cprototyped(*args)
     File "c:\users\hakril\documents\work\pythonforwindows\windows\winproxy.py", line 69, in kernel32_error_check
-        raise Kernel32Error(func_name)
-    windows.winproxy.Kernel32Error: PFXImportCertStore: [Error 86] The specified network password is not correct.
+        raise WinproxyError(func_name)
+    windows.winproxy.error.WinproxyError: PFXImportCertStore: [Error 86] The specified network password is not correct.
 
     (cmd λ) python crypto\encryption_demo.py decrypt --password MYPASSWORD message.crypt mykey.pfx
     Result = <my secret message>

docs/source/samples_output/security_query_sacl.txt

@@ -0,0 +1,26 @@
+(cmd) python security\query_sacl.py
+This sample should be run as admin to demonstration SACL access
+
+[NO-PRIV] Querying <C:\windows\notepad.exe> SecurityDescriptor without SACL
+sacl = <Acl count=0>
+
+[NO-PRIV] Querying <C:\windows\notepad.exe> SecurityDescriptor with SACL
+None: [Error 1314] A required privilege is not held by the client.
+
+Enabling <SeSecurityPrivilege>
+[ERROR] <Token TokenId=0xd6db5cc Type=TokenPrimary(0x1L)> has no privilege <SeSecurityPrivilege>
+
+
+(cmd-admin) python security\query_sacl.py
+
+[NO-PRIV] Querying <C:\windows\notepad.exe> SecurityDescriptor without SACL
+sacl = <Acl count=0>
+
+[NO-PRIV] Querying <C:\windows\notepad.exe> SecurityDescriptor with SACL
+None: [Error 1314] A required privilege is not held by the client.
+
+Enabling <SeSecurityPrivilege>
+
+[PRIV] Querying <C:\windows\notepad.exe> SecurityDescriptor with SACL
+sacl = <Acl count=1>
+[<SystemAuditACE mask=852246>]

docs/source/samples_output/security_security_descriptor.txt

@@ -0,0 +1,23 @@
+(cmd) python security\security_descriptor.py
+Security descriptor is: <SecurityDescriptor object at 0x03E151C0>
+Owner: S-1-5-32-544
+  - lookup: (u'BUILTIN', u'Administrateurs')
+Group: S-1-5-7
+  - lookup: (u'AUTORITE NT', u'ANONYMOUS LOGON')
+Dacl: <Acl count=2>
+
+  ACE [0]: <AccessAllowedACE mask=269353023>
+    - Header-AceType: ACCESS_ALLOWED_ACE_TYPE(0x0L)
+    - Header-AceFlags: 1
+    - Header-flags: [OBJECT_INHERIT_ACE(0x1L)]
+    - Mask: 269353023
+    - mask: [1L, 2L, 4L, 8L, 16L, 32L, READ_CONTROL(0x20000L), WRITE_DAC(0x40000L), WRITE_OWNER(0x80000L), GENERIC_ALL(0x10000000L)]
+    - Sid:  S-1-0-0
+
+  ACE [1]: <AccessDeniedACE mask=269353023>
+    - Header-AceType: ACCESS_DENIED_ACE_TYPE(0x1L)
+    - Header-AceFlags: 10
+    - Header-flags: [CONTAINER_INHERIT_ACE(0x2L), INHERIT_ONLY_ACE(0x8L)]
+    - Mask: 269353023
+    - mask: [1L, 2L, 4L, 8L, 16L, 32L, READ_CONTROL(0x20000L), WRITE_DAC(0x40000L), WRITE_OWNER(0x80000L), GENERIC_ALL(0x10000000L)]
+    - Sid:  S-1-0-0

docs/source/winproxy.rst

@@ -70,8 +70,8 @@ Calling it
     File "windows\winproxy.py", line 133, in perform_call
         return self._cprototyped(*args)
     File "windows\winproxy.py", line 59, in kernel32_error_check
-        raise Kernel32Error(func_name)
-    windows.winproxy.Kernel32Error: VirtualAlloc: [Error 8] Not enough storage is available to process this command.
+        raise WinproxyError(func_name)
+    windows.winproxy.error.WinproxyError: None: [Error 8] Not enough storage is available to process this command.
     """
 
 
@@ -92,12 +92,12 @@ Helper functions
         '0x77340520'
 
 
-Kernel32Error
+WinproxyError
 """""""""""""
 
-All errors raised by winproxy functions are instance of :class:`Kernel32Error` (or subclasses)
+All errors raised by winproxy functions are instance of :class:`WinproxyError` (or subclasses)
 
-.. autoclass:: Kernel32Error
+.. autoclass:: WinproxyError
     :show-inheritance:
 
     .. attribute:: api_name

tests/test_wmi.py

@@ -151,7 +151,7 @@ def test_wmiobject_getitem(wmi_cls):
 
     props = wmi_obj.get_properties()
     assert isinstance(props, list)
-    assert len(props) > wmi_obj["__PROPERTY_COUNT"]
+    assert len(props) == wmi_obj["__PROPERTY_COUNT"]
     # Check that other dict-like methods exists
     assert wmi_obj.keys()
     assert wmi_obj.values()

windows/utils/improved_buffer.py

@@ -118,7 +118,7 @@ def buffer(obj, eltclass=None):
     return BUFFER(eltclass, dlen)(*obj)
 
 def resized_array(array, newnbelt):
-    btype = buffer_type(array._type_, newnbelt)
+    btype = BUFFER(array._type_, newnbelt)
     new_array = btype.from_address(ctypes.addressof(array))
     new_array._base_array_ = array # Keep a ref to prevent some gc
     return new_array