acquire.acquire.dynamic.windows.ntdll¶
Module Contents¶
Classes¶
Structure base class |
|
Enum where members are also (and must be) ints |
|
Support for integer-based Flags |
|
https://github.com/tpn/winsdk-10/blob/master/Include/10.0.10240.0/shared/ntdef.h |
Functions¶
Initializes the OBJECT_ATTRIBUTES structure. |
|
Closes an opened handle. |
|
Validates the result status of a Nt call |
|
Opens a handle to a specific directory structure of NamedObjects. |
|
Queries a directory object. |
Attributes¶
- acquire.acquire.dynamic.windows.ntdll.ntdll¶
- acquire.acquire.dynamic.windows.ntdll.NtQueryInformationFile¶
- acquire.acquire.dynamic.windows.ntdll.NtQuerySystemInformation¶
- acquire.acquire.dynamic.windows.ntdll.NtQueryObject¶
- acquire.acquire.dynamic.windows.ntdll.STANDARD_RIGHTS_ALL = 2031616¶
- acquire.acquire.dynamic.windows.ntdll.BUFFER_SIZE = 1024¶
- class acquire.acquire.dynamic.windows.ntdll.OBJECT_ATTRIBUTES¶
Bases:
ctypes.StructureStructure base class
- class acquire.acquire.dynamic.windows.ntdll.NtStatusCode¶
Bases:
enum.IntEnumEnum where members are also (and must be) ints
- STATUS_SUCCESS = 0¶
- STATUS_MORE_ENTRIES = 261¶
- STATUS_ACCESS_DENIED = 3221225506¶
- STATUS_INFO_LENGTH_MISMATCH = 3221225476¶
- STATUS_INVALID_HANDLE = 3221225480¶
- STATUS_NO_MORE_ENTRIES = 2147483674¶
- STATUS_BUFFER_OVERFLOW = 2147483653¶
- class acquire.acquire.dynamic.windows.ntdll.ACCESS_MASK¶
Bases:
enum.IntFlagSupport for integer-based Flags
- DIRECTORY_QUERY = 1¶
- DIRECTORY_TRAVERSE = 2¶
- DIRECTORY_CREATE_OBJECT = 4¶
- DIRECTORY_CREATE_SUBDIRECTORY = 8¶
- DIRECTORY_ALL_ACCESS = 2031631¶
- class acquire.acquire.dynamic.windows.ntdll.OBJ_ATTR¶
Bases:
enum.IntFlaghttps://github.com/tpn/winsdk-10/blob/master/Include/10.0.10240.0/shared/ntdef.h https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/object-handles
- OBJ_INHERIT = 2¶
- OBJ_PERMANENT = 16¶
- OBJ_EXCLUSIVE = 32¶
- OBJ_CASE_INSENSITIVE = 64¶
- OBJ_OPENIF = 128¶
- OBJ_OPENLINK = 256¶
- OBJ_KERNEL_HANDLE = 512¶
- OBJ_FORCE_ACCESS_CHECK = 1024¶
- OBJ_IGNORE_IMPERSONATED_DEVICEMAP = 2048¶
- OBJ_VALID_ATTRIBUTES = 4082¶
- acquire.acquire.dynamic.windows.ntdll.NtOpenDirectoryObject¶
- acquire.acquire.dynamic.windows.ntdll.NtQueryDirectoryObject¶
- acquire.acquire.dynamic.windows.ntdll.RtlNtStatusToDosError¶
- acquire.acquire.dynamic.windows.ntdll.CloseHandle¶
- acquire.acquire.dynamic.windows.ntdll.initialize_object_attributes(destination_attributes: OBJECT_ATTRIBUTES, name: acquire.dynamic.windows.types.PUNICODE_STRING, attributes: OBJ_ATTR, root_directory: acquire.dynamic.windows.types.HANDLE, security_descriptor: acquire.dynamic.windows.types.PVOID) None¶
Initializes the OBJECT_ATTRIBUTES structure.
Allocates said information at the address of InitializedAttributes
- acquire.acquire.dynamic.windows.ntdll.close_handle(handle: acquire.dynamic.windows.types.HANDLE) None¶
Closes an opened handle.
- acquire.acquire.dynamic.windows.ntdll.validate_ntstatus(status: acquire.dynamic.windows.types.NTSTATUS) None¶
Validates the result status of a Nt call
- Parameters:
status – the return value of a ntcall
- acquire.acquire.dynamic.windows.ntdll.open_directory_object(dir_name: str, root_handle: acquire.dynamic.windows.types.HANDLE = None) acquire.dynamic.windows.types.HANDLE¶
Opens a handle to a specific directory structure of NamedObjects.
- Parameters:
dir_name – Specific directory we want to try and open.
root_handle – From which point we want to start querying the object.
- acquire.acquire.dynamic.windows.ntdll.query_directory_object(path_to_dir: str, dir_handle: acquire.dynamic.windows.types.HANDLE) list[acquire.dynamic.windows.named_objects.NamedObject]¶
Queries a directory object.
- Parameters:
path_to_dir – The full path to the specific dir object getting queried
dir_handle – A pointer to the directory we wish to query.