:py:mod:`acquire.acquire.dynamic.windows.handles` ================================================= .. py:module:: acquire.acquire.dynamic.windows.handles Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: acquire.acquire.dynamic.windows.handles.DuplicateFilter Functions ~~~~~~~~~ .. autoapisummary:: :nosignatures: acquire.acquire.dynamic.windows.handles.get_handle_type_info acquire.acquire.dynamic.windows.handles.open_process acquire.acquire.dynamic.windows.handles.get_handle_name acquire.acquire.dynamic.windows.handles.get_handles acquire.acquire.dynamic.windows.handles.duplicate_handle acquire.acquire.dynamic.windows.handles.serialize_handles_into_csv Attributes ~~~~~~~~~~ .. autoapisummary:: acquire.acquire.dynamic.windows.handles.log acquire.acquire.dynamic.windows.handles.OpenProcessToken acquire.acquire.dynamic.windows.handles.kernel32 acquire.acquire.dynamic.windows.handles.OpenProcess acquire.acquire.dynamic.windows.handles.DuplicateHandle acquire.acquire.dynamic.windows.handles.GetLastError acquire.acquire.dynamic.windows.handles.SetLastError acquire.acquire.dynamic.windows.handles.GetCurrentProcessId .. py:data:: log .. py:data:: OpenProcessToken .. py:data:: kernel32 .. py:data:: OpenProcess .. py:data:: DuplicateHandle .. py:data:: GetLastError .. py:data:: SetLastError .. py:data:: GetCurrentProcessId .. py:class:: DuplicateFilter Bases: :py:obj:`logging.Filter` Filter instances are used to perform arbitrary filtering of LogRecords. Loggers and Handlers can optionally use Filter instances to filter records as desired. The base filter class only allows events which are below a certain point in the logger hierarchy. For example, a filter initialized with "A.B" will allow events logged by loggers "A.B", "A.B.C", "A.B.C.D", "A.B.D" etc. but not "A.BB", "B.A.B" etc. If initialized with the empty string, all events are passed. .. py:method:: filter(record: logging.LogRecord) -> bool Determine if the specified record is to be logged. Returns True if the record should be logged, or False otherwise. If deemed appropriate, the record may be modified in-place. .. py:function:: get_handle_type_info(handle: acquire.dynamic.windows.types.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX) -> Optional[str] Return type of handle. :param handle: handle for which to return the type information. :raises RuntimeError: Raised when the result of the object query is unknown (other than SUCCESS, LENGTH MISMATCH or :raises INVALID).: .. py:function:: open_process(pid: int) -> int Obtain a handle for the given PID. More info: https://docs.microsoft.com/en-us/windows/win32/api/processthreadsapi/nf-processthreadsapi-openprocess :param pid: integer that represents the process ID. :raises OpenProcessError: Raies when the System Idle Process, the System Process or one of the CSRSS processes are tried :raises to be opened.: .. py:function:: get_handle_name(pid: int, handle: acquire.dynamic.windows.types.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX) -> Optional[str] Return handle name. .. py:function:: get_handles() -> Iterable[acquire.dynamic.windows.types.Handle] Returns all handles of a target. .. py:function:: duplicate_handle(h_process: int, handle: acquire.dynamic.windows.types.SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX) -> acquire.dynamic.windows.types.HANDLE Create duplicate handle. When the source handle is in use by another program, one needs to create a duplicate handle in order to have full control of that handle. This prevents performing operations on the source handle that might have been closed by the other program. .. py:function:: serialize_handles_into_csv(rows: Iterable[acquire.dynamic.windows.types.Handle], compress: bool = True) -> bytes Serialize handle data into a csv. Serialize provided rows into normal or gzip-compressed CSV, and return a tuple containing the result bytes.