:py:mod:`acquire.acquire.dynamic.windows.ntdll`
===============================================

.. py:module:: acquire.acquire.dynamic.windows.ntdll


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   acquire.acquire.dynamic.windows.ntdll.OBJECT_ATTRIBUTES
   acquire.acquire.dynamic.windows.ntdll.NtStatusCode
   acquire.acquire.dynamic.windows.ntdll.ACCESS_MASK
   acquire.acquire.dynamic.windows.ntdll.OBJ_ATTR



Functions
~~~~~~~~~

.. autoapisummary::
   :nosignatures:

   acquire.acquire.dynamic.windows.ntdll.initialize_object_attributes
   acquire.acquire.dynamic.windows.ntdll.close_handle
   acquire.acquire.dynamic.windows.ntdll.validate_ntstatus
   acquire.acquire.dynamic.windows.ntdll.open_directory_object
   acquire.acquire.dynamic.windows.ntdll.query_directory_object



Attributes
~~~~~~~~~~

.. autoapisummary::

   acquire.acquire.dynamic.windows.ntdll.ntdll
   acquire.acquire.dynamic.windows.ntdll.NtQueryInformationFile
   acquire.acquire.dynamic.windows.ntdll.NtQuerySystemInformation
   acquire.acquire.dynamic.windows.ntdll.NtQueryObject
   acquire.acquire.dynamic.windows.ntdll.STANDARD_RIGHTS_ALL
   acquire.acquire.dynamic.windows.ntdll.BUFFER_SIZE
   acquire.acquire.dynamic.windows.ntdll.NtOpenDirectoryObject
   acquire.acquire.dynamic.windows.ntdll.NtQueryDirectoryObject
   acquire.acquire.dynamic.windows.ntdll.RtlNtStatusToDosError
   acquire.acquire.dynamic.windows.ntdll.CloseHandle


.. py:data:: ntdll

   

.. py:data:: NtQueryInformationFile

   

.. py:data:: NtQuerySystemInformation

   

.. py:data:: NtQueryObject

   

.. py:data:: STANDARD_RIGHTS_ALL
   :value: 2031616

   

.. py:data:: BUFFER_SIZE
   :value: 1024

   

.. py:class:: OBJECT_ATTRIBUTES


   Bases: :py:obj:`ctypes.Structure`

   Structure base class


.. py:class:: NtStatusCode


   Bases: :py:obj:`enum.IntEnum`

   Enum where members are also (and must be) ints

   .. py:attribute:: STATUS_SUCCESS
      :value: 0

      

   .. py:attribute:: STATUS_MORE_ENTRIES
      :value: 261

      

   .. py:attribute:: STATUS_ACCESS_DENIED
      :value: 3221225506

      

   .. py:attribute:: STATUS_INFO_LENGTH_MISMATCH
      :value: 3221225476

      

   .. py:attribute:: STATUS_INVALID_HANDLE
      :value: 3221225480

      

   .. py:attribute:: STATUS_NO_MORE_ENTRIES
      :value: 2147483674

      

   .. py:attribute:: STATUS_BUFFER_OVERFLOW
      :value: 2147483653

      


.. py:class:: ACCESS_MASK


   Bases: :py:obj:`enum.IntFlag`

   Support for integer-based Flags

   .. py:attribute:: DIRECTORY_QUERY
      :value: 1

      

   .. py:attribute:: DIRECTORY_TRAVERSE
      :value: 2

      

   .. py:attribute:: DIRECTORY_CREATE_OBJECT
      :value: 4

      

   .. py:attribute:: DIRECTORY_CREATE_SUBDIRECTORY
      :value: 8

      

   .. py:attribute:: DIRECTORY_ALL_ACCESS

      


.. py:class:: OBJ_ATTR


   Bases: :py:obj:`enum.IntFlag`

   https://github.com/tpn/winsdk-10/blob/master/Include/10.0.10240.0/shared/ntdef.h
   https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/object-handles

   .. py:attribute:: OBJ_INHERIT
      :value: 2

      

   .. py:attribute:: OBJ_PERMANENT
      :value: 16

      

   .. py:attribute:: OBJ_EXCLUSIVE
      :value: 32

      

   .. py:attribute:: OBJ_CASE_INSENSITIVE
      :value: 64

      

   .. py:attribute:: OBJ_OPENIF
      :value: 128

      

   .. py:attribute:: OBJ_OPENLINK
      :value: 256

      

   .. py:attribute:: OBJ_KERNEL_HANDLE
      :value: 512

      

   .. py:attribute:: OBJ_FORCE_ACCESS_CHECK
      :value: 1024

      

   .. py:attribute:: OBJ_IGNORE_IMPERSONATED_DEVICEMAP
      :value: 2048

      

   .. py:attribute:: OBJ_VALID_ATTRIBUTES
      :value: 4082

      


.. py:data:: NtOpenDirectoryObject

   

.. py:data:: NtQueryDirectoryObject

   

.. py:data:: RtlNtStatusToDosError

   

.. py:data:: CloseHandle

   

.. py:function:: initialize_object_attributes(destination_attributes: OBJECT_ATTRIBUTES, name: acquire.dynamic.windows.types.PUNICODE_STRING, attributes: OBJ_ATTR, root_directory: acquire.dynamic.windows.types.HANDLE, security_descriptor: acquire.dynamic.windows.types.PVOID) -> None

   Initializes the OBJECT_ATTRIBUTES structure.

   Allocates said information at the address of InitializedAttributes


.. py:function:: close_handle(handle: acquire.dynamic.windows.types.HANDLE) -> None

   Closes an opened handle.


.. py:function:: validate_ntstatus(status: acquire.dynamic.windows.types.NTSTATUS) -> None

   Validates the result status of a Nt call

   :param status: the return value of a ntcall


.. py:function:: open_directory_object(dir_name: str, root_handle: acquire.dynamic.windows.types.HANDLE = None) -> acquire.dynamic.windows.types.HANDLE

   Opens a handle to a specific directory structure of NamedObjects.

   :param dir_name: Specific directory we want to try and open.
   :param root_handle: From which point we want to start querying the object.


.. py:function:: query_directory_object(path_to_dir: str, dir_handle: acquire.dynamic.windows.types.HANDLE) -> List[acquire.dynamic.windows.named_objects.NamedObject]

   Queries a directory object.

   :param path_to_dir: The full path to the specific dir object getting queried
   :param dir_handle: A pointer to the directory we wish to query.