More arm exploration of api responses

hakril · hakril · commit c14712e18d69 · 2025-01-18T18:08:20.000+01:00
diff --git a/ctypes_generation/definitions/functions/sysinfo.txt b/ctypes_generation/definitions/functions/sysinfo.txt
@@ -59,4 +59,12 @@ BOOL LookupAccountNameW(
   LPWSTR        ReferencedDomainName,
   LPDWORD       cchReferencedDomainName,
   PSID_NAME_USE peUse
+);
+
+PVOID GetNativeSystemInfo(
+  [out] LPSYSTEM_INFO lpSystemInfo
+);
+
+PVOID GetSystemInfo(
+  [out] LPSYSTEM_INFO lpSystemInfo
 );
diff --git a/ctypes_generation/definitions/structures/system_info.txt b/ctypes_generation/definitions/structures/system_info.txt
@@ -67,3 +67,22 @@ typedef enum _COMPUTER_NAME_FORMAT {
   ComputerNamePhysicalDnsFullyQualified,
   ComputerNameMax
 } COMPUTER_NAME_FORMAT;
+
+typedef struct _SYSTEM_INFO {
+  union {
+    DWORD dwOemId;
+    struct {
+      WORD wProcessorArchitecture;
+      WORD wReserved;
+    } DUMMYSTRUCTNAME;
+  } DUMMYUNIONNAME;
+  DWORD     dwPageSize;
+  LPVOID    lpMinimumApplicationAddress;
+  LPVOID    lpMaximumApplicationAddress;
+  DWORD_PTR dwActiveProcessorMask;
+  DWORD     dwNumberOfProcessors;
+  DWORD     dwProcessorType;
+  DWORD     dwAllocationGranularity;
+  WORD      wProcessorLevel;
+  WORD      wProcessorRevision;
+} SYSTEM_INFO, *LPSYSTEM_INFO;
diff --git a/docs/source/winfuncs_generated.rst b/docs/source/winfuncs_generated.rst
@@ -1212,6 +1212,42 @@ Functions
 
 .. function:: LookupAccountNameW(lpSystemName, lpAccountName, Sid, cbSid, ReferencedDomainName, cchReferencedDomainName, peUse)
 
+.. function:: GetNativeSystemInfo(lpSystemInfo)
+
+.. function:: GetSystemInfo(lpSystemInfo)
+
+.. function:: IsWow64Process(hProcess, Wow64Process)
+
+.. function:: IsWow64Process2(hProcess, pProcessMachine, pNativeMachine)
+
+.. function:: IsWow64GuestMachineSupported(WowGuestMachine, MachineIsSupported)
+
+.. function:: GetSystemWow64DirectoryA(lpBuffer, uSize)
+
+.. function:: GetSystemWow64DirectoryW(lpBuffer, uSize)
+
+.. function:: GetSystemWow64Directory2A(lpBuffer, uSize, ImageFileMachineType)
+
+.. function:: GetSystemWow64Directory2W(lpBuffer, uSize, ImageFileMachineType)
+
+.. function:: Wow64DisableWow64FsRedirection(OldValue)
+
+.. function:: Wow64EnableWow64FsRedirection(Wow64FsEnableRedirection)
+
+.. function:: Wow64RevertWow64FsRedirection(OlValue)
+
+.. function:: Wow64GetThreadContext(hThread, lpContext)
+
+.. function:: Wow64SetThreadContext(hThread, lpContext)
+
+.. function:: Wow64SetThreadDefaultGuestMachine(Machine)
+
+.. function:: Wow64SuspendThread(hThread)
+
+.. function:: NtWow64ReadVirtualMemory64(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead)
+
+.. function:: NtWow64WriteVirtualMemory64(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten)
+
 .. function:: FileTimeToSystemTime(lpFileTime, lpSystemTime)
 
 .. function:: SystemTimeToFileTime(lpSystemTime, lpFileTime)
@@ -1368,12 +1404,8 @@ Functions
 
 .. function:: ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead)
 
-.. function:: NtWow64ReadVirtualMemory64(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesRead)
-
 .. function:: WriteProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten)
 
-.. function:: NtWow64WriteVirtualMemory64(hProcess, lpBaseAddress, lpBuffer, nSize, lpNumberOfBytesWritten)
-
 .. function:: GetCurrentProcess()
 
 .. function:: CreateFileA(lpFileName, dwDesiredAccess, dwShareMode, lpSecurityAttributes, dwCreationDisposition, dwFlagsAndAttributes, hTemplateFile)
@@ -1466,14 +1498,6 @@ Functions
 
 .. function:: DeviceIoControl(hDevice, dwIoControlCode, lpInBuffer, nInBufferSize, lpOutBuffer, nOutBufferSize, lpBytesReturned, lpOverlapped)
 
-.. function:: Wow64DisableWow64FsRedirection(OldValue)
-
-.. function:: Wow64RevertWow64FsRedirection(OldValue)
-
-.. function:: Wow64EnableWow64FsRedirection(Wow64FsEnableRedirection)
-
-.. function:: Wow64GetThreadContext(hThread, lpContext)
-
 .. function:: SetConsoleCtrlHandler(HandlerRoutine, Add)
 
 .. function:: GlobalAlloc(uFlags, dwBytes)
@@ -1528,8 +1552,6 @@ Functions
 
 .. function:: GetProcessId(Process)
 
-.. function:: Wow64SetThreadContext(hThread, lpContext)
-
 .. function:: GetMappedFileNameW(hProcess, lpv, lpFilename, nSize)
 
 .. function:: GetMappedFileNameA(hProcess, lpv, lpFilename, nSize)
diff --git a/docs/source/winstructs_generated.rst b/docs/source/winstructs_generated.rst
@@ -25612,6 +25612,67 @@ _SYSTEM_BASIC_INFORMATION
 
         :class:`CHAR`
 
+_SYSTEM_INFO
+''''''''''''
+.. class:: LPSYSTEM_INFO
+
+    Pointer to :class:`_SYSTEM_INFO`
+
+.. class:: SYSTEM_INFO
+
+    Alias for :class:`_SYSTEM_INFO`
+
+.. class:: _SYSTEM_INFO
+
+    .. attribute:: DUMMYUNIONNAME
+
+        :class:`_ANON__SYSTEM_INFO_SUB_UNION_1`
+
+
+    .. attribute:: dwPageSize
+
+        :class:`DWORD`
+
+
+    .. attribute:: lpMinimumApplicationAddress
+
+        :class:`LPVOID`
+
+
+    .. attribute:: lpMaximumApplicationAddress
+
+        :class:`LPVOID`
+
+
+    .. attribute:: dwActiveProcessorMask
+
+        :class:`DWORD_PTR`
+
+
+    .. attribute:: dwNumberOfProcessors
+
+        :class:`DWORD`
+
+
+    .. attribute:: dwProcessorType
+
+        :class:`DWORD`
+
+
+    .. attribute:: dwAllocationGranularity
+
+        :class:`DWORD`
+
+
+    .. attribute:: wProcessorLevel
+
+        :class:`WORD`
+
+
+    .. attribute:: wProcessorRevision
+
+        :class:`WORD`
+
 _TIME_ZONE_INFORMATION
 ''''''''''''''''''''''
 .. class:: LPTIME_ZONE_INFORMATION
diff --git a/tests/test_syswow.py b/tests/test_syswow.py
@@ -22,6 +22,13 @@ def test_print_syswow_state():
     print(f"{env['PROCESSOR_ARCHITECTURE']=}")
     print(f"{env.get('PROCESSOR_ARCHITEW6432')=}")
 
+    print("")
+    print("GetSystemInfo")
+    windows.utils.sprint(windows.utils.get_system_info(native=False), name="SystemInfo")
+    print("")
+    print("GetNativeSystemInfo")
+    windows.utils.sprint(windows.utils.get_system_info(native=True), name="NativeSystemInfo")
+
 @process_syswow_only
 class TestSyswowCurrentProcess(object):
     def test_exec_syswow(self):
diff --git a/windows/generated_def/meta.py b/windows/generated_def/meta.py
@@ -12641,6 +12641,7 @@
 'LPSTARTUPINFOEXW',
 'LPSTARTUPINFOW',
 'LPSYSTEMTIME',
+'LPSYSTEM_INFO',
 'LPTHREADENTRY32',
 'LPTIME_ZONE_INFORMATION',
 'LPTLIBATTR',
@@ -13458,6 +13459,7 @@
 'SYSTEM_HANDLE64',
 'SYSTEM_HANDLE_INFORMATION',
 'SYSTEM_HANDLE_INFORMATION64',
+'SYSTEM_INFO',
 'SYSTEM_MANDATORY_LABEL_ACE',
 'SYSTEM_MODULE32',
 'SYSTEM_MODULE64',
@@ -14034,6 +14036,7 @@
 '_SYSTEM_HANDLE64',
 '_SYSTEM_HANDLE_INFORMATION',
 '_SYSTEM_HANDLE_INFORMATION64',
+'_SYSTEM_INFO',
 '_SYSTEM_MANDATORY_LABEL_ACE',
 '_SYSTEM_MODULE32',
 '_SYSTEM_MODULE64',
@@ -14798,6 +14801,7 @@
 'GetModuleHandleW',
 'GetNamedSecurityInfoA',
 'GetNamedSecurityInfoW',
+'GetNativeSystemInfo',
 'GetNumberOfEventLogRecords',
 'GetOverlappedResult',
 'GetParent',
@@ -14834,6 +14838,7 @@
 'GetSidSubAuthorityCount',
 'GetStdHandle',
 'GetStringConditionFromBinary',
+'GetSystemInfo',
 'GetSystemMetrics',
 'GetSystemTime',
 'GetSystemTimeAsFileTime',
diff --git a/windows/generated_def/winfuncs.py b/windows/generated_def/winfuncs.py
@@ -3025,6 +3025,16 @@
 LookupAccountNameWPrototype = WINFUNCTYPE(BOOL, LPCWSTR, LPCWSTR, PSID, LPDWORD, LPWSTR, LPDWORD, PSID_NAME_USE)
 LookupAccountNameWParams = ((1, 'lpSystemName'), (1, 'lpAccountName'), (1, 'Sid'), (1, 'cbSid'), (1, 'ReferencedDomainName'), (1, 'cchReferencedDomainName'), (1, 'peUse'))
 
+#def GetNativeSystemInfo(lpSystemInfo):
+#    return GetNativeSystemInfo.ctypes_function(lpSystemInfo)
+GetNativeSystemInfoPrototype = WINFUNCTYPE(PVOID, LPSYSTEM_INFO)
+GetNativeSystemInfoParams = ((1, 'lpSystemInfo'),)
+
+#def GetSystemInfo(lpSystemInfo):
+#    return GetSystemInfo.ctypes_function(lpSystemInfo)
+GetSystemInfoPrototype = WINFUNCTYPE(PVOID, LPSYSTEM_INFO)
+GetSystemInfoParams = ((1, 'lpSystemInfo'),)
+
 #def IsWow64Process(hProcess, Wow64Process):
 #    return IsWow64Process.ctypes_function(hProcess, Wow64Process)
 IsWow64ProcessPrototype = WINFUNCTYPE(BOOL, HANDLE, PBOOL)
diff --git a/windows/generated_def/winstructs.py b/windows/generated_def/winstructs.py
@@ -11136,6 +11136,36 @@ class _SYSTEM_BASIC_INFORMATION(Structure):
 PSYSTEM_BASIC_INFORMATION = POINTER(_SYSTEM_BASIC_INFORMATION)
 SYSTEM_BASIC_INFORMATION = _SYSTEM_BASIC_INFORMATION
 
+class _ANON__ANON__SYSTEM_INFO_SUB_UNION_1_SUB_STRUCTURE_1(Structure):
+    _fields_ = [
+        ("wProcessorArchitecture", WORD),
+        ("wReserved", WORD),
+    ]
+
+class _ANON__SYSTEM_INFO_SUB_UNION_1(Union):
+    _anonymous_ = ("DUMMYSTRUCTNAME",)
+    _fields_ = [
+        ("dwOemId", DWORD),
+        ("DUMMYSTRUCTNAME", _ANON__ANON__SYSTEM_INFO_SUB_UNION_1_SUB_STRUCTURE_1),
+    ]
+
+class _SYSTEM_INFO(Structure):
+    _anonymous_ = ("DUMMYUNIONNAME",)
+    _fields_ = [
+        ("DUMMYUNIONNAME", _ANON__SYSTEM_INFO_SUB_UNION_1),
+        ("dwPageSize", DWORD),
+        ("lpMinimumApplicationAddress", LPVOID),
+        ("lpMaximumApplicationAddress", LPVOID),
+        ("dwActiveProcessorMask", DWORD_PTR),
+        ("dwNumberOfProcessors", DWORD),
+        ("dwProcessorType", DWORD),
+        ("dwAllocationGranularity", DWORD),
+        ("wProcessorLevel", WORD),
+        ("wProcessorRevision", WORD),
+    ]
+LPSYSTEM_INFO = POINTER(_SYSTEM_INFO)
+SYSTEM_INFO = _SYSTEM_INFO
+
 class _TIME_ZONE_INFORMATION(Structure):
     _fields_ = [
         ("Bias", LONG),
diff --git a/windows/utils/winutils.py b/windows/utils/winutils.py
@@ -552,6 +552,14 @@ def create_file(name, access=gdef.GENERIC_READ, share=gdef.FILE_SHARE_READ, secu
 #    addr = windows.winproxy.MapViewOfFile(h, dwDesiredAccess=FILE_MAP_READ, dwNumberOfBytesToMap=1)
 #    return addr
 
+def get_system_info(native=False):
+    res = gdef.SYSTEM_INFO()
+    if native:
+        windows.winproxy.GetNativeSystemInfo(res)
+    else:
+        windows.winproxy.GetSystemInfo(res)
+    return res
+
 def decompress_buffer(buffer, comptype=gdef.COMPRESSION_FORMAT_LZNT1, uncompress_size=None):
     if uncompress_size is None:
         uncompress_size = len(buffer) * 10
diff --git a/windows/winproxy/apis/kernel32.py b/windows/winproxy/apis/kernel32.py
@@ -407,6 +407,14 @@ def GetWindowsDirectoryW(lpBuffer, uSize=None):
 def GetProductInfo(dwOSMajorVersion, dwOSMinorVersion, dwSpMajorVersion, dwSpMinorVersion, pdwReturnedProductType):
    return GetProductInfo.ctypes_function(dwOSMajorVersion, dwOSMinorVersion, dwSpMajorVersion, dwSpMinorVersion, pdwReturnedProductType)
 
+@Kernel32Proxy(error_check=no_error_check)
+def GetNativeSystemInfo(lpSystemInfo):
+    return GetNativeSystemInfo.ctypes_function(lpSystemInfo)
+
+@Kernel32Proxy(error_check=no_error_check)
+def GetSystemInfo(lpSystemInfo):
+    return GetSystemInfo.ctypes_function(lpSystemInfo)
+
 ## Io
 
 @Kernel32Proxy()
