forked from hakril/PythonForWindows
-
Notifications
You must be signed in to change notification settings - Fork 0
/
CHANGELOG
75 lines (60 loc) · 3.35 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
Between 0.4 & 0.5:
== New features ==
- windows.security
- SecurityDescriptor / ACL / ACE objects
- Improved Token object
- windows.debug
- New callback Debugger.on_setup
== Change / Break ==
- windows.winproxy
- Kernel32Error replaced by WinproxyError
- It seemed weird that ntdll/advapi32/etc raised Kernel32Error..
- windows.wmi
- Wmi API changed, most of them do not return dict anymore but WmiObject
- It can be used like mapping
- It offers improved feature
- real error display handling :)
- windows.com
- ImprovedVariant renamed Variant + new api variant
- This is not documented yet
- windows.rpc.ndr
- ndr strings add final \x00 when packing if not present
- crypto
- CertificateStore.find return None if certif is not found (was raising in the past)
- removed ECRYPT_DATA_BLOB
- new CRYPT_DATA_BLOB is an _extended_struct :)
Since 0.35:
* WinProcess.get_mapped_filename can now raise on non-standard error (like: ERROR_TRANSACTION_NOT_ACTIVE)
* WinProcess.get_mapped_filename now use GetMappedFilenameW (returning an unicode string)
* CertificateContext is replace by Certificate
* CertificateContext was a PPCERT_CONTEXT. Certificate is a CERT_CONTEXT (not a pointer anymore)
* EHCERTSTORE renamed to CertificateStore
* added windows.pipe
Since 0.3:
* Rewrote pe_parse to minimize closure (allowing the refcount to del all ref to WinProcess when the debugger detach it)
* Fix debugger.detach / handling on exit_process
Since 0.2:
* NtStatusException is now a WindowsError
* Add shr/shl RM32(64)/Imm8
* Small fix simple_x64 Imm8 encoding
* `execute_64bits_code_from_syswow` able to return ULONG64
* utils.get_short_path / utils.get_long_path
* Object returned by `windows.native_exec.create_function` has an attribute `code_addr` with the address of the executable code
* add `windows.winproxy.is_implemented` Ex: windows.winproxy.is_implemented(windows.winproxy.QueryWorkingSetEx)
* registry.py handle REG_QWORD manually (_winreg does not)
* CurrentProcessReadSyswow doest not use ``current_process.handle`` anymore but ``OpenProcess(current_process.pid)`` (Compat windows10 where method 1 doest not work)
* Add: system.handles (winobject\handle.py)
* You can have multiple execute_python_unsafe at the same time in the same process (didn't know: consequence of new injection code)
* WinProcess.execute_python does not regenerate/reinject the python_exec_shellcode for each execution
* generate.py cleaned with class and stuff / usable for extern project (cc lkd)
* Added COMImplementation to com interface
* fix x86.assemble + add x64.assemble | fix some encoding problem in x64
* Add test_code.py sample
* Remove OptionExport from winproxy
* MemoryBP + single_step for windows.debug.Debugger
* Possibility to delete breakpoints in windows.debug.Debugger
* Add Context.func_result as abstract register for EAX/RAX
* Can retrieve 64b context of syswow thread via context_syswow/set_syswow_context
* Debugger handle breakpoint in 64b part of syswow process
* ReadSyswow64Process is now a Process (allows to parse exports of remote PEB64 of syswow process)
* Added Debugger.detach