The windows.alpc module regroups the classes that permits to send and receiveALPC messages over an ALPC port and the classes representing these messages.
Note
See samples:
simple alpc communication
advanced alpc communication
12.1. ALPC Message¶
- class windows.alpc.AlpcMessage(msg_or_size=4096, attributes=None)[source]¶
Represent a full ALPC Message: a AlpcMessagePort and a MessageAttribute
- property allocated_attributes¶
The list of allocated attributes
- Type:
[Flag]
- property context_attribute¶
The ALPC_MESSAGE_CONTEXT_ATTRIBUTE of the message:
- Type:
ALPC_CONTEXT_ATTR
- property context_is_valid¶
True if ALPC_MESSAGE_CONTEXT_ATTRIBUTE is a ValidAttributes
- property data¶
The data of the message (located after the PORT_MESSAGE header)
- property handle_attribute¶
The ALPC_MESSAGE_HANDLE_ATTRIBUTE of the message:
- Type:
ALPC_HANDLE_ATTR
- property handle_is_valid¶
True if ALPC_MESSAGE_HANDLE_ATTRIBUTE is a ValidAttributes
- property security_attribute¶
The ALPC_MESSAGE_SECURITY_ATTRIBUTE of the message
- Type:
ALPC_SECURITY_ATTR
- property security_is_valid¶
True if ALPC_MESSAGE_SECURITY_ATTRIBUTE is a ValidAttributes
- property type¶
The type of the message (
PORT_MESSAGE.u2.s2.Type
)
- property valid_attributes¶
The list of valid attributes
- Type:
[Flag]
- property view_attribute¶
The ALPC_MESSAGE_VIEW_ATTRIBUTE of the message:
- Type:
ALPC_DATA_VIEW_ATTR
- property view_is_valid¶
True if ALPC_MESSAGE_VIEW_ATTRIBUTE is a ValidAttributes
- class windows.alpc.AlpcMessagePort[source]¶
The effective ALPC Message composed of a
PORT_MESSAGE
structure followed by the data- property data¶
The data of the message (located after the header)
- property datalen¶
The length of the data
- classmethod from_buffer(object, offset=0) → C instance[source]¶
create a C instance from a writeable buffer
- class windows.alpc.MessageAttribute[source]¶
The attributes of an ALPC message
- property allocated_list¶
The list of allocated attributes
- Type:
[Flag]
- is_allocated(attribute)[source]¶
Return
True
ifattribute
is allocated
- is_valid(attribute)[source]¶
Return
True
ifattribute
is valid
- property valid_list¶
The list of valid attributes
- Type:
[Flag]
- classmethod with_all_attributes()[source]¶
Create a new MessageAttribute with the following attributes allocated:
ALPC_MESSAGE_SECURITY_ATTRIBUTE
ALPC_MESSAGE_VIEW_ATTRIBUTE
ALPC_MESSAGE_CONTEXT_ATTRIBUTE
ALPC_MESSAGE_HANDLE_ATTRIBUTE
ALPC_MESSAGE_TOKEN_ATTRIBUTE
ALPC_MESSAGE_DIRECT_ATTRIBUTE
ALPC_MESSAGE_WORK_ON_BEHALF_ATTRIBUTE
- Returns:
MessageAttribute
- classmethod with_attributes(attributes)[source]¶
Create a new MessageAttribute with
attributes
allocated- Returns:
MessageAttribute
12.2. ALPC client¶
- class windows.alpc.AlpcClient(port_name=None)[source]¶
An ALPC client able to connect to a port and send/receive messages
- connect_to_port(port_name, connect_message=None, port_attr=None, port_attr_flags=65536, obj_attr=None, flags=ALPC_MSGFLG_SYNC_REQUEST(0x20000), timeout=None)[source]¶
Connect to the ALPC port
port_name
. Most of the parameters have defauls value isNone
is passed.- Parameters:
connect_message (AlpcMessage) – The message send with the connection request, if not
None
the function will return an AlpcMessageport_attr (ALPC_PORT_ATTRIBUTES) – The port attributes, one with default value will be used if this parameter is
None
port_attr_flags (int) –
ALPC_PORT_ATTRIBUTES.Flags
used ifport_attr
isNone
(MUTUALY EXCLUSINVE WITHport_attr
)obj_attr (OBJECT_ATTRIBUTES) – The attributes of the port (can be None)
flags (int) – The flags for
NtAlpcConnectPort()
timeout (int) – The timeout of the request
- port_name¶
The name of the ALPC port the client is connect to.
- recv(receive_msg=None, flags=0)¶
Receive a message into
alpc_message
withflags
.- Parameters:
receive_msg (AlpcMessage or None) – The message to send. If
receive_msg
is aNone
it create and return a simple AlpcMessageflags (int) – The flags for
NtAlpcSendWaitReceivePort()
- send(alpc_message, flags=0)¶
Send the
alpc_message
withflags
- Parameters:
alpc_message (AlpcMessage or str) – The message to send. If
alpc_message
is astr
it build an AlpcMessage with the message as data.flags (int) – The flags for
NtAlpcSendWaitReceivePort()
- send_receive(alpc_message, receive_msg=None, flags=ALPC_MSGFLG_SYNC_REQUEST(0x20000), timeout=None)¶
Send and receive a message with
flags
.- Parameters:
alpc_message (AlpcMessage or str) – The message to send. If
alpc_message
is astr
it build an AlpcMessage with the message as data.receive_msg (AlpcMessage or None) – The message to send. If
receive_msg
is aNone
it create and return a simple AlpcMessageflags (int) – The flags for
NtAlpcSendWaitReceivePort()
12.3. ALPC Server¶
- class windows.alpc.AlpcServer(port_name=None)[source]¶
An ALPC server able to create a port, accept connections and send/receive messages
- accept_connection(msg, port_attr=None, port_context=None)[source]¶
Accept the connection for a
LPC_CONNECTION_REQUEST
message.msg.MessageId
must be the same as the connection requesting message.- Parameters:
msg (AlpcMessage) – The response message.
port_attr (ALPC_PORT_ATTRIBUTES) – The attributes of the port, one with default value will be used if this parameter is
None
port_context (PVOID) – A value that will be copied in
ALPC_CONTEXT_ATTR.PortContext
of every message on this connection.
- create_port(port_name, msglen=None, port_attr_flags=0, obj_attr=None, port_attr=None)[source]¶
Create the ALPC port
port_name
. Most of the parameters have defauls value isNone
is passed.- Parameters:
port_name (str) – The port’s name to create.
msglen (int) –
ALPC_PORT_ATTRIBUTES.MaxMessageLength
used ifport_attr
isNone
(MUTUALY EXCLUSINVE WITHport_attr
)port_attr_flags (int) –
ALPC_PORT_ATTRIBUTES.Flags
used ifport_attr
isNone
(MUTUALY EXCLUSINVE WITHport_attr
)obj_attr (OBJECT_ATTRIBUTES) – The attributes of the port, one with default value will be used if this parameter is
None
port_attr (ALPC_PORT_ATTRIBUTES) – The port attributes, one with default value will be used if this parameter is
None
- recv(receive_msg=None, flags=0)¶
Receive a message into
alpc_message
withflags
.- Parameters:
receive_msg (AlpcMessage or None) – The message to send. If
receive_msg
is aNone
it create and return a simple AlpcMessageflags (int) – The flags for
NtAlpcSendWaitReceivePort()
- send(alpc_message, flags=0)¶
Send the
alpc_message
withflags
- Parameters:
alpc_message (AlpcMessage or str) – The message to send. If
alpc_message
is astr
it build an AlpcMessage with the message as data.flags (int) – The flags for
NtAlpcSendWaitReceivePort()
- send_receive(alpc_message, receive_msg=None, flags=ALPC_MSGFLG_SYNC_REQUEST(0x20000), timeout=None)¶
Send and receive a message with
flags
.- Parameters:
alpc_message (AlpcMessage or str) – The message to send. If
alpc_message
is astr
it build an AlpcMessage with the message as data.receive_msg (AlpcMessage or None) – The message to send. If
receive_msg
is aNone
it create and return a simple AlpcMessageflags (int) – The flags for
NtAlpcSendWaitReceivePort()