Re: [python-win32] DeviceIOControl calls respond with parameter incorrect
On 2/8/21, Doug Campbell wrote:
> In my python 2 script, I am trying to connect to the VeraCrypt device driver
> to get some information on my mounted volumes.
The VeraCrypt repo on GitHub [1] indicates that all structures are
defined with #pragma pack(1). In ctypes this is the _pack_ directive.
Try the following:
import ctypes
import winioctlcon
import win32file
def VC_IOCTL(CODE):
return winioctlcon.CTL_CODE(winioctlcon.FILE_DEVICE_UNKNOWN,
0x800 + CODE, winioctlcon.METHOD_BUFFERED,
winioctlcon.FILE_ANY_ACCESS)
VC_IOCTL_GET_MOUNTED_VOLUMES = VC_IOCTL(6)
VC_IOCTL_GET_VOLUME_PROPERTIES = VC_IOCTL(7)
VC_IOCTL_GET_BOOT_ENCRYPTION_STATUS = VC_IOCTL(18)
VC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES = VC_IOCTL(22)
VC_IOCTL_EMERGENCY_CLEAR_KEYS = VC_IOCTL(41)
MAX_PATH = 260
VOLUME_LABEL_LENGTH = 33 # 32 + null
VOLUME_ID_SIZE = 32
WIN32_ROOT_PREFIX DRIVER_STR = r'\\.\VeraCrypt'
class VOLUME_PROPERTIES_STRUCT(ctypes.Structure):
_pack_ = 1
_fields_ = (
('driveNo', ctypes.c_int),
('uniqueId', ctypes.c_int),
('wszVolume', ctypes.c_wchar * MAX_PATH),
('diskLength', ctypes.c_uint64),
('ea', ctypes.c_int),
('mode', ctypes.c_int),
('pkcs5', ctypes.c_int),
('pkcs5Iterations', ctypes.c_int),
('hiddenVolume', ctypes.c_int),
('readOnly', ctypes.c_int),
('removable', ctypes.c_int),
('partitionInInactiveSysEncScope', ctypes.c_int),
('volFormatVersion', ctypes.c_uint32),
('totalBytesRead', ctypes.c_uint64),
('totalBytesWritten', ctypes.c_uint64),
('hiddenVolProtection', ctypes.c_int),
('volFormatVersion', ctypes.c_int),
('volumePim', ctypes.c_int),
('wszLabel', ctypes.c_wchar * VOLUME_LABEL_LENGTH),
('bDriverSetLabel', ctypes.c_int),
('volumeID', ctypes.c_wchar * VOLUME_ID_SIZE),
('mountDisabled', ctypes.c_int))
prop = VOLUME_PROPERTIES_STRUCT(driveNo = ord('F') - ord('A'))
hDevice = win32file.CreateFile(WIN32_ROOT_PREFIX DRIVER_STR, 0, 0, None,
win32file.OPEN_EXISTING, 0, None)
try:
info = win32file.DeviceIoControl(hDevice,
VC_IOCTL_GET_VOLUME_PROPERTIES, prop, prop)
finally:
hDevice.close()
---
[1] https://github.com/veracrypt/VeraCrypt/blob/master/src/Common/Apidrvr.h
___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32
Re: [python-win32] DeviceIOControl calls respond with parameter incorrect
On Feb 8, 2021, at 8:23 PM, Doug Campbell wrote:
>
> In my python 2 script, I am trying to connect to the VeraCrypt device driver
> to get some information on my mounted volumes.
There are a lot of things to go wrong here. You may be in for a long slog.
Your ctypes definition does look fundamentally correct.
> This is what I have so far. I tried a bunch of different ideas on how to
> construct the input buffer for the DeviceIoControl function call but I keep
> getting the following response.
>
> Traceback (most recent call last):
> File "test.py", line 188, in
>
> info=win32file.DeviceIoControl(hDisk,VC_IOCTL_GET_VOLUME_PROPERTIES,b'x05x00x00x00'
> + (b'x00' * 702),65536)
> pywintypes.error: (87, 'DeviceIoControl', 'The parameter is incorrect.')
The last parameter is the size of the output buffer, and that does get passed
to the driver. It should be sizeof(VOLUME_PROPERTIES_STRUCT) which is, I
believe, 1280.
> #info=win32file.DeviceIoControl(hDisk,VC_IOCTL_GET_VOLUME_PROPERTIES,struct.pack('ii520sQLQQiii66sL64sL',prop),17424)
Last should be 1280, I think.
> info=win32file.DeviceIoControl(hDisk,VC_IOCTL_GET_VOLUME_PROPERTIES,b'0x00' +
> b'x05x00x00x00' + b'x00' * 702),65536)
The first b’0x00’ is wrong; the first byte of the struct needs to be 5.
—
Tim Roberts, t...@probo.com
Providenza & Boekelheide, Inc.
___
python-win32 mailing list
python-win32@python.org
https://mail.python.org/mailman/listinfo/python-win32
[python-win32] DeviceIOControl calls respond with parameter incorrect
In my python 2 script, I am trying to connect to the VeraCrypt device driver to
get some information on my mounted volumes.
This is what I have so far. I tried a bunch of different ideas on how to
construct the input buffer for the DeviceIoControl function call but I keep
getting the following response.
Traceback (most recent call last):
File "test.py", line 188, in
info=win32file.DeviceIoControl(hDisk,VC_IOCTL_GET_VOLUME_PROPERTIES,b'x05x00x00x00'
+ (b'x00' * 702),65536)
pywintypes.error: (87, 'DeviceIoControl', 'The parameter is incorrect.')
I would appreciate any direction anyone can give. I have seen success with
making calls to win32file.DeviceIoControl when an input buffer wasn't needed
but this one needs this information passed to it for it to work.
Thanks!
Doug
===
import ctypes
import win32api
import win32file
import win32con
import winioctlcon
import struct
#
https://docs.microsoft.com/en-us/windows-hardware/drivers/ddi/d4drvif/nf-d4drvif-ctl_code
#
https://docs.microsoft.com/en-us/windows-hardware/drivers/kernel/specifying-device-types
FILE_DEVICE_UNKNOWN=0x0022
METHOD_BUFFERED=0
METHOD_IN_DIRECT=1
METHOD_OUT_DIRECT=2
METHOD_NEITHER=3
FILE_ANY_ACCESS=0x
FILE_READ_ACCESS=0x0001
FILE_WRITE_ACCESS=0x0002
def CTL_CODE(DeviceType, Function, Method, Access):
return (DeviceType << 16) | (Access << 14) | (Function << 2) | Method
#define VC_IOCTL(CODE) (CTL_CODE (FILE_DEVICE_UNKNOWN, 0x800 + (CODE),
METHOD_BUFFERED, FILE_ANY_ACCESS))
def VC_IOCTL(CODE):
return (CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800 + (CODE), METHOD_BUFFERED,
FILE_ANY_ACCESS))
VC_IOCTL_GET_MOUNTED_VOLUMES = VC_IOCTL(6)
VC_IOCTL_GET_VOLUME_PROPERTIES = VC_IOCTL (7)
VC_IOCTL_GET_BOOT_ENCRYPTION_STATUS = VC_IOCTL (18)
VC_IOCTL_GET_BOOT_DRIVE_VOLUME_PROPERTIES = VC_IOCTL (22)
VC_IOCTL_EMERGENCY_CLEAR_KEYS = VC_IOCTL (41)
INVALID_HANDLE_VALUE=-1
FILE_SHARE_READ=0x0001
FILE_SHARE_WRITE=0x0002
OPEN_EXISTING=3
path = ".\\VeraCrypt"
access_flag = 0
share_flag = FILE_SHARE_READ | FILE_SHARE_WRITE
hDisk =
win32file.CreateFile(path,0,win32file.FILE_SHARE_READ|win32file.FILE_SHARE_WRITE,None,win32file.OPEN_EXISTING,0,None)
class VOLUME_PROPERTIES_STRUCT(ctypes.Structure):
_fields_ = [('driveNo', ctypes.c_int),
('uniqueId', ctypes.c_int),
('wszVolume', ctypes.c_wchar * 260),
('diskLength', ctypes.c_uint64),
('ea', ctypes.c_int),
('mode', ctypes.c_int),
('pkcs5', ctypes.c_int),
('pkcs5Iterations', ctypes.c_int),
('hiddenVolume', ctypes.c_long),
('readOnly', ctypes.c_long),
('removable', ctypes.c_long),
('partitionInInactiveSysEncScope', ctypes.c_long),
('volFormatVersion', ctypes.c_uint32),
('totalBytesRead', ctypes.c_uint64),
('totalBytesWritten', ctypes.c_uint64),
('hiddenVolProtection', ctypes.c_int),
('volFormatVersion', ctypes.c_int),
('volumePim', ctypes.c_int),
('wszLabel', ctypes.c_wchar * 33),
('bDriverSetLabel', ctypes.c_long),
('volumeID', ctypes.c_wchar * 32),
('mountDisabled', ctypes.c_long)]
prop = VOLUME_PROPERTIES_STRUCT()
prop.driveNo = 5
#info=win32file.DeviceIoControl(hDisk,VC_IOCTL_GET_VOLUME_PROPERTIES,struct.pack('ii520sQLQQiii66sL64sL',prop),17424)
#info=win32file.DeviceIoControl(hDisk,VC_IOCTL_GET_VOLUME_PROPERTIES,struct.pack('ii520sQLQQiii66sL64sL',5,0,'a'
* 520,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,'a' * 66,0,'a' * 64,0),17424)
info=win32file.DeviceIoControl(hDisk,VC_IOCTL_GET_VOLUME_PROPERTIES,b'0x00' +
b'x05x00x00x00' + b'x00' * 702),65536)
I based what I have done on the following C code from VeraStatus
(veracrypt/VeraStatus: Command line tool to get technical information about
VeraCrypt mounted volumes and system encryption
(github.com)). Here are what I
believe are relevant sections.
#define VC_IOCTL(CODE) (CTL_CODE (FILE_DEVICE_UNKNOWN, 0x800 + (CODE),
METHOD_BUFFERED, FILE_ANY_ACCESS))
#define VC_IOCTL_GET_MOUNTED_VOLUMES VC_IOCTL (6)
#define VOLUME_ID_SIZE 32
typedef struct
{
int driveNo;
int uniqueId;
wchar_t wszVolume[260];
unsigned __int64 diskLength;
int ea;
int mode;
int pkcs5;
int pkcs5Iterations;
BOOL hiddenVolume;
BOOL readOnly;
BOOL removable;
BOOL partitionInInactiveSysEncScope;
unsigned __int32 volumeHeaderFlags;
unsigned __int64 totalBytesRead;
unsigned __int64 totalBytesWritten;
int hiddenVolProtection;
int volFormatVersion;
int volumePim;
wchar_t wszLabel[33];
BOOL bDriverSetLabel;
unsigned char volumeID[VOLUME_ID_SIZE];
BOOL mountDisabled;
} VOLUME_PROPERTIES_STRUCT;
VOLUME_PROPERTIES_STRUCT prop;
prop.driveNo = _totupper(argv[1][0]) - TEXT('A');
if (DeviceIoControl (hDriver, VC_IOCTL_GET_VOLUME_PROPERTIES, , sizeof
(prop), , sizeof
[python-win32] Python installer for Windows not working on silent installation
Hi Guys, I am trying to deploy Python (the latest version) through AD GPO or through SCCM. Since there’s no MSI Installer available on the python.org for the latest versions, I used the python-3.9.1-amd64.exe with the following command line: python-3.9.0.exe /quiet InstallAllUsers=1 PrependPath=1 Include_test=0 The issue is that the installer runs through the SYSTEM account and it appears that it does not install correctly. The files are placed in C:\Program Files\Python39 but for some reason, the Python InstallAllUsers=1 call does not register its key in the HKEY_LOCAL_MACHINE\Software path. The result of this means, from my understanding/testing, that the installer detects that it's not running as an elevated process, and therefore it installs as user NTAUTH\SYSTEM, for NTAUTH\SYSTEM, placing the keys for Python Launcher and the rest in HKCU instead of HKLM. This explains why installations would fail, uninstallation was impossible no matter what, and why our Python Launcher was behaving weirdly despite PATH being set correctly. · Installations would fail because the keys would all still be placed in the HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\ · The installers never appeared in Control Panel – Programs and Features despite successful installation, because it was installed for the NTAUTH\SYSTEM and not All Users Is there something that I am doing wrong or is this a bug? Thanks. CONFIDENTIALITY NOTICE: The contents of this email message and any attachments are intended solely for the addressee(s) and may contain confidential and/or privileged information and may be legally protected from disclosure. If you are not the intended recipient of this message or their agent, or if this message has been addressed to you in error, please immediately alert the sender by reply email and then delete this message and any attachments. If you are not the intended recipient, you are hereby notified that any use, dissemination, copying, or storage of this message or its attachments is strictly prohibited. ___ python-win32 mailing list python-win32@python.org https://mail.python.org/mailman/listinfo/python-win32
