Remove PythonForWindows dependency

peace-maker · peace-maker · commit 0f4e889b0b6d · 2023-12-03T22:28:44.000+01:00
This loses the `readmem` and `writemem` feature, but that's not
necessary for this basic process startup support.
diff --git a/pwnlib/tubes/process.py b/pwnlib/tubes/process.py
@@ -18,10 +18,6 @@
 if IS_WINDOWS:
     import queue
     import threading
-    import windows
-    from windows.generated_def.winstructs import CREATE_SUSPENDED
-    from windows.generated_def import ntstatus
-    ntstatus_names = {int(v):k for k,v in ntstatus.__dict__.items() if k.startswith('STATUS') and v}
 else:
     import fcntl
     import pty
@@ -38,6 +34,8 @@
 from pwnlib.util.misc import which
 from pwnlib.util.misc import normalize_argv_env
 from pwnlib.util.packing import _need_bytes
+from pwnlib.util.proc import cwd
+from pwnlib.util.proc import memory_maps
 
 log = getLogger(__name__)
 
@@ -380,25 +378,13 @@ def __init__(self, argv = None,
             p.success('pid %i' % self.pid)
 
         if IS_WINDOWS:
-            class winprocess(windows.winobject.process.WinProcess):
-                def __del__(self):
-                    # sys.path is not None -> check if python shutdown
-                    # workaround crash on shutdown trying to delete invalid WinProcess object
-                    if hasattr(sys, "path") and sys.path is not None:
-                        super(winprocess, self).__del__()
-
-            #: :class:`windows.winobject.process.WinProcess` object that provides insight into the process
-            self.win_process = winprocess(pid=self.pid)
             self._read_thread = None
             self._read_queue = queue.Queue()
             if self.proc.stdout:
                 # Read from stdout in a thread
                 self._read_thread = threading.Thread(target=_read_in_thread, args=(self._read_queue, self.proc.stdout))
                 self._read_thread.daemon = True
                 self._read_thread.start()
-
-            if (creationflags & CREATE_SUSPENDED) == 0:
-                self._wait_initialized()
             return
 
         if self.pty is not None:
@@ -522,18 +508,6 @@ def __on_enoexec(self, exception):
         # we don't have a qemu which can run it.
         self.exception(exception)
 
-    def _check_initialized(self):
-        # Accessing PEB until WinProcess is done initializing.
-        try:
-            self.win_process.peb.modules[1]
-            return True
-        except:
-            return False
-
-    def _wait_initialized(self):
-        while not self._check_initialized() and not self.win_process.is_exit:
-            time.sleep(0.05)
-
     @property
     def program(self):
         """Alias for ``executable``, for backward compatibility.
@@ -566,10 +540,7 @@ def cwd(self):
             '/proc'
         """
         try:
-            if IS_WINDOWS:
-                self._cwd = self.win_process.peb.ProcessParameters.contents.CurrentDirectory.DosPath.str
-            else:
-                self._cwd = os.readlink('/proc/%i/cwd' % self.pid)
+            self._cwd = cwd(self.pid)
         except Exception:
             pass
 
@@ -713,12 +684,8 @@ def poll(self, block = False):
         if returncode is not None and not self._stop_noticed:
             self._stop_noticed = time.time()
             signame = ''
-            if IS_WINDOWS:
-                if returncode in ntstatus_names:
-                    signame = ' (%s)' % (ntstatus_names[returncode])
-            else:
-                if returncode < 0:
-                    signame = ' (%s)' % (signal_names.get(returncode, 'SIG???'))
+            if returncode < 0:
+                signame = ' (%s)' % (signal_names.get(returncode, 'SIG???'))
 
             self.info("Process %r stopped with exit code %d%s (pid %i)" % (self.display,
                                                                   returncode,
@@ -920,15 +887,7 @@ def libs(self):
         by the process to the address it is loaded at in the process' address
         space.
         """
-        if IS_WINDOWS:
-            if not self._check_initialized():
-                raise Exception("PEB not initialized while getting the loaded modules")
-            return  {module.name.lower(): module.baseaddr for module in self.win_process.peb.modules if module.name}
-
-        try:
-            maps_raw = open('/proc/%d/maps' % self.pid).read()
-        except IOError:
-            maps_raw = None
+        maps_raw = memory_maps(self.pid)
 
         if not maps_raw:
             import pwnlib.elf.elf
@@ -938,18 +897,18 @@ def libs(self):
 
         # Enumerate all of the libraries actually loaded right now.
         maps = {}
-        for line in maps_raw.splitlines():
-            if '/' not in line: continue
-            path = line[line.index('/'):]
+        for mapping in maps_raw:
+            path = mapping.path
+            if os.sep not in path: continue
             path = os.path.realpath(path)
             if path not in maps:
                 maps[path]=0
 
         for lib in maps:
             path = os.path.realpath(lib)
-            for line in maps_raw.splitlines():
-                if line.endswith(path):
-                    address = line.split('-')[0]
+            for mapping in maps_raw:
+                if mapping.path == path:
+                    address = mapping.addr.split('-')[0]
                     maps[lib] = int(address, 16)
                     break
 
@@ -1058,11 +1017,6 @@ def leak(self, address, count=1):
             >>> p.leak(e.address, 4)
             b'\x7fELF'
         """
-        if IS_WINDOWS:
-            if not self._check_initialized():
-                self.error("PEB not initialized while reading memory")
-            return self.win_process.read_memory(address, count)
-
         # If it's running under qemu-user, don't leak anything.
         if 'qemu-' in os.path.realpath('/proc/%i/exe' % self.pid):
             self.error("Cannot use leaker on binaries under QEMU.")
@@ -1108,11 +1062,6 @@ def writemem(self, address, data):
             >>> io.recvall()
             b'aaaabaaacaaadaaaeaaafaaagaaahaaa'
         """
-        if IS_WINDOWS:
-            if not self._check_initialized():
-                self.error("PEB not initialized while writing memory")
-            return self.win_process.write_memory(address, data)
-
         if 'qemu-' in os.path.realpath('/proc/%i/exe' % self.pid):
             self.error("Cannot use leaker on binaries under QEMU.")
 
diff --git a/pwnlib/util/proc.py b/pwnlib/util/proc.py
@@ -223,6 +223,23 @@ def cmdline(pid):
     """
     return psutil.Process(pid).cmdline()
 
+def memory_maps(pid):
+    """memory_maps(pid) -> list
+    
+    Arguments:
+        pid (int): PID of the process.
+
+    Returns:
+        A list of the memory mappings in the process.
+
+    Example:
+        >>> maps = memory_maps(os.getpid())
+        >>> [(m.path, m.perms) for m in maps if '[stack]' in m.path]
+        [('[stack]', 'rw-p')]
+
+    """
+    return psutil.Process(pid).memory_maps(grouped=False)
+
 def stat(pid):
     """stat(pid) -> str list
 
diff --git a/pyproject.toml b/pyproject.toml
@@ -57,7 +57,6 @@ dependencies = [
     "pathlib2; python_version < '3.4'",
     "unix-ar; python_version >= '3'",
     "zstandard",
-    "PythonForWindows; sys_platform == 'win32'",
 ]
 
 [project.urls]

Original file line number	Diff line number	Diff line change
`@@ -57,7 +57,6 @@ dependencies = [`
`57`	`57`	`"pathlib2; python_version < '3.4'",`
`58`	`58`	`"unix-ar; python_version >= '3'",`
`59`	`59`	`"zstandard",`
`60`		`- "PythonForWindows; sys_platform == 'win32'",`
`61`	`60`	`]`
`62`	`61`
`63`	`62`	`[project.urls]`