search

hakril / PythonForWindows

A codebase aimed to make interaction with Windows and native execution easier
BSD 3-Clause "New" or "Revised" License
573 stars 112 forks source link

Python3 get_kernel_modules refcount problem #12

Closed BrunoPujos closed 4 years ago

BrunoPujos commented 4 years ago

Hello,

There is apparently a problem with the refcount when getting the module using the windows.utils.get_kernel_modules function. The _SYSTEM_MODULE64 objects seems to not be correctly kept in memory. This leads to invalid data being recuperated when accessing members of the objects.

The following code allow to reproduce:

import windows.utils as wutils
import gc

mods = wutils.get_kernel_modules()

gc.collect() # gc to collect, for more reliable reproduction

print([x.ImageName for x in mods]) # need to do stuff for triggering bug
print([x.ImageName for x in mods])
print([x.ImageName for x in mods])
print("LAST IMAGE NAME: {}".format(mods[0].ImageName))

Python version: Python 3.8.2 (tags/v3.8.2:7b3ab59, Feb 25 2020, 23:03:10) [MSC v.1916 64 bit (AMD64)] on win32, test done using the dev branch commit 5c3b0cd.

w4kfu commented 4 years ago

Hello,

The problem was also present on the LKD project, the commit : https://github.com/w4kfu/LKD/commit/6dc8ba20422493e395d49946fd3c4bc8f9b5dd4e solved the issue.

Thx,

hakril commented 4 years ago

Hello,

Thank you both for the issue and fix. I was able to reproduce and fix the issue on my side, I also added a test. The commit is 7921e7464, feel free to test it before I close this issue.

Also, I recommand the use of the new windows.system.modules to retrieve the information. windows.utils.get_kernel_modules() will now print a DeprecationWarning.

Thank you,

w4kfu commented 4 years ago

Hello,

ok on my side, issue can be closed.

Thx,