atomicshop 2.12.22__py3-none-any.whl → 2.12.24__py3-none-any.whl

atomicshop/__init__.py

@@ -1,4 +1,4 @@
 """Atomic Basic functions and classes to make developer life easier"""
 
 __author__ = "Den Kras"
-__version__ = '2.12.22'
+__version__ = '2.12.24'

atomicshop/addons/process_list/compile.cmd

@@ -1,2 +1,7 @@
-"C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.37.32822\bin\Hostx64\x64\cl.exe" /LD /EHsc c:\compile\process_list.cpp /Fo:c:\compile /Fe:c:\compile\process_list.dll /I c:\compile\inc\ /link /LIBPATH:c:\compile\lib\ Advapi32.lib ntdll.lib Psapi.lib
+REM Install WIndows 10 SDK before running.
+REM Execute this cmd in:
+REM Start => All Apps => Visual Studio 2022 => x64 Native Tools Command Prompt for VS 2022
+REM Run the prompt as admin.
+REM "C:\Program Files\Microsoft Visual Studio\2022\Community\VC\Tools\MSVC\14.39.33519\bin\Hostx64\x64\cl.exe" /LD /EHsc c:\compile\process_list.cpp /Fo:c:\compile /Fe:c:\compile\process_list.dll /I c:\compile\inc\ /link /LIBPATH:c:\compile\lib\ Advapi32.lib ntdll.lib Psapi.lib
+cl /LD /EHsc c:\compile\process_list.cpp /Fo:c:\compile /Fe:c:\compile\process_list.dll /I c:\compile\inc\ /link /LIBPATH:c:\compile\lib\ Advapi32.lib ntdll.lib Psapi.lib
 pause

atomicshop/addons/process_list/process_list.cpp

@@ -3,6 +3,9 @@
 #include <tchar.h>
 #include <iostream>
 #include <tlhelp32.h>
+#include <atomic>
+
+std::atomic<bool> cancelRequested(false);
 
 typedef LONG NTSTATUS;
 typedef NTSTATUS (*PFN_NT_QUERY_INFORMATION_PROCESS)(HANDLE, UINT, PVOID, ULONG, PULONG);
@@ -121,6 +124,10 @@ bool GetProcessCommandLine(DWORD dwPid, wchar_t** ppszCmdLine, wchar_t* szProces
 
 typedef void(*CallbackFunc)(DWORD pid, wchar_t* process_name, wchar_t* cmdline);
 
+extern "C" __declspec(dllexport) void RequestCancellation() {
+    cancelRequested.store(true);
+}
+
 extern "C" __declspec(dllexport) void GetProcessDetails(CallbackFunc callback) {
     if (!EnableDebugPrivilege()) {
         std::wcout << L"Failed to enable debug privilege." << std::endl;
@@ -156,7 +163,7 @@ extern "C" __declspec(dllexport) void GetProcessDetails(CallbackFunc callback) {
         } else {
             callback(pe32.th32ProcessID, szProcessName, NULL);
         }
-    } while (Process32NextW(hSnap, &pe32));
+    } while (Process32NextW(hSnap, &pe32) && !cancelRequested.load());
 
     CloseHandle(hSnap);
 }

atomicshop/etw/sessions.py

@@ -0,0 +1,14 @@
+from ..wrappers.ctyping.etw_winapi import etw_functions
+
+
+def stop_and_delete(session_name) -> tuple[bool, int]:
+    """
+    Stop and delete ETW session.
+
+    :param session_name: The name of the session to stop and delete.
+    :return: A tuple containing a boolean indicating success and an integer status code.
+        True, 0: If the session was stopped and deleted successfully.
+        False, <status>: If the session could not be stopped and deleted and the status code, why it failed.
+    """
+
+    return etw_functions.stop_and_delete_etw_session(session_name)

atomicshop/etw/trace.py

@@ -0,0 +1,122 @@
+import queue
+import sys
+
+# Import FireEye Event Tracing library.
+import etw
+
+from ..print_api import print_api
+
+
+class EventTrace(etw.ETW):
+    def __init__(
+            self,
+            providers: list,
+            event_callback=None,
+            event_id_filters: list = None,
+            session_name: str = None
+    ):
+        """
+        :param providers: List of tuples with provider name and provider GUID.
+            tuple[0] = provider name
+            tuple[1] = provider GUID
+        :param event_callback: Reference to the callable callback function that will be called for each occurring event.
+        :param event_id_filters: List of event IDs that we want to filter. If not provided, all events will be returned.
+            The default in the 'etw.ETW' method is 'None'.
+        :param session_name: The name of the session to create. If not provided, a UUID will be generated.
+        ------------------------------------------
+        You should stop the ETW tracing when you are done with it.
+            'pywintrace' module starts a new session for ETW tracing, and it will not stop the session when the script
+            exits or exception is raised.
+            This can cause problems when you want to start the script again, and the session is already running.
+            If the session is already running, and you start a new session with the same session name, you will get
+            the buffer from when you stopped getting the events from the buffer.
+            If you give different session name for new session, the previous session will still continue to run,
+            filling the buffer with events, until you will stop getting new events on all sessions or get an
+            exception that the buffer is full (WinError 1450).
+
+            Example to stop the ETW tracing at the end of the script:
+            from atomicshop.basics import atexits
+
+
+            event_tracing = EventTrace(<Your parameters>)
+            atexits.run_callable_on_exit_and_signals(EventTrace.stop)
+        """
+        self.event_queue = queue.Queue()
+
+        # If no callback function is provided, we will use the default one, which will put the event in the queue.
+        if not event_callback:
+            function_callable = lambda x: self.event_queue.put(x)
+        # If a callback function is provided, we will use it.
+        else:
+            function_callable = lambda x: event_callback(x)
+
+        # Defining the list of specified ETW providers in 'etw' library format.
+        etw_format_providers: list = list()
+        for provider in providers:
+            etw_format_providers.append(etw.ProviderInfo(provider[0], etw.GUID(provider[1])))
+
+        super().__init__(
+            providers=etw_format_providers, event_callback=function_callable, event_id_filters=event_id_filters,
+            session_name=session_name
+        )
+
+    def start(self):
+        try:
+            super().start()
+        except OSError as e:
+            message = f"PyWinTrace Error: {e}\n" \
+                        f"PyWinTrace crashed, didn't find solution to this, RESTART computer."
+            print_api(message, error_type=True, logger_method='critical')
+            sys.exit(1)
+
+    def stop(self):
+        super().stop()
+
+    def emit(self):
+        """
+        The Function will return the next event from the queue.
+        The queue is blocking, so if there is no event in the queue, the function will wait until there is one.
+
+        Usage Example:
+            while True:
+                dns_dict = dns_trace.emit()
+                print(dns_dict)
+
+        event object:
+            event[0]: is the event ID. Example: for DNS Tracing, it is event id 3008.
+            event[1]: contains a dictionary with all the event's parameters.
+
+        :return: etw event object.
+        """
+
+        return self.event_queue.get()
+
+
+def find_sessions_by_provider(provider_name: str):
+    """
+    Find ETW session by provider name.
+
+    :param provider_name: The name of the provider to search for.
+    """
+
+    return
+
+
+def get_all_providers_from_session(session_name: str):
+    """
+    Get all providers that ETW session uses.
+
+    :param session_name: The name of the session to get providers from.
+    """
+
+    return
+
+
+def stop_session_by_name(session_name: str):
+    """
+    Stop ETW session by name.
+
+    :param session_name: The name of the session to stop.
+    """
+
+    return

atomicshop/etw/{dns_trace.py → trace_dns.py}

@@ -1,12 +1,13 @@
-from . import etw
+from . import trace
 from .. import dns
 from ..wrappers.psutilw import psutilw
 from ..basics import dicts
 from ..process_poller import ProcessPollerPool
+from ..print_api import print_api
 
 
 class DnsTrace:
-    def __init__(self, enable_process_poller: bool = False, attrs: list = None):
+    def __init__(self, enable_process_poller: bool = False, attrs: list = None, session_name: str = None):
         """
         DnsTrace class use to trace DNS events from Windows Event Tracing for EventId 3008.
 
@@ -14,6 +15,7 @@ class DnsTrace:
             every 100 ms. Since the DNS events doesn't contain the process name and command line, only PID.
             Then DNS events will be enriched with the process name and command line from the process poller.
         :param attrs: List of attributes to return. If None, all attributes will be returned.
+        :param session_name: The name of the session to create. If not provided, a UUID will be generated.
 
         Usage Example:
             from atomicshop.etw import dns_trace
@@ -30,10 +32,11 @@ class DnsTrace:
         self.enable_process_poller = enable_process_poller
         self.attrs = attrs
 
-        self.event_trace = etw.EventTrace(
-            [(dns.ETW_DNS_INFO['provider_name'], dns.ETW_DNS_INFO['provider_guid'])],
+        self.event_trace = trace.EventTrace(
+            providers=[(dns.ETW_DNS_INFO['provider_name'], dns.ETW_DNS_INFO['provider_guid'])],
             # lambda x: self.event_queue.put(x),
-            event_id_filters=[dns.ETW_DNS_INFO['event_id']]
+            event_id_filters=[dns.ETW_DNS_INFO['event_id']],
+            session_name=session_name
         )
 
         if self.enable_process_poller:
@@ -117,7 +120,12 @@ class DnsTrace:
             event_dict['status'] = 'Error'
 
         if self.enable_process_poller:
-            event_dict = psutilw.cross_single_connection_with_processes(event_dict, self.process_poller.processes)
+            processes = self.process_poller.processes
+
+            if isinstance(processes, BaseException):
+                raise processes
+
+            event_dict = psutilw.cross_single_connection_with_processes(event_dict, processes)
             # If it was impossible to get the process name from the process poller, get it from psutil.
             # if event_dict['name'].isnumeric():
             #     event_dict['name'] = process_name

atomicshop/monitor/change_monitor.py

@@ -40,28 +40,28 @@ class ChangeMonitor:
                     'url_playwright_png',
                     'url_playwright_jpeg'],
                 None] = None,
-            object_type_settings: dict = None
+            object_type_settings: dict = None,
+            etw_session_name: str = None
     ):
         """
         :param object_type: string, type of object to check. The type must be one of the following:
-            'file': 'check_object_list' must contain strings of full path to the file.
-            'dns': 'check_object_list' will be none, since the DNS events will be queried from the system.
-            'network': 'check_object_list' will be none, since the network events will be queried from the system.
-            'process_running': 'check_object_list' must contain strings of process names to check if they are running.
+            'file': 'check_object' must contain string of full path to the file.
+            'dns': 'check_object' will be none, since the DNS events will be queried from the system.
+            'network': 'check_object' will be none, since the network events will be queried from the system.
+            'process_running': 'check_object' must contain list of strings of process names to check if they are
+                running.
                 Example: ['chrome.exe', 'firefox.exe']
                 No file is written.
-            'url_urllib': 'check_object_list' must contain strings of full URL to a web page. The page will be
-                downloaded using 'urllib' library in HTML.
-            'url_playwright_html': 'check_object_list' must contain strings of full URL to a web page. The page will
-                be downloaded using 'playwright' library in HTML.
-            'url_playwright_pdf': 'check_object_list' must contain strings of full URL to a web page. The page will
-                be downloaded using 'playwright' library in PDF.
-            'url_playwright_png': 'check_object_list' must contain strings of full URL to a web page. The page will
-                be downloaded using 'playwright' library in PNG.
-            'url_playwright_jpeg': 'check_object_list' must contain strings of full URL to a web page. The page will
-                be downloaded using 'playwright' library in JPEG.
+            'url_*': 'check_object' must contain string of full URL to a web page to download.
+                'url_urllib': download using 'urllib' library to HTML file.
+                'url_playwright_html': download using 'playwright' library to HTML file.
+                'url_playwright_pdf': download using 'playwright' library to PDF file.
+                'url_playwright_png': download using 'playwright' library to PNG file.
+                'url_playwright_jpeg': download using 'playwright' library to JPEG file.
         :param object_type_settings: dict, specific settings for the object type.
             'dns': Check the default settings example in 'DNS__DEFAULT_SETTINGS'.
+            'file': Check the default settings example in 'FILE__URL__DEFAULT_SETTINGS'.
+            'url_*': Check the default settings example in 'FILE__URL__DEFAULT_SETTINGS'.
         :param check_object: The object to check if changed.
             'dns': empty.
             'network': empty.
@@ -84,24 +84,10 @@ class ChangeMonitor:
                 to the input file whether the object was updated.
             False: write to input file each time there is an update, and read each check cycle from the file and not
                 from the memory.
-        :param store_original_object: boolean, if True, the original object will be stored on the disk inside
-        'Original' folder, inside 'input_directory'.
-        :param operation_type: string, type of operation to perform. The type must be one of the following:
-            'hit_statistics': will only store the statistics of the entries in the input file.
-            'all_objects': disable the DiffChecker features, meaning any new entries will be emitted as is.
-            None: will use the default operation type, based on the object type.
-        :param hit_statistics_input_file_rotation_cycle_hours:
-            float, the amount of hours the input file will be rotated in the 'hit_statistics' operation type.
-            str, (only 'midnight' is valid), the input file will be rotated daily at midnight.
-            This is valid only for the 'hit_statistics' operation type.
-        :param hit_statistics_enable_queue: boolean, if True, the statistics queue will be enabled.
-        :param new_objects_hours_then_difference: float, currently works only for the 'dns' object_type.
-            This is only for the 'new_objects' operation type.
-            If the object is not in the list of objects, it will be added to the list.
-            If the object is in the list of objects, it will be ignored.
-            After the specified amount of hours, new objects will not be added to the input file list, so each new
-            object will be outputted from the function. This is useful for checking new objects that are not
-            supposed to be in the list of objects, but you want to know about them.
+        :param etw_session_name: string, the name of the ETW session. This should help you manage your ETW sessions
+            with logman and other tools: logman query -ets
+            If not provided, a default name will be generated.
+            'dns': 'AtomicShopDnsTrace'
 
         If 'input_directory' is not specified, the 'input_file_name' is not specified, and
         'generate_input_file_name' is False, then the input file will not be used and the object will be stored
@@ -117,13 +103,14 @@ class ChangeMonitor:
         self.input_file_write_only: bool = input_file_write_only
         self.object_type = object_type
         self.object_type_settings: dict = object_type_settings
+        self.etw_session_name: str = etw_session_name
 
         # === Additional variables ========================================
 
         self.checks_instance = None
-        self._setup_object()
+        self._setup_check()
 
-    def _setup_object(self):
+    def _setup_check(self):
         if self.object_type == 'file':
             if not self.object_type_settings:
                 self.object_type_settings = FILE__URL__DEFAULT_SETTINGS

atomicshop/monitor/checks/dns.py

@@ -1,13 +1,14 @@
 from pathlib import Path
 from typing import Union
 
-from ...etw.dns_trace import DnsTrace
+from ...etw.trace_dns import DnsTrace
 from ...print_api import print_api
 from ...import diff_check
 
 
 INPUT_FILE_DEFAULT_NAME: str = 'known_domains.json'
 INPUT_STATISTICS_FILE_DEFAULT_NAME: str = 'dns_statistics.json'
+ETW_DEFAULT_SESSION_NAME: str = 'AtomicShopDnsTrace'
 
 
 class DnsCheck:
@@ -20,8 +21,17 @@ class DnsCheck:
         self.diff_checker_aggregation: Union[diff_check.DiffChecker, None] = None
         self.diff_checker_statistics: Union[diff_check.DiffChecker, None] = None
         self.settings: dict = change_monitor_instance.object_type_settings
+
+        if change_monitor_instance.etw_session_name:
+            self.etw_session_name: str = change_monitor_instance.etw_session_name
+        else:
+            self.etw_session_name: str = ETW_DEFAULT_SESSION_NAME
+
         self.fetch_engine: DnsTrace = (
-            DnsTrace(enable_process_poller=True, attrs=['name', 'cmdline', 'domain', 'query_type']))
+            DnsTrace(
+                enable_process_poller=True, attrs=['name', 'cmdline', 'domain', 'query_type'],
+                session_name=self.etw_session_name)
+        )
 
         if self.settings['alert_always'] and self.settings['alert_about_missing_entries_after_learning']:
             raise ValueError(

atomicshop/on_exit.py

@@ -0,0 +1,175 @@
+import atexit
+import signal
+import sys
+import platform
+
+import win32api
+import win32con
+
+from .print_api import print_api
+from .wrappers.pywin32w import console
+
+
+EXIT_HANDLER_INSTANCE = None
+
+
+class ExitHandler:
+    """
+    This class is used to handle exit events: Closing the console, pressing 'CTRL+C', Killing the process.
+
+    Example:
+        from atomicshop import on_exit
+
+
+        def clean_up_function():
+            print("Cleaning up.")
+
+
+        on_exit.ExitHandler(clean_up_function).register_handlers()
+
+        # OR
+        on_exit.register_exit_handler(clean_up_function)
+    """
+    def __init__(
+            self,
+            cleanup_action: callable,
+            args: tuple = None,
+            kwargs: dict = None
+    ):
+        """
+        :param cleanup_action: The action to run when one of exit types is triggered.
+        :param args: The arguments to pass to the cleanup action.
+        :param kwargs: The keyword arguments to pass to the cleanup action.
+        """
+
+        if not callable(cleanup_action):
+            raise ValueError("The 'cleanup_action' must be a callable function.")
+
+        if args is None:
+            args = tuple()
+
+        if kwargs is None:
+            kwargs = dict()
+
+        self.cleanup_action: callable = cleanup_action
+        self.args: tuple = args
+        self.kwargs: dict = kwargs
+
+        self._called: bool = False
+        self._handler_hit: bool = False
+
+    def _run_cleanup(self):
+        if not self._called:
+            self._called = True
+            self.cleanup_action(*self.args, **self.kwargs)
+
+    def console_handler(self, event):
+        if event == win32con.CTRL_CLOSE_EVENT:
+
+            if not self._handler_hit:
+                self._handler_hit = True
+
+                print("Console close event.")
+                self._run_cleanup()
+
+            return True
+        return False
+
+    def atexit_handler(self):
+        if not self._handler_hit:
+            self._handler_hit = True
+
+            print("atexit_handler")
+            self._run_cleanup()
+
+    def signal_handler(self, signum, frame):
+        if not self._handler_hit:
+            self._handler_hit = True
+
+            print_api(f"Signal {signum}")
+            self._run_cleanup()
+            # Exit the process gracefully
+            raise SystemExit(0)
+
+    def register_handlers(self):
+        win32api.SetConsoleCtrlHandler(self.console_handler, True)
+        atexit.register(self.atexit_handler)
+        signal.signal(signal.SIGINT, self.signal_handler)
+        signal.signal(signal.SIGTERM, self.signal_handler)
+
+
+def register_exit_handler(clean_up_function, *args, **kwargs):
+    """
+    This function will register the exit handler to handle exit events: Closing the console, pressing 'CTRL+C',
+    Killing the process.
+
+    :param clean_up_function: The action to run when one of exit types is triggered.
+    :param args: The arguments to pass to the cleanup action.
+    :param kwargs: The keyword arguments to pass to the cleanup action.
+    """
+    global EXIT_HANDLER_INSTANCE
+    EXIT_HANDLER_INSTANCE = ExitHandler(clean_up_function, args, kwargs)
+    EXIT_HANDLER_INSTANCE.register_handlers()
+
+
+def restart_function(callable_function, *args, **kwargs):
+    """
+    This function will run the callable function with the given arguments and keyword arguments.
+    If the function raises an exception, the function will be restarted.
+
+    :param callable_function: The function to run.
+    :param args: The arguments to pass to the function.
+    :param kwargs: The keyword arguments to pass to the function.
+    :return: The return value of the function.
+    """
+    while True:
+        try:
+            return callable_function(*args, **kwargs)
+        except Exception as e:
+            print(f"ERROR: {e}")
+            continue
+
+
+def _ref_run_callable_on_exit_and_signals(
+        callable_function,
+        print_kwargs: dict = None,
+        *args,
+        **kwargs
+):
+    """
+    THIS IS FOR REFERENCE ONLY.
+
+    This function will run the callable function with the given arguments and keyword arguments.
+    If the function raises an exception, the function will be restarted.
+
+    :param callable_function: The function to run.
+    :param print_kwargs: print_api kwargs.
+    :param args: The arguments to pass to the function.
+    :param kwargs: The keyword arguments to pass to the function.
+    :return: The return value of the function.
+    """
+    def signal_handler(signum, frame):
+        print_api(f"Signal {signum} received, exiting.", **(print_kwargs or {}))
+        callable_function(*args, **kwargs)
+        sys.exit(0)
+
+    def exit_handler():
+        print_api("Exiting.", **(print_kwargs or {}))
+        callable_function(*args, **kwargs)
+        sys.exit(0)
+
+    signals = [signal.SIGINT, signal.SIGTERM]
+    if platform.system() != 'Windows':
+        signals.append(signal.SIGQUIT)
+        signals.append(signal.SIGHUP)
+    for sig in signals:
+        signal.signal(sig, signal_handler)
+
+    # signal.signal(signal.SIGINT, signal_handler)
+    # signal.signal(signal.SIGTERM, signal_handler)
+    atexit.register(exit_handler)
+
+    # Register console handler for Windows.
+    if platform.system() == 'Windows':
+        console_handler = console.ConsoleHandler(exit_handler, args, kwargs)
+        console_handler.register_handler()

atomicshop/process_name_cmd.py

@@ -1,19 +1,25 @@
-import pkg_resources
+from importlib.resources import files
 import ctypes
 from ctypes import wintypes
 from typing import Literal
+import threading
 
 from .basics import list_of_dicts
 
 
+PACKAGE_DLL_PATH = 'addons/process_list/compiled/Win10x64/process_list.dll'
+FULL_DLL_PATH = str(files(__package__).joinpath(PACKAGE_DLL_PATH))
+
+
 class ProcessNameCmdline:
     def __init__(self, load_dll: bool = False):
         self.load_dll: bool = load_dll
-        self.dll_path: str = pkg_resources.resource_filename(
-            __package__, 'addons/process_list/compiled/Win10x64/process_list.dll')
+        self.dll_path = FULL_DLL_PATH
+
         self.dll = None
         self.callback_output = None
         self.CALLBACKFUNC = None
+        self.CALLBACKFUNC_ref = None
 
         if self.load_dll:
             self.load()
@@ -21,12 +27,16 @@ class ProcessNameCmdline:
     def load(self):
         """
         Load the DLL, initialize the callback function and ctypes.
-        ctypes.WINFUCNTYPE is not thread safe. You should load it inside a thread / process and not outside.
+        ctypes.WINFUNCTYPE is not thread safe. You should load it inside a thread / process and not outside.
         """
         self.dll = ctypes.windll.LoadLibrary(self.dll_path)
         self.callback_output = OutputList()
         self.CALLBACKFUNC = ctypes.WINFUNCTYPE(None, wintypes.DWORD, wintypes.LPWSTR, wintypes.LPWSTR)
+        self.CALLBACKFUNC_ref = self.CALLBACKFUNC(self.callback_output.callback)
+
+        # Set the argument types for the export functions of the DLL.
         self.dll.GetProcessDetails.argtypes = [self.CALLBACKFUNC]
+        self.dll.RequestCancellation.restype = None
 
     def get_process_details(
             self,
@@ -49,23 +59,37 @@ class ProcessNameCmdline:
                 }
         """
 
-        self.dll.GetProcessDetails(self.CALLBACKFUNC(self.callback_output.callback))
+        def enumerate_process():
+            self.dll.GetProcessDetails(self.CALLBACKFUNC_ref)
+
+        thread = threading.Thread(target=enumerate_process)
+        thread.start()
+
+        try:
+            # This is needed to stop the thread if the main thread is interrupted.
+            # If we execute the 'self.dll.GetProcessDetails(self.CALLBACKFUNC_ref)' directly
+            # and we would like to KeyboardInterrupt, we will get an error:
+            # Exception ignored on calling ctypes callback function.
+            thread.join()
 
-        processes = self.callback_output.data
+            processes = self.callback_output.data
 
-        # Clear the callback output list, or it will be appended each time.
-        self.callback_output.data = list()
+            # Clear the callback output list, or it will be appended each time.
+            self.callback_output.data = list()
 
-        if sort_by:
-            processes = list_of_dicts.sort_by_keys(processes, key_list=[sort_by])
+            if sort_by:
+                processes = list_of_dicts.sort_by_keys(processes, key_list=[sort_by])
 
-        if as_dict:
-            processes = convert_processes_to_dict(processes)
+            if as_dict:
+                processes = convert_processes_to_dict(processes)
 
-        return processes
+            return processes
+        except KeyboardInterrupt:
+            self.dll.RequestCancellation()
+            raise
 
 
-def convert_processes_to_dict(process_list: dict) -> dict:
+def convert_processes_to_dict(process_list: list[dict]) -> dict:
     """
     The function will convert the list of processes to dict, while 'pid' values will be converted to key.
     Example:
@@ -99,14 +123,23 @@ class OutputList:
 
     def callback(self, pid, process_name, cmdline):
         try:
+            process_name_decoded = process_name.decode("utf-16") if isinstance(process_name, bytes) else process_name
+            cmdline_decoded = cmdline.decode("utf-16") if isinstance(cmdline, bytes) else (
+                cmdline if cmdline else "Error")
             self.data.append({
                 "pid": pid,
-                "name": process_name.decode("utf-16"),
-                "cmdline": cmdline.decode("utf-16") if cmdline else "Error"
+                "name": process_name_decoded,
+                "cmdline": cmdline_decoded
             })
-        except AttributeError:
+        # except AttributeError:
+        #     self.data.append({
+        #         "pid": pid,
+        #         "name": process_name,
+        #         "cmdline": cmdline if cmdline else "Error"
+        #     })
+        except Exception:
             self.data.append({
                 "pid": pid,
-                "name": process_name,
-                "cmdline": cmdline if cmdline else "Error"
+                "name": "Error",
+                "cmdline": "Error"
             })

atomicshop/process_poller.py

@@ -135,7 +135,7 @@ class ProcessPollerPool:
             self, store_cycles: int = 200,
             interval_seconds: Union[int, float] = 0,
             operation: Literal['thread', 'process'] = 'thread',
-            poller_method: Literal['psutil', 'pywin32', 'process_dll'] = 'process_dll'
+            poller_method: Literal['psutil', 'pywin32', 'process_dll'] = 'process_dll',
     ):
         """
         :param store_cycles: int, how many cycles to store. Each cycle is polling processes.
@@ -162,6 +162,14 @@ class ProcessPollerPool:
             'psutil': Get the list of processes by 'psutil' library. Resource intensive and slow.
             'pywin32': Get the list of processes by 'pywin32' library, using WMI. Not resource intensive, but slow.
             'process_dll'. Not resource intensive and fast. Probably works only in Windows 10 x64.
+        ---------------------------------------------
+        If there is an exception, ProcessPollerPool.processes will be set to the exception.
+        While getting the processes you can use this to execute the exception:
+
+        processes = ProcessPollerPool.processes
+
+        if isinstance(processes, BaseException):
+            raise processes
         """
 
         self.store_cycles: int = store_cycles
@@ -193,44 +201,59 @@ class ProcessPollerPool:
     def _start_thread(self):
         self.running = True
         # threading.Thread(target=self._worker, args=(self.process_polling_instance,)).start()
-        threading.Thread(target=self._worker).start()
+        thread = threading.Thread(target=self._worker)
+        thread.daemon = True
+        thread.start()
 
     def _start_process(self):
         self.running = True
         multiprocessing.Process(target=self._worker).start()
-        threading.Thread(target=self._thread_get_queue).start()
 
-    # def _worker(self, process_polling_instance):
+        thread = threading.Thread(target=self._thread_get_queue)
+        thread.daemon = True
+        thread.start()
+
     def _worker(self):
         # We must initiate the connection inside the thread/process, because it is not thread-safe.
         self.get_processes_list.connect()
 
+        exception = None
         list_of_processes: list = list()
         while self.running:
-            # If the list is full (to specified 'store_cycles'), remove the first element.
-            if len(list_of_processes) == self.store_cycles:
-                del list_of_processes[0]
-
-            # Get the current processes and reinitialize the instance of the dict.
-            current_processes: dict = dict(self.get_processes_list.get_processes())
-
-            # Remove Command lines that contains only numbers, since they are useless.
-            for pid, process_info in current_processes.items():
-                if process_info['cmdline'].isnumeric():
-                    current_processes[pid]['cmdline'] = str()
-                elif process_info['cmdline'] == 'Error':
-                    current_processes[pid]['cmdline'] = str()
-
-            # Append the current processes to the list.
-            list_of_processes.append(current_processes)
-
-            # Merge all dicts in the list to one dict, updating with most recent PIDs.
-            self.processes = list_of_dicts.merge_to_dict(list_of_processes)
-
-            if self.operation == 'process':
-                self.queue.put(self.processes)
-
-            time.sleep(self.interval_seconds)
+            try:
+                # If the list is full (to specified 'store_cycles'), remove the first element.
+                if len(list_of_processes) == self.store_cycles:
+                    del list_of_processes[0]
+
+                # Get the current processes and reinitialize the instance of the dict.
+                current_processes: dict = dict(self.get_processes_list.get_processes())
+
+                # Remove Command lines that contains only numbers, since they are useless.
+                for pid, process_info in current_processes.items():
+                    if process_info['cmdline'].isnumeric():
+                        current_processes[pid]['cmdline'] = str()
+                    elif process_info['cmdline'] == 'Error':
+                        current_processes[pid]['cmdline'] = str()
+
+                # Append the current processes to the list.
+                list_of_processes.append(current_processes)
+
+                # Merge all dicts in the list to one dict, updating with most recent PIDs.
+                self.processes = list_of_dicts.merge_to_dict(list_of_processes)
+
+                if self.operation == 'process':
+                    self.queue.put(self.processes)
+
+                time.sleep(self.interval_seconds)
+            except KeyboardInterrupt as e:
+                self.running = False
+                exception = e
+            except Exception as e:
+                self.running = False
+                exception = e
+
+        if not self.running:
+            self.queue.put(exception)
 
     def _thread_get_queue(self):
         while True:

atomicshop/scheduling.py

@@ -12,7 +12,7 @@ def periodic_task(interval, priority, function_ref, args=(), sched_object=None):
     sched_object.run()
 
 
-def threaded_periodic_task(interval, function_ref, args=(), kwargs=None, thread_name=None):
+def threaded_periodic_task(interval, function_ref, args=(), kwargs=None, thread_name=None, daemon=True):
     """
     The function executes referenced function 'function_ref' with arguments 'args' each 'interval' in a new thread.
     The old thread is closed, each time the new is executed.
@@ -24,6 +24,10 @@ def threaded_periodic_task(interval, function_ref, args=(), kwargs=None, thread_
     :param thread_name: the name of the thread that will be created:
         threading.Thread(target=thread_timer, name=thread_name).start()
         The default parameter for 'Thread' 'name' is 'None', so if you don't specify the name it works as default.
+    :param daemon: bool, if True, the thread will be a daemon thread. Default is True.
+        Since this is a periodic task, we don't need to wait for the thread to finish, so we can set it to True.
+
+    :return: thread object.
     """
 
     # If 'kwargs' is not provided, we'll initialize it as an empty dictionary.
@@ -50,7 +54,13 @@ def threaded_periodic_task(interval, function_ref, args=(), kwargs=None, thread_
             time.sleep(interval)
 
     # Start in a new thread.
-    threading.Thread(target=thread_timer, name=thread_name).start()
+    thread = threading.Thread(target=thread_timer, name=thread_name)
+
+    if daemon:
+        thread.daemon = True
+
+    thread.start()
+    return thread
 
 
 class ThreadLooper:

atomicshop/wrappers/ctyping/etw_winapi/const.py

@@ -0,0 +1,57 @@
+import ctypes
+from ctypes import wintypes
+
+
+# Load the necessary library
+advapi32 = ctypes.WinDLL('advapi32')
+
+# Constants
+EVENT_TRACE_CONTROL_STOP = 1
+WNODE_FLAG_TRACED_GUID = 0x00020000
+
+
+# Define GUID structure
+class GUID(ctypes.Structure):
+    _fields_ = [
+        ("Data1", wintypes.DWORD),
+        ("Data2", wintypes.WORD),
+        ("Data3", wintypes.WORD),
+        ("Data4", wintypes.BYTE * 8)
+    ]
+
+
+# Define WNODE_HEADER
+class WNODE_HEADER(ctypes.Structure):
+    _fields_ = [
+        ("BufferSize", wintypes.ULONG),
+        ("ProviderId", wintypes.ULONG),
+        ("HistoricalContext", wintypes.LARGE_INTEGER),
+        ("TimeStamp", wintypes.LARGE_INTEGER),
+        ("Guid", GUID),
+        ("ClientContext", wintypes.ULONG),
+        ("Flags", wintypes.ULONG)
+    ]
+
+
+# Define EVENT_TRACE_PROPERTIES structure
+class EVENT_TRACE_PROPERTIES(ctypes.Structure):
+    _fields_ = [
+        ("Wnode", WNODE_HEADER),
+        ("BufferSize", wintypes.ULONG),
+        ("MinimumBuffers", wintypes.ULONG),
+        ("MaximumBuffers", wintypes.ULONG),
+        ("MaximumFileSize", wintypes.ULONG),
+        ("LogFileMode", wintypes.ULONG),
+        ("FlushTimer", wintypes.ULONG),
+        ("EnableFlags", wintypes.ULONG),
+        ("AgeLimit", wintypes.LONG),
+        ("NumberOfBuffers", wintypes.ULONG),
+        ("FreeBuffers", wintypes.ULONG),
+        ("EventsLost", wintypes.ULONG),
+        ("BuffersWritten", wintypes.ULONG),
+        ("LogBuffersLost", wintypes.ULONG),
+        ("RealTimeBuffersLost", wintypes.ULONG),
+        ("LoggerThreadId", wintypes.HANDLE),
+        ("LogFileNameOffset", wintypes.ULONG),
+        ("LoggerNameOffset", wintypes.ULONG)
+    ]

atomicshop/wrappers/ctyping/etw_winapi/etw_functions.py

@@ -0,0 +1,37 @@
+import ctypes
+from . import const
+
+
+# Function to stop and delete ETW session
+def stop_and_delete_etw_session(session_name) -> tuple[bool, int]:
+    """
+    Stop and delete ETW session.
+
+    :param session_name: The name of the session to stop and delete.
+    :return: A tuple containing a boolean indicating success and an integer status code.
+        True, 0: If the session was stopped and deleted successfully.
+        False, <status>: If the session could not be stopped and deleted and the status code, why it failed.
+    """
+
+    session_name_unicode = ctypes.create_unicode_buffer(session_name)
+    properties_size = ctypes.sizeof(const.EVENT_TRACE_PROPERTIES) + 1024  # Adjust buffer size if needed
+    properties = ctypes.create_string_buffer(properties_size)
+
+    trace_properties = ctypes.cast(properties, ctypes.POINTER(const.EVENT_TRACE_PROPERTIES)).contents
+    trace_properties.Wnode.BufferSize = properties_size
+    trace_properties.Wnode.Flags = const.WNODE_FLAG_TRACED_GUID
+    trace_properties.Wnode.Guid = const.GUID()  # Ensure a GUID is provided if necessary
+    trace_properties.LoggerNameOffset = ctypes.sizeof(const.EVENT_TRACE_PROPERTIES)
+
+    ctypes.memmove(ctypes.addressof(properties) + trace_properties.LoggerNameOffset,
+                   session_name_unicode, ctypes.sizeof(session_name_unicode))
+
+    status = const.advapi32.ControlTraceW(
+        None, session_name_unicode, ctypes.byref(trace_properties), const.EVENT_TRACE_CONTROL_STOP)
+
+    if status != 0:
+        # print(f"Failed to stop and delete ETW session: {status}")
+        return False, status
+    else:
+        # print("ETW session stopped and deleted successfully.")
+        return True, status

atomicshop/wrappers/pywin32w/console.py

@@ -0,0 +1,34 @@
+import win32api
+import win32con
+
+
+class ConsoleHandler:
+    """
+    This class is used to handle console events.
+    Currently used to handle the 'CTRL_CLOSE_EVENT' event - Meaning what to do when the user closes the console by
+    clicking on X in the top right corner.
+    """
+    def __init__(
+            self,
+            cleanup_action: callable = None,
+            args: tuple = None,
+            kwargs: dict = None
+    ):
+        """
+        :param cleanup_action: The action to run when user closes the console.
+        :param args: The arguments to pass to the cleanup action.
+        :param kwargs: The keyword arguments to pass to the cleanup action.
+        """
+        self.cleanup_action = cleanup_action
+        self.args = args
+        self.kwargs = kwargs
+
+    def _console_handler(self, event):
+        if event == win32con.CTRL_CLOSE_EVENT:
+            if self.cleanup_action and callable(self.cleanup_action):
+                self.cleanup_action(*self.args, **self.kwargs)
+            return True
+        return False
+
+    def register_handler(self):
+        win32api.SetConsoleCtrlHandler(self._console_handler, True)

{atomicshop-2.12.22.dist-info → atomicshop-2.12.24.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: atomicshop
-Version: 2.12.22
+Version: 2.12.24
 Summary: Atomic functions and classes to make developer life easier
 Author: Denis Kras
 License: MIT License

{atomicshop-2.12.22.dist-info → atomicshop-2.12.24.dist-info}/RECORD

@@ -1,4 +1,4 @@
-atomicshop/__init__.py,sha256=g2vsW13t8sldcuaaZZDrssh2JaK2htDJxU8zZNrBFoM,124
+atomicshop/__init__.py,sha256=IWq2-3sezAvBANma6AYzXzywVzgI9rJOyd2ZKFBLQ1E,124
 atomicshop/_basics_temp.py,sha256=6cu2dd6r2dLrd1BRNcVDKTHlsHs_26Gpw8QS6v32lQ0,3699
 atomicshop/_create_pdf_demo.py,sha256=Yi-PGZuMg0RKvQmLqVeLIZYadqEZwUm-4A9JxBl_vYA,3713
 atomicshop/_patch_import.py,sha256=ENp55sKVJ0e6-4lBvZnpz9PQCt3Otbur7F6aXDlyje4,6334
@@ -21,17 +21,18 @@ atomicshop/http_parse.py,sha256=nrf2rZcprLqtW8HVrV7TCZ1iTBcWRRy-mXIlAOzcaJs,9703
 atomicshop/inspect_wrapper.py,sha256=sGRVQhrJovNygHTydqJj0hxES-aB2Eg9KbIk3G31apw,11429
 atomicshop/ip_addresses.py,sha256=Hvi4TumEFoTEpKWaq5WNF-YzcRzt24IxmNgv-Mgax1s,1190
 atomicshop/keyboard_press.py,sha256=1W5kRtOB75fulVx-uF2yarBhW0_IzdI1k73AnvXstk0,452
+atomicshop/on_exit.py,sha256=Wf1iy2e0b0Zu7oRxrct3VkLdQ_x9B32-z_JerKTt9Z0,5493
 atomicshop/pbtkmultifile_argparse.py,sha256=aEk8nhvoQVu-xyfZosK3ma17CwIgOjzO1erXXdjwtS4,4574
 atomicshop/permissions.py,sha256=P6tiUKV-Gw-c3ePEVsst9bqWaHJbB4ZlJB4xbDYVpEs,4436
 atomicshop/print_api.py,sha256=DhbCQd0MWZZ5GYEk4oTu1opRFC-b31g1VWZgTGewG2Y,11568
 atomicshop/process.py,sha256=Zgb4CUjy9gIBaawvtCOEcxGUCqvqPyARk0lpBjRzxWE,15950
-atomicshop/process_name_cmd.py,sha256=TNAK6kQZm5JKWzEW6QLqVHEG98ZLNDQiSS4YwDk8V8c,3830
-atomicshop/process_poller.py,sha256=WfmwCLALfTYOq8ri0vkPeqq8ruEyA_43DaN--CU2_XY,10854
+atomicshop/process_name_cmd.py,sha256=CtaSp3mgxxJKCCVW8BLx6BJNx4giCklU_T7USiCEwfc,5162
+atomicshop/process_poller.py,sha256=naqoq-gJN1kkaOm_MfoM7teIkh5OniXromVR4pb0pjY,11680
 atomicshop/python_file_patcher.py,sha256=kd3rBWvTcosLEk-7TycNdfKW9fZbe161iVwmH4niUo0,5515
 atomicshop/python_functions.py,sha256=zJg4ogUwECxrDD7xdDN5JikIUctITM5lsyabr_ZNsRw,4435
 atomicshop/question_answer_engine.py,sha256=DuOn7QEgKKfqZu2cR8mVeFIfFgayfBHiW-jY2VPq_Fo,841
 atomicshop/queues.py,sha256=Al0fdC3ZJmdKfv-PyBeIck9lnfLr82BYchvzr189gsI,640
-atomicshop/scheduling.py,sha256=YiHOIAI7V20bH5qcqf3c1NNkmkLk3EYr3i19CrlTkLw,4214
+atomicshop/scheduling.py,sha256=NF1_csXwez4RbHoRyUXQg1pGdswGmS1WdSGAQ54m6R8,4550
 atomicshop/script_as_string_processor.py,sha256=JKENiARNuKQ0UegP2GvIVgNPbr6CzGiMElUVTddOX3A,1776
 atomicshop/sound.py,sha256=KSzWRF8dkpEVXmFidIv-Eftc3kET-hQzQOxZRE7rMto,24297
 atomicshop/speech_recognize.py,sha256=55-dIjgkpF93mvJnJuxSFuft5H5eRvGNlUj9BeIOZxk,5903
@@ -64,11 +65,11 @@ atomicshop/addons/package_setup/CreateWheel.cmd,sha256=hq9aWBSH6iffYlZyaCNrFlA0v
 atomicshop/addons/package_setup/Setup in Edit mode.cmd,sha256=299RsExjR8Mup6YyC6rW0qF8lnwa3uIzwk_gYg_R_Ss,176
 atomicshop/addons/package_setup/Setup.cmd,sha256=IMm0PfdARH7CG7h9mbWwmWD9X47l7tddwQ2U4MUxy3A,213
 atomicshop/addons/process_list/ReadMe.txt,sha256=7H-pX7TEkn6-nYSvYc00U6B1JZvBpQvhuVBxCH8IDuc,1895
-atomicshop/addons/process_list/compile.cmd,sha256=oCXoYNx2RGmI4BfspYhYq9K6fM7D97jQ3WMu4XsNe1Y,281
-atomicshop/addons/process_list/process_list.cpp,sha256=e7olpLfLVg9vQnjEr5L2Y8aWGPGpkH39vmz51CaGFcc,5467
-atomicshop/addons/process_list/compiled/Win10x64/process_list.dll,sha256=SkAZvYAfSbzQTTq-5aL6_dYR2rA4DHbgyenFfgLFzW0,266752
-atomicshop/addons/process_list/compiled/Win10x64/process_list.exp,sha256=VTph513eqa6f6HmqAj_6mBS1Rf9G56bgYqZNuDePYcs,708
-atomicshop/addons/process_list/compiled/Win10x64/process_list.lib,sha256=n9c2MVPs3GBNoOQjMesAwzNpv5aFZsW8c-ADS7GYRhA,1886
+atomicshop/addons/process_list/compile.cmd,sha256=cJSHinOXGl-WkPAq39GdEo5tLLZDg8zdNKIibqf568U,649
+atomicshop/addons/process_list/process_list.cpp,sha256=kcrltiJhzRc2HmKy2Yxdbj7mFLN9O_b4NPDo1xPggM0,5660
+atomicshop/addons/process_list/compiled/Win10x64/process_list.dll,sha256=rl74P7oh4UZyo3cILmtDFznurcHNRMrZ56tOTv5pJqk,276992
+atomicshop/addons/process_list/compiled/Win10x64/process_list.exp,sha256=cbvukITcmtGm5uwOIuq8bKCE_LXIHvkMfLJQpBrJk64,842
+atomicshop/addons/process_list/compiled/Win10x64/process_list.lib,sha256=T2Ncs0MwKlAaCq8UKFMvfQAfcJdDx-nWiHVBfglrLIU,2112
 atomicshop/archiver/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/archiver/_search_in_zip.py,sha256=dd8qFSvIhcKmtnPj_uYNJFPmMwZp4tZys0kKgTw_ACw,8385
 atomicshop/archiver/archiver.py,sha256=BomnK7zT-nQXA1z0i2R2aTv8eu88wPx7tf2HtOdbmEc,1280
@@ -101,8 +102,9 @@ atomicshop/basics/threads.py,sha256=xvgdDJdmgN0wmmARoZ-H7Kvl1GOcEbvgaeGL4M3Hcx8,
 atomicshop/basics/timeit_template.py,sha256=fYLrk-X_dhdVtnPU22tarrhhvlggeW6FdKCXM8zkX68,405
 atomicshop/basics/tracebacks.py,sha256=cNfh_oAwF55kSIdqtv3boHZQIoQI8TajxkTnwJwpweI,535
 atomicshop/etw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/etw/dns_trace.py,sha256=I4OZsiZUDyj7B4fKTOqsB1tcX1DUMw9uh4CwXlcmHfY,5571
-atomicshop/etw/etw.py,sha256=xVJNbfCq4KgRfsDnul6CrIdAMl9xRBixZ-hUyqiB2g4,2403
+atomicshop/etw/sessions.py,sha256=7RzlqOEc2zlikKgaNayCnR0IB-51PUrdMyU7uyoBKn4,582
+atomicshop/etw/trace.py,sha256=7xZ-Kj4-hIdVsaqXhpVtP0i8F6dND9ZMe0ZJWq3qtMk,4529
+atomicshop/etw/trace_dns.py,sha256=08xiTGpAAJ3qxobx-9uG49z5pR7BBsys6a_vrMh6JgE,5920
 atomicshop/file_io/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/file_io/csvs.py,sha256=y8cJtnlN-NNxNupzJgSeGq9aQ4wNxYLFPX9vNNlUiIc,5830
 atomicshop/file_io/docxs.py,sha256=6tcYFGp0vRsHR47VwcRqwhdt2DQOwrAUYhrwN996n9U,5117
@@ -132,11 +134,10 @@ atomicshop/mitm/engines/__reference_general/parser___reference_general.py,sha256
 atomicshop/mitm/engines/__reference_general/recorder___reference_general.py,sha256=KENDVf9OwXD9gwSh4B1XxACCe7iHYjrvnW1t6F64wdE,695
 atomicshop/mitm/engines/__reference_general/responder___reference_general.py,sha256=1AM49UaFTKA0AHw-k3SV3uH3QbG-o6ux0c-GoWkKNU0,6993
 atomicshop/monitor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/monitor/change_monitor.py,sha256=mrLedkgXWxKzQLqjYd3bmD8-or6HlX9sejdXbSvhNMI,9016
+atomicshop/monitor/change_monitor.py,sha256=dGhk5bJPxLCHa2FOVkort99E7vjVojra9GlvhpcKSqE,7551
 atomicshop/monitor/checks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/monitor/checks/dns.py,sha256=bPqQACt8IgQ08U-x9G7pAN-iSfxbdOAubJTHZd-lJ84,6792
+atomicshop/monitor/checks/dns.py,sha256=edO03gtGYb3tn8eV-wAKPELIkdCJvimjkO8PPF-ho-k,7150
 atomicshop/monitor/checks/file.py,sha256=2tIDSlX2KZNc_9i9ji1tcOqupbFTIOj7cKXLyBEDWMk,3263
-atomicshop/monitor/checks/hash.py,sha256=r4mDOdjItN3eyaJk8TVz03f4bQ_uKZ4MDTXagjseazs,2011
 atomicshop/monitor/checks/network.py,sha256=CGZWl4WlQrxayZeVF9JspJXwYA-zWx8ECWTVGSlXc98,3825
 atomicshop/monitor/checks/process_running.py,sha256=x66wd6-l466r8sbRQaIli0yswyGt1dH2DVXkGDL6O0Q,1891
 atomicshop/monitor/checks/url.py,sha256=1PvKt_d7wFg7rDMFpUejAQhj0mqWsmlmrNfjNAV2G4g,4123
@@ -167,6 +168,9 @@ atomicshop/wrappers/certauthw/certauth.py,sha256=hKedW0DOWlEigSNm8wu4SqHkCQsGJ1t
 atomicshop/wrappers/certauthw/certauthw.py,sha256=4WvhjANI7Kzqrr_nKmtA8Kf7B6rute_5wfP65gwQrjw,8082
 atomicshop/wrappers/ctyping/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/wrappers/ctyping/process_winapi.py,sha256=QcXL-ETtlSSkoT8F7pYle97ubGWsjYp8cx8HxkVMgAc,2762
+atomicshop/wrappers/ctyping/etw_winapi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+atomicshop/wrappers/ctyping/etw_winapi/const.py,sha256=-wGLmM8FUPrVOGeyEWnizlumkdX60Ziv6v7ANQd9xgM,1712
+atomicshop/wrappers/ctyping/etw_winapi/etw_functions.py,sha256=T5gyTHk3BLTYKSnUKO4PS4h5xIVRrNrHKPL30r_N3HQ,1732
 atomicshop/wrappers/ctyping/msi_windows_installer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/wrappers/ctyping/msi_windows_installer/base.py,sha256=Uu9SlWLsQQ6mjE-ek-ptHcmgiI3Ruah9bdZus70EaVY,4884
 atomicshop/wrappers/ctyping/msi_windows_installer/cabs.py,sha256=htzwb2ROYI8yyc82xApStckPS2yCcoyaw32yC15KROs,3285
@@ -236,6 +240,7 @@ atomicshop/wrappers/psutilw/disks.py,sha256=3ZSVoommKH1TWo37j_83frB-NqXF4Nf5q5mB
 atomicshop/wrappers/psutilw/memories.py,sha256=_S0aL8iaoIHebd1vOFrY_T9aROM5Jx2D5CvDh_4j0Vc,528
 atomicshop/wrappers/psutilw/psutilw.py,sha256=G22ZQfGnqX15-feD8KUXfEZO4pFkIEnB8zgPzJ2jc7M,20868
 atomicshop/wrappers/psycopgw/psycopgw.py,sha256=XJvVf0oAUjCHkrYfKeFuGCpfn0Oxj3u4SbKMKA1508E,7118
+atomicshop/wrappers/pywin32w/console.py,sha256=LstHajPLgXp9qQxFNR44QfH10nOnNp3bCJquxaTquns,1175
 atomicshop/wrappers/pywin32w/winshell.py,sha256=i2bKiMldPU7_azsD5xGQDdMwjaM7suKJd3k0Szmcs6c,723
 atomicshop/wrappers/pywin32w/wmi_win32process.py,sha256=qMzXtJ5hBZ5ydAyqpDbSx0nO2RJQL95HdmV5SzNKMhk,6826
 atomicshop/wrappers/socketw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -254,8 +259,8 @@ atomicshop/wrappers/socketw/socket_server_tester.py,sha256=AhpurHJmP2kgzHaUbq5ey
 atomicshop/wrappers/socketw/socket_wrapper.py,sha256=aXBwlEIJhFT0-c4i8iNlFx2It9VpCEpsv--5Oqcpxao,11624
 atomicshop/wrappers/socketw/ssl_base.py,sha256=k4V3gwkbq10MvOH4btU4onLX2GNOsSfUAdcHmL1rpVE,2274
 atomicshop/wrappers/socketw/statistics_csv.py,sha256=t3dtDEfN47CfYVi0CW6Kc2QHTEeZVyYhc57IYYh5nmA,826
-atomicshop-2.12.22.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
-atomicshop-2.12.22.dist-info/METADATA,sha256=754IBZW-ExlLv33i93QGyMKGQOEXOrw1uIsXmERVvKM,10479
-atomicshop-2.12.22.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-atomicshop-2.12.22.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
-atomicshop-2.12.22.dist-info/RECORD,,
+atomicshop-2.12.24.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
+atomicshop-2.12.24.dist-info/METADATA,sha256=wjuGBnA-AbgpeRB_uDgPYzt5XbLF6mIT5yj721N4vi4,10479
+atomicshop-2.12.24.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+atomicshop-2.12.24.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
+atomicshop-2.12.24.dist-info/RECORD,,

atomicshop/etw/etw.py

@@ -1,61 +0,0 @@
-import queue
-
-# Import FireEye Event Tracing library.
-import etw
-
-
-class EventTrace(etw.ETW):
-    def __init__(self, providers: list, event_callback=None, event_id_filters: list = None):
-        """
-        :param providers: List of tuples with provider name and provider GUID.
-            tuple[0] = provider name
-            tuple[1] = provider GUID
-        :param event_callback: Reference to the callable callback function that will be called for each occurring event.
-        :param event_id_filters: List of event IDs that we want to filter. If not provided, all events will be returned.
-            The default in the 'etw.ETW' method is 'None'.
-        """
-        self.event_queue = queue.Queue()
-
-        # If no callback function is provided, we will use the default one, which will put the event in the queue.
-        if not event_callback:
-            function_callable = lambda x: self.event_queue.put(x)
-        # If a callback function is provided, we will use it.
-        else:
-            function_callable = lambda x: event_callback(x)
-
-        # Defining the list of specified ETW providers in 'etw' library format.
-        etw_format_providers: list = list()
-        for provider in providers:
-            etw_format_providers.append(etw.ProviderInfo(provider[0], etw.GUID(provider[1])))
-
-        super().__init__(
-            providers=etw_format_providers, event_callback=function_callable, event_id_filters=event_id_filters)
-
-    def start(self):
-        try:
-            super().start()
-        except OSError as e:
-            raise OSError(f"PyWinTrace Error: {e}\n"
-                          f"PyWinTrace crashed, didn't find solution to this, RESTART computer.")
-
-    def stop(self):
-        super().stop()
-
-    def emit(self):
-        """
-        The Function will return the next event from the queue.
-        The queue is blocking, so if there is no event in the queue, the function will wait until there is one.
-
-        Usage Example:
-            while True:
-                dns_dict = dns_trace.emit()
-                print(dns_dict)
-
-        event object:
-            event[0]: is the event ID. Example: for DNS Tracing, it is event id 3008.
-            event[1]: contains a dictionary with all the event's parameters.
-
-        :return: etw event object.
-        """
-
-        return self.event_queue.get()

atomicshop/monitor/checks/hash.py

@@ -1,56 +0,0 @@
-from ... import diff_check
-from ...print_api import print_api
-from .hash_checks import file, url
-
-
-DIFF_CHECKER = diff_check.DiffChecker(
-    return_first_cycle=False,
-    operation_type='single_object'
-)
-
-
-def setup_check(change_monitor_instance):
-    change_monitor_instance.set_input_file_path()
-
-    if change_monitor_instance.object_type == 'file':
-        file.setup_check(change_monitor_instance, change_monitor_instance.check_object)
-    elif 'url_' in change_monitor_instance.object_type:
-        url.setup_check(change_monitor_instance, change_monitor_instance.check_object)
-
-
-def execute_cycle(change_monitor_instance, print_kwargs: dict = None):
-    """
-    This function executes the cycle of the change monitor: hash.
-
-    :param change_monitor_instance: Instance of the ChangeMonitor class.
-    :param print_kwargs: print_api kwargs.
-
-    :return: List of dictionaries with the results of the cycle.
-    """
-
-    if print_kwargs is None:
-        print_kwargs = dict()
-
-    return_list = list()
-
-    if change_monitor_instance.object_type == 'file':
-        # Get the hash of the object.
-        file.get_hash(change_monitor_instance, change_monitor_instance.check_object, print_kwargs=print_kwargs)
-    elif 'url_' in change_monitor_instance.object_type:
-        # Get the hash of the object.
-        url.get_hash(change_monitor_instance, change_monitor_instance.check_object, print_kwargs=print_kwargs)
-
-    # Check if the object was updated.
-    result, message = change_monitor_instance.diff_checker.check_string(
-        print_kwargs=print_kwargs)
-
-    # If the object was updated, print the message in yellow color, otherwise print in green color.
-    if result:
-        print_api(message, color='yellow', **print_kwargs)
-        # create_message_file(message, self.__class__.__name__, logger=self.logger)
-
-        return_list.append(message)
-    else:
-        print_api(message, color='green', **print_kwargs)
-
-    return return_list