atomicshop 2.12.23__py3-none-any.whl → 2.12.25__py3-none-any.whl

atomicshop/__init__.py

@@ -1,4 +1,4 @@
 """Atomic Basic functions and classes to make developer life easier"""
 
 __author__ = "Den Kras"
-__version__ = '2.12.23'
+__version__ = '2.12.25'

atomicshop/etw/providers.py

@@ -0,0 +1,5 @@
+from ..wrappers.ctyping.etw_winapi import etw_functions
+
+
+def get_providers():
+    return etw_functions.get_all_providers()

atomicshop/etw/sessions.py

@@ -0,0 +1,43 @@
+from ..wrappers.ctyping.etw_winapi import etw_functions
+
+
+def stop_and_delete(session_name) -> tuple[bool, int]:
+    """
+    Stop and delete ETW session.
+
+    :param session_name: The name of the session to stop and delete.
+    :return: A tuple containing a boolean indicating success and an integer status code.
+        True, 0: If the session was stopped and deleted successfully.
+        False, <status>: If the session could not be stopped and deleted and the status code, why it failed.
+    """
+
+    return etw_functions.stop_and_delete_etw_session(session_name)
+
+
+def get_running_list() -> list[dict]:
+    """
+    List all running ETW sessions.
+
+    :return: A list of strings containing the names of all running ETW sessions.
+    """
+
+    return etw_functions.list_etw_sessions()
+
+
+def is_session_running(session_name: str) -> bool:
+    """
+    Check if an ETW session is running.
+
+    :param session_name: The name of the session to check.
+    :return: A boolean indicating if the session is running.
+    """
+
+    # Get all running sessions.
+    running_sessions = get_running_list()
+
+    # Check if the session is in the list of running sessions.
+    for session in running_sessions:
+        if session['session_name'] == session_name:
+            return True
+
+    return False

atomicshop/etw/{etw.py → trace.py}

@@ -1,9 +1,11 @@
 import queue
+import sys
 
 # Import FireEye Event Tracing library.
 import etw
 
-from ..basics import atexits
+from ..print_api import print_api
+from . import sessions
 
 
 class EventTrace(etw.ETW):
@@ -13,8 +15,8 @@ class EventTrace(etw.ETW):
             event_callback=None,
             event_id_filters: list = None,
             session_name: str = None,
-            stop_etw_tracing_on_exit: bool = False
-            ):
+            close_existing_session_name: bool = True
+    ):
         """
         :param providers: List of tuples with provider name and provider GUID.
             tuple[0] = provider name
@@ -23,7 +25,9 @@ class EventTrace(etw.ETW):
         :param event_id_filters: List of event IDs that we want to filter. If not provided, all events will be returned.
             The default in the 'etw.ETW' method is 'None'.
         :param session_name: The name of the session to create. If not provided, a UUID will be generated.
-        :param stop_etw_tracing_on_exit: If True, the ETW tracing will be stopped when the script exits.
+        :param close_existing_session_name: Boolean to close existing session names.
+        ------------------------------------------
+        You should stop the ETW tracing when you are done with it.
             'pywintrace' module starts a new session for ETW tracing, and it will not stop the session when the script
             exits or exception is raised.
             This can cause problems when you want to start the script again, and the session is already running.
@@ -32,11 +36,16 @@ class EventTrace(etw.ETW):
             If you give different session name for new session, the previous session will still continue to run,
             filling the buffer with events, until you will stop getting new events on all sessions or get an
             exception that the buffer is full (WinError 1450).
+
+            Example to stop the ETW tracing at the end of the script:
+            from atomicshop.basics import atexits
+
+
+            event_tracing = EventTrace(<Your parameters>)
+            atexits.run_callable_on_exit_and_signals(EventTrace.stop)
         """
         self.event_queue = queue.Queue()
-        self.stop_etw_tracing_on_exit: bool = stop_etw_tracing_on_exit
-
-        self._set_atexit_and_signals()
+        self.close_existing_session_name: bool = close_existing_session_name
 
         # If no callback function is provided, we will use the default one, which will put the event in the queue.
         if not event_callback:
@@ -56,11 +65,24 @@ class EventTrace(etw.ETW):
         )
 
     def start(self):
+        # Check if the session name already exists.
+        if sessions.is_session_running(self.session_name):
+            print_api(f'ETW Session already running: {self.session_name}', color='yellow')
+
+            # Close the existing session name.
+            if self.close_existing_session_name:
+                print_api(f'Closing existing session: {self.session_name}', color='blue')
+                sessions.stop_and_delete(self.session_name)
+            else:
+                print_api(f'Using existing session: {self.session_name}', color='yellow')
+
         try:
             super().start()
         except OSError as e:
-            raise OSError(f"PyWinTrace Error: {e}\n"
-                          f"PyWinTrace crashed, didn't find solution to this, RESTART computer.")
+            message = f"PyWinTrace Error: {e}\n" \
+                        f"PyWinTrace crashed, didn't find solution to this, RESTART computer."
+            print_api(message, error_type=True, logger_method='critical')
+            sys.exit(1)
 
     def stop(self):
         super().stop()
@@ -84,10 +106,6 @@ class EventTrace(etw.ETW):
 
         return self.event_queue.get()
 
-    def _set_atexit_and_signals(self):
-        if self.stop_etw_tracing_on_exit:
-            atexits.run_callable_on_exit_and_signals(self.stop)
-
 
 def find_sessions_by_provider(provider_name: str):
     """

atomicshop/etw/{dns_trace.py → trace_dns.py}

@@ -1,4 +1,4 @@
-from . import etw
+from . import trace
 from .. import dns
 from ..wrappers.psutilw import psutilw
 from ..basics import dicts
@@ -7,7 +7,13 @@ from ..print_api import print_api
 
 
 class DnsTrace:
-    def __init__(self, enable_process_poller: bool = False, attrs: list = None, session_name: str = None):
+    def __init__(
+            self,
+            enable_process_poller: bool = False,
+            attrs: list = None,
+            session_name: str = None,
+            close_existing_session_name: bool = True
+    ):
         """
         DnsTrace class use to trace DNS events from Windows Event Tracing for EventId 3008.
 
@@ -16,6 +22,14 @@ class DnsTrace:
             Then DNS events will be enriched with the process name and command line from the process poller.
         :param attrs: List of attributes to return. If None, all attributes will be returned.
         :param session_name: The name of the session to create. If not provided, a UUID will be generated.
+        :param close_existing_session_name: Boolean to close existing session names.
+            True: if ETW session with 'session_name' exists, you will be notified and the session will be closed.
+                Then the new session with this name will be created.
+            False: if ETW session with 'session_name' exists, you will be notified and the new session will not be
+                created. Instead, the existing session will be used. If there is a buffer from the previous session,
+                you will get the events from the buffer.
+
+        -------------------------------------------------
 
         Usage Example:
             from atomicshop.etw import dns_trace
@@ -32,11 +46,12 @@ class DnsTrace:
         self.enable_process_poller = enable_process_poller
         self.attrs = attrs
 
-        self.event_trace = etw.EventTrace(
+        self.event_trace = trace.EventTrace(
             providers=[(dns.ETW_DNS_INFO['provider_name'], dns.ETW_DNS_INFO['provider_guid'])],
             # lambda x: self.event_queue.put(x),
             event_id_filters=[dns.ETW_DNS_INFO['event_id']],
-            session_name=session_name
+            session_name=session_name,
+            close_existing_session_name=close_existing_session_name
         )
 
         if self.enable_process_poller:

atomicshop/monitor/checks/dns.py

@@ -1,7 +1,7 @@
 from pathlib import Path
 from typing import Union
 
-from ...etw.dns_trace import DnsTrace
+from ...etw.trace_dns import DnsTrace
 from ...print_api import print_api
 from ...import diff_check
 
@@ -30,7 +30,7 @@ class DnsCheck:
         self.fetch_engine: DnsTrace = (
             DnsTrace(
                 enable_process_poller=True, attrs=['name', 'cmdline', 'domain', 'query_type'],
-                session_name=self.etw_session_name)
+                session_name=self.etw_session_name, close_existing_session_name=True)
         )
 
         if self.settings['alert_always'] and self.settings['alert_about_missing_entries_after_learning']:

atomicshop/on_exit.py

@@ -0,0 +1,175 @@
+import atexit
+import signal
+import sys
+import platform
+
+import win32api
+import win32con
+
+from .print_api import print_api
+from .wrappers.pywin32w import console
+
+
+EXIT_HANDLER_INSTANCE = None
+
+
+class ExitHandler:
+    """
+    This class is used to handle exit events: Closing the console, pressing 'CTRL+C', Killing the process.
+
+    Example:
+        from atomicshop import on_exit
+
+
+        def clean_up_function():
+            print("Cleaning up.")
+
+
+        on_exit.ExitHandler(clean_up_function).register_handlers()
+
+        # OR
+        on_exit.register_exit_handler(clean_up_function)
+    """
+    def __init__(
+            self,
+            cleanup_action: callable,
+            args: tuple = None,
+            kwargs: dict = None
+    ):
+        """
+        :param cleanup_action: The action to run when one of exit types is triggered.
+        :param args: The arguments to pass to the cleanup action.
+        :param kwargs: The keyword arguments to pass to the cleanup action.
+        """
+
+        if not callable(cleanup_action):
+            raise ValueError("The 'cleanup_action' must be a callable function.")
+
+        if args is None:
+            args = tuple()
+
+        if kwargs is None:
+            kwargs = dict()
+
+        self.cleanup_action: callable = cleanup_action
+        self.args: tuple = args
+        self.kwargs: dict = kwargs
+
+        self._called: bool = False
+        self._handler_hit: bool = False
+
+    def _run_cleanup(self):
+        if not self._called:
+            self._called = True
+            self.cleanup_action(*self.args, **self.kwargs)
+
+    def console_handler(self, event):
+        if event == win32con.CTRL_CLOSE_EVENT:
+
+            if not self._handler_hit:
+                self._handler_hit = True
+
+                print("Console close event.")
+                self._run_cleanup()
+
+            return True
+        return False
+
+    def atexit_handler(self):
+        if not self._handler_hit:
+            self._handler_hit = True
+
+            print("atexit_handler")
+            self._run_cleanup()
+
+    def signal_handler(self, signum, frame):
+        if not self._handler_hit:
+            self._handler_hit = True
+
+            print_api(f"Signal {signum}")
+            self._run_cleanup()
+            # Exit the process gracefully
+            raise SystemExit(0)
+
+    def register_handlers(self):
+        win32api.SetConsoleCtrlHandler(self.console_handler, True)
+        atexit.register(self.atexit_handler)
+        signal.signal(signal.SIGINT, self.signal_handler)
+        signal.signal(signal.SIGTERM, self.signal_handler)
+
+
+def register_exit_handler(clean_up_function, *args, **kwargs):
+    """
+    This function will register the exit handler to handle exit events: Closing the console, pressing 'CTRL+C',
+    Killing the process.
+
+    :param clean_up_function: The action to run when one of exit types is triggered.
+    :param args: The arguments to pass to the cleanup action.
+    :param kwargs: The keyword arguments to pass to the cleanup action.
+    """
+    global EXIT_HANDLER_INSTANCE
+    EXIT_HANDLER_INSTANCE = ExitHandler(clean_up_function, args, kwargs)
+    EXIT_HANDLER_INSTANCE.register_handlers()
+
+
+def restart_function(callable_function, *args, **kwargs):
+    """
+    This function will run the callable function with the given arguments and keyword arguments.
+    If the function raises an exception, the function will be restarted.
+
+    :param callable_function: The function to run.
+    :param args: The arguments to pass to the function.
+    :param kwargs: The keyword arguments to pass to the function.
+    :return: The return value of the function.
+    """
+    while True:
+        try:
+            return callable_function(*args, **kwargs)
+        except Exception as e:
+            print(f"ERROR: {e}")
+            continue
+
+
+def _ref_run_callable_on_exit_and_signals(
+        callable_function,
+        print_kwargs: dict = None,
+        *args,
+        **kwargs
+):
+    """
+    THIS IS FOR REFERENCE ONLY.
+
+    This function will run the callable function with the given arguments and keyword arguments.
+    If the function raises an exception, the function will be restarted.
+
+    :param callable_function: The function to run.
+    :param print_kwargs: print_api kwargs.
+    :param args: The arguments to pass to the function.
+    :param kwargs: The keyword arguments to pass to the function.
+    :return: The return value of the function.
+    """
+    def signal_handler(signum, frame):
+        print_api(f"Signal {signum} received, exiting.", **(print_kwargs or {}))
+        callable_function(*args, **kwargs)
+        sys.exit(0)
+
+    def exit_handler():
+        print_api("Exiting.", **(print_kwargs or {}))
+        callable_function(*args, **kwargs)
+        sys.exit(0)
+
+    signals = [signal.SIGINT, signal.SIGTERM]
+    if platform.system() != 'Windows':
+        signals.append(signal.SIGQUIT)
+        signals.append(signal.SIGHUP)
+    for sig in signals:
+        signal.signal(sig, signal_handler)
+
+    # signal.signal(signal.SIGINT, signal_handler)
+    # signal.signal(signal.SIGTERM, signal_handler)
+    atexit.register(exit_handler)
+
+    # Register console handler for Windows.
+    if platform.system() == 'Windows':
+        console_handler = console.ConsoleHandler(exit_handler, args, kwargs)
+        console_handler.register_handler()

atomicshop/process_name_cmd.py

@@ -1,4 +1,4 @@
-from importlib import resources
+from importlib.resources import files
 import ctypes
 from ctypes import wintypes
 from typing import Literal
@@ -8,20 +8,19 @@ from .basics import list_of_dicts
 
 
 PACKAGE_DLL_PATH = 'addons/process_list/compiled/Win10x64/process_list.dll'
+FULL_DLL_PATH = str(files(__package__).joinpath(PACKAGE_DLL_PATH))
 
 
 class ProcessNameCmdline:
     def __init__(self, load_dll: bool = False):
         self.load_dll: bool = load_dll
+        self.dll_path = FULL_DLL_PATH
 
         self.dll = None
         self.callback_output = None
         self.CALLBACKFUNC = None
         self.CALLBACKFUNC_ref = None
 
-        with resources.path(__package__, PACKAGE_DLL_PATH) as dll_path:
-            self.dll_path = str(dll_path)
-
         if self.load_dll:
             self.load()
 

atomicshop/process_poller.py

@@ -207,8 +207,7 @@ class ProcessPollerPool:
 
     def _start_process(self):
         self.running = True
-        stopping_queue = multiprocessing.Queue()
-        multiprocessing.Process(target=self._worker, args=(stopping_queue,)).start()
+        multiprocessing.Process(target=self._worker).start()
 
         thread = threading.Thread(target=self._thread_get_queue)
         thread.daemon = True

atomicshop/wrappers/ctyping/etw_winapi/const.py

@@ -0,0 +1,94 @@
+import ctypes
+from ctypes import wintypes
+from ctypes.wintypes import ULONG
+
+
+# Constants
+EVENT_TRACE_CONTROL_STOP = 1
+WNODE_FLAG_TRACED_GUID = 0x00020000
+
+MAXIMUM_LOGGERS = 64
+
+
+# Define GUID structure
+class GUID(ctypes.Structure):
+    _fields_ = [
+        ("Data1", wintypes.DWORD),
+        ("Data2", wintypes.WORD),
+        ("Data3", wintypes.WORD),
+        ("Data4", wintypes.BYTE * 8)
+    ]
+
+
+# Define WNODE_HEADER
+class WNODE_HEADER(ctypes.Structure):
+    _fields_ = [
+        ("BufferSize", wintypes.ULONG),
+        ("ProviderId", wintypes.ULONG),
+        ("HistoricalContext", wintypes.LARGE_INTEGER),
+        ("TimeStamp", wintypes.LARGE_INTEGER),
+        ("Guid", GUID),
+        ("ClientContext", wintypes.ULONG),
+        ("Flags", wintypes.ULONG)
+    ]
+
+
+# Define EVENT_TRACE_PROPERTIES structure
+class EVENT_TRACE_PROPERTIES(ctypes.Structure):
+    _fields_ = [
+        ("Wnode", WNODE_HEADER),
+        ("BufferSize", wintypes.ULONG),
+        ("MinimumBuffers", wintypes.ULONG),
+        ("MaximumBuffers", wintypes.ULONG),
+        ("MaximumFileSize", wintypes.ULONG),
+        ("LogFileMode", wintypes.ULONG),
+        ("FlushTimer", wintypes.ULONG),
+        ("EnableFlags", wintypes.ULONG),
+        ("AgeLimit", wintypes.LONG),
+        ("NumberOfBuffers", wintypes.ULONG),
+        ("FreeBuffers", wintypes.ULONG),
+        ("EventsLost", wintypes.ULONG),
+        ("BuffersWritten", wintypes.ULONG),
+        ("LogBuffersLost", wintypes.ULONG),
+        ("RealTimeBuffersLost", wintypes.ULONG),
+        ("LoggerThreadId", wintypes.HANDLE),
+        ("LogFileNameOffset", wintypes.ULONG),
+        ("LoggerNameOffset", wintypes.ULONG),
+        # Allocate space for the names at the end of the structure
+        ("_LoggerName", wintypes.WCHAR * 1024),
+        ("_LogFileName", wintypes.WCHAR * 1024)
+    ]
+
+
+class PROVIDER_ENUMERATION_INFO(ctypes.Structure):
+    _fields_ = [
+        ("NumberOfProviders", ULONG),
+        ("Reserved", ULONG),
+    ]
+
+
+class PROVIDER_INFORMATION(ctypes.Structure):
+    _fields_ = [
+        ("ProviderId", ctypes.c_byte * 16),
+        ("SchemaSource", ULONG),
+        ("ProviderNameOffset", ULONG),
+    ]
+
+
+# Load the necessary library
+advapi32 = ctypes.WinDLL('advapi32')
+tdh = ctypes.windll.tdh
+
+# Define necessary TDH functions
+tdh.TdhEnumerateProviders.argtypes = [ctypes.POINTER(PROVIDER_ENUMERATION_INFO), ctypes.POINTER(ULONG)]
+tdh.TdhEnumerateProviders.restype = ULONG
+
+
+# Define the function prototype
+QueryAllTraces = advapi32.QueryAllTracesW
+QueryAllTraces.argtypes = [
+    ctypes.POINTER(ctypes.POINTER(EVENT_TRACE_PROPERTIES)),
+    wintypes.ULONG,
+    ctypes.POINTER(wintypes.ULONG)
+]
+QueryAllTraces.restype = wintypes.ULONG

atomicshop/wrappers/ctyping/etw_winapi/etw_functions.py

@@ -0,0 +1,128 @@
+import ctypes
+from ctypes.wintypes import ULONG
+import uuid
+
+from . import const
+
+
+# Function to stop and delete ETW session
+def stop_and_delete_etw_session(session_name) -> tuple[bool, int]:
+    """
+    Stop and delete ETW session.
+
+    :param session_name: The name of the session to stop and delete.
+    :return: A tuple containing a boolean indicating success and an integer status code.
+        True, 0: If the session was stopped and deleted successfully.
+        False, <status>: If the session could not be stopped and deleted and the status code, why it failed.
+    """
+
+    session_name_unicode = ctypes.create_unicode_buffer(session_name)
+    properties_size = ctypes.sizeof(const.EVENT_TRACE_PROPERTIES) + 1024  # Adjust buffer size if needed
+    properties = ctypes.create_string_buffer(properties_size)
+
+    trace_properties = ctypes.cast(properties, ctypes.POINTER(const.EVENT_TRACE_PROPERTIES)).contents
+    trace_properties.Wnode.BufferSize = properties_size
+    trace_properties.Wnode.Flags = const.WNODE_FLAG_TRACED_GUID
+    trace_properties.Wnode.Guid = const.GUID()  # Ensure a GUID is provided if necessary
+    trace_properties.LoggerNameOffset = ctypes.sizeof(const.EVENT_TRACE_PROPERTIES)
+
+    ctypes.memmove(ctypes.addressof(properties) + trace_properties.LoggerNameOffset,
+                   session_name_unicode, ctypes.sizeof(session_name_unicode))
+
+    status = const.advapi32.ControlTraceW(
+        None, session_name_unicode, ctypes.byref(trace_properties), const.EVENT_TRACE_CONTROL_STOP)
+
+    if status != 0:
+        # print(f"Failed to stop and delete ETW session: {status}")
+        return False, status
+    else:
+        # print("ETW session stopped and deleted successfully.")
+        return True, status
+
+
+def get_all_providers() -> list[tuple[any, uuid.UUID]]:
+    """
+    Get all ETW providers available on the system.
+
+    :return: A list of tuples containing the provider name and GUID.
+    """
+
+    providers_info_size = ULONG(0)
+    status = const.tdh.TdhEnumerateProviders(None, ctypes.byref(providers_info_size))
+
+    # Initial allocation
+    buffer = (ctypes.c_byte * providers_info_size.value)()
+    providers_info = ctypes.cast(buffer, ctypes.POINTER(const.PROVIDER_ENUMERATION_INFO))
+
+    # Loop to handle resizing
+    while True:
+        status = const.tdh.TdhEnumerateProviders(providers_info, ctypes.byref(providers_info_size))
+
+        if status == 0:
+            break
+        elif status == 0x8007007A:  # ERROR_INSUFFICIENT_BUFFER
+            buffer = (ctypes.c_byte * providers_info_size.value)()
+            providers_info = ctypes.cast(buffer, ctypes.POINTER(const.PROVIDER_ENUMERATION_INFO))
+        else:
+            raise ctypes.WinError(status)
+
+    provider_count = providers_info.contents.NumberOfProviders
+    provider_array = ctypes.cast(
+        ctypes.addressof(providers_info.contents) + ctypes.sizeof(const.PROVIDER_ENUMERATION_INFO),
+        ctypes.POINTER(const.PROVIDER_INFORMATION * provider_count))
+
+    providers = []
+    for i in range(provider_count):
+        provider = provider_array.contents[i]
+        provider_name_offset = provider.ProviderNameOffset
+        provider_name_ptr = ctypes.cast(
+            ctypes.addressof(providers_info.contents) + provider_name_offset, ctypes.c_wchar_p)
+        provider_name = provider_name_ptr.value
+        provider_guid = uuid.UUID(bytes_le=bytes(provider.ProviderId))
+        providers.append((provider_name, provider_guid))
+
+    return providers
+
+
+def list_etw_sessions() -> list[dict]:
+    """
+    List all running ETW sessions.
+
+    :return: A list of dictionaries containing the names of all running ETW sessions and their log files.
+    """
+    # Create an array of EVENT_TRACE_PROPERTIES pointers
+    PropertiesArrayType = ctypes.POINTER(const.EVENT_TRACE_PROPERTIES) * const.MAXIMUM_LOGGERS
+    properties_array = PropertiesArrayType()
+    for i in range(const.MAXIMUM_LOGGERS):
+        properties = const.EVENT_TRACE_PROPERTIES()
+        properties.Wnode.BufferSize = ctypes.sizeof(const.EVENT_TRACE_PROPERTIES)
+        properties_array[i] = ctypes.pointer(properties)
+
+    # Define the number of loggers variable
+    logger_count = ULONG(const.MAXIMUM_LOGGERS)
+
+    # Call QueryAllTraces
+    status = const.QueryAllTraces(properties_array, const.MAXIMUM_LOGGERS, ctypes.byref(logger_count))
+    if status != 0:
+        raise Exception(f"QueryAllTraces failed, error code: {status}")
+
+    # Extract session names
+    session_list: list = []
+    for i in range(logger_count.value):
+        logger_name = None
+        logfile_path = None
+
+        properties = properties_array[i].contents
+        if properties.LoggerNameOffset != 0:
+            logger_name_address = ctypes.addressof(properties) + properties.LoggerNameOffset
+            logger_name = ctypes.wstring_at(logger_name_address)
+        if properties.LogFileNameOffset != 0:
+            logfile_name_address = ctypes.addressof(properties) + properties.LogFileNameOffset
+            logfile_path = ctypes.wstring_at(logfile_name_address)
+
+        session_list.append({
+            'session_name': logger_name,
+            'log_file': logfile_path
+        })
+
+    return session_list

atomicshop/wrappers/pywin32w/console.py

@@ -0,0 +1,34 @@
+import win32api
+import win32con
+
+
+class ConsoleHandler:
+    """
+    This class is used to handle console events.
+    Currently used to handle the 'CTRL_CLOSE_EVENT' event - Meaning what to do when the user closes the console by
+    clicking on X in the top right corner.
+    """
+    def __init__(
+            self,
+            cleanup_action: callable = None,
+            args: tuple = None,
+            kwargs: dict = None
+    ):
+        """
+        :param cleanup_action: The action to run when user closes the console.
+        :param args: The arguments to pass to the cleanup action.
+        :param kwargs: The keyword arguments to pass to the cleanup action.
+        """
+        self.cleanup_action = cleanup_action
+        self.args = args
+        self.kwargs = kwargs
+
+    def _console_handler(self, event):
+        if event == win32con.CTRL_CLOSE_EVENT:
+            if self.cleanup_action and callable(self.cleanup_action):
+                self.cleanup_action(*self.args, **self.kwargs)
+            return True
+        return False
+
+    def register_handler(self):
+        win32api.SetConsoleCtrlHandler(self._console_handler, True)

{atomicshop-2.12.23.dist-info → atomicshop-2.12.25.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: atomicshop
-Version: 2.12.23
+Version: 2.12.25
 Summary: Atomic functions and classes to make developer life easier
 Author: Denis Kras
 License: MIT License

{atomicshop-2.12.23.dist-info → atomicshop-2.12.25.dist-info}/RECORD

@@ -1,4 +1,4 @@
-atomicshop/__init__.py,sha256=8aamirvtHe04uZCHVaHjJnr7Y7nVlrXMflv_x72OTIo,124
+atomicshop/__init__.py,sha256=i0XAOpCKxA2g_BNalWhe-R5FvF3ui38CZEoR2TgPwIg,124
 atomicshop/_basics_temp.py,sha256=6cu2dd6r2dLrd1BRNcVDKTHlsHs_26Gpw8QS6v32lQ0,3699
 atomicshop/_create_pdf_demo.py,sha256=Yi-PGZuMg0RKvQmLqVeLIZYadqEZwUm-4A9JxBl_vYA,3713
 atomicshop/_patch_import.py,sha256=ENp55sKVJ0e6-4lBvZnpz9PQCt3Otbur7F6aXDlyje4,6334
@@ -21,12 +21,13 @@ atomicshop/http_parse.py,sha256=nrf2rZcprLqtW8HVrV7TCZ1iTBcWRRy-mXIlAOzcaJs,9703
 atomicshop/inspect_wrapper.py,sha256=sGRVQhrJovNygHTydqJj0hxES-aB2Eg9KbIk3G31apw,11429
 atomicshop/ip_addresses.py,sha256=Hvi4TumEFoTEpKWaq5WNF-YzcRzt24IxmNgv-Mgax1s,1190
 atomicshop/keyboard_press.py,sha256=1W5kRtOB75fulVx-uF2yarBhW0_IzdI1k73AnvXstk0,452
+atomicshop/on_exit.py,sha256=Wf1iy2e0b0Zu7oRxrct3VkLdQ_x9B32-z_JerKTt9Z0,5493
 atomicshop/pbtkmultifile_argparse.py,sha256=aEk8nhvoQVu-xyfZosK3ma17CwIgOjzO1erXXdjwtS4,4574
 atomicshop/permissions.py,sha256=P6tiUKV-Gw-c3ePEVsst9bqWaHJbB4ZlJB4xbDYVpEs,4436
 atomicshop/print_api.py,sha256=DhbCQd0MWZZ5GYEk4oTu1opRFC-b31g1VWZgTGewG2Y,11568
 atomicshop/process.py,sha256=Zgb4CUjy9gIBaawvtCOEcxGUCqvqPyARk0lpBjRzxWE,15950
-atomicshop/process_name_cmd.py,sha256=YmAfxZ3fhND58ItJ1fA1C6tPqyNUBlolOM2smKVDK2o,5167
-atomicshop/process_poller.py,sha256=Ya08tLe6NfbJ-U3EZWZ3j-FFqkDSy8zaTu1QeEsWC98,11754
+atomicshop/process_name_cmd.py,sha256=CtaSp3mgxxJKCCVW8BLx6BJNx4giCklU_T7USiCEwfc,5162
+atomicshop/process_poller.py,sha256=naqoq-gJN1kkaOm_MfoM7teIkh5OniXromVR4pb0pjY,11680
 atomicshop/python_file_patcher.py,sha256=kd3rBWvTcosLEk-7TycNdfKW9fZbe161iVwmH4niUo0,5515
 atomicshop/python_functions.py,sha256=zJg4ogUwECxrDD7xdDN5JikIUctITM5lsyabr_ZNsRw,4435
 atomicshop/question_answer_engine.py,sha256=DuOn7QEgKKfqZu2cR8mVeFIfFgayfBHiW-jY2VPq_Fo,841
@@ -79,7 +80,6 @@ atomicshop/archiver/zips.py,sha256=k742K1bEDtc_4N44j_Waebi-uOkxxavqltvV6q-BLW4,1
 atomicshop/basics/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/basics/ansi_escape_codes.py,sha256=WtIkm-BjSZS5J5irDUdAMBNvdX-qXFZcTX98jcBMpJE,3140
 atomicshop/basics/argparse_template.py,sha256=horwgSf3MX1ZgRnYxtmmQuz9OU_vKrKggF65gmjlmfg,5836
-atomicshop/basics/atexits.py,sha256=w7ge8sjuqK2_jdkdP4F4OCltkenQud8AhVEzxhFDiao,2145
 atomicshop/basics/booleans.py,sha256=va3LYIaSOhjdifW4ZEesnIQxBICNHyQjUAkYelzchhE,2047
 atomicshop/basics/bytes_arrays.py,sha256=WvSRDhIGt1ywF95t-yNgpxLm1nlZUbM1Dz6QckcyE8Y,5915
 atomicshop/basics/classes.py,sha256=EijW_g4EhdNBnKPMG3nT3HjFspTchtM7to6zm9Ad_Mk,9771
@@ -102,8 +102,10 @@ atomicshop/basics/threads.py,sha256=xvgdDJdmgN0wmmARoZ-H7Kvl1GOcEbvgaeGL4M3Hcx8,
 atomicshop/basics/timeit_template.py,sha256=fYLrk-X_dhdVtnPU22tarrhhvlggeW6FdKCXM8zkX68,405
 atomicshop/basics/tracebacks.py,sha256=cNfh_oAwF55kSIdqtv3boHZQIoQI8TajxkTnwJwpweI,535
 atomicshop/etw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/etw/dns_trace.py,sha256=rv1A5akgebLzoT5EcvyuNwIztnA2xJYZlZlAbINFe88,5916
-atomicshop/etw/etw.py,sha256=WEs1aqXowH-tKUbaJphhc1hQvpi4SqU3ltyBg5wGM0c,4470
+atomicshop/etw/providers.py,sha256=fVmWi-uGdtnsQTDpu_ty6dzx0GMhGokiST73LNBEJ38,129
+atomicshop/etw/sessions.py,sha256=k3miewU278xn829cqDbsuH_bmZHPQE9-Zn-hINbxUSE,1330
+atomicshop/etw/trace.py,sha256=tjBvV4RxCSn8Aoxj8NVxmqHekdECne_y4Zv2lbh11ak,5341
+atomicshop/etw/trace_dns.py,sha256=f4homrWp4qMrmjC9UrEWjr9p9MrUg7SwOVbE22_IYgw,6728
 atomicshop/file_io/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/file_io/csvs.py,sha256=y8cJtnlN-NNxNupzJgSeGq9aQ4wNxYLFPX9vNNlUiIc,5830
 atomicshop/file_io/docxs.py,sha256=6tcYFGp0vRsHR47VwcRqwhdt2DQOwrAUYhrwN996n9U,5117
@@ -135,9 +137,8 @@ atomicshop/mitm/engines/__reference_general/responder___reference_general.py,sha
 atomicshop/monitor/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/monitor/change_monitor.py,sha256=dGhk5bJPxLCHa2FOVkort99E7vjVojra9GlvhpcKSqE,7551
 atomicshop/monitor/checks/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-atomicshop/monitor/checks/dns.py,sha256=v3Pgdi8tmBmGAs7x7u6N5IiGyTv6GZOLEbrVSZZGE6s,7150
+atomicshop/monitor/checks/dns.py,sha256=YLCFoolq35dnzdnBnfUA2ag-4HfvzcHfRdm3mzX8R8o,7184
 atomicshop/monitor/checks/file.py,sha256=2tIDSlX2KZNc_9i9ji1tcOqupbFTIOj7cKXLyBEDWMk,3263
-atomicshop/monitor/checks/hash.py,sha256=r4mDOdjItN3eyaJk8TVz03f4bQ_uKZ4MDTXagjseazs,2011
 atomicshop/monitor/checks/network.py,sha256=CGZWl4WlQrxayZeVF9JspJXwYA-zWx8ECWTVGSlXc98,3825
 atomicshop/monitor/checks/process_running.py,sha256=x66wd6-l466r8sbRQaIli0yswyGt1dH2DVXkGDL6O0Q,1891
 atomicshop/monitor/checks/url.py,sha256=1PvKt_d7wFg7rDMFpUejAQhj0mqWsmlmrNfjNAV2G4g,4123
@@ -168,6 +169,9 @@ atomicshop/wrappers/certauthw/certauth.py,sha256=hKedW0DOWlEigSNm8wu4SqHkCQsGJ1t
 atomicshop/wrappers/certauthw/certauthw.py,sha256=4WvhjANI7Kzqrr_nKmtA8Kf7B6rute_5wfP65gwQrjw,8082
 atomicshop/wrappers/ctyping/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/wrappers/ctyping/process_winapi.py,sha256=QcXL-ETtlSSkoT8F7pYle97ubGWsjYp8cx8HxkVMgAc,2762
+atomicshop/wrappers/ctyping/etw_winapi/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+atomicshop/wrappers/ctyping/etw_winapi/const.py,sha256=YrAyXBamAmHoQgha7oXwH9g_EqeLYXRGPderuu9FRI8,2765
+atomicshop/wrappers/ctyping/etw_winapi/etw_functions.py,sha256=3DLVXpTeOyTND35T_dKGzKnlLVQ0R3zt3AEcW2bNLNc,5304
 atomicshop/wrappers/ctyping/msi_windows_installer/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 atomicshop/wrappers/ctyping/msi_windows_installer/base.py,sha256=Uu9SlWLsQQ6mjE-ek-ptHcmgiI3Ruah9bdZus70EaVY,4884
 atomicshop/wrappers/ctyping/msi_windows_installer/cabs.py,sha256=htzwb2ROYI8yyc82xApStckPS2yCcoyaw32yC15KROs,3285
@@ -237,6 +241,7 @@ atomicshop/wrappers/psutilw/disks.py,sha256=3ZSVoommKH1TWo37j_83frB-NqXF4Nf5q5mB
 atomicshop/wrappers/psutilw/memories.py,sha256=_S0aL8iaoIHebd1vOFrY_T9aROM5Jx2D5CvDh_4j0Vc,528
 atomicshop/wrappers/psutilw/psutilw.py,sha256=G22ZQfGnqX15-feD8KUXfEZO4pFkIEnB8zgPzJ2jc7M,20868
 atomicshop/wrappers/psycopgw/psycopgw.py,sha256=XJvVf0oAUjCHkrYfKeFuGCpfn0Oxj3u4SbKMKA1508E,7118
+atomicshop/wrappers/pywin32w/console.py,sha256=LstHajPLgXp9qQxFNR44QfH10nOnNp3bCJquxaTquns,1175
 atomicshop/wrappers/pywin32w/winshell.py,sha256=i2bKiMldPU7_azsD5xGQDdMwjaM7suKJd3k0Szmcs6c,723
 atomicshop/wrappers/pywin32w/wmi_win32process.py,sha256=qMzXtJ5hBZ5ydAyqpDbSx0nO2RJQL95HdmV5SzNKMhk,6826
 atomicshop/wrappers/socketw/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
@@ -255,8 +260,8 @@ atomicshop/wrappers/socketw/socket_server_tester.py,sha256=AhpurHJmP2kgzHaUbq5ey
 atomicshop/wrappers/socketw/socket_wrapper.py,sha256=aXBwlEIJhFT0-c4i8iNlFx2It9VpCEpsv--5Oqcpxao,11624
 atomicshop/wrappers/socketw/ssl_base.py,sha256=k4V3gwkbq10MvOH4btU4onLX2GNOsSfUAdcHmL1rpVE,2274
 atomicshop/wrappers/socketw/statistics_csv.py,sha256=t3dtDEfN47CfYVi0CW6Kc2QHTEeZVyYhc57IYYh5nmA,826
-atomicshop-2.12.23.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
-atomicshop-2.12.23.dist-info/METADATA,sha256=mDSQpG6SXbiytprFFrq70833uv_No7bDq5EtU_2q3xw,10479
-atomicshop-2.12.23.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
-atomicshop-2.12.23.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
-atomicshop-2.12.23.dist-info/RECORD,,
+atomicshop-2.12.25.dist-info/LICENSE.txt,sha256=lLU7EYycfYcK2NR_1gfnhnRC8b8ccOTElACYplgZN88,1094
+atomicshop-2.12.25.dist-info/METADATA,sha256=9B-DBn3RCaFkRPibGwrKm8FOiWIRdqjSifbGjXpi9z4,10479
+atomicshop-2.12.25.dist-info/WHEEL,sha256=GJ7t_kWBFywbagK5eo9IoUwLW6oyOeTKmQ-9iHFVNxQ,92
+atomicshop-2.12.25.dist-info/top_level.txt,sha256=EgKJB-7xcrAPeqTRF2laD_Np2gNGYkJkd4OyXqpJphA,11
+atomicshop-2.12.25.dist-info/RECORD,,

atomicshop/basics/atexits.py

@@ -1,64 +0,0 @@
-import atexit
-import signal
-import sys
-import platform
-
-from ..print_api import print_api
-
-
-def restart_function(callable_function, *args, **kwargs):
-    """
-    This function will run the callable function with the given arguments and keyword arguments.
-    If the function raises an exception, the function will be restarted.
-
-    :param callable_function: The function to run.
-    :param args: The arguments to pass to the function.
-    :param kwargs: The keyword arguments to pass to the function.
-    :return: The return value of the function.
-    """
-    while True:
-        try:
-            return callable_function(*args, **kwargs)
-        except Exception as e:
-            print(f"ERROR: {e}")
-            continue
-
-
-def run_callable_on_exit_and_signals(
-        callable_function,
-        print_kwargs: dict = None,
-        *args,
-        **kwargs
-):
-    """
-    This function will run the callable function with the given arguments and keyword arguments.
-    If the function raises an exception, the function will be restarted.
-
-    :param callable_function: The function to run.
-    :param print_kwargs: print_api kwargs.
-    :param args: The arguments to pass to the function.
-    :param kwargs: The keyword arguments to pass to the function.
-    :return: The return value of the function.
-    """
-    def signal_handler(signum, frame):
-        print_api(f"Signal {signum} received, exiting.", **(print_kwargs or {}))
-        callable_function(*args, **kwargs)
-        input("Press Enter to exit.")
-        sys.exit(0)
-
-    def exit_handler():
-        print_api("Exiting.", **(print_kwargs or {}))
-        callable_function(*args, **kwargs)
-        input("Press Enter to exit.")
-        sys.exit(0)
-
-    signals = [signal.SIGINT, signal.SIGTERM]
-    if platform.system() != 'Windows':
-        signals.append(signal.SIGQUIT)
-        signals.append(signal.SIGHUP)
-    for sig in signals:
-        signal.signal(sig, signal_handler)
-
-    # signal.signal(signal.SIGINT, signal_handler)
-    # signal.signal(signal.SIGTERM, signal_handler)
-    atexit.register(exit_handler)

atomicshop/monitor/checks/hash.py

@@ -1,56 +0,0 @@
-from ... import diff_check
-from ...print_api import print_api
-from .hash_checks import file, url
-
-
-DIFF_CHECKER = diff_check.DiffChecker(
-    return_first_cycle=False,
-    operation_type='single_object'
-)
-
-
-def setup_check(change_monitor_instance):
-    change_monitor_instance.set_input_file_path()
-
-    if change_monitor_instance.object_type == 'file':
-        file.setup_check(change_monitor_instance, change_monitor_instance.check_object)
-    elif 'url_' in change_monitor_instance.object_type:
-        url.setup_check(change_monitor_instance, change_monitor_instance.check_object)
-
-
-def execute_cycle(change_monitor_instance, print_kwargs: dict = None):
-    """
-    This function executes the cycle of the change monitor: hash.
-
-    :param change_monitor_instance: Instance of the ChangeMonitor class.
-    :param print_kwargs: print_api kwargs.
-
-    :return: List of dictionaries with the results of the cycle.
-    """
-
-    if print_kwargs is None:
-        print_kwargs = dict()
-
-    return_list = list()
-
-    if change_monitor_instance.object_type == 'file':
-        # Get the hash of the object.
-        file.get_hash(change_monitor_instance, change_monitor_instance.check_object, print_kwargs=print_kwargs)
-    elif 'url_' in change_monitor_instance.object_type:
-        # Get the hash of the object.
-        url.get_hash(change_monitor_instance, change_monitor_instance.check_object, print_kwargs=print_kwargs)
-
-    # Check if the object was updated.
-    result, message = change_monitor_instance.diff_checker.check_string(
-        print_kwargs=print_kwargs)
-
-    # If the object was updated, print the message in yellow color, otherwise print in green color.
-    if result:
-        print_api(message, color='yellow', **print_kwargs)
-        # create_message_file(message, self.__class__.__name__, logger=self.logger)
-
-        return_list.append(message)
-    else:
-        print_api(message, color='green', **print_kwargs)
-
-    return return_list