atomicshop 2.15.11__py3-none-any.whl → 3.10.5__py3-none-any.whl

atomicshop/wrappers/pywin32w/win_event_log/subscribes/process_terminate.py

@@ -1,7 +1,5 @@
-import subprocess
-
 from .. import subscribe
-from .....print_api import print_api
+from .... import win_auditw
 
 
 LOG_CHANNEL: str = 'Security'
@@ -27,7 +25,7 @@ class ProcessTerminateSubscriber(subscribe.EventLogSubscriber):
 
     def start(self):
         """Start the subscription process."""
-        enable_audit_process_termination()
+        win_auditw.enable_audit_process_termination()
 
         super().start()
 
@@ -48,56 +46,4 @@ class ProcessTerminateSubscriber(subscribe.EventLogSubscriber):
 
         data['ProcessIdInt'] = int(data['ProcessId'], 16)
 
-        return data
-
-
-def enable_audit_process_termination(print_kwargs: dict = None):
-    """
-    Enable the 'Audit Process Termination' policy.
-
-    :param print_kwargs: Optional keyword arguments for the print function.
-    """
-    if is_audit_process_termination_enabled():
-        print_api("Audit Process Termination is already enabled.", color='yellow', **(print_kwargs or {}))
-        return
-
-    audit_policy_command = [
-        "auditpol", "/set", "/subcategory:Process Termination", "/success:enable", "/failure:enable"
-    ]
-    try:
-        subprocess.run(audit_policy_command, check=True)
-        print_api("Successfully enabled 'Audit Process Termination'.", color='green', **(print_kwargs or {}))
-    except subprocess.CalledProcessError as e:
-        print_api(f"Failed to enable 'Audit Process Termination': {e}", error_type=True, color='red', **(print_kwargs or {}))
-        raise e
-
-
-def is_audit_process_termination_enabled(print_kwargs: dict = None) -> bool:
-    """
-    Check if the 'Audit Process Termination' policy is enabled.
-
-    :param print_kwargs: Optional keyword arguments for the print function.
-    """
-    # Command to check the "Audit Process Creation" policy
-    audit_policy_check_command = [
-        "auditpol", "/get", "/subcategory:Process Termination"
-    ]
-    try:
-        result = subprocess.run(audit_policy_check_command, check=True, capture_output=True, text=True)
-        output = result.stdout
-        # print_api(output)  # Print the output for inspection
-
-        if "Process Termination" in output and "Success and Failure" in output:
-            # print_api(
-            #     "'Audit Process Termination' is enabled for both success and failure.",
-            #     color='green', **(print_kwargs or {}))
-            return True
-        else:
-            # print_api(output, **(print_kwargs or {}))
-            # print_api(
-            #     "'Audit Process Termination' is not fully enabled. Check the output above for details.",
-            #     color='yellow', **(print_kwargs or {}))
-            return False
-    except subprocess.CalledProcessError as e:
-        print_api(f"Failed to check 'Audit Process Termination': {e}", color='red', error_type=True, **(print_kwargs or {}))
-        return False
+        return data

atomicshop/wrappers/pywin32w/wmis/msft_netipaddress.py

@@ -0,0 +1,113 @@
+from typing import Optional
+
+from win32com.client import CDispatch
+
+from . import wmi_helpers
+
+
+def set_skip_as_source(
+        ip_addresses: list[str],
+        enable: bool = True,
+        wmi_instance: CDispatch = None
+) -> None:
+    """
+    Toggle SkipAsSource for every address in *ip_addrs*.
+
+    Parameters
+    ----------
+    ip_addresses : list/tuple/iterable of str
+        One or more literal IP strings, e.g. "192.168.157.3"
+    enable : bool
+        True → behave like  Set‑NetIPAddress ‑SkipAsSource $true
+        False → behave like Set‑NetIPAddress ‑SkipAsSource $false
+    wmi_instance : CDispatch
+        WMI instance to use. If not provided, a new one will be created.
+        'root\\StandardCimv2'
+
+    ================
+
+    Explanation.
+        When you add extra IPv4 addresses to the same NIC, Windows treats them all as “first‑class” unless you tell it otherwise.
+        Because the two new addresses (192.168.157.3 and .4) are numerically lower than the original one (.129), the TCP/IP stack now prefers one of those lower addresses as the default source for any socket whose program didn’t bind an explicit local IP.
+
+        What that looks like on the wire
+        Client sends SYN → 192.168.157.3 (or .4).
+        – Server replies with SYN/ACK ←192.168.157.3 → handshake completes, HTTP works.
+
+        Client sends SYN → 192.168.157.129.
+        – Stack still picks .3 as its favourite and answers SYN/ACK ← 192.168.157.3.
+        – Client discards the packet (wrong IP), retransmits the SYN, your code’s accept() wakes up again, and you see an “infinite accept loop”.
+
+        The flag that fixes it: SkipAsSource
+        Tell Windows not to use the extra addresses unless an application asks for them.
+
+        PowerShell.
+        # One‑off: mark the addresses you already added
+        Get-NetIPAddress -IPAddress 192.168.157.3 | Set-NetIPAddress -SkipAsSource $true
+        Get-NetIPAddress -IPAddress 192.168.157.4 | Set-NetIPAddress -SkipAsSource $true
+
+        # —OR— add new addresses the right way from the start
+        New-NetIPAddress -InterfaceAlias "Ethernet0" `
+                         -IPAddress 192.168.157.3 `
+                         -PrefixLength 24 `
+                         -SkipAsSource $true
+        SkipAsSource = $true keeps the address fully routable for incoming traffic and lets programs bind to it explicitly.
+
+        Windows will never choose that address as the source of an outgoing packet unless the program bound the socket to it.
+
+        After you flip the flag (no reboot required) the three‑way handshake is symmetrical again and the endless accept() loop disappears.
+    """
+
+    if not wmi_instance:
+        wmi_instance, _ = wmi_helpers.get_wmi_instance(namespace='root\\StandardCimv2')
+
+    for ip in ip_addresses:
+        query = f"SELECT * FROM MSFT_NetIPAddress WHERE IPAddress='{ip}'"
+        matches = wmi_instance.ExecQuery(query)
+        if not matches:
+            print(f"[!] {ip}: no such address found")
+            continue
+
+        for obj in matches:                     # usually just one
+            if bool(obj.SkipAsSource) == enable:
+                print(f"[=] {ip}: SkipAsSource already {enable}")
+                continue
+
+            obj.SkipAsSource = enable
+            obj.Put_()                          # commit the change
+            print(f"[+] {ip}: SkipAsSource set to {enable}")
+
+
+def is_skip_as_source(
+        ip_address: str,
+        wmi_instance: CDispatch = None
+) -> Optional[bool]:
+    """
+    Check whether *ip_address* currently has SkipAsSource set.
+
+    Returns
+    -------
+    True        – the flag is enabled
+    False       – the flag is disabled
+    None        – no MSFT_NetIPAddress object matches the IP (not present)
+
+    Notes
+    -----
+    * Works for both IPv4/IPv6.
+    * Uses the same Win32 CIM class (root\\StandardCimv2 › MSFT_NetIPAddress).
+    * You can pass an existing `wmi_instance` to avoid reconnecting in tight loops.
+    """
+    # Get a WMI connection if the caller didn’t hand us one
+    if not wmi_instance:
+        wmi_instance, _ = wmi_helpers.get_wmi_instance(namespace='root\\StandardCimv2')
+
+    query = f"SELECT SkipAsSource FROM MSFT_NetIPAddress WHERE IPAddress='{ip_address}'"
+    matches = wmi_instance.ExecQuery(query)
+
+    if not matches:                       # address not configured on this host/NIC
+        return None
+
+    # There should be only one entry per literal IP, but handle duplicates sanely
+    # Return True if *any* matching record has SkipAsSource = True,
+    # otherwise False (all are False).
+    return any(bool(obj.SkipAsSource) for obj in matches)

atomicshop/wrappers/pywin32w/wmis/win32_networkadapterconfiguration.py

@@ -0,0 +1,259 @@
+from typing import Union
+import socket
+import time
+
+from win32com.client import CDispatch
+import pywintypes
+
+from . import wmi_helpers, win32networkadapter
+from .... import ip_addresses
+
+
+def get_network_configuration_by_adapter(
+        adapter: CDispatch,
+        wmi_instance: CDispatch = None
+) -> Union[CDispatch, None]:
+    """
+    Get the network configuration for a specific adapter index.
+
+    :param adapter: CDispatch, Win32_NetworkAdapter object.
+    :param wmi_instance: WMI instance. You can get it from:
+        wmi_helpers.get_wmi_instance()
+    :return: Win32_NetworkAdapterConfiguration object.
+    """
+
+    network_config: CDispatch = wmi_instance.ExecQuery(
+        f"SELECT * FROM Win32_NetworkAdapterConfiguration WHERE Index={adapter.Index}")[0]
+
+    return network_config
+
+
+def get_adapter_network_configuration(
+        interface_name: str = None,
+        mac_address: str = None,
+        wmi_instance: CDispatch = None
+) -> tuple:
+    """
+    Get the WMI network configuration for a network adapter.
+    :param interface_name: string, adapter name as shown in the network settings.
+    :param mac_address: string, MAC address of the adapter. Format: '00:00:00:00:00:00'.
+    :param wmi_instance: WMI instance. You can get it from:
+        wrappers.pywin32s.wmis.wmi_helpers.get_wmi_instance()
+        or default will be used.
+    :return: tuple(Win32_NetworkAdapterConfiguration, Win32_NetworkAdapter)
+    """
+
+    if not wmi_instance:
+        wmi_instance, _ = wmi_helpers.get_wmi_instance()
+
+    adapters = win32networkadapter.list_network_adapters(wmi_instance)
+
+    if interface_name is None and mac_address is None:
+        raise ValueError("Either 'interface_name' or 'mac_address' must be provided.")
+    elif interface_name and mac_address:
+        raise ValueError("Only one of 'interface_name' or 'mac_address' must be provided.")
+
+    current_adapter = None
+    if interface_name:
+        for adapter in adapters:
+            if interface_name == adapter.NetConnectionID:
+                current_adapter = adapter
+                break
+
+        if not current_adapter:
+            raise wmi_helpers.WMINetworkAdapterNotFoundError(f"Adapter with interface name '{interface_name}' not found.")
+    elif mac_address:
+        for adapter in adapters:
+            if mac_address == adapter.MACAddress:
+                current_adapter = adapter
+                break
+
+        if current_adapter is None:
+            raise wmi_helpers.WMINetworkAdapterNotFoundError(f"Adapter with MAC address '{mac_address}' not found.")
+
+    # Query the network adapter configurations
+    query = f"SELECT * FROM Win32_NetworkAdapterConfiguration WHERE Index='{current_adapter.DeviceID}'"
+    adapter_configs = wmi_instance.ExecQuery(query)
+
+    # Check if the adapter exists
+    if len(adapter_configs) == 0:
+        raise wmi_helpers.WMINetworkAdapterNotFoundError(f"Adapter with interface name '{interface_name}' not found.")
+
+    return adapter_configs[0], current_adapter
+
+
+def set_static_ips(
+        network_config: CDispatch,                               # Win32_NetworkAdapterConfiguration (CDispatch)
+        ips: list[str],    # ["192.168.157.3", ...]
+        masks: list[str],    # ["255.255.255.0", ...]
+        gateways: list[str] = None,
+        dns_gateways: list[str] = None,
+        availability_wait_seconds: int = 0
+) -> None:
+    """
+    • network_config      – Win32_NetworkAdapterConfiguration instance for the target NIC
+                 (you already have it from GetObject / WMI query).
+    • ips     – list of IPv4 strings.
+    • masks    – matching subnet‑mask list (same length as ipv4).
+    • gateways – list of default gateways (optional).
+    • dns_gateways – list of DNS servers (optional).
+    • availability_wait_seconds – seconds to wait for the adapter to become available.
+        0 means no wait.
+
+    Raises RuntimeError if Windows reports anything other than success (0 / 1)
+    or "object already exists" (22) for each operation.
+
+    ==========
+
+    Example:
+        cfg = wmi_instance.Get("Win32_NetworkAdapterConfiguration.Index=12")  # your adapter
+        set_static_ips(
+            cfg,
+            ipv4=["192.168.157.129", "192.168.157.3", "192.168.157.4"],
+            masks=["255.255.255.0"] * 3,
+            # gateways=["192.168.157.2"],
+            # dns_gateways=["8.8.8.8", "1.1.1.1"]
+        )
+    """
+
+    initial_default_ipv4: str = socket.gethostbyname(socket.gethostname())
+
+    # -------------------- IPv4 via EnableStatic ----------------------------
+    if not masks or len(ips) != len(masks):
+        raise ValueError("ipv4 and masks must be lists of equal length")
+
+    # # refresh the instance – state may have changed after the previous call
+    # network_config = network_config.Path_.GetObject_()
+
+    try:
+        in_params = network_config.Methods_("EnableStatic").InParameters.SpawnInstance_()
+    except pywintypes.com_error as e:
+        if e.excepinfo[1] == 'SWbemMethodSet' and 'Not found' in e.excepinfo[2]:
+            raise RuntimeError(f"Probably the adapter is already set to static non-DHCP.\n"
+                               f"Failed to get [EnableStatic] method parameters: {e}\n")
+        else:
+            raise
+
+    in_params.IPAddress  = ips
+    in_params.SubnetMask = masks
+
+    rc = network_config.ExecMethod_("EnableStatic", in_params).Properties_('ReturnValue').Value
+    if rc not in (0, 1):     # 0 = reboot required, 1 = OK
+        raise RuntimeError(f"EnableStatic (IPv4) failed, code {rc}")
+
+    # -------------------- Default Gateway via SetGateways -------------------
+    if gateways:
+        gateway_metrics = [1] * len(gateways)
+        in_params = network_config.Methods_("SetGateways").InParameters.SpawnInstance_()
+        in_params.DefaultIPGateway = gateways
+        in_params.GatewayCostMetric = [int(m) for m in gateway_metrics]
+
+        rc = network_config.ExecMethod_("SetGateways", in_params) \
+            .Properties_('ReturnValue').Value
+        if rc not in (0, 1):
+            raise RuntimeError(f"SetGateways failed, code {rc}")
+
+    # -------------------- DNS via SetDNSServerSearchOrder ------------------
+    if dns_gateways:
+        in_params = network_config.Methods_("SetDNSServerSearchOrder").InParameters.SpawnInstance_()
+        in_params.DNSServerSearchOrder = dns_gateways
+
+        rc = network_config.ExecMethod_("SetDNSServerSearchOrder", in_params).Properties_('ReturnValue').Value
+        if rc not in (0, 1):
+            raise RuntimeError(f"SetDNSServerSearchOrder failed, code {rc}")
+
+    # -------------------- Wait for the adapter to become available -----------
+    if availability_wait_seconds > 0:
+        count = 0
+        while count < 15:
+            current_default_ipv4: str = socket.gethostbyname(socket.gethostname())
+            if current_default_ipv4 == initial_default_ipv4:
+                # print(f"[+] Adapter is available: {current_default_ipv4}")
+                break
+            else:
+                # print(f"[!] Adapter is not available yet: [{current_default_ipv4}]")
+                count += 1
+
+            time.sleep(1)
+
+
+def set_dynamic_ip(
+        nic_cfg,
+        reset_dns: bool = True,
+        reset_wins: bool = True
+) -> None:
+    """
+    Switch the adapter represented by *nic_cfg* (a Win32_NetworkAdapterConfiguration
+    COM object) to DHCP.
+
+    Parameters
+    ----------
+    nic_cfg : CDispatch
+        The adapter’s Win32_NetworkAdapterConfiguration instance (IPEnabled = TRUE).
+    reset_dns : bool, default True
+        Also clear any static DNS servers (calls SetDNSServerSearchOrder(None)).
+    reset_wins : bool, default True
+        Also clear any static WINS servers (calls SetWINSServer(None, None)).
+
+    Raises
+    ------
+    RuntimeError
+        If any WMI call returns a status other than 0 (“Success”) or 1 (“Restart required”).
+    """
+
+    # 1) Turn on DHCP for IPv4
+    wmi_helpers.call_method(nic_cfg, 'EnableDHCP')
+
+    # 2) Clear static gateways (otherwise Windows keeps using them)
+    wmi_helpers.call_method(nic_cfg, 'SetGateways', ([], []))    # empty SAFEARRAY → remove gateways
+
+    # 3) Optional: reset DNS
+    if reset_dns:
+        wmi_helpers.call_method(nic_cfg, 'SetDNSServerSearchOrder', None)  # None = DHCP-provided DNS
+
+    # 4) Optional: reset WINS
+    if reset_wins:
+        wmi_helpers.call_method(nic_cfg, 'SetWINSServer', ("", ""))
+
+
+def get_info_from_network_config(
+        network_config: CDispatch
+) -> dict:
+    """
+    Collect information about adapter that currently carries the default route.
+
+    :param network_config: CDispatch, Win32_NetworkAdapterConfiguration object.
+    :return: dict of the default adapter.
+    """
+
+    def _split_ips(config):
+        """Split IPAddress[] into separate v4 / v6 lists."""
+        current_ipv4s: list[str] = []
+        current_ipv4_masks: list[str] = []
+        current_ipv6s: list[str] = []
+        current_ipv6_prefixes: list[int] = []
+        for address_index, ip_address in enumerate(config.IPAddress):
+            if ip_addresses.is_ip_address(ip_address, 'ipv4'):
+                current_ipv4s.append(ip_address)
+                current_ipv4_masks.append(config.IPSubnet[address_index])
+            elif ip_addresses.is_ip_address(ip_address, 'ipv6'):
+                current_ipv6s.append(ip_address)
+                current_ipv6_prefixes.append(int(config.IPSubnet[address_index]))
+
+        return current_ipv4s, current_ipv6s, current_ipv4_masks, current_ipv6_prefixes
+
+    ipv4s, ipv6s, ipv4subnets, ipv6prefixes = _split_ips(network_config)
+    adapter = {
+            "caption": network_config.Caption,
+            "description": network_config.Description,
+            "interface_index": network_config.InterfaceIndex,
+            "is_dynamic": bool(network_config.DHCPEnabled),
+            "ipv4s": ipv4s,
+            "ipv6s": ipv6s,
+            "ipv4_subnet_masks": ipv4subnets,
+            "ipv6_prefixes": ipv6prefixes,
+            "default_gateways": list(network_config.DefaultIPGateway or []),
+            "dns_gateways": list(network_config.DNSServerSearchOrder or []),
+        }
+
+    return adapter

atomicshop/wrappers/pywin32w/wmis/win32networkadapter.py

@@ -0,0 +1,112 @@
+from logging import Logger
+from typing import Union
+
+from win32com.client import CDispatch
+
+from . import wmi_helpers, win32_networkadapterconfiguration
+from ...psutilw import psutil_networks
+from ....print_api import print_api
+
+
+def list_network_adapters(wmi_instance: CDispatch = None) -> list[CDispatch]:
+    """
+    List all network adapters on the system, from the Win32_NetworkAdapter class.
+
+    :param wmi_instance: WMI instance. You can get it from:
+        wmi_helpers.get_wmi_instance()
+    :return: list of Win32_NetworkAdapter objects.
+    """
+
+    if not wmi_instance:
+        wmi_instance, _ = wmi_helpers.get_wmi_instance()
+
+    # Query all network adapters
+    adapters: list[CDispatch] = list(wmi_instance.ExecQuery("SELECT * FROM Win32_NetworkAdapter"))
+
+    # Print adapter descriptions
+    # for adapter in adapters:
+    #     print(f"Description: {adapter.Description}, IPEnabled: {adapter.IPEnabled}")
+    return adapters
+
+
+def get_network_adapter_by_device_name(
+        device_name: str,
+        wmi_instance: CDispatch = None
+) -> Union[CDispatch, None]:
+    """
+    Get a network adapter by its name.
+
+    :param device_name: string, adapter name as shown in the network settings.
+    :param wmi_instance: WMI instance. You can get it from:
+        wmi_helpers.get_wmi_instance()
+    :return: Win32_NetworkAdapter object.
+    """
+
+    if not wmi_instance:
+        wmi_instance, _ = wmi_helpers.get_wmi_instance()
+
+    query: str = (
+        "SELECT * FROM Win32_NetworkAdapter "
+        f"WHERE Name LIKE '{device_name}'")
+    adapters: list[CDispatch] = list(wmi_instance.ExecQuery(query))
+    if not adapters:
+        return None
+
+    return adapters[0]
+
+
+def get_default_network_adapter(wmi_instance: CDispatch = None):
+    """
+    Get the default network adapter.
+
+    :param wmi_instance: WMI instance. You can get it from:
+        wmi_helpers.get_wmi_instance()
+    :return:
+    """
+
+    if not wmi_instance:
+        wmi_instance, _ = wmi_helpers.get_wmi_instance()
+
+    default_connection_name_dict: dict = psutil_networks.get_default_connection_name()
+    # Get the first key from the dictionary.
+    default_connection_name: str = list(default_connection_name_dict.keys())[0]
+    adapters: list[CDispatch] = list_network_adapters(wmi_instance)
+
+    for adapter in adapters:
+        if default_connection_name == adapter.NetConnectionID:
+            return adapter
+
+    raise wmi_helpers.WMINetworkAdapterNotFoundError("Default network adapter not found.")
+
+
+def set_dns_server(
+        dns_servers: Union[list[str], None],
+        interface_name: str = None,
+        mac_address: str = None,
+        verbose: bool = False,
+        logger: Logger = None
+):
+    """
+    Set the DNS servers for a network adapter.
+    :param dns_servers: list of strings, DNS server IPv4 addresses.
+        None, if you want to remove the DNS servers and make the interface to obtain them automatically from DHCP.
+        list[str], if you want to set the DNS servers manually to the list of strings.
+    :param interface_name: string, network interface name as shown in the network settings.
+    :param mac_address: string, MAC address of the adapter. Format: '00:00:00:00:00:00'.
+
+    :param verbose: bool, if True, print verbose output.
+    :param logger: Logger object, if provided, will log the output instead of printing.
+    :return:
+    """
+
+    adapter_config, current_adapter = win32_networkadapterconfiguration.get_adapter_network_configuration(
+        interface_name=interface_name, mac_address=mac_address)
+
+    if verbose:
+        message = (
+            f"Adapter [{current_adapter.Description}], Connection name [{current_adapter.NetConnectionID}]\n"
+            f"Setting DNS servers to {dns_servers}")
+        print_api(message, color='blue', logger=logger)
+
+    # Set DNS servers
+    wmi_helpers.call_method(adapter_config, 'SetDNSServerSearchOrder', dns_servers)