hakril · hakril · Feb 2, 2025 · Feb 2, 2025 · Feb 2, 2025 · Feb 2, 2025
diff --git a/tests/test_alpc.py b/tests/test_alpc.py
@@ -15,7 +15,7 @@ def generated_test():
         time.sleep(0.5)
         client_function()
         th.join()
-        return True
+        return
     return generated_test
 
 PORT_NAME = r"\RPC Control\PythonForWindowsTestPort"

diff --git a/tests/test_crypto.py b/tests/test_crypto.py
@@ -227,7 +227,7 @@ def test_crypt_obj():
     # TODO: Need some better ideas
 
 def test_certificate_from_store():
-    return windows.crypto.CertificateStore.from_system_store("Root")
+    assert windows.crypto.CertificateStore.from_system_store("Root")
 
 
 def test_sign_verify(rawcert, rawpfx):

diff --git a/tests/test_process.py b/tests/test_process.py
@@ -25,7 +25,7 @@ def test_current_process_ppid(self):
         assert myself.ppid == windows.current_process.ppid
 
     def test_get_current_process_peb(self):
-        return windows.current_process.peb
+        assert windows.current_process.peb
 
     def test_get_current_process_modules(self):
         # Use module filename because this executable can be:

diff --git a/windows/debug/symbols.py b/windows/debug/symbols.py
@@ -177,6 +177,10 @@ def _get_type_info(self, typeinfo, ires=None):
             windows.winproxy.LocalFree(res)
         return newres
 
+    @property
+    def module(self):
+        return self.resolver.get_module(self.modbase)
+
     @property
     def name(self):
         return self._get_type_info(gdef.TI_GET_SYMNAME)

diff --git a/windows/syswow64.py b/windows/syswow64.py
@@ -169,7 +169,9 @@ def get_current_process_syswow_peb():
 
 class CurrentProcessReadSyswow(process.Process):
     bitness = 64
+
     def _get_handle(self):
+        # GetCurrentProcess() is not accepted for NtWow64ReadVirtualMemory64 :(
         return winproxy.OpenProcess(dwProcessId=windows.current_process.pid)
 
     def read_memory(self, addr, size):

diff --git a/windows/winobject/event_log.py b/windows/winobject/event_log.py
@@ -377,6 +377,7 @@ class ImprovedEVT_VARIANT(gdef.EVT_VARIANT):
         gdef.EvtVarTypeUInt16 + gdef.EVT_VARIANT_TYPE_ARRAY : "UInt16Arr",
         gdef.EvtVarTypeUInt32 + gdef.EVT_VARIANT_TYPE_ARRAY : "UInt32Arr",
         gdef.EvtVarTypeUInt64 + gdef.EVT_VARIANT_TYPE_ARRAY : "UInt64Arr",
+        gdef.EvtVarTypeHexInt64 + gdef.EVT_VARIANT_TYPE_ARRAY : "UInt64Arr",
     }
     NoneValue = None
 

diff --git a/windows/winobject/process.py b/windows/winobject/process.py
@@ -520,11 +520,12 @@ def handles(self):
         return [h for h in windows.system.handles if h.dwProcessId == pid]
 
     def __del__(self):
-        super(Process, self).__del__()
-        # Same logic that AutoHandle.__del__ for Process.limited_handle
-        # Assert that Process inherit AutoHandle
         # sys.path is not None -> check if python shutdown
         if sys.path is not None and hasattr(self, "_limited_handle") and self._limited_handle:
+            # Same logic that AutoHandle.__del__ for Process.limited_handle
+            # Assert that Process inherit AutoHandle
+            # Call super after check as Process could be None during destruction
+            super(Process, self).__del__()
             # Prevent some bug where dbgprint might be None when __del__ is called in a closing process
             # This line is bad -> it reopens a handle closed by 'super(Process, self).__del__()' ._.
             dbgprint("Closing limited handle {0} for {1}".format(hex(self._limited_handle), self), "HANDLE") if dbgprint is not None else None