Beispiel #1
0
    def c_getVsArray(self, ardecl):
        cls, size = self._getVsChildElements(ardecl)
        # Special case char arrays into v_bytes
        if cls == vs_prim.v_int8:
            return lambda: vs_prim.v_str(size=size)

        return lambda: vstruct.VArray( [ cls() for i in range(size) ] )
Beispiel #2
0
 def __init__(self, bigend=False):
     vstruct.VStruct.__init__(self)
     self.namesz = v_uint32(bigend=bigend)
     self.descsz = v_uint32(bigend=bigend)
     self.ntype = v_uint32(bigend=bigend)
     self.name = v_bytes()
     self.desc = vstruct.VArray()
Beispiel #3
0
 def __init__(self):
     vstruct.VStruct.__init__(self)
     self.Magic = v_bytes(2)
     self.MajorLinkerVersion = v_uint8()
     self.MinorLinkerVersion = v_uint8()
     self.SizeOfCode = v_uint32()
     self.SizeOfInitializedData = v_uint32()
     self.SizeOfUninitializedData = v_uint32()
     self.AddressOfEntryPoint = v_uint32()
     self.BaseOfCode = v_uint32()
     self.ImageBase = v_uint64()
     self.SectionAlignment = v_uint32()
     self.FileAlignment = v_uint32()
     self.MajorOperatingSystemVersion = v_uint16()
     self.MinorOperatingSystemVersion = v_uint16()
     self.MajorImageVersion = v_uint16()
     self.MinorImageVersion = v_uint16()
     self.MajorSubsystemVersion = v_uint16()
     self.MinorSubsystemVersion = v_uint16()
     self.Win32VersionValue = v_uint32()
     self.SizeOfImage = v_uint32()
     self.SizeOfHeaders = v_uint32()
     self.CheckSum = v_uint32()
     self.Subsystem = v_uint16()
     self.DllCharacteristics = v_uint16()
     self.SizeOfStackReserve = v_uint64()
     self.SizeOfStackCommit = v_uint64()
     self.SizeOfHeapReserve = v_uint64()
     self.SizeOfHeapCommit = v_uint64()
     self.LoaderFlags = v_uint32()
     self.NumberOfRvaAndSizes = v_uint32()
     self.DataDirectory = vstruct.VArray(
         [IMAGE_DATA_DIRECTORY() for i in range(16)])
Beispiel #4
0
 def __init__(self):
     vstruct.VStruct.__init__(self)
     self.access_flags = v_uint16(bigend=True)
     self.name_index = v_uint16(bigend=True)
     self.descriptor_index = v_uint16(bigend=True)
     self.attributes_count = v_uint16(bigend=True)
     self.attributes = vstruct.VArray()
Beispiel #5
0
 def __init__(self):
     vstruct.VStruct.__init__(self)
     self.TIB = NT_TIB()
     self.EnvironmentPointer = v_ptr32()
     self.ClientId = CLIENT_ID()
     self.ActiveRpcHandle = v_ptr32()
     self.ThreadLocalStorage = v_ptr32()
     self.ProcessEnvironmentBlock = v_ptr32()
     self.LastErrorValue = v_uint32()
     self.CountOfOwnedCriticalSections = v_uint32()
     self.CsrClientThread = v_ptr32()
     self.Win32ThreadInfo = v_ptr32()
     self.User32Reserved = vstruct.VArray([v_uint32() for i in range(26)])
     self.UserReserved = vstruct.VArray([v_uint32() for i in range(5)])
     self.WOW32Reserved = v_ptr32()
     self.CurrentLocale = v_uint32()
     self.FpSoftwareStatusRegister = v_uint32()
Beispiel #6
0
 def __init__(self):
     vstruct.VStruct.__init__(self)
     self.e_magic = v_uint16()
     self.e_cblp = v_uint16()
     self.e_cp = v_uint16()
     self.e_crlc = v_uint16()
     self.e_cparhdr = v_uint16()
     self.e_minalloc = v_uint16()
     self.e_maxalloc = v_uint16()
     self.e_ss = v_uint16()
     self.e_sp = v_uint16()
     self.e_csum = v_uint16()
     self.e_ip = v_uint16()
     self.e_cs = v_uint16()
     self.e_lfarlc = v_uint16()
     self.e_ovno = v_uint16()
     self.e_res = vstruct.VArray([v_uint16() for i in range(4)])
     self.e_oemid = v_uint16()
     self.e_oeminfo = v_uint16()
     self.e_res2 = vstruct.VArray([v_uint16() for i in range(10)])
     self.e_lfanew = v_uint32()
Beispiel #7
0
 def __init__(self):
     vstruct.VStruct.__init__(self)
     self.Entry = HEAP_ENTRY()
     self.Signature = v_uint32()
     self.Flags = v_uint32()
     self.ForceFlags = v_uint32()
     self.VirtualMemoryThreshold = v_uint32()
     self.SegmentReserve = v_uint32()
     self.SegmentCommit = v_uint32()
     self.DeCommitFreeBlockThreshold = v_uint32()
     self.DeCommitTotalFreeThreshold = v_uint32()
     self.TotalFreeSize = v_uint32()
     self.MaximumAllocationSize = v_uint32()
     self.ProcessHeapsListIndex = v_uint16()
     self.HeaderValidateLength = v_uint16()
     self.HeaderValidateCopy = v_ptr32()
     self.NextAvailableTagIndex = v_uint16()
     self.MaximumTagIndex = v_uint16()
     self.TagEntries = v_ptr32()
     self.UCRSegments = v_ptr32()
     self.UnusedUnCommittedRanges = v_ptr32()
     self.AlignRound = v_uint32()
     self.AlignMask = v_uint32()
     self.VirtualAllocBlocks = ListEntry()
     self.Segments = vstruct.VArray([v_uint32() for i in range(64)])
     self.u = vstruct.VArray([v_uint8() for i in range(16)])
     self.u2 = vstruct.VArray([v_uint8() for i in range(2)])
     self.AllocatorBackTraceIndex = v_uint16()
     self.NonDedicatedListLength = v_uint32()
     self.LargeBlocksIndex = v_ptr32()
     self.PseudoTagEntries = v_ptr32()
     self.FreeLists = vstruct.VArray([ListEntry() for i in range(128)])
     self.LockVariable = v_uint32()
     self.CommitRoutine = v_ptr32()
     self.FrontEndHeap = v_ptr32()
     self.FrontEndHeapLockCount = v_uint16()
     self.FrontEndHeapType = v_uint8()
     self.LastSegmentIndex = v_uint8()
Beispiel #8
0
    def __init__(self):
        vstruct.VStruct.__init__(self)
        self.magic = v_uint32(bigend=True)
        self.minor_versino = v_uint16(bigend=True)
        self.major_version = v_uint16(bigend=True)

        self.const_pool_cnt = v_uint16(bigend=True)
        self.const_pool = vstruct.VArray()

        self.access_flags = v_uint16(bigend=True)
        self.this_class = v_uint16(bigend=True)
        self.super_class = v_uint16(bigend=True)

        self.interface_cnt = v_uint16(bigend=True)
        self.interfaces = vstruct.VArray()

        self.fields_cnt = v_uint16(bigend=True)
        self.fields = vstruct.VArray()

        self.methods_cnt = v_uint16(bigend=True)
        self.methods = vstruct.VArray()

        self.attributes_cnt = v_uint16(bigend=True)
        self.attributes = vstruct.VArray()
Beispiel #9
0
 def pcb_descsz(self):
     # padded to 4 byte alignment
     descct = ((self.descsz + 3) >> 2)
     elems = [v_uint32() for i in range(descct)]
     self.desc = vstruct.VArray(elems=elems)
Beispiel #10
0
 def __init__(self):
     vstruct.VStruct.__init__(self)
     self.InheritedAddressSpace = v_uint8()
     self.ReadImageFileExecOptions = v_uint8()
     self.BeingDebugged = v_uint8()
     self.SpareBool = v_uint8()
     self.Mutant = v_ptr32()
     self.ImageBaseAddress = v_ptr32()
     self.Ldr = v_ptr32()
     self.ProcessParameters = v_ptr32()
     self.SubSystemData = v_ptr32()
     self.ProcessHeap = v_ptr32()
     self.FastPebLock = v_ptr32()
     self.FastPebLockRoutine = v_ptr32()
     self.FastPebUnlockRoutine = v_ptr32()
     self.EnvironmentUpdateCount = v_uint32()
     self.KernelCallbackTable = v_ptr32()
     self.SystemReserved = v_uint32()
     self.AtlThunkSListPtr32 = v_ptr32()
     self.FreeList = v_ptr32()
     self.TlsExpansionCounter = v_uint32()
     self.TlsBitmap = v_ptr32()
     self.TlsBitmapBits = vstruct.VArray([v_uint32() for i in range(2)])
     self.ReadOnlySharedMemoryBase = v_ptr32()
     self.ReadOnlySharedMemoryHeap = v_ptr32()
     self.ReadOnlyStaticServerData = v_ptr32()
     self.AnsiCodePageData = v_ptr32()
     self.OemCodePageData = v_ptr32()
     self.UnicodeCaseTableData = v_ptr32()
     self.NumberOfProcessors = v_uint32()
     self.NtGlobalFlag = v_uint64()
     self.CriticalSectionTimeout = v_uint64()
     self.HeapSegmentReserve = v_uint32()
     self.HeapSegmentCommit = v_uint32()
     self.HeapDeCommitTotalFreeThreshold = v_uint32()
     self.HeapDeCommitFreeBlockThreshold = v_uint32()
     self.NumberOfHeaps = v_uint32()
     self.MaximumNumberOfHeaps = v_uint32()
     self.ProcessHeaps = v_ptr32()
     self.GdiSharedHandleTable = v_ptr32()
     self.ProcessStarterHelper = v_ptr32()
     self.GdiDCAttributeList = v_uint32()
     self.LoaderLock = v_ptr32()
     self.OSMajorVersion = v_uint32()
     self.OSMinorVersion = v_uint32()
     self.OSBuildNumber = v_uint16()
     self.OSCSDVersion = v_uint16()
     self.OSPlatformId = v_uint32()
     self.ImageSubsystem = v_uint32()
     self.ImageSubsystemMajorVersion = v_uint32()
     self.ImageSubsystemMinorVersion = v_uint32()
     self.ImageProcessAffinityMask = v_uint32()
     self.GdiHandleBuffer = vstruct.VArray([v_ptr32() for i in range(34)])
     self.PostProcessInitRoutine = v_ptr32()
     self.TlsExpansionBitmap = v_ptr32()
     self.TlsExpansionBitmapBits = vstruct.VArray(
         [v_uint32() for i in range(32)])
     self.SessionId = v_uint32()
     self.AppCompatFlags = v_uint64()
     self.AppCompatFlagsUser = v_uint64()
     self.pShimData = v_ptr32()
     self.AppCompatInfo = v_ptr32()
     self.CSDVersion = v_ptr32()
     self.UNKNOWN = v_uint32()
     self.ActivationContextData = v_ptr32()
     self.ProcessAssemblyStorageMap = v_ptr32()
     self.SystemDefaultActivationContextData = v_ptr32()
     self.SystemAssemblyStorageMap = v_ptr32()
     self.MinimumStackCommit = v_uint32()