def read_unicode_str_va(self, vaddr, pid):
value = lib.vmi_read_unicode_str_va(self.vmi, vaddr, pid)
if value == ffi.NULL:
raise LibvmiError('VMI_FAILURE')
encoding = ffi.string(value.encoding).decode()
buffer = ffi.string(value.contents, value.length)
self.free_unicode_str(value)
return buffer.decode(encoding)
def read_ksym(self, symbol, count):
buffer = ffi.new("char[]", count)
bytes_read = ffi.new("size_t *")
status = lib.vmi_read_ksym(self.vmi, symbol.encode(), count, buffer,
bytes_read)
check(status)
# transform into Python bytes
buffer = ffi.string(buffer, bytes_read[0])
return (buffer, bytes_read[0])
def get_winver_str(self):
value = lib.vmi_get_winver_str(self.vmi)
if value == ffi.NULL:
raise LibvmiError('VMI_FAILURE')
return ffi.string(value).decode()
def read_str_pa(self, paddr):
value = lib.vmi_read_str_pa(self.vmi, paddr)
if value == ffi.NULL:
raise LibvmiError('VMI_FAILURE')
return ffi.string(value).decode()
def read_str(self, ctx):
value = lib.vmi_read_str_va(self.vmi, ctx.to_ffi())
if value == ffi.NULL:
raise LibvmiError('VMI_FAILURE')
return ffi.string(value).decode()
def translate_v2ksym(self, ctx, addr):
symbol = lib.vmi_translate_v2ksym(self.vmi, ctx.to_ffi(), addr)
if symbol == ffi.NULL:
raise LibvmiError('VMI_FAILURE')
return ffi.string(symbol).decode()
def get_rekall_path(self):
value = lib.vmi_get_rekall_path(self.vmi)
if value == ffi.NULL:
return None
return ffi.string(value).decode()
