def read_unicode_str_va(self, vaddr, pid): value = lib.vmi_read_unicode_str_va(self.vmi, vaddr, pid) if value == ffi.NULL: raise LibvmiError('VMI_FAILURE') encoding = ffi.string(value.encoding).decode() buffer = ffi.string(value.contents, value.length) self.free_unicode_str(value) return buffer.decode(encoding)
def read_ksym(self, symbol, count): buffer = ffi.new("char[]", count) bytes_read = ffi.new("size_t *") status = lib.vmi_read_ksym(self.vmi, symbol.encode(), count, buffer, bytes_read) check(status) # transform into Python bytes buffer = ffi.string(buffer, bytes_read[0]) return (buffer, bytes_read[0])
def get_winver_str(self): value = lib.vmi_get_winver_str(self.vmi) if value == ffi.NULL: raise LibvmiError('VMI_FAILURE') return ffi.string(value).decode()
def read_str_pa(self, paddr): value = lib.vmi_read_str_pa(self.vmi, paddr) if value == ffi.NULL: raise LibvmiError('VMI_FAILURE') return ffi.string(value).decode()
def read_str(self, ctx): value = lib.vmi_read_str_va(self.vmi, ctx.to_ffi()) if value == ffi.NULL: raise LibvmiError('VMI_FAILURE') return ffi.string(value).decode()
def translate_v2ksym(self, ctx, addr): symbol = lib.vmi_translate_v2ksym(self.vmi, ctx.to_ffi(), addr) if symbol == ffi.NULL: raise LibvmiError('VMI_FAILURE') return ffi.string(symbol).decode()
def get_rekall_path(self): value = lib.vmi_get_rekall_path(self.vmi) if value == ffi.NULL: return None return ffi.string(value).decode()