[None, { "pEThread": [None, ["Pointer", dict(target="_ETHREAD")]], }], "tagHOOK": [ None, { "flags": [ None, [ "Flags", dict(bitmap=utils.MaskMapFromDefines(""" // 9/18/2011 // http://forum.sysinternals.com/enumerate-windows-hooks_topic23877.html#122641 #define HF_GLOBAL 0x0001 #define HF_ANSI 0x0002 #define HF_NEEDHC_SKIP 0x0004 #define HF_HUNG 0x0008 #define HF_HOOKFAULTED 0x0010 #define HF_NOPLAYBACKDELAY 0x0020 #define HF_WX86KNOWINDOWLL 0x0040 #define HF_DESTROYED 0x0080 // mask for valid flags #define HF_VALID 0x00FF """)) ] ], } ], "_HANDLEENTRY": [ None, { "pOwner": [None, ["Pointer", dict(target="tagTHREADINFO")]], "bFlags": [
"filedesc": [None, { # Defined here: # https://github.com/opensource-apple/xnu/blob/10.9/bsd/sys/filedesc.h#L113 "fd_ofileflags": [None, ["Pointer", dict( target="Array", target_args=dict( target="Flags", target_args=dict( target="unsigned char", maskmap=utils.MaskMapFromDefines(""" /* * Per-process open flags. */ #define UF_EXCLOSE 0x01 /* auto-close on exec */ #define UF_FORKCLOSE 0x02 /* auto-close on fork */ #define UF_RESERVED 0x04 /* open pending / in progress */ #define UF_CLOSING 0x08 /* close in progress */ #define UF_RESVWAIT 0x10 /* close in progress */ #define UF_INHERIT 0x20 /* "inherit-on-exec" */ """ ))))]], "fd_ofiles": [None, ["Pointer", dict( target="Array", target_args=dict( target="Pointer", count=lambda x: x.fd_lastfile, target_args=dict( target="fileproc" )
linux_overlay = { 'task_struct': [ None, { 'state': [ None, [ 'Flags', dict(maskmap=utils.MaskMapFromDefines(""" # From http://lxr.free-electrons.com/source/include/linux/sched.h#L207 #define TASK_RUNNING 0 #define TASK_INTERRUPTIBLE 1 #define TASK_UNINTERRUPTIBLE 2 #define TASK_STOPPED 4 #define TASK_TRACED 8 #define TASK_DEAD 64 #define TASK_WAKEKILL 128 #define TASK_WAKING 256 #define TASK_PARKED 512 #define TASK_STATE_MAX 1024 """)) ] ], 'exit_state': [ None, [ 'Flags', dict(maskmap=utils.MaskMapFromDefines(""" # From http://lxr.free-electrons.com/source/include/linux/sched.h#L207 /* in tsk->exit_state */
'Flags', dict(maskmap=utils.MaskMapFromDefines(""" http://lxr.free-electrons.com/source/include/linux/if.h?v=2.6.32#L31 /* Standard interface flags (netdevice->flags). */ 30 #define IFF_UP 0x1 /* interface is up */ 31 #define IFF_BROADCAST 0x2 /* broadcast address valid */ 32 #define IFF_DEBUG 0x4 /* turn on debugging */ 33 #define IFF_LOOPBACK 0x8 /* is a loopback net */ 34 #define IFF_POINTOPOINT 0x10 /* interface is has p-p link */ 35 #define IFF_NOTRAILERS 0x20 /* avoid use of trailers */ 36 #define IFF_RUNNING 0x40 /* interface RFC2863 OPER_UP */ 37 #define IFF_NOARP 0x80 /* no ARP protocol */ 38 #define IFF_PROMISC 0x100 /* receive all packets */ 39 #define IFF_ALLMULTI 0x200 /* receive all multicast packets*/ 40 41 #define IFF_MASTER 0x400 /* master of a load balancer */ 42 #define IFF_SLAVE 0x800 /* slave of a load balancer */ 43 44 #define IFF_MULTICAST 0x1000 /* Supports multicast */ 45 46 #define IFF_PORTSEL 0x2000 /* can set media type */ 47 #define IFF_AUTOMEDIA 0x4000 /* auto media select active */ 48 #define IFF_DYNAMIC 0x8000 /* dialup device with changing addresses*/ 49 50 #define IFF_LOWER_UP 0x10000 /* driver signals L1 up */ 51 #define IFF_DORMANT 0x20000 /* driver signals dormant */ 52 53 #define IFF_ECHO 0x40000 /* echo sent packets */ """)) ]