def __init__(self): vstruct.VStruct.__init__(self) self.Magic = v_bytes(2) self.MajorLinkerVersion = v_uint8() self.MinorLinkerVersion = v_uint8() self.SizeOfCode = v_uint32() self.SizeOfInitializedData = v_uint32() self.SizeOfUninitializedData = v_uint32() self.AddressOfEntryPoint = v_uint32() self.BaseOfCode = v_uint32() self.ImageBase = v_uint64() self.SectionAlignment = v_uint32() self.FileAlignment = v_uint32() self.MajorOperatingSystemVersion = v_uint16() self.MinorOperatingSystemVersion = v_uint16() self.MajorImageVersion = v_uint16() self.MinorImageVersion = v_uint16() self.MajorSubsystemVersion = v_uint16() self.MinorSubsystemVersion = v_uint16() self.Win32VersionValue = v_uint32() self.SizeOfImage = v_uint32() self.SizeOfHeaders = v_uint32() self.CheckSum = v_uint32() self.Subsystem = v_uint16() self.DllCharacteristics = v_uint16() self.SizeOfStackReserve = v_uint64() self.SizeOfStackCommit = v_uint64() self.SizeOfHeapReserve = v_uint64() self.SizeOfHeapCommit = v_uint64() self.LoaderFlags = v_uint32() self.NumberOfRvaAndSizes = v_uint32() self.DataDirectory = vstruct.VArray([IMAGE_DATA_DIRECTORY() for i in range(16)])
def __init__(self, bigend=False): vstruct.VStruct.__init__(self) self.namesz = v_uint32(bigend=bigend) self.descsz = v_uint32(bigend=bigend) self.ntype = v_uint32(bigend=bigend) self.name = v_bytes() self.desc = vstruct.VArray()
def __init__(self): vstruct.VStruct.__init__(self) self.access_flags = v_uint16(bigend=True) self.name_index = v_uint16(bigend=True) self.descriptor_index = v_uint16(bigend=True) self.attributes_count = v_uint16(bigend=True) self.attributes = vstruct.VArray()
def c_getVsArray(self, ardecl): cls, size = self._getVsChildElements(ardecl) # Special case char arrays into v_bytes if cls == vs_prim.v_int8: return lambda: vs_prim.v_str(size=size) return lambda: vstruct.VArray([cls() for i in range(size)])
def __init__(self): vstruct.VStruct.__init__(self) self.TIB = NT_TIB() self.EnvironmentPointer = v_ptr32() self.ClientId = CLIENT_ID() self.ActiveRpcHandle = v_ptr32() self.ThreadLocalStorage = v_ptr32() self.ProcessEnvironmentBlock = v_ptr32() self.LastErrorValue = v_uint32() self.CountOfOwnedCriticalSections = v_uint32() self.CsrClientThread = v_ptr32() self.Win32ThreadInfo = v_ptr32() self.User32Reserved = vstruct.VArray([v_uint32() for i in range(26)]) self.UserReserved = vstruct.VArray([v_uint32() for i in range(5)]) self.WOW32Reserved = v_ptr32() self.CurrentLocale = v_uint32() self.FpSoftwareStatusRegister = v_uint32()
def __init__(self): vstruct.VStruct.__init__(self) self.e_magic = v_uint16() self.e_cblp = v_uint16() self.e_cp = v_uint16() self.e_crlc = v_uint16() self.e_cparhdr = v_uint16() self.e_minalloc = v_uint16() self.e_maxalloc = v_uint16() self.e_ss = v_uint16() self.e_sp = v_uint16() self.e_csum = v_uint16() self.e_ip = v_uint16() self.e_cs = v_uint16() self.e_lfarlc = v_uint16() self.e_ovno = v_uint16() self.e_res = vstruct.VArray([v_uint16() for i in range(4)]) self.e_oemid = v_uint16() self.e_oeminfo = v_uint16() self.e_res2 = vstruct.VArray([v_uint16() for i in range(10)]) self.e_lfanew = v_uint32()
def __init__(self): vstruct.VStruct.__init__(self) self.Entry = HEAP_ENTRY() self.Signature = v_uint32() self.Flags = v_uint32() self.ForceFlags = v_uint32() self.VirtualMemoryThreshold = v_uint32() self.SegmentReserve = v_uint32() self.SegmentCommit = v_uint32() self.DeCommitFreeBlockThreshold = v_uint32() self.DeCommitTotalFreeThreshold = v_uint32() self.TotalFreeSize = v_uint32() self.MaximumAllocationSize = v_uint32() self.ProcessHeapsListIndex = v_uint16() self.HeaderValidateLength = v_uint16() self.HeaderValidateCopy = v_ptr32() self.NextAvailableTagIndex = v_uint16() self.MaximumTagIndex = v_uint16() self.TagEntries = v_ptr32() self.UCRSegments = v_ptr32() self.UnusedUnCommittedRanges = v_ptr32() self.AlignRound = v_uint32() self.AlignMask = v_uint32() self.VirtualAllocBlocks = ListEntry() self.Segments = vstruct.VArray([v_uint32() for i in range(64)]) self.u = vstruct.VArray([v_uint8() for i in range(16)]) self.u2 = vstruct.VArray([v_uint8() for i in range(2)]) self.AllocatorBackTraceIndex = v_uint16() self.NonDedicatedListLength = v_uint32() self.LargeBlocksIndex = v_ptr32() self.PseudoTagEntries = v_ptr32() self.FreeLists = vstruct.VArray([ListEntry() for i in range(128)]) self.LockVariable = v_uint32() self.CommitRoutine = v_ptr32() self.FrontEndHeap = v_ptr32() self.FrontEndHeapLockCount = v_uint16() self.FrontEndHeapType = v_uint8() self.LastSegmentIndex = v_uint8()
def __init__(self): vstruct.VStruct.__init__(self) self.magic = v_uint32(bigend=True) self.minor_versino = v_uint16(bigend=True) self.major_version = v_uint16(bigend=True) self.const_pool_cnt = v_uint16(bigend=True) self.const_pool = vstruct.VArray() self.access_flags = v_uint16(bigend=True) self.this_class = v_uint16(bigend=True) self.super_class = v_uint16(bigend=True) self.interface_cnt = v_uint16(bigend=True) self.interfaces = vstruct.VArray() self.fields_cnt = v_uint16(bigend=True) self.fields = vstruct.VArray() self.methods_cnt = v_uint16(bigend=True) self.methods = vstruct.VArray() self.attributes_cnt = v_uint16(bigend=True) self.attributes = vstruct.VArray()
def pcb_descsz(self): # padded to 4 byte alignment descct = ((self.descsz + 3) >> 2) elems = [v_uint32() for i in range(descct)] self.desc = vstruct.VArray(elems=elems)
def __init__(self): vstruct.VStruct.__init__(self) self.InheritedAddressSpace = v_uint8() self.ReadImageFileExecOptions = v_uint8() self.BeingDebugged = v_uint8() self.SpareBool = v_uint8() self.Mutant = v_ptr32() self.ImageBaseAddress = v_ptr32() self.Ldr = v_ptr32() self.ProcessParameters = v_ptr32() self.SubSystemData = v_ptr32() self.ProcessHeap = v_ptr32() self.FastPebLock = v_ptr32() self.FastPebLockRoutine = v_ptr32() self.FastPebUnlockRoutine = v_ptr32() self.EnvironmentUpdateCount = v_uint32() self.KernelCallbackTable = v_ptr32() self.SystemReserved = v_uint32() self.AtlThunkSListPtr32 = v_ptr32() self.FreeList = v_ptr32() self.TlsExpansionCounter = v_uint32() self.TlsBitmap = v_ptr32() self.TlsBitmapBits = vstruct.VArray([v_uint32() for i in range(2)]) self.ReadOnlySharedMemoryBase = v_ptr32() self.ReadOnlySharedMemoryHeap = v_ptr32() self.ReadOnlyStaticServerData = v_ptr32() self.AnsiCodePageData = v_ptr32() self.OemCodePageData = v_ptr32() self.UnicodeCaseTableData = v_ptr32() self.NumberOfProcessors = v_uint32() self.NtGlobalFlag = v_uint64() self.CriticalSectionTimeout = v_uint64() self.HeapSegmentReserve = v_uint32() self.HeapSegmentCommit = v_uint32() self.HeapDeCommitTotalFreeThreshold = v_uint32() self.HeapDeCommitFreeBlockThreshold = v_uint32() self.NumberOfHeaps = v_uint32() self.MaximumNumberOfHeaps = v_uint32() self.ProcessHeaps = v_ptr32() self.GdiSharedHandleTable = v_ptr32() self.ProcessStarterHelper = v_ptr32() self.GdiDCAttributeList = v_uint32() self.LoaderLock = v_ptr32() self.OSMajorVersion = v_uint32() self.OSMinorVersion = v_uint32() self.OSBuildNumber = v_uint16() self.OSCSDVersion = v_uint16() self.OSPlatformId = v_uint32() self.ImageSubsystem = v_uint32() self.ImageSubsystemMajorVersion = v_uint32() self.ImageSubsystemMinorVersion = v_uint32() self.ImageProcessAffinityMask = v_uint32() self.GdiHandleBuffer = vstruct.VArray([v_ptr32() for i in range(34)]) self.PostProcessInitRoutine = v_ptr32() self.TlsExpansionBitmap = v_ptr32() self.TlsExpansionBitmapBits = vstruct.VArray([v_uint32() for i in range(32)]) self.SessionId = v_uint32() self.AppCompatFlags = v_uint64() self.AppCompatFlagsUser = v_uint64() self.pShimData = v_ptr32() self.AppCompatInfo = v_ptr32() self.CSDVersion = v_ptr32() self.UNKNOWN = v_uint32() self.ActivationContextData = v_ptr32() self.ProcessAssemblyStorageMap = v_ptr32() self.SystemDefaultActivationContextData = v_ptr32() self.SystemAssemblyStorageMap = v_ptr32() self.MinimumStackCommit = v_uint32()