def check_pe_headers(base, size):
update_modules_meta()
rv = rpc.CheckPEHeadersResult()
rv.pe_valid = False
mem = safe_read_chunked_memory_region_as_one(base, size)
if not mem:
print >> sys.stderr, 'unable to read memory: 0x%08X, size: 0x%08X' % (base, size)
return rv
mem = mem[1]
p = PEHelper(base, '', data=mem)
rv.pe_valid = p.parse_headers(True)
if not rv.pe_valid:
print >> sys.stderr, 'PE headers are invalid'
return rv
exports = p.get_exports()
for e in exports:
ex = rv.exps.add()
ex.ea = e['ea']
ex.ord = e['ord']
if e['name']:
ex.name = e['name']
sections = p.get_sections()
for sec in sections:
s = rv.sections.add()
s.name = sec['name']
s.va = sec['va']
s.v_size = sec['v_size']
s.raw = sec['raw']
s.raw_size = sec['raw_size']
s.characteristics = sec['ch']
return rv
def check_pe_headers(base, size):
update_modules_meta()
rv = rpc.CheckPEHeadersResult()
rv.pe_valid = False
mem = safe_read_chunked_memory_region_as_one(base, size)
if not mem:
print >> sys.stderr, "unable to read memory: 0x%08X, size: 0x%08X" % (base, size)
return rv
mem = mem[1]
p = PEHelper(base, "", data=mem)
rv.pe_valid = p.parse_headers(True)
if not rv.pe_valid:
print >> sys.stderr, "PE headers are invalid"
return rv
exports = p.get_exports()
for e in exports:
ex = rv.exps.add()
ex.ea = e["ea"]
ex.ord = e["ord"]
if e["name"]:
ex.name = e["name"]
sections = p.get_sections()
for sec in sections:
s = rv.sections.add()
s.name = sec["name"]
s.va = sec["va"]
s.v_size = sec["v_size"]
s.raw = sec["raw"]
s.raw_size = sec["raw_size"]
s.characteristics = sec["ch"]
return rv
