def parse(buff):
md = MINIDUMP_MEMORY_DESCRIPTOR()
md.StartOfMemoryRange = unpack(buff.read(8))
if md.StartOfMemoryRange < 0x100000000:
md.Memory = MINIDUMP_LOCATION_DESCRIPTOR.parse(buff)
else:
md.Memory = MINIDUMP_LOCATION_DESCRIPTOR64.parse(buff)
return md
def parse(buff):
mm = MINIDUMP_MODULE()
mm.BaseOfImage = unpack(buff.read(8))
mm.SizeOfImage = unpack(buff.read(4))
mm.CheckSum = unpack(buff.read(4))
mm.TimeDateStamp = unpack(buff.read(4))
mm.ModuleNameRva = unpack(buff.read(4))
mm.VersionInfo = VS_FIXEDFILEINFO.parse(buff)
mm.CvRecord = MINIDUMP_LOCATION_DESCRIPTOR.parse(buff)
mm.MiscRecord = MINIDUMP_LOCATION_DESCRIPTOR.parse(buff)
mm.Reserved0 = unpack(buff.read(8))
mm.Reserved1 = unpack(buff.read(8))
return mm
def parse(buff):
vf = VS_FIXEDFILEINFO()
vf.dwSignature = unpack(buff.read(4))
vf.dwStrucVersion = unpack(buff.read(4))
vf.dwFileVersionMS = unpack(buff.read(4))
vf.dwFileVersionLS = unpack(buff.read(4))
vf.dwProductVersionMS = unpack(buff.read(4))
vf.dwProductVersionLS = unpack(buff.read(4))
vf.dwFileFlagsMask = unpack(buff.read(4))
vf.dwFileFlags = unpack(buff.read(4))
vf.dwFileOS = unpack(buff.read(4))
vf.dwFileType = unpack(buff.read(4))
vf.dwFileSubtype = unpack(buff.read(4))
vf.dwFileDateMS = unpack(buff.read(4))
vf.dwFileDateLS = unpack(buff.read(4))
return vf
def parse(buff):
mml = MINIDUMP_MODULE_LIST()
mml.NumberOfModules = unpack(buff.read(4))
for i in range(mml.NumberOfModules):
mml.Modules.append(MINIDUMP_MODULE.parse(buff))
return mml
def parse(buff):
mml = MINIDUMP_MEMORY_LIST()
mml.NumberOfModules = unpack(buff.read(4))
for i in range(mml.NumberOfModules):
mml.MemoryRanges.append(MINIDUMP_MEMORY_DESCRIPTOR.parse(buff))
return mml