Пример #1
0
 def checkSmallInt(self, structure, bytes, offset, endianess='<'):
     """ check for small value in signed and unsigned forms """
     val = unpackWord(
         bytes[
             offset:offset +
             self.config.get_word_size()],
         endianess)
     # print endianess, val
     if val < 0xffff:
         field = Field(
             structure,
             offset,
             FieldType.SMALLINT,
             self.config.get_word_size(),
             False)
         field.value = val
         field.endianess = endianess
         return field
     # check signed int
     elif ((2 ** (self.config.get_word_size() * 8) - 0xffff) < val):
         field = Field(
             structure,
             offset,
             FieldType.SIGNED_SMALLINT,
             self.config.get_word_size(),
             False)
         field.value = val
         field.endianess = endianess
         return field
     return None
Пример #2
0
 def make_fields(self, structure, offset, size):
   # iterate on all offsets . NOT assert( size == Config.WORDSIZE)
   assert( offset%Config.WORDSIZE == 0 ) #vaddr and offset should be aligned
   log.debug('checking Pointer')
   bytes = structure.bytes
   fields = []
   while size >= Config.WORDSIZE:
     value = unpackWord(bytes[offset:offset+Config.WORDSIZE])
     # check if pointer value is in range of mappings and set self.comment to pathname value of pointer
     # TODO : if bytes 1 & 3 == \x00, maybe utf16 string
     if value not in structure._mappings:
       size -= Config.WORDSIZE
       offset += Config.WORDSIZE
       continue
     # we have a pointer
     log.debug('checkPointer offset:%s value:%s'%(offset, hex(value)))
     field = PointerField(structure, offset, FieldType.POINTER, Config.WORDSIZE, False)  
     field.value = value
     # TODO: leverage the context._function_names 
     if value in structure._context._function_names :
       field.comment = ' %s::%s'%(os.path.basename(structure._mappings.getMmapForAddr(value).pathname), 
                   structure._context._function_names[value])
     else:
       field.comment = structure._mappings.getMmapForAddr(value).pathname 
     fields.append(field)
     size -= Config.WORDSIZE
     offset += Config.WORDSIZE
   return fields
Пример #3
0
 def test_unpackWord(self):
     # 64b
     types.reload_ctypes(8, 8, 16)
     one = b'\x01' + 7 * b'\x00'
     x = utils.unpackWord(one)
     self.assertEquals(x, 1)
     # 32b
     types.reload_ctypes(4, 4, 8)
     one32 = b'\x01' + 3 * b'\x00'
     x = utils.unpackWord(one32)
     self.assertEquals(x, 1)
     pass
     # endianness
     two32 = 3 * b'\x00' + '\x02'
     x = utils.unpackWord(two32, '>')
     self.assertEquals(x, 2)
     pass
Пример #4
0
 def checkSmallInt(self, structure, bytes, offset, endianess='<'):
   ''' check for small value in signed and unsigned forms '''
   val = unpackWord(bytes[offset:offset+Config.WORDSIZE], endianess)
   #print endianess, val
   if val < 0xffff:
     field = Field(structure, offset, FieldType.SMALLINT, Config.WORDSIZE, False)
     field.value = val
     field.endianess = endianess
     return field
   elif ( (2**(Config.WORDSIZE*8) - 0xffff) < val): # check signed int
     field = Field(structure, offset, FieldType.SIGNED_SMALLINT, Config.WORDSIZE, False)
     field.value = val
     field.endianess = endianess
     return field
   return None