miasm
Reverse engineering framework
Public Member Functions | Static Public Attributes | List of all members
miasm.core.types.MemStruct Class Reference
Inheritance diagram for miasm.core.types.MemStruct:
Inheritance graph
[legend]
Collaboration diagram for miasm.core.types.MemStruct:
Collaboration graph
[legend]

Public Member Functions

def get_addr (self, field_name=None)
 
def get_offset (cls, field_name)
 
def get_field (self, name)
 
def set_field (self, name, val)
 
def cast_field (self, field, other_type)
 
def gen_fields (cls, fields=None)
 
def __repr__ (self)
 
- Public Member Functions inherited from miasm.core.types._MetaMemStruct
def __init__ (cls, name, bases, dct)
 
- Public Member Functions inherited from miasm.core.types.MemType
def __init__ (self, vm, addr=None, type_=None)
 
def alloc (cls, vm, size)
 
def set_allocator (cls, alloc_func)
 
def get_type (cls)
 
def sizeof (cls)
 
def get_size (self)
 
def memset (self, byte=b'\x00')
 
def cast (self, other_type)
 
def cast_field (self, field, other_type, *type_args, **type_kwargs)
 
def raw (self)
 
def __len__ (self)
 
def __str__ (self)
 
def __bytes__ (self)
 
def __eq__ (self, other)
 
def __ne__ (self, other)
 

Static Public Attributes

 fields = None
 
- Static Public Attributes inherited from miasm.core.types.MemType
 allocator = None
 

Additional Inherited Members

- Public Attributes inherited from miasm.core.types._MetaMemStruct
 fields
 

Detailed Description

Base class to easily implement VmMngr backed C-like structures in miasm.
Represents a structure in virtual memory.

The mechanism is the following:
    - set a "fields" class field to be a list of
      (<field_name (str)>, <Type_subclass_instance>)
    - instances of this class will have properties to interact with these
      fields.

Example:
    class MyStruct(MemStruct):
        fields = [
            # Scalar field: just struct.pack field with one value
            ("num", Num("I")),
            ("flags", Num("B")),
            # Ptr fields contain two fields: "val", for the numerical value,
            # and "deref" to get the pointed object
            ("other", Ptr("I", OtherStruct)),
            # Ptr to a variable length String
            ("s", Ptr("I", Str())),
            ("i", Ptr("I", Num("I"))),
        ]

    mstruct = MyStruct(vm, addr)

    # Field assignment modifies virtual memory
    mstruct.num = 3
    assert mstruct.num == 3
    memval = struct.unpack("I", vm.get_mem(mstruct.get_addr(),
                                                  4))[0]
    assert memval == mstruct.num

    # Memset sets the whole structure
    mstruct.memset()
    assert mstruct.num == 0
    mstruct.memset('\x11')
    assert mstruct.num == 0x11111111

    other = OtherStruct(vm, addr2)
    mstruct.other = other.get_addr()
    assert mstruct.other.val == other.get_addr()
    assert mstruct.other.deref == other
    assert mstruct.other.deref.foo == 0x1234

Note that:
    MyStruct = Struct("MyStruct", <same fields>).lval
is equivalent to the previous MyStruct declaration.

See the various Type-s doc for more information. See MemStruct.gen_fields
doc for more information on how to handle recursive types and cyclic
dependencies.

Member Function Documentation

◆ __repr__()

def miasm.core.types.MemStruct.__repr__ (   self)

Reimplemented from miasm.core.types.MemType.

Reimplemented in miasm.core.types.MemSelf.

Here is the call graph for this function:

◆ cast_field()

def miasm.core.types.MemStruct.cast_field (   self,
  field,
  other_type 
) 
In this implementation, @field is a field name
Here is the call graph for this function:

◆ gen_fields()

def miasm.core.types.MemStruct.gen_fields (   cls,
  fields = None 
) 
Generate the fields of this class (so that they can be accessed with
self.<field_name>) from a @fields list, as described in the class doc.

Useful in case of a type cyclic dependency. For example, the following
is not possible in python:

    class A(MemStruct):
        fields = [("b", Ptr("I", B))]

    class B(MemStruct):
        fields = [("a", Ptr("I", A))]

With gen_fields, the following is the legal equivalent:

    class A(MemStruct):
        pass

    class B(MemStruct):
        fields = [("a", Ptr("I", A))]

    A.gen_fields([("b", Ptr("I", B))])
Here is the call graph for this function:

◆ get_addr()

def miasm.core.types.MemStruct.get_addr (   self,
  field_name = None 
) 
@field_name: (str, optional) the name of the field to get the
    address of

Reimplemented from miasm.core.types.MemType.

Here is the call graph for this function:

◆ get_field()

def miasm.core.types.MemStruct.get_field (   self,
  name 
) 
Get a field value by name.

useless most of the time since fields are accessible via self.<name>.
Here is the call graph for this function:
Here is the caller graph for this function:

◆ get_offset()

def miasm.core.types.MemStruct.get_offset (   cls,
  field_name 
) 
Shorthand for self.get_type().get_offset(field_name).
Here is the call graph for this function:
Here is the caller graph for this function:

◆ set_field()

def miasm.core.types.MemStruct.set_field (   self,
  name,
  val 
) 
Set a field value by name. @val is the python value corresponding to
this field type.

useless most of the time since fields are accessible via self.<name>.
Here is the call graph for this function:
Here is the caller graph for this function:

Member Data Documentation

◆ fields

miasm.core.types.MemStruct.fields = None
static
The documentation for this class was generated from the following file: