 |
miasm
Reverse engineering framework
|
|
miasm
Reverse engineering framework
|
Public Member Functions | |
| def | __init__ (self, minidump_str) |
| def | parse_content (self) |
| def | build_memory (self) |
| def | get (self, virt_start, virt_stop) |
Public Attributes | |
| modulelist | |
| memory64list | |
| memorylist | |
| memoryinfolist | |
| systeminfo | |
| streams | |
| threads | |
| memory | |
| minidumpHDR | |
Stand for a Minidump file Here is a few limitation: - only < 4GB Minidump are supported (LocationDescriptor handling) - only Stream relative to memory mapping are implemented Official description is available on MSDN: https://msdn.microsoft.com/en-us/library/ms680378(VS.85).aspx
| def miasm.loader.minidump_init.Minidump.__init__ | ( | self, | |
| minidump_str | |||
| ) |
| def miasm.loader.minidump_init.Minidump.build_memory | ( | self | ) |
Build an easier to use memory view based on ModuleList and Memory64List streams
| def miasm.loader.minidump_init.Minidump.get | ( | self, | |
| virt_start, | |||
| virt_stop | |||
| ) |
Return the content at the (virtual addresses) [virt_start:virt_stop]
| def miasm.loader.minidump_init.Minidump.parse_content | ( | self | ) |
Build structures corresponding to current content
| miasm.loader.minidump_init.Minidump.memory |
| miasm.loader.minidump_init.Minidump.memory64list |
| miasm.loader.minidump_init.Minidump.memoryinfolist |
| miasm.loader.minidump_init.Minidump.memorylist |
| miasm.loader.minidump_init.Minidump.minidumpHDR |
| miasm.loader.minidump_init.Minidump.modulelist |
| miasm.loader.minidump_init.Minidump.streams |
| miasm.loader.minidump_init.Minidump.systeminfo |
| miasm.loader.minidump_init.Minidump.threads |
1.8.20