Classes
class	Context_AMD64

class	Context_x86

class	Enumeration

class	FixedFileInfo

class	FloatingSaveArea

class	LocationDescriptor

class	M128A

class	Memory64List

class	MemoryDescriptor

class	MemoryDescriptor64

class	MemoryInfo

class	MemoryInfoList

class	MemoryList

class	MinidumpHDR

class	MinidumpString

class	Module

class	ModuleList

class	Rva

class	StreamDirectory

class	SystemInfo

class	Thread

class	ThreadList

Variables
	minidumpType

	streamType

	memProtect

	contextFlags_x86

	contextFlags_AMD64

	processorArchitecture

Detailed Description

Constants and structures associated to Minidump format
Based on: http://amnesia.gtisc.gatech.edu/~moyix/minidump.py

Variable Documentation

◆ contextFlags_AMD64

miasm.loader.minidump.contextFlags_AMD64

Initial value:

 =  Enumeration({
     "CONTEXT_AMD64"               : 0x00100000,
     "CONTEXT_CONTROL"             : 0x00100001,
     "CONTEXT_INTEGER"             : 0x00100002,
     "CONTEXT_SEGMENTS"            : 0x00100004,
     "CONTEXT_FLOATING_POINT"      : 0x00100008,
     "CONTEXT_DEBUG_REGISTERS"     : 0x00100010,
     "CONTEXT_XSTATE"              : 0x00100020,
     "CONTEXT_EXCEPTION_ACTIVE"    : 0x08000000,
     "CONTEXT_SERVICE_ACTIVE"      : 0x10000000,
     "CONTEXT_EXCEPTION_REQUEST"   : 0x40000000,
     "CONTEXT_EXCEPTION_REPORTING" : 0x80000000,
 })

◆ contextFlags_x86

miasm.loader.minidump.contextFlags_x86

Initial value:

 =  Enumeration({
     "CONTEXT_i386"                : 0x00010000,
     "CONTEXT_CONTROL"             : 0x00010001,
     "CONTEXT_INTEGER"             : 0x00010002,
     "CONTEXT_SEGMENTS"            : 0x00010004,
     "CONTEXT_FLOATING_POINT"      : 0x00010008,
     "CONTEXT_DEBUG_REGISTERS"     : 0x00010010,
     "CONTEXT_EXTENDED_REGISTERS"  : 0x00010020,
 })

◆ memProtect

miasm.loader.minidump.memProtect

Initial value:

 =  Enumeration({
     # MEM PROTECT
     # https://msdn.microsoft.com/en-us/library/aa366786(v=vs.85).aspx
     "PAGE_NOACCESS"          : 0x0001,
     "PAGE_READONLY"          : 0x0002,
     "PAGE_READWRITE"         : 0x0004,
     "PAGE_WRITECOPY"         : 0x0008,
     "PAGE_EXECUTE"           : 0x0010,
     "PAGE_EXECUTE_READ"      : 0x0020,
     "PAGE_EXECUTE_READWRITE" : 0x0040,
     "PAGE_EXECUTE_WRITECOPY" : 0x0080,
     "PAGE_GUARD"             : 0x0100,
     "PAGE_NOCACHE"           : 0x0200,
     "PAGE_WRITECOMBINE"      : 0x0400,
 })

◆ minidumpType

miasm.loader.minidump.minidumpType

Initial value:

 =  Enumeration({
     # MINIDUMP_TYPE
     # https://msdn.microsoft.com/en-us/library/ms680519(v=vs.85).aspx
     "MiniDumpNormal"                          : 0x00000000,
     "MiniDumpWithDataSegs"                    : 0x00000001,
     "MiniDumpWithFullMemory"                  : 0x00000002,
     "MiniDumpWithHandleData"                  : 0x00000004,
     "MiniDumpFilterMemory"                    : 0x00000008,
     "MiniDumpScanMemory"                      : 0x00000010,
     "MiniDumpWithUnloadedModules"             : 0x00000020,
     "MiniDumpWithIndirectlyReferencedMemory"  : 0x00000040,
     "MiniDumpFilterModulePaths"               : 0x00000080,
     "MiniDumpWithProcessThreadData"           : 0x00000100,
     "MiniDumpWithPrivateReadWriteMemory"      : 0x00000200,
     "MiniDumpWithoutOptionalData"             : 0x00000400,
     "MiniDumpWithFullMemoryInfo"              : 0x00000800,
     "MiniDumpWithThreadInfo"                  : 0x00001000,
     "MiniDumpWithCodeSegs"                    : 0x00002000,
     "MiniDumpWithoutAuxiliaryState"           : 0x00004000,
     "MiniDumpWithFullAuxiliaryState"          : 0x00008000,
     "MiniDumpWithPrivateWriteCopyMemory"      : 0x00010000,
     "MiniDumpIgnoreInaccessibleMemory"        : 0x00020000,
     "MiniDumpWithTokenInformation"            : 0x00040000,
     "MiniDumpWithModuleHeaders"               : 0x00080000,
     "MiniDumpFilterTriage"                    : 0x00100000,
     "MiniDumpValidTypeFlags"                  : 0x001fffff,
 })

◆ processorArchitecture

miasm.loader.minidump.processorArchitecture

Initial value:

 =  Enumeration({
     "PROCESSOR_ARCHITECTURE_X86"       :  0,
     "PROCESSOR_ARCHITECTURE_MIPS"      :  1,
     "PROCESSOR_ARCHITECTURE_ALPHA"     :  2,
     "PROCESSOR_ARCHITECTURE_PPC"       :  3,
     "PROCESSOR_ARCHITECTURE_SHX"       :  4,
     "PROCESSOR_ARCHITECTURE_ARM"       :  5,
     "PROCESSOR_ARCHITECTURE_IA64"      :  6,
     "PROCESSOR_ARCHITECTURE_ALPHA64"   :  7,
     "PROCESSOR_ARCHITECTURE_MSIL"      :  8,
     "PROCESSOR_ARCHITECTURE_AMD64"     :  9,
     "PROCESSOR_ARCHITECTURE_X86_WIN64" : 10,
     "PROCESSOR_ARCHITECTURE_UNKNOWN"   : 0xffff,
 })

◆ streamType

miasm.loader.minidump.streamType

Initial value:

 =  Enumeration({
     # MINIDUMP_STREAM_TYPE
     # https://msdn.microsoft.com/en-us/library/ms680394(v=vs.85).aspx
     "UnusedStream"               : 0,
     "ReservedStream0"            : 1,
     "ReservedStream1"            : 2,
     "ThreadListStream"           : 3,
     "ModuleListStream"           : 4,
     "MemoryListStream"           : 5,
     "ExceptionStream"            : 6,
     "SystemInfoStream"           : 7,
     "ThreadExListStream"         : 8,
     "Memory64ListStream"         : 9,
     "CommentStreamA"             : 10,
     "CommentStreamW"             : 11,
     "HandleDataStream"           : 12,
     "FunctionTableStream"        : 13,
     "UnloadedModuleListStream"   : 14,
     "MiscInfoStream"             : 15,
     "MemoryInfoListStream"       : 16,
     "ThreadInfoListStream"       : 17,
     "HandleOperationListStream"  : 18,
     "LastReservedStream"         : 0xffff,
 })

Classes

Variables

Detailed Description

Variable Documentation

◆ contextFlags_AMD64

◆ contextFlags_x86

◆ memProtect

◆ minidumpType

◆ processorArchitecture

◆ streamType