本文整理汇总了Python中volatility.obj.CType方法的典型用法代码示例。如果您正苦于以下问题:Python obj.CType方法的具体用法?Python obj.CType怎么用?Python obj.CType使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类volatility.obj的用法示例。
在下文中一共展示了obj.CType方法的10个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: gid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def gid(self):
ret = self.members.get("gid")
if ret is None:
gid = self.cred.gid
if hasattr(gid, 'counter'):
ret = obj.Object("int", offset = gid.v(), vm = self.obj_vm)
elif hasattr(gid, "val"):
ret = gid.val
else:
ret = gid
else:
ret = self.m("gid")
if type(ret) == obj.CType:
ret = ret.v()
return ret 示例2: is_valid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def is_valid(self):
if not obj.CType.is_valid(self):
return False
if (self.Pcb.DirectoryTableBase == 0):
return False
if (self.Pcb.DirectoryTableBase % 0x20 != 0):
return False
list_head = self.ThreadListHead
kernel = 0x80000000
if (list_head.Flink < kernel) or (list_head.Blink < kernel):
return False
return True 示例3: is_valid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def is_valid(self):
if not obj.CType.is_valid(self):
return False
# Added a semantic check to make sure the data is in a sound state. It's better
# to catch it early.
FileSize = self.FileSize.QuadPart
ValidDataLength = self.ValidDataLength.QuadPart
SectionSize = self.SectionSize.QuadPart
# Corrupted values: Win2003SP0x86.vmem
if FileSize <= 0 or ValidDataLength <= 0:
return False
#print "SectionSize 0x%x < 0 or FileSize < 0x%x ValidDataLength 0x%x"%(SectionSize,FileSize,ValidDataLength)
#if SectionSize < 0 or (FileSize < ValidDataLength):
if SectionSize < 0 or ((FileSize < ValidDataLength) and (ValidDataLength != 0x7fffffffffffffff)):
return False
return True 示例4: is_valid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def is_valid(self):
try:
modified = self.ModifiedTime.v()
except struct.error:
modified = 0
try:
mftaltered = self.MFTAlteredTime.v()
except struct.error:
mftaltered = 0
try:
creation = self.CreationTime.v()
except struct.error:
creation = 0
try:
accessed = self.FileAccessedTime.v()
except struct.error:
accessed = 0
return obj.CType.is_valid(self) and (modified != 0 or mftaltered != 0 or \
accessed != 0 or creation != 0) 示例5: is_valid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def is_valid(self):
return obj.CType.is_valid(self) and self.AddressFamily in (AF_INET, AF_INET6) 示例6: is_valid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def is_valid(self):
return obj.CType.is_valid(self) and self.Signature == 0xeeffeeff 示例7: is_valid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def is_valid(self):
if (not obj.CType.is_valid(self) or
not self.bucket_array.is_valid() or
not self.nbuckets == 64 or
not self.nentries > 1):
return False
return True 示例8: __init__
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def __init__(self, is_header, name32, name64, theType, offset, vm, name = None, **kwargs):
self.name32 = name32
self.name64 = name64
self.elf_obj = None
if is_header:
self._init_cache(offset, vm)
else:
self.size_cache = -39
obj.CType.__init__(self, theType, offset, vm, name, **kwargs) 示例9: euid
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def euid(self):
ret = self.members.get("euid")
if ret is None:
ret = self.cred.euid
else:
ret = self.m("euid")
if type(ret) == obj.CType:
ret = ret.v()
return ret 示例10: __init__
# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import CType [as 别名]
def __init__(self, is_header, name32, name64, theType, offset, vm, name = None, **kwargs):
self.name32 = name32
self.name64 = name64
self.macho_obj = None
if is_header:
self._init_cache(offset, vm)
else:
self.size_cache = -39
obj.CType.__init__(self, theType, offset, vm, name, **kwargs)