当前位置: 首页>>代码示例>>Python>>正文

Python obj.InvalidOffsetError方法代码示例

本文整理汇总了Python中volatility.obj.InvalidOffsetError方法的典型用法代码示例。如果您正苦于以下问题:Python obj.InvalidOffsetError方法的具体用法?Python obj.InvalidOffsetError怎么用?Python obj.InvalidOffsetError使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在volatility.obj的用法示例。


在下文中一共展示了obj.InvalidOffsetError方法的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。

示例1: find_shared_info

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import InvalidOffsetError [as 别名]
def find_shared_info(self):
        """Find this session's tagSHAREDINFO structure. 

        This structure is embedded in win32k's .data section, 
        (i.e. not in dynamically allocated memory). Thus we 
        iterate over each DWORD-aligned possibility and treat 
        it as a tagSHAREDINFO until the sanity checks are met. 
        """

        for chunk in self._section_chunks(".data"):
            # If the base of the value is paged
            if not chunk.is_valid():
                continue
            # Treat it as a shared info struct 
            shared_info = obj.Object("tagSHAREDINFO",
                offset = chunk.obj_offset, vm = self.obj_vm)
            # Sanity check it 
            try:
                if shared_info.is_valid():
                    return shared_info
            except obj.InvalidOffsetError:
                pass

        return obj.NoneObject("Cannot find win32k!gSharedInfo")
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:26,代码来源:win32k_core.py

示例2: valid

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import InvalidOffsetError [as 别名]
def valid(self, nt_header):
        """
        Check the sanity of export table fields.

        The RVAs cannot be larger than the module size. The function
        and name counts cannot be larger than 32K. 
        """
        try:
            return (self.AddressOfFunctions < nt_header.OptionalHeader.SizeOfImage and
                    self.AddressOfNameOrdinals < nt_header.OptionalHeader.SizeOfImage and
                    self.AddressOfNames < nt_header.OptionalHeader.SizeOfImage and
                    self.NumberOfFunctions < 0x7FFF and
                    self.NumberOfNames < 0x7FFF)
        except obj.InvalidOffsetError:
            return False
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:17,代码来源:pe_vtypes.py

示例3: __init__

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import InvalidOffsetError [as 别名]
def __init__(self, theType, offset, vm, **kwargs):
        try:
            obj.CType.__init__(self, theType, offset, vm, **kwargs)
        except obj.InvalidOffsetError:
            # The exception will be raised before this point,
            # so we must finish off the CType's __init__ ourselves
            self.__initialized = True
开发者ID:virtualrealitysystems,项目名称:aumfor,代码行数:9,代码来源:basic.py

示例4: valid

# 需要导入模块: from volatility import obj [as 别名]
# 或者: from volatility.obj import InvalidOffsetError [as 别名]
def valid(self, nt_header):
        """Check the validity of some fields"""
        try:
            return (self.OriginalFirstThunk != 0 and
                    self.OriginalFirstThunk < nt_header.OptionalHeader.SizeOfImage and
                    self.FirstThunk != 0 and
                    self.FirstThunk < nt_header.OptionalHeader.SizeOfImage and
                    self.Name < nt_header.OptionalHeader.SizeOfImage)
        except obj.InvalidOffsetError:
            return False
开发者ID:eset,项目名称:volatility-browserhooks,代码行数:12,代码来源:browserhooks.py


注:本文中的volatility.obj.InvalidOffsetError方法示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。