當前位置: 首頁>>代碼示例>>Python>>正文


Python obj.CType方法代碼示例

本文整理匯總了Python中volatility.obj.CType方法的典型用法代碼示例。如果您正苦於以下問題:Python obj.CType方法的具體用法?Python obj.CType怎麽用?Python obj.CType使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在volatility.obj的用法示例。


在下文中一共展示了obj.CType方法的10個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: gid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def gid(self):
        ret = self.members.get("gid")
        if ret is None:
            gid = self.cred.gid
            if hasattr(gid, 'counter'):
                ret = obj.Object("int", offset = gid.v(), vm = self.obj_vm)
            elif hasattr(gid, "val"):
                ret = gid.val
            else:
                ret = gid
        else:
            ret = self.m("gid")

        if type(ret) == obj.CType:
            ret = ret.v()

        return ret 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:19,代碼來源:linux.py

示例2: is_valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def is_valid(self):

        if not obj.CType.is_valid(self):
            return False

        if (self.Pcb.DirectoryTableBase == 0):
            return False

        if (self.Pcb.DirectoryTableBase % 0x20 != 0):
            return False

        list_head = self.ThreadListHead
        kernel = 0x80000000

        if (list_head.Flink < kernel) or (list_head.Blink < kernel):
            return False

        return True 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:20,代碼來源:windows.py

示例3: is_valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def is_valid(self):
        if not obj.CType.is_valid(self):
            return False

        # Added a semantic check to make sure the data is in a sound state. It's better
        # to catch it early.
        FileSize = self.FileSize.QuadPart
        ValidDataLength = self.ValidDataLength.QuadPart
        SectionSize = self.SectionSize.QuadPart
       
        # Corrupted values: Win2003SP0x86.vmem 
        if FileSize <= 0 or ValidDataLength <= 0:
            return False

        #print "SectionSize 0x%x < 0 or FileSize < 0x%x ValidDataLength 0x%x"%(SectionSize,FileSize,ValidDataLength)
        #if SectionSize < 0 or (FileSize < ValidDataLength):
        if SectionSize < 0 or ((FileSize < ValidDataLength) and (ValidDataLength != 0x7fffffffffffffff)):
            return False

        return True 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:22,代碼來源:dumpfiles.py

示例4: is_valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def is_valid(self):
        try:
            modified = self.ModifiedTime.v()
        except struct.error:
            modified = 0 
        try:
            mftaltered = self.MFTAlteredTime.v()
        except struct.error:
            mftaltered = 0 
        try:
            creation = self.CreationTime.v()
        except struct.error:
            creation = 0 
        try:
            accessed = self.FileAccessedTime.v()
        except struct.error:
            accessed = 0
        return obj.CType.is_valid(self) and (modified != 0 or mftaltered != 0 or \
                accessed != 0 or creation != 0) 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:21,代碼來源:mftparser.py

示例5: is_valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def is_valid(self):
        return obj.CType.is_valid(self) and self.AddressFamily in (AF_INET, AF_INET6) 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:4,代碼來源:netscan.py

示例6: is_valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def is_valid(self):
        return obj.CType.is_valid(self) and self.Signature == 0xeeffeeff 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:4,代碼來源:notepad.py

示例7: is_valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def is_valid(self):
        if (not obj.CType.is_valid(self) or
                not self.bucket_array.is_valid() or 
                not self.nbuckets == 64 or
                not self.nentries > 1):
            return False

        return True 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:10,代碼來源:bash_hash.py

示例8: __init__

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def __init__(self, is_header, name32, name64, theType, offset, vm, name = None, **kwargs):  
        self.name32 = name32
        self.name64 = name64
        self.elf_obj = None

        if is_header:
            self._init_cache(offset, vm)
        else:
            self.size_cache = -39

        obj.CType.__init__(self, theType, offset, vm, name, **kwargs) 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:13,代碼來源:elf.py

示例9: euid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def euid(self):
        ret = self.members.get("euid")
        if ret is None:
            ret = self.cred.euid
        else:
            ret = self.m("euid")

        if type(ret) == obj.CType:
            ret = ret.v()

        return ret 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:13,代碼來源:linux.py

示例10: __init__

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import CType [as 別名]
def __init__(self, is_header, name32, name64, theType, offset, vm, name = None, **kwargs):  
        self.name32 = name32
        self.name64 = name64
        self.macho_obj = None

        if is_header:
            self._init_cache(offset, vm)
        else:
            self.size_cache = -39

        obj.CType.__init__(self, theType, offset, vm, name, **kwargs) 
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:13,代碼來源:macho.py


注:本文中的volatility.obj.CType方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。