當前位置: 首頁>>代碼示例>>Python>>正文

Python obj.InvalidOffsetError方法代碼示例

本文整理匯總了Python中volatility.obj.InvalidOffsetError方法的典型用法代碼示例。如果您正苦於以下問題:Python obj.InvalidOffsetError方法的具體用法?Python obj.InvalidOffsetError怎麽用?Python obj.InvalidOffsetError使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在volatility.obj的用法示例。


在下文中一共展示了obj.InvalidOffsetError方法的4個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。

示例1: find_shared_info

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import InvalidOffsetError [as 別名]
def find_shared_info(self):
        """Find this session's tagSHAREDINFO structure. 

        This structure is embedded in win32k's .data section, 
        (i.e. not in dynamically allocated memory). Thus we 
        iterate over each DWORD-aligned possibility and treat 
        it as a tagSHAREDINFO until the sanity checks are met. 
        """

        for chunk in self._section_chunks(".data"):
            # If the base of the value is paged
            if not chunk.is_valid():
                continue
            # Treat it as a shared info struct 
            shared_info = obj.Object("tagSHAREDINFO",
                offset = chunk.obj_offset, vm = self.obj_vm)
            # Sanity check it 
            try:
                if shared_info.is_valid():
                    return shared_info
            except obj.InvalidOffsetError:
                pass

        return obj.NoneObject("Cannot find win32k!gSharedInfo")
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:26,代碼來源:win32k_core.py

示例2: valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import InvalidOffsetError [as 別名]
def valid(self, nt_header):
        """
        Check the sanity of export table fields.

        The RVAs cannot be larger than the module size. The function
        and name counts cannot be larger than 32K. 
        """
        try:
            return (self.AddressOfFunctions < nt_header.OptionalHeader.SizeOfImage and
                    self.AddressOfNameOrdinals < nt_header.OptionalHeader.SizeOfImage and
                    self.AddressOfNames < nt_header.OptionalHeader.SizeOfImage and
                    self.NumberOfFunctions < 0x7FFF and
                    self.NumberOfNames < 0x7FFF)
        except obj.InvalidOffsetError:
            return False
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:17,代碼來源:pe_vtypes.py

示例3: __init__

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import InvalidOffsetError [as 別名]
def __init__(self, theType, offset, vm, **kwargs):
        try:
            obj.CType.__init__(self, theType, offset, vm, **kwargs)
        except obj.InvalidOffsetError:
            # The exception will be raised before this point,
            # so we must finish off the CType's __init__ ourselves
            self.__initialized = True
開發者ID:virtualrealitysystems,項目名稱:aumfor,代碼行數:9,代碼來源:basic.py

示例4: valid

# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import InvalidOffsetError [as 別名]
def valid(self, nt_header):
        """Check the validity of some fields"""
        try:
            return (self.OriginalFirstThunk != 0 and
                    self.OriginalFirstThunk < nt_header.OptionalHeader.SizeOfImage and
                    self.FirstThunk != 0 and
                    self.FirstThunk < nt_header.OptionalHeader.SizeOfImage and
                    self.Name < nt_header.OptionalHeader.SizeOfImage)
        except obj.InvalidOffsetError:
            return False
開發者ID:eset,項目名稱:volatility-browserhooks,代碼行數:12,代碼來源:browserhooks.py


注:本文中的volatility.obj.InvalidOffsetError方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台,相關代碼片段篩選自各路編程大神貢獻的開源項目,源碼版權歸原作者所有,傳播和使用請參考對應項目的License;未經允許,請勿轉載。