本文整理匯總了Python中volatility.obj.NativeType方法的典型用法代碼示例。如果您正苦於以下問題:Python obj.NativeType方法的具體用法?Python obj.NativeType怎麽用?Python obj.NativeType使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類volatility.obj的用法示例。
在下文中一共展示了obj.NativeType方法的8個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: get_task_start_time
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def get_task_start_time(self):
if hasattr(self, "real_start_time"):
start_time = self.real_start_time
else:
start_time = self.start_time
if type(start_time) == volatility.obj.NativeType and type(start_time.v()) == long:
start_time = linux_common.vol_timespec(start_time.v() / 0x989680 / 100, 0)
start_secs = start_time.tv_sec + (start_time.tv_nsec / linux_common.nsecs_per / 100)
boot_time = self.get_boot_time()
if boot_time != -1:
sec = boot_time + start_secs
# convert the integer as little endian
try:
data = struct.pack("<I", sec)
except struct.error, e:
# in case we exceed 0 <= number <= 4294967295
return 0
bufferas = addrspace.BufferAddressSpace(self.obj_vm.get_config(), data = data)
dt = obj.Object("UnixTimeStamp", offset = 0, vm = bufferas, is_utc = True) 示例2: uid
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def uid(self):
ret = self.members.get("uid")
if ret is None:
if hasattr(self.cred.uid, "val"):
ret = self.cred.uid.val
else:
ret = self.cred.uid
else:
ret = self.m("uid")
if type(ret) in [obj.CType, obj.NativeType]:
ret = ret.v()
if ret > 1000000:
ret = -1
return ret 示例3: uid
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def uid(self):
ret = self.members.get("uid")
if ret is None:
if hasattr(self.cred.uid, "val"):
ret = self.cred.uid.val
else:
ret = self.cred.uid
else:
ret = self.m("uid")
if type(ret) in [obj.CType, obj.NativeType]:
ret = ret.v()
return ret 示例4: __init__
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def __init__(self, theType, offset, vm, is_utc = False, **kwargs):
self.is_utc = is_utc
obj.NativeType.__init__(self, theType, offset, vm, format_string = "q", **kwargs) 示例5: as_windows_timestamp
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def as_windows_timestamp(self):
return obj.NativeType.v(self) 示例6: __init__
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def __init__(self, theType = None, offset = 0, vm = None, parent = None,
bitmap = None, maskmap = None, target = "unsigned long",
**kwargs):
self.bitmap = bitmap or {}
self.maskmap = maskmap or {}
self.target = target
self.target_obj = obj.Object(target, offset = offset, vm = vm, parent = parent)
obj.NativeType.__init__(self, theType, offset, vm, parent, **kwargs) 示例7: v
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def v(self):
return utils.inet_ntop(socket.AF_INET, obj.NativeType.v(self)) 示例8: as_dos_timestamp
# 需要導入模塊: from volatility import obj [as 別名]
# 或者: from volatility.obj import NativeType [as 別名]
def as_dos_timestamp(self):
return obj.NativeType.v(self)