Root object for OSSI information

It provides interface to get useful information about OSSI for:

  • the whole trace like executed binary.
  • for a particular context.

Warnings

Must not be directly constructed but retrieved through the following examples.

Examples

>>> # From a reven_server
>>> ossi = reven_server.ossi
Method __init__ Undocumented
Method executed_binaries Get a generator over binaries that are executed in the trace.
Method symbols Get a generator over symbols of executed binaries.
Method __repr__ Undocumented
def __init__(self, _data_source):
Undocumented
def executed_binaries(self, pattern=None):

Get a generator over binaries that are executed in the trace.

Executed binaries can be filtered by their path:

  • filter enabled if the `pattern` argument is not None.
  • a `contains` approach is used.
  • the filtered pattern is a regular expression.
  • is case insensitive.

Warnings

It depends on the binary ranges resource. If unavailable, an exception will be raised.

Examples

>>> # Get all executed binaries
>>> for binary in ossi.executed_binaries():
>>>     print(binary.path)
c:/windows/system32/ntoskrnl.exe
c:/windows/system32/ntdll.dll
...
>>> # Get all executed binaries filtered by "ntdll"
>>> for binary in ossi.executed_binaries("ntdll"):
>>>     print(binary.path)
c:/windows/system32/ntdll.dll
>>> # Get all executed binaries filtered by "system32/.*.dll"
>>> for binary in ossi.executed_binaries("system32/.*.dll"):
>>>     print(binary.path)
c:/windows/system32/ntdll.dll
...

Information

Parameterspatternthe pattern used to filter binaries.
ReturnsA generator of reven2.ossi.Binary instances.
RaisesRuntimeErrorif binary ranges resource is unavailable.
def symbols(self, pattern=None, binary_hint=None, case_sensitive=False):

Get a generator over symbols of executed binaries.

Symbols can be filtered by:

  • the name:
    • filter enabled if the `pattern` argument is not None.
    • a `contains` approch is used.
    • the filter pattern is a regular expression.
    • case sensitive depending on the `case_sensitive` argument
  • the executed binary's path.
    • filter enabled if the `binary_hint` argument is not None.
    • a `contains` approach is used.
    • the filter pattern is a regular expression.
    • is case insensitive.

Symbols are fetched from the binary file itself and its related debug file, if any.

Warnings

It depends on the binary ranges resource and OSSI feature. If one of them is unavailable, an exception will be raised.

If a binary file is not accessible from the provided filesystem, no symbols will be returned for that binary.

Examples

>>> # Get all symbols
>>> for symbol in ossi.symbols():
>>>     print('{} - {}'.format(symbol.name, symbol.binary.path))
NetWkstaGetInfo - c:/windows/system32/wkscli.dll
NetUseEnum - c:/windows/system32/wkscli.dll
NetGetJoinInformation - c:/windows/system32/wkscli.dll
...
>>> # Get all symbols filtered by name
>>> for symbol in ossi.symbols("acpi"):
>>>     print('{} - {}'.format(symbol.name, symbol.binary.path))
HalpAcpiGetTableFromBios - c:/windows/system32/hal.dll
...
PopFxFindAcpiDeviceByUniqueId - c:/windows/system32/ntoskrnl.exe
...
ACPIDispatchIrp - c:/windows/system32/drivers/acpi.sys
...
>>> # Get all symbols filtered by name and binary path
>>> for symbol in ossi.symbols("acpi", binary_hint="acpi.sys"):
>>>     print('{} - {}'.format(symbol.name, symbol.binary.path))
ACPIDispatchIrp - c:/windows/system32/drivers/acpi.sys
...
>>> # Get all symbols filtered by name in a case sensitive way
>>> for symbol in ossi.symbols("acpi", case_sensitive=True):
>>>     print('{} - {}'.format(symbol.name, symbol.binary.path))
HalacpiIrqTranslateResourcesIsa - c:/windows/system32/hal.dll
HalacpiIrqTranslateResourceRequirementsIsa - c:/windows/system32/hal.dll
...

Information

Parameterspatterna regular expression used to compare symbols.
binary_hinta regular expression used to compare binaries's path.
case_sensitiveWhether the symbols comparison is case sensitive or not.
ReturnsA generator of reven2.ossi.Symbol instances.
RaisesRuntimeErrorif binary ranges resource is unavailable.
RuntimeErrorif OSSI feature is unavailable.
def __repr__(self):
Undocumented
API Documentation for reven2, generated by pydoctor at 2019-09-11 11:57:21.