class documentation

class Binary:

View In Hierarchy

Light modelisation of a binary file.

It provides useful information such as the guest filesytem path or the list of available symbols.

Warnings

Must not be directly constructed but retrieved through the following examples. Using an instance of Binary directly constructed could lead to an AssertionError.

Examples

>>> # From a Transition
>>> transition.context_before().ossi.location().binary # from the context before the transition
>>> transition.context_after().ossi.location().binary  # from the context after the transition
>>> # From a Context
>>> context.location().binary
>>> # From a Symbol
>>> symbol.binary
Method __eq__ Compares the instance for equality with an object.
Method __init__ Undocumented
Method __ne__ Compares the instance for equality with an object.
Method __repr__ Undocumented
Method __str__ Returns the nicely printable string representation of this instance.
Method data_symbols Undocumented
Method exact_type Get the reven2.types.Type with the specified name in the debug object associated with this binary.
Method function_symbols Undocumented
Method symbols Get a generator over symbols of the binary.
Property filename Property: The filename of the binary (including the extension).
Property name Property: The filename of the binary without the extension.
Property path Property: The path to the binary in the guest filesystem.
Instance Variable _datasource Undocumented
Instance Variable _id Undocumented
def __eq__(self, other):

Compares the instance for equality with an object.

  • if the object is not a Binary, returns False.
Parameters
other:_AnyUndocumented
Returns
boolUndocumented
def __init__(self, _datasource, _id):

Undocumented

Parameters
_datasource:DataSourceUndocumented
_id:strUndocumented
def __ne__(self, other):

Compares the instance for equality with an object.

  • if the object is not a Binary, returns True.
Parameters
other:_AnyUndocumented
Returns
boolUndocumented
def __repr__(self):

Undocumented

Returns
strUndocumented
def __str__(self):

Returns the nicely printable string representation of this instance.

Returns
strUndocumented
def data_symbols(self, pattern=None, case_sensitive=False):

Undocumented

Parameters
pattern:_Optional[str]Undocumented
case_sensitive:boolUndocumented
Returns
_Iterator[DataSymbol]Undocumented
def exact_type(self, name):

Get the reven2.types.Type with the specified name in the debug object associated with this binary.

Example

>>> # Reading a type in ntoskrnl, then reading an address as an instance of this type
>>> file_object_type: Struct = ntoskrnl.exact_type("_FILE_OBJECT")
>>> file_object: StructInstance = ctx.read(file_object_addr, file_object_type)

Information

Parameters
name:strthe exact name of the type, as it appears in the debug object.
Returns
_TypeUndocumented
Raises
KeyError

if the type with the requested name cannot be produced, e.g. because:

  • it doesn't exist in the debug object
  • there are multiple objects with this name in the debug object
  • the type exists in the debug object, but couldn't be parsed (unsupported or erroneous debug object)

The error message will specify the cause of the error.

def function_symbols(self, pattern=None, case_sensitive=False):

Undocumented

Parameters
pattern:_Optional[str]Undocumented
case_sensitive:boolUndocumented
Returns
_Iterator[FunctionSymbol]Undocumented
def symbols(self, pattern=None, case_sensitive=False):

Get a generator over symbols of the binary.

Symbols can be filtered by their name:

  • filter enabled if the `pattern` argument is not None.
  • a `contains` approach is used.
  • the filter pattern is a regular expression.
  • case sensitive depending on the `case_sensitive` argument

They are fetched from the binary file itself and its related debug file, if any.

Warnings

It depends on the OSSI feature. If unavailable, an exception will be raised.

If the binary file is not accessible from the provided filesystem, no symbols will be returned.

Examples

>>> for symbol in binary.symbols():
...     print(symbol)
'toto'
'tata'
>>> for symbol in binary.symbols('toto'):
...     print(symbol)
'toto'

Information

Parameters
pattern:_Optional[str]a regular expression used to compare symbols.
case_sensitive:boolWhether the symbols comparison is case sensitive or not.
Returns
_Iterator[_Union[FunctionSymbol, DataSymbol]]A generator on the binary's Symbols .
Raises
RuntimeErrorif OSSI feature is unavailable.
@property
filename: str =

Property: The filename of the binary (including the extension).

Examples

>>> binary.path
'c:/windows/system32/ntoskrnl.exe'
>>> binary.filename
'ntoskrnl.exe'

Information

Returns
A string.
@property
name: str =

Property: The filename of the binary without the extension.

Examples

>>> binary.path
'c:/windows/system32/ntoskrnl.exe'
>>> binary.name
'ntoskrnl'

Information

Returns
A string.
@property
path: str =

Property: The path to the binary in the guest filesystem.

Path Format:

Using / as file separator.

Examples

>>> binary.path
'c:/windows/system32/ntoskrnl.exe'

Information

Returns
A string.
_datasource =

Undocumented

_id =

Undocumented