class documentation

A wrapper above reven2.trace.Context to add more utilities method to it for Windows 10.

Method __init__ No summary
Method get_eprocess Retrieve the `_EPROCESS` structure of the current process.
Method get_eprocess_loc Retrieve the `_EPROCESS` location of the current process.
Method get_ethread Retrieve the `_ETHREAD` structure of the current thread.
Method get_ethread_loc Retrieve the `_ETHREAD` location of the current thread.
Method get_kpcrb Retrieve the `_KPCR` structure.
Method handle Retrieve an handle accessible from the current process (permissions aren't checked) from its value.
Method handles List the handles accessible from the current process (permissions aren't checked).
Method kernel_is64b Check if the kernel is in x64 (or x86) by checking the PE in memory.
Method kernel_mapping Retrieve the reven2.ossi.ossi.BinaryMapping of the kernel binary.
Instance Variable _kernel_64b Undocumented

Inherited from Context:

Method __add__ Undocumented
Method __eq__ Compares the instance for equality with an object.
Method __ge__ Undocumented
Method __gt__ Undocumented
Method __hash__ Returns the hash for this value.
Method __le__ Undocumented
Method __lt__ Undocumented
Method __ne__ Compares the instance for equality with an object.
Method __repr__ Undocumented
Method __str__ Undocumented
Method __sub__ Undocumented
Method deref Dereferences a pointer and read the value read as a pointing type.
Method deref_all Recursively dereferences a pointer and read the value read as a pointing type.
Method find_register_change Find the next/previous context in which the content of the register is modified.
Method format_as_html This method gets an html formatting string representation for this class instance.
Method is64b Undocumented
Method physical_memory_regions Get all the physical memory regions that are accessible.
Method read Reads the value contained in a register or in memory.
Method search_in_memory Iterate the search range looking for the specified pattern. Search range is:
Method transition_after Get Transition that will execute right after this context:
Method transition_before Get Transition that led to this context:
Property ossi Property: OSSI information related to the context
Property stack Property: The active stack linked to the context.
Static Method _next_stop_point Undocumented
Method _read_as Undocumented
Method _read_raw Undocumented
Method _read_register Undocumented
Method _read_size Undocumented
Method _read_st_register Undocumented
Method _repr_html_ Representation used by Jupyter Notebook when an instance of this class is displayed in a cell.
Instance Variable __trace Undocumented
Instance Variable _cpu_context Undocumented
Instance Variable _data_source Undocumented
Instance Variable _id Undocumented
Instance Variable _ossi_data_source Undocumented
Property _rvn Undocumented
Property _trace Undocumented
def __init__(self, context):
Parameters
context:reven2.trace.ContextThe context to wrap
def get_eprocess(self):

Retrieve the `_EPROCESS` structure of the current process.

Returns
reven2.types.StructInstanceA reven2.types.StructInstance of the `_EPROCESS` structure.
def get_eprocess_loc(self):

Retrieve the `_EPROCESS` location of the current process.

Returns
reven2.types.PointerInstance[reven2.types.StructInstance]A reven2.types.PointerInstance pointing to the `_EPROCESS` structure.
def get_ethread(self):

Retrieve the `_ETHREAD` structure of the current thread.

Returns
reven2.types.StructInstanceA reven2.types.StructInstance of the `_ETHREAD` structure.
def get_ethread_loc(self):

Retrieve the `_ETHREAD` location of the current thread.

Returns
reven2.types.PointerInstance[reven2.types.StructInstance]A reven2.types.PointerInstance pointing to the `_ETHREAD` structure.
def get_kpcrb(self):

Retrieve the `_KPCR` structure.

Returns
reven2.types.StructInstanceA reven2.types.StructInstance of the `_KPCR` structure.
def handle(self, value):

Retrieve an handle accessible from the current process (permissions aren't checked) from its value.

Parameters
value:intThe value of the handle to retrieve.
Returns
_Optional[_Handle]The handle if found.
def handles(self, process_handles=True, kernel_handles=True, special_handles=True):

List the handles accessible from the current process (permissions aren't checked).

Parameters
process_handles:boolIf the handles of the process should be returned
kernel_handles:boolIf the handles of the kernel should be returned
special_handles:boolIf the special handles should be returned
Returns
_Iterator[_Handle]The handles found that aren't filtered by the arguments.
def kernel_is64b(self):

Check if the kernel is in x64 (or x86) by checking the PE in memory.

Returns
boolWhether the kernel is in x64
def kernel_mapping(self):

Retrieve the reven2.ossi.ossi.BinaryMapping of the kernel binary.

Returns
reven2.ossi.ossi.BinaryMappingThe mapping of the kernel binary.
_kernel_64b: bool =

Undocumented