class Binary:
Light modelisation of a binary file.
It provides useful information such as the guest filesytem path or the list of available symbols.
Warnings
Must not be directly constructed but retrieved through the following examples. Using an instance of Binary
directly constructed could lead to an AssertionError.
Examples
>>> # From a Transition >>> transition.context_before().ossi.location().binary # from the context before the transition >>> transition.context_after().ossi.location().binary # from the context after the transition
>>> # From a Context >>> context.location().binary
>>> # From a Symbol >>> symbol.binary
Method | __eq__ |
Compares the instance for equality with an object. |
Method | __init__ |
Undocumented |
Method | __ne__ |
Compares the instance for equality with an object. |
Method | __repr__ |
Undocumented |
Method | __str__ |
Returns the nicely printable string representation of this instance. |
Method | data |
Undocumented |
Method | exact |
Get the reven2.types.Type with the specified name in the debug object associated with this binary. |
Method | function |
Undocumented |
Method | symbols |
Get a generator over symbols of the binary. |
Property | filename |
Property: The filename of the binary (including the extension). |
Property | name |
Property: The filename of the binary without the extension. |
Property | path |
Property: The path to the binary in the guest filesystem. |
Instance Variable | _datasource |
Undocumented |
Instance Variable | _id |
Undocumented |
Compares the instance for equality with an object.
- if the object is not a
Binary
, returns False.
Parameters | |
other:_Any | Undocumented |
Returns | |
bool | Undocumented |
Undocumented
Parameters | |
_datasource:DataSource | Undocumented |
_id:str | Undocumented |
Compares the instance for equality with an object.
- if the object is not a
Binary
, returns True.
Parameters | |
other:_Any | Undocumented |
Returns | |
bool | Undocumented |
Returns the nicely printable string representation of this instance.
Returns | |
str | Undocumented |
Undocumented
Parameters | |
pattern:_Optional[ | Undocumented |
casebool | Undocumented |
Returns | |
_Iterator[ | Undocumented |
Get the reven2.types.Type
with the specified name in the debug object associated with this binary.
Example
>>> # Reading a type in ntoskrnl, then reading an address as an instance of this type >>> file_object_type: Struct = ntoskrnl.exact_type("_FILE_OBJECT") >>> file_object: StructInstance = ctx.read(file_object_addr, file_object_type)
Information
Parameters | |
name:str | the exact name of the type, as it appears in the debug object. |
Returns | |
_Type | Undocumented |
Raises | |
KeyError | if the type with the requested name cannot be produced, e.g. because:
The error message will specify the cause of the error. |
Undocumented
Parameters | |
pattern:_Optional[ | Undocumented |
casebool | Undocumented |
Returns | |
_Iterator[ | Undocumented |
Get a generator over symbols of the binary.
Symbols can be filtered by their name:
- filter enabled if the `pattern` argument is not None.
- a `contains` approach is used.
- the filter pattern is a regular expression.
- case sensitive depending on the `case_sensitive` argument
They are fetched from the binary file itself and its related debug file, if any.
Warnings
It depends on the OSSI feature. If unavailable, an exception will be raised.
If the binary file is not accessible from the provided filesystem, no symbols will be returned.
Examples
>>> for symbol in binary.symbols(): ... print(symbol) 'toto' 'tata'
>>> for symbol in binary.symbols('toto'): ... print(symbol) 'toto'
Information
Parameters | |
pattern:_Optional[ | a regular expression used to compare symbols. |
casebool | Whether the symbols comparison is case sensitive or not. |
Returns | |
_Iterator[ | A generator on the binary's Symbol s . |
Raises | |
RuntimeError | if OSSI feature is unavailable. |
filename:
str
=
Property: The filename of the binary (including the extension).
Examples
>>> binary.path 'c:/windows/system32/ntoskrnl.exe' >>> binary.filename 'ntoskrnl.exe'
Information
Returns | |
A string. |
name:
str
=
Property: The filename of the binary without the extension.
Examples
>>> binary.path 'c:/windows/system32/ntoskrnl.exe' >>> binary.name 'ntoskrnl'
Information
Returns | |
A string. |