class documentation
class Context(reven2.trace.Context):
A wrapper above reven2.trace.Context to add more utilities method to it for Windows 10.
| Method | __init__ |
No summary |
| Method | get |
Retrieve the `_EPROCESS` structure of the current process. |
| Method | get |
Retrieve the `_EPROCESS` location of the current process. |
| Method | get |
Retrieve the `_ETHREAD` structure of the current thread. |
| Method | get |
Retrieve the `_ETHREAD` location of the current thread. |
| Method | get |
Retrieve the `_KPCR` structure. |
| Method | handle |
Retrieve an handle accessible from the current process (permissions aren't checked) from its value. |
| Method | handles |
List the handles accessible from the current process (permissions aren't checked). |
| Method | kernel |
Check if the kernel is in x64 (or x86) by checking the PE in memory. |
| Method | kernel |
Retrieve the reven2.ossi.ossi.BinaryMapping of the kernel binary. |
| Instance Variable | _kernel |
Undocumented |
Inherited from Context:
| Method | __add__ |
Undocumented |
| Method | __eq__ |
Compares the instance for equality with an object. |
| Method | __ge__ |
Undocumented |
| Method | __gt__ |
Undocumented |
| Method | __hash__ |
Returns the hash for this value. |
| Method | __le__ |
Undocumented |
| Method | __lt__ |
Undocumented |
| Method | __ne__ |
Compares the instance for equality with an object. |
| Method | __repr__ |
Undocumented |
| Method | __str__ |
Undocumented |
| Method | __sub__ |
Undocumented |
| Method | deref |
Dereferences a pointer and read the value read as a pointing type. |
| Method | deref |
Recursively dereferences a pointer and read the value read as a pointing type. |
| Method | find |
Find the next/previous context in which the content of the register is modified. |
| Method | format |
This method gets an html formatting string representation for this class instance. |
| Method | is64b |
Undocumented |
| Method | physical |
Get all the physical memory regions that are accessible. |
| Method | read |
Reads the value contained in a register or in memory. |
| Method | search |
Iterate the search range looking for the specified pattern. Search range is: |
| Method | transition |
Get Transition that will execute right after this context: |
| Method | transition |
Get Transition that led to this context: |
| Property | ossi |
Property: OSSI information related to the context |
| Property | stack |
Property: The active stack linked to the context. |
| Static Method | _next |
Undocumented |
| Method | _read |
Undocumented |
| Method | _read |
Undocumented |
| Method | _read |
Undocumented |
| Method | _read |
Undocumented |
| Method | _read |
Undocumented |
| Method | _repr |
Representation used by Jupyter Notebook when an instance of this class is displayed in a cell. |
| Instance Variable | __trace |
Undocumented |
| Instance Variable | _cpu |
Undocumented |
| Instance Variable | _data |
Undocumented |
| Instance Variable | _id |
Undocumented |
| Instance Variable | _ossi |
Undocumented |
| Property | _rvn |
Undocumented |
| Property | _trace |
Undocumented |
def __init__(self, context):
overrides
reven2.trace.Context.__init__| Parameters | |
context:reven2.trace.Context | The context to wrap |
def get_eprocess(self):
Retrieve the `_EPROCESS` structure of the current process.
| Returns | |
reven2.types.StructInstance | A reven2.types.StructInstance of the `_EPROCESS` structure. |
def get_eprocess_loc(self):
Retrieve the `_EPROCESS` location of the current process.
| Returns | |
reven2.types.PointerInstance[ | A reven2.types.PointerInstance pointing to the `_EPROCESS` structure. |
def get_ethread(self):
Retrieve the `_ETHREAD` structure of the current thread.
| Returns | |
reven2.types.StructInstance | A reven2.types.StructInstance of the `_ETHREAD` structure. |
def get_ethread_loc(self):
Retrieve the `_ETHREAD` location of the current thread.
| Returns | |
reven2.types.PointerInstance[ | A reven2.types.PointerInstance pointing to the `_ETHREAD` structure. |
def get_kpcrb(self):
Retrieve the `_KPCR` structure.
| Returns | |
reven2.types.StructInstance | A reven2.types.StructInstance of the `_KPCR` structure. |
def handle(self, value):
Retrieve an handle accessible from the current process (permissions aren't checked) from its value.
| Parameters | |
value:int | The value of the handle to retrieve. |
| Returns | |
_Optional[ | The handle if found. |
def handles(self, process_handles=True, kernel_handles=True, special_handles=True):
List the handles accessible from the current process (permissions aren't checked).
| Parameters | |
processbool | If the handles of the process should be returned |
kernelbool | If the handles of the kernel should be returned |
specialbool | If the special handles should be returned |
| Returns | |
_Iterator[ | The handles found that aren't filtered by the arguments. |
def kernel_is64b(self):
Check if the kernel is in x64 (or x86) by checking the PE in memory.
| Returns | |
bool | Whether the kernel is in x64 |
def kernel_mapping(self):
Retrieve the reven2.ossi.ossi.BinaryMapping of the kernel binary.
| Returns | |
reven2.ossi.ossi.BinaryMapping | The mapping of the kernel binary. |