reven2.preview.windows.object.Object

class documentation

class Object:

Known subclasses: reven2.preview.windows.object.FileObject, reven2.preview.windows.object.ProcessObject, reven2.preview.windows.object.ThreadObject, reven2.preview.windows.object.TokenObject, reven2.preview.windows.object.UnsupportedObject

View In Hierarchy

A class representing a Windows object at a specific context.

Warning

This object is not meant to be constructed directly. Use reven2.preview.windows.Handle or the static methods instead.

Static Method	`from_header`	Retrieve the `Object` from the address of the `_OBJECT_HEADER`.
Static Method	`header_address_from_object`	Retrieve the address of the `_OBJECT_HEADER` from the address of the object.
Method	`__eq__`	Undocumented
Method	`__hash__`	Undocumented
Method	`__init__`	Undocumented
Method	`__ne__`	Undocumented
Method	`__str__`	Undocumented
Property	`raw_audit_info_header`	The raw `_OBJECT_HEADER_AUDIT_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property	`raw_body`	The raw structure of the object's body if its type was known, else `None`.
Property	`raw_creator_info_header`	The raw `_OBJECT_HEADER_CREATOR_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property	`raw_handle_info_header`	The raw `_OBJECT_HEADER_HANDLE_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property	`raw_header`	The raw `_OBJECT_HEADER` structure associated with this object.
Property	`raw_name_info_header`	The raw `_OBJECT_HEADER_NAME_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property	`raw_process_info_header`	The raw `_OBJECT_HEADER_PROCESS_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property	`raw_quota_info_header`	The raw `_OBJECT_HEADER_QUOTA_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property	`raw_type`	The raw `_OBJECT_TYPE` structure associated with this object.
Property	`type_name`	The name of the type inside the `_OBJECT_TYPE` structure associated with this object.
Method	`_parse_optional_header`	Undocumented
Constant	`_BODY_STRUCTURE_NAME`	Undocumented
Instance Variable	`_body`	Undocumented
Instance Variable	`_ctx`	Undocumented
Instance Variable	`_header`	Undocumented
Instance Variable	`_header_address`	Undocumented
Instance Variable	`_optional_headers`	Undocumented
Instance Variable	`_type`	Undocumented
Instance Variable	`_type_name`	Undocumented

@staticmethod
def from_header(ctx, object_header_address, expected_type=None):

Retrieve the Object from the address of the `_OBJECT_HEADER`.

Parameters
ctx:`_Context`	The context used to retrieve the object.
object_header_address:`reven2.address._AbstractAddress`	The address of the `_OBJECT_HEADER`.
expected_type:`_Optional[_Type[ObjectType]]`	A subclass of `reven2.preview.windows.object.Object` representing the expected type of the object to retrieve, if `None` the type won't be checked.
Returns
`Object`	The `Object`.

@staticmethod
def header_address_from_object(ctx, object_address):

Retrieve the address of the `_OBJECT_HEADER` from the address of the object.

Parameters
ctx:`_Context`	The context used to retrieve the address of the header.
object_address:`reven2.address.AddressType`	The address of the object.
Returns
`reven2.address.AddressType`	the address of the `_OBJECT_HEADER` from the address of the object.

def __eq__(self, other):

Undocumented

Parameters
other:`_Any`	Undocumented
Returns
`bool`	Undocumented

def __hash__(self):

Undocumented

Returns
`int`	Undocumented

def __init__(self, ctx, header_address, header, type, type_name, body):

overridden in reven2.preview.windows.object.FileObject, reven2.preview.windows.object.ProcessObject, reven2.preview.windows.object.ThreadObject, reven2.preview.windows.object.TokenObject

Undocumented

Parameters
ctx:`_Context`	Undocumented
header_address:`reven2.address._AbstractAddress`	Undocumented
header:`reven2.types.StructInstance`	Undocumented
type:`reven2.types.StructInstance`	Undocumented
type_name:`str`	Undocumented
body:`_Optional[reven2.types.StructInstance]`	Undocumented

def __ne__(self, other):

Undocumented

Parameters
other:`_Any`	Undocumented
Returns
`bool`	Undocumented

def __str__(self):

overridden in reven2.preview.windows.object.FileObject, reven2.preview.windows.object.ProcessObject, reven2.preview.windows.object.ThreadObject, reven2.preview.windows.object.TokenObject

Undocumented

Returns
`str`	Undocumented

@property
raw_audit_info_header: _Optional[reven2.types.StructInstance] =

The raw `_OBJECT_HEADER_AUDIT_INFO` structure associated with this object. If the optional header isn't found, `None`.

@property
raw_body: _Optional[reven2.types.StructInstance] =

overridden in reven2.preview.windows.object.FileObject, reven2.preview.windows.object.ProcessObject, reven2.preview.windows.object.ThreadObject, reven2.preview.windows.object.TokenObject

The raw structure of the object's body if its type was known, else `None`.

@property
raw_creator_info_header: _Optional[reven2.types.StructInstance] =

The raw `_OBJECT_HEADER_CREATOR_INFO` structure associated with this object. If the optional header isn't found, `None`.

@property
raw_handle_info_header: _Optional[reven2.types.StructInstance] =

The raw `_OBJECT_HEADER_HANDLE_INFO` structure associated with this object. If the optional header isn't found, `None`.

@property
raw_header: reven2.types.StructInstance =

The raw `_OBJECT_HEADER` structure associated with this object.

@property
raw_name_info_header: _Optional[reven2.types.StructInstance] =

The raw `_OBJECT_HEADER_NAME_INFO` structure associated with this object. If the optional header isn't found, `None`.

@property
raw_process_info_header: _Optional[reven2.types.StructInstance] =

The raw `_OBJECT_HEADER_PROCESS_INFO` structure associated with this object. If the optional header isn't found, `None`.

@property
raw_quota_info_header: _Optional[reven2.types.StructInstance] =

The raw `_OBJECT_HEADER_QUOTA_INFO` structure associated with this object. If the optional header isn't found, `None`.

@property
raw_type: reven2.types.StructInstance =

The raw `_OBJECT_TYPE` structure associated with this object.

@property
type_name: str =

The name of the type inside the `_OBJECT_TYPE` structure associated with this object.

def _parse_optional_header(self, optional_header_bit, optional_header_struct_name):

Undocumented

Parameters
optional_header_bit:`int`	Undocumented
optional_header_struct_name:`str`	Undocumented
Returns
`_Optional[reven2.types.StructInstance]`	Undocumented

_BODY_STRUCTURE_NAME: _Optional[str] =

overridden in reven2.preview.windows.object.FileObject, reven2.preview.windows.object.ProcessObject, reven2.preview.windows.object.ThreadObject, reven2.preview.windows.object.TokenObject

Undocumented

Value

None

_body =

Undocumented

_ctx =

Undocumented

_header =

Undocumented

_header_address =

Undocumented

_optional_headers: dict[int, reven2.types.StructInstance] =

Undocumented

_type =

Undocumented

_type_name =

Undocumented