class documentation

class ProcessObject(Object):

View In Hierarchy

A class representing a process Windows object at a specific context.

Warning

This object is not meant to be constructed directly. Use reven2.preview.windows.Handle or the static methods of Object instead.

Method __init__ Undocumented
Method __str__ Undocumented
Property pid The PID of this process.
Property ppid The PPID of this process.
Property raw_body The raw `_EPROCESS` structure of this object.
Constant _BODY_STRUCTURE_NAME Undocumented
Instance Variable _pid Undocumented
Instance Variable _ppid Undocumented

Inherited from Object:

Static Method from_header Retrieve the Object from the address of the `_OBJECT_HEADER`.
Static Method header_address_from_object Retrieve the address of the `_OBJECT_HEADER` from the address of the object.
Method __eq__ Undocumented
Method __hash__ Undocumented
Method __ne__ Undocumented
Property raw_audit_info_header The raw `_OBJECT_HEADER_AUDIT_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property raw_creator_info_header The raw `_OBJECT_HEADER_CREATOR_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property raw_handle_info_header The raw `_OBJECT_HEADER_HANDLE_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property raw_header The raw `_OBJECT_HEADER` structure associated with this object.
Property raw_name_info_header The raw `_OBJECT_HEADER_NAME_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property raw_process_info_header The raw `_OBJECT_HEADER_PROCESS_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property raw_quota_info_header The raw `_OBJECT_HEADER_QUOTA_INFO` structure associated with this object. If the optional header isn't found, `None`.
Property raw_type The raw `_OBJECT_TYPE` structure associated with this object.
Property type_name The name of the type inside the `_OBJECT_TYPE` structure associated with this object.
Method _parse_optional_header Undocumented
Instance Variable _body Undocumented
Instance Variable _ctx Undocumented
Instance Variable _header Undocumented
Instance Variable _header_address Undocumented
Instance Variable _optional_headers Undocumented
Instance Variable _type Undocumented
Instance Variable _type_name Undocumented
def __init__(self, ctx, header_address, header, type, type_name, body):

Undocumented

Parameters
ctx:_ContextUndocumented
header_address:reven2.address._AbstractAddressUndocumented
header:reven2.types.StructInstanceUndocumented
type:reven2.types.StructInstanceUndocumented
type_name:strUndocumented
body:reven2.types.StructInstanceUndocumented
def __str__(self):

Undocumented

Returns
strUndocumented
@property
pid: int =

The PID of this process.

@property
ppid: int =

The PPID of this process.

@property
raw_body: reven2.types.StructInstance =

The raw `_EPROCESS` structure of this object.

_BODY_STRUCTURE_NAME: str =

Undocumented

Value
'_EPROCESS'
_pid: _Optional[int] =

Undocumented

_ppid: _Optional[int] =

Undocumented