volatility  2.6.1
About: The Volatility Framework is a collection of tools for the extraction of digital artifacts from volatile memory (RAM) samples (requires Python).
  Fossies Dox: volatility-2.6.1.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER Class Reference
Inheritance diagram for volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER:
[legend]
Collaboration diagram for volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER:
[legend]

Public Member Functions

def get_nt_header (self)
 
def get_version_info (self)
 
def get_code (self, data_start, data_size, offset)
 
def round (self, addr, align, up=False)
 
def replace_header_field (self, sect, header, item, value)
 
def get_image (self, unsafe=False, memory=False, fix=False)
 
- Public Member Functions inherited from volatility.obj.CType
def __init__ (self, theType, offset, vm, name=None, members=None, struct_size=0, **kwargs)
 
def size (self)
 
def __repr__ (self)
 
def d (self)
 
def v (self)
 
def m (self, attr)
 
def __getattr__ (self, attr)
 
def __setattr__ (self, attr, value)
 
- Public Member Functions inherited from volatility.obj.BaseObject
def obj_type (self)
 
def obj_vm (self)
 
def obj_offset (self)
 
def obj_parent (self)
 
def obj_name (self)
 
def obj_native_vm (self)
 
def set_native_vm (self, native_vm)
 
def rebase (self, offset)
 
def proxied (self, attr)
 
def newattr (self, attr, value)
 
def write (self, value)
 
def __nonzero__ (self)
 
def __eq__ (self, other)
 
def __ne__ (self, other)
 
def __hash__ (self)
 
def is_valid (self)
 
def dereference (self)
 
def dereference_as (self, derefType, **kwargs)
 
def cast (self, castString)
 
def __format__ (self, formatspec)
 
def __str__ (self)
 
def __getstate__ (self)
 
def __setstate__ (self, state)
 

Private Member Functions

def _get_image_exe (self, unsafe, fix)
 
def _fix_header_image_base (self, header, nt_header)
 
def _get_image_mem (self, unsafe, fix)
 

Additional Inherited Members

- Public Attributes inherited from volatility.obj.CType
 members
 
 struct_size
 
- Public Attributes inherited from volatility.obj.BaseObject
 obj_offset
 
 obj_vm
 

Detailed Description

DOS header

Definition at line 594 of file pe_vtypes.py.

Member Function Documentation

◆ _fix_header_image_base()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._fix_header_image_base (   self,
  header,
  nt_header 
)
private
returns a modified header buffer with the image base changed to the
provided base address

Definition at line 709 of file pe_vtypes.py.

References volatility.obj.BaseObject.obj_offset.

Referenced by volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._get_image_exe(), and volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._get_image_mem().

◆ _get_image_exe()

◆ _get_image_mem()

◆ get_code()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.get_code (   self,
  data_start,
  data_size,
  offset 
)

◆ get_image()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.get_image (   self,
  unsafe = False,
  memory = False,
  fix = False 
)

◆ get_nt_header()

◆ get_version_info()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.get_version_info (   self)

◆ replace_header_field()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.replace_header_field (   self,
  sect,
  header,
  item,
  value 
)
Replaces a field in a sector header

Definition at line 700 of file pe_vtypes.py.

Referenced by volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._get_image_mem().

◆ round()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.round (   self,
  addr,
  align,
  up = False 
)

The documentation for this class was generated from the following file: