volatility  2.6.1
About: The Volatility Framework is a collection of tools for the extraction of digital artifacts from volatile memory (RAM) samples (requires Python).
  Fossies Dox: volatility-2.6.1.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER Class Reference
Inheritance diagram for volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER:
Collaboration diagram for volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER:

Public Member Functions

def get_nt_header (self)
def get_version_info (self)
def get_code (self, data_start, data_size, offset)
def round (self, addr, align, up=False)
def replace_header_field (self, sect, header, item, value)
def get_image (self, unsafe=False, memory=False, fix=False)
- Public Member Functions inherited from volatility.obj.CType
def __init__ (self, theType, offset, vm, name=None, members=None, struct_size=0, **kwargs)
def size (self)
def __repr__ (self)
def d (self)
def v (self)
def m (self, attr)
def __getattr__ (self, attr)
def __setattr__ (self, attr, value)
- Public Member Functions inherited from volatility.obj.BaseObject
def obj_type (self)
def obj_vm (self)
def obj_offset (self)
def obj_parent (self)
def obj_name (self)
def obj_native_vm (self)
def set_native_vm (self, native_vm)
def rebase (self, offset)
def proxied (self, attr)
def newattr (self, attr, value)
def write (self, value)
def __nonzero__ (self)
def __eq__ (self, other)
def __ne__ (self, other)
def __hash__ (self)
def is_valid (self)
def dereference (self)
def dereference_as (self, derefType, **kwargs)
def cast (self, castString)
def __format__ (self, formatspec)
def __str__ (self)
def __getstate__ (self)
def __setstate__ (self, state)

Private Member Functions

def _get_image_exe (self, unsafe, fix)
def _fix_header_image_base (self, header, nt_header)
def _get_image_mem (self, unsafe, fix)

Additional Inherited Members

- Public Attributes inherited from volatility.obj.CType
- Public Attributes inherited from volatility.obj.BaseObject

Detailed Description

DOS header

Definition at line 594 of file pe_vtypes.py.

Member Function Documentation

◆ _fix_header_image_base()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._fix_header_image_base (   self,
returns a modified header buffer with the image base changed to the
provided base address

Definition at line 709 of file pe_vtypes.py.

References volatility.obj.BaseObject.obj_offset.

Referenced by volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._get_image_exe(), and volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._get_image_mem().

◆ _get_image_exe()

◆ _get_image_mem()

◆ get_code()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.get_code (   self,

◆ get_image()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.get_image (   self,
  unsafe = False,
  memory = False,
  fix = False 

◆ get_nt_header()

◆ get_version_info()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.get_version_info (   self)

◆ replace_header_field()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.replace_header_field (   self,
Replaces a field in a sector header

Definition at line 700 of file pe_vtypes.py.

Referenced by volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER._get_image_mem().

◆ round()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_DOS_HEADER.round (   self,
  up = False 

The documentation for this class was generated from the following file: