volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR Class Reference
Inheritance diagram for volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR:
Collaboration diagram for volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR:

Public Member Functions

def valid (self, nt_header)
def dll_name (self)
def is_list_end (self)
Private Member Functions

def _name (self, name_rva)
def _imported_functions (self)

Detailed Description

Handles IID entries for imported functions

Definition at line 343 of file pe_vtypes.py.

Member Function Documentation

◆ _imported_functions()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR._imported_functions (   self)
Generator for imported functions. 

@return: tuple (Ordinal, FunctionVA, Name)

If the function is imported by ordinal, then Ordinal is the 
ordinal value and Name is None. 

If the function is imported by name, then Ordinal is the
hint and Name is the imported function name (or None if its

FunctionVA is the virtual address of the imported function,
as applied to the IAT by the Windows loader. If the FirstThunk
is paged, then FunctionVA will be None. 

Definition at line 368 of file pe_vtypes.py.

References volatility.obj.BaseObject.obj_native_vm(), volatility.obj.BaseObject.obj_parent(), and volatility.obj.BaseObject.obj_vm.

◆ _name()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR._name (   self,
Return a String object for the name at the given RVA

Definition at line 357 of file pe_vtypes.py.

References volatility.obj.BaseObject.obj_native_vm(), and volatility.obj.BaseObject.obj_parent().

Referenced by volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR.dll_name().

◆ dll_name()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR.dll_name (   self)

◆ is_list_end()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR.is_list_end (   self)
Returns True if we've reached the list end

Definition at line 426 of file pe_vtypes.py.

References volatility.obj.BaseObject.obj_offset, and volatility.obj.BaseObject.obj_vm.

◆ valid()

def volatility.plugins.overlays.windows.pe_vtypes._IMAGE_IMPORT_DESCRIPTOR.valid (   self,
Check the validity of some fields

Definition at line 346 of file pe_vtypes.py.

References volatility.plugins.gui.constants.FakeAtom.Name, and volatility.plugins.gui.win32k_core.tagWINDOWSTATION.Name().

