Package winappdbg :: Module event :: Class LoadDLLEvent
[hide private]
[frames] | no frames]

Class LoadDLLEvent

source code


Module load event.

Instance Methods [hide private]
int
get_module_base(self)
Returns: Base address for the newly loaded DLL.
source code
Module
get_module(self)
Returns: Module object for the newly loaded DLL.
source code
FileHandle or None
get_file_handle(self)
Returns: File handle to the newly loaded DLL received from the system.
source code
str, None
get_filename(self)
Returns: This method does it's best to retrieve the filename to the newly loaded module.
source code
 
__init__(self, debug, raw)
x.__init__(...) initializes x; see help(type(x)) for signature (Inherited from winappdbg.event.Event)
source code
int
get_event_code(self)
Returns: Debug event code as defined in the Win32 API. (Inherited from winappdbg.event.Event)
source code
str
get_event_description(self)
Returns: User-friendly description of the event. (Inherited from winappdbg.event.Event)
source code
str
get_event_name(self)
Returns: User-friendly name of the event. (Inherited from winappdbg.event.Event)
source code
int
get_pid(self)
Returns: Process global ID where the event occured. (Inherited from winappdbg.event.Event)
source code
Process
get_process(self)
Returns: Process where the event occured. (Inherited from winappdbg.event.Event)
source code
Thread
get_thread(self)
Returns: Thread where the event occured. (Inherited from winappdbg.event.Event)
source code
int
get_tid(self)
Returns: Thread global ID where the event occured. (Inherited from winappdbg.event.Event)
source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]
str eventMethod = 'load_dll'
Method name to call when using EventHandler subclasses.
str eventName = 'Module load event'
User-friendly name of the event.
str eventDescription = 'A new DLL library was loaded by the debugee.'
User-friendly description of the event.
Instance Variables [hide private]
int continueStatus
Continue status to pass to win32.ContinueDebugEvent. (Inherited from winappdbg.event.Event)
Debug debug
Debug object that received the event. (Inherited from winappdbg.event.Event)
DEBUG_EVENT raw
Raw DEBUG_EVENT structure as used by the Win32 API. (Inherited from winappdbg.event.Event)
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

get_module_base(self)

source code 
Returns: int
Base address for the newly loaded DLL.

get_module(self)

source code 
Returns: Module
Module object for the newly loaded DLL.

get_file_handle(self)

source code 
Returns: FileHandle or None
File handle to the newly loaded DLL received from the system. Returns None if the handle is not available.

get_filename(self)

source code 
Returns: str, None
This method does it's best to retrieve the filename to the newly loaded module. However, sometimes that's not possible, and None is returned instead.