Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module system :: Class Module
[hide private]
[frames] | no frames]

Class Module

Interface to a DLL library loaded in the context of another process.

Instance Methods [hide private]
 
__init__(self, lpBaseOfDll, hFile=None, fileName=None, SizeOfImage=None, EntryPoint=None, process=None)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature
 
__get_size_and_entry_point(self)
Get the size and entry point of the module using the Win32 API.
str
__filename_to_modname(self, pathname)
Returns: Module name.

Inherited from object: __delattr__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __str__

    Properties
int or None
get_base(self)
Returns: Base address of the module.
int or None
get_size(self)
Returns: Base size of the module.
int or None
get_entry_point(self)
Returns: Entry point of the module.
str or None
get_filename(self)
Returns: Module filename.
str
get_name(self)
Returns: Module name, as used in labels.
Process or None
get_process(self)
Returns: Parent Process object.
int or None
get_pid(self)
Returns: Parent process global ID.
    Labels
bool
match_name(self, name)
Returns: True if the given name could refer to this module.
str
get_label(self, function=None, offset=None)
Retrieves the label for the given function of this module or the module base address if no function name is given.
str
get_label_at_address(self, address, offset=None)
Creates a label from the given memory address.
bool or None
is_address_here(self, address)
Tries to determine if the given address belongs to this module.
int
resolve(self, function)
Resolves a function exported by this module.
int
resolve_label(self, label)
Resolves a label for this module only.
    Handle
 
open_handle(self)
Opens a new handle to the module.
 
close_handle(self)
Closes the handle to the module.
FileHandle
get_handle(self)
Returns: Handle to the module file.
    Symbols
 
get_symbol_at_address(self, address) (Inherited from winappdbg.system.SymbolContainer)
list of tuple( str, int, int )
get_symbols(self)
Returns the debugging symbols for a module. (Inherited from winappdbg.system.SymbolContainer)
iterator of tuple( str, int, int )
iter_symbols(self)
Returns an iterator for the debugging symbols in a module, in no particular order. (Inherited from winappdbg.system.SymbolContainer)
 
load_symbols(self)
Loads the debugging symbols for a module. (Inherited from winappdbg.system.SymbolContainer)
int or None
resolve_symbol(self, symbol, bCaseSensitive=False)
Resolves a debugging symbol's address. (Inherited from winappdbg.system.SymbolContainer)
 
unload_symbols(self)
Unloads the debugging symbols for a module. (Inherited from winappdbg.system.SymbolContainer)
Class Variables [hide private]
str unknown = '<unknown>'
Suggested tag for unknown modules.
Instance Variables [hide private]
int EntryPoint
Entry point of the module.
int SizeOfImage
Size of the module.
str fileName
Module filename.
FileHandle hFile
Handle to the module file.
int lpBaseOfDll
Base of DLL module.
Process process
Process where the module is loaded.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, lpBaseOfDll, hFile=None, fileName=None, SizeOfImage=None, EntryPoint=None, process=None)
(Constructor)

 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Parameters:
  • lpBaseOfDll (str) - Base address of the module.
  • hFile (FileHandle) - (Optional) Handle to the module file.
  • fileName (str) - (Optional) Module filename.
  • SizeOfImage (int) - (Optional) Size of the module.
  • EntryPoint (int) - (Optional) Entry point of the module.
  • process (Process) - (Optional) Process where the module is loaded.
Overrides: object.__init__

get_base(self)

 
Returns: int or None
Base address of the module. Returns None if unknown.

get_size(self)

 
Returns: int or None
Base size of the module. Returns None if unknown.

get_entry_point(self)

 
Returns: int or None
Entry point of the module. Returns None if unknown.

get_filename(self)

 
Returns: str or None
Module filename. Returns None if unknown.

__filename_to_modname(self, pathname)

 
Parameters:
  • pathname (str) - Pathname to a module.
Returns: str
Module name.

get_name(self)

 
Returns: str
Module name, as used in labels.

Warning: Names are NOT guaranteed to be unique.

If you need unique identification for a loaded module, use the base address instead.

See Also: get_label

match_name(self, name)

 
Returns: bool
True if the given name could refer to this module. It may not be exactly the same returned by get_name.

get_process(self)

 
Returns: Process or None
Parent Process object. Returns None on error.

get_pid(self)

 
Returns: int or None
Parent process global ID. Returns None on error.

get_handle(self)

 
Returns: FileHandle
Handle to the module file.

get_label(self, function=None, offset=None)

 

Retrieves the label for the given function of this module or the module base address if no function name is given.

Parameters:
  • function (str) - (Optional) Exported function name.
  • offset (int) - (Optional) Offset from the module base address.
Returns: str
Label for the module base address, plus the offset if given.

get_label_at_address(self, address, offset=None)

 

Creates a label from the given memory address.

If the address belongs to the module, the label is made relative to it's base address.

Parameters:
  • address (int) - Memory address.
  • offset (None or int) - (Optional) Offset value.
Returns: str
Label pointing to the given address.

is_address_here(self, address)

 

Tries to determine if the given address belongs to this module.

Parameters:
  • address (int) - Memory address.
Returns: bool or None
True if the address belongs to the module, False if it doesn't, and None if it can't be determined.

resolve(self, function)

 

Resolves a function exported by this module.

Parameters:
  • function (str or int) - str: Name of the function. int: Ordinal of the function.
Returns: int
Memory address of the exported function in the process. Returns None on error.

resolve_label(self, label)

 

Resolves a label for this module only. If the label refers to another module, an exception is raised.

Parameters:
  • label (str) - Label to resolve.
Returns: int
Memory address pointed to by the label.
Raises:
  • ValueError - The label is malformed or impossible to resolve.
  • RuntimeError - Cannot resolve the module or function.

Instance Variable Details [hide private]

EntryPoint

Entry point of the module. Use get_entry_point instead.
Type:
int

SizeOfImage

Size of the module. Use get_size instead.
Type:
int

fileName

Module filename. Use get_filename instead.
Type:
str

hFile

Handle to the module file. Use get_handle instead.
Type:
FileHandle

lpBaseOfDll

Base of DLL module. Use get_base instead.
Type:
int

process

Process where the module is loaded. Use get_process instead.
Type:
Process

   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri May 15 21:56:37 2009 http://epydoc.sourceforge.net