Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module system :: Class Module
[hide private]
[frames] | no frames]

Class Module

source code

Interface to a DLL library loaded in the context of another process.

Instance Methods [hide private]
 
__init__(self, lpBaseOfDll, hFile=None, fileName=None, SizeOfImage=None, EntryPoint=None, process=None)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature		 source code
 
__get_size_and_entry_point(self)
Get the size and entry point of the module using the Win32 API.		 source code
str
__filename_to_modname(self, pathname)
Returns: Module name.		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

    Properties
int or None
get_base(self)
Returns: Base address of the module.		 source code
int or None
get_size(self)
Returns: Base size of the module.		 source code
int or None
get_entry_point(self)
Returns: Entry point of the module.		 source code
str or None
get_filename(self)
Returns: Module filename.		 source code
str
get_name(self)
Returns: Module name, as used in labels.		 source code
Process or None
get_process(self)
Returns: Parent Process object.		 source code
int or None
get_pid(self)
Returns: Parent process global ID.		 source code
    Labels
bool
match_name(self, name)
Returns: True if the given name could refer to this module.		 source code
str
get_label(self, function=None, offset=None)
Retrieves the label for the given function of this module or the module base address if no function name is given.		 source code
str
get_label_at_address(self, address, offset=None)
Creates a label from the given memory address.		 source code
bool or None
is_address_here(self, address)
Tries to determine if the given address belongs to this module.		 source code
int
resolve(self, function)
Resolves a function exported by this module.		 source code
int
resolve_label(self, label)
Resolves a label for this module only.		 source code
    Handle
 
open_handle(self)
Opens a new handle to the module.		 source code
 
close_handle(self)
Closes the handle to the module.		 source code
FileHandle
get_handle(self)
Returns: Handle to the module file.		 source code
    Symbols
 
get_symbol_at_address(self, address) (Inherited from winappdbg.system.SymbolContainer) source code
list of tuple( str, int, int )
get_symbols(self)
Returns the debugging symbols for a module. (Inherited from winappdbg.system.SymbolContainer)		 source code
iterator of tuple( str, int, int )
iter_symbols(self)
Returns an iterator for the debugging symbols in a module, in no particular order. (Inherited from winappdbg.system.SymbolContainer)		 source code
 
load_symbols(self)
Loads the debugging symbols for a module. (Inherited from winappdbg.system.SymbolContainer)		 source code
int or None
resolve_symbol(self, symbol, bCaseSensitive=False)
Resolves a debugging symbol's address. (Inherited from winappdbg.system.SymbolContainer)		 source code
 
unload_symbols(self)
Unloads the debugging symbols for a module. (Inherited from winappdbg.system.SymbolContainer)		 source code
Class Variables [hide private]
str unknown = '<unknown>'
Suggested tag for unknown modules.
Instance Variables [hide private]
int EntryPoint
Entry point of the module.
int SizeOfImage
Size of the module.
str fileName
Module filename.
FileHandle hFile
Handle to the module file.
int lpBaseOfDll
Base of DLL module.
Process process
Process where the module is loaded.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, lpBaseOfDll, hFile=None, fileName=None, SizeOfImage=None, EntryPoint=None, process=None)
(Constructor)

source code 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Parameters:
  • lpBaseOfDll (str) - Base address of the module.
  • hFile (FileHandle) - (Optional) Handle to the module file.
  • fileName (str) - (Optional) Module filename.
  • SizeOfImage (int) - (Optional) Size of the module.
  • EntryPoint (int) - (Optional) Entry point of the module.
  • process (Process) - (Optional) Process where the module is loaded.
Overrides: object.__init__

get_base(self)

source code 
Returns: int or None
Base address of the module. Returns None if unknown.

get_size(self)

source code 
Returns: int or None
Base size of the module. Returns None if unknown.

get_entry_point(self)

source code 
Returns: int or None
Entry point of the module. Returns None if unknown.

get_filename(self)

source code 
Returns: str or None
Module filename. Returns None if unknown.

__filename_to_modname(self, pathname)

source code 
Parameters:
  • pathname (str) - Pathname to a module.
Returns: str
Module name.

get_name(self)

source code 
Returns: str
Module name, as used in labels.

Warning: Names are NOT guaranteed to be unique.

If you need unique identification for a loaded module, use the base address instead.

See Also: get_label

match_name(self, name)

source code 
Returns: bool
True if the given name could refer to this module. It may not be exactly the same returned by get_name.

get_process(self)

source code 
Returns: Process or None
Parent Process object. Returns None on error.

get_pid(self)

source code 
Returns: int or None
Parent process global ID. Returns None on error.

get_handle(self)

source code 
Returns: FileHandle
Handle to the module file.

get_label(self, function=None, offset=None)

source code 

Retrieves the label for the given function of this module or the module base address if no function name is given.

Parameters:
  • function (str) - (Optional) Exported function name.
  • offset (int) - (Optional) Offset from the module base address.
Returns: str
Label for the module base address, plus the offset if given.

get_label_at_address(self, address, offset=None)

source code 

Creates a label from the given memory address.

If the address belongs to the module, the label is made relative to it's base address.

Parameters:
  • address (int) - Memory address.
  • offset (None or int) - (Optional) Offset value.
Returns: str
Label pointing to the given address.

is_address_here(self, address)

source code 

Tries to determine if the given address belongs to this module.

Parameters:
  • address (int) - Memory address.
Returns: bool or None
True if the address belongs to the module, False if it doesn't, and None if it can't be determined.

resolve(self, function)

source code 

Resolves a function exported by this module.

Parameters:
  • function (str or int) - str: Name of the function. int: Ordinal of the function.
Returns: int
Memory address of the exported function in the process. Returns None on error.

resolve_label(self, label)

source code 

Resolves a label for this module only. If the label refers to another module, an exception is raised.

Parameters:
  • label (str) - Label to resolve.
Returns: int
Memory address pointed to by the label.
Raises:
  • ValueError - The label is malformed or impossible to resolve.
  • RuntimeError - Cannot resolve the module or function.

Instance Variable Details [hide private]

EntryPoint

Entry point of the module. Use get_entry_point instead.
Type:
int

SizeOfImage

Size of the module. Use get_size instead.
Type:
int

fileName

Module filename. Use get_filename instead.
Type:
str

hFile

Handle to the module file. Use get_handle instead.
Type:
FileHandle

lpBaseOfDll

Base of DLL module. Use get_base instead.
Type:
int

process

Process where the module is loaded. Use get_process instead.
Type:
Process

   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri Feb 12 19:46:22 2010 http://epydoc.sourceforge.net