Miasm2
 All Classes Namespaces Files Functions Variables Typedefs Properties Macros
Public Member Functions | Static Public Attributes | Private Attributes | List of all members
miasm2.analysis.binary.ContainerPE Class Reference

Format dependent classes. More...

+ Inheritance diagram for miasm2.analysis.binary.ContainerPE:
+ Collaboration diagram for miasm2.analysis.binary.ContainerPE:

Public Member Functions

def parse
 
def from_string
 
def register_container
 
def register_fallback
 
def from_stream
 
def parse
 
def bin_stream
 
def executable
 
def entry_point
 
def arch
 

Static Public Attributes

list available_container = []
 
 fallback_container = None
 

Private Attributes

 _executable
 
 _arch
 
 _bin_stream
 
 _entry_point
 

Detailed Description

Format dependent classes.

Definition at line 122 of file binary.py.

Member Function Documentation

def miasm2.analysis.binary.Container.arch (   self)
inherited

Definition at line 116 of file binary.py.

116 
117  def arch(self):
118  "Return the guessed architecture"
119  return self._arch
120 
def miasm2.analysis.binary.Container.bin_stream (   self)
inherited

Definition at line 101 of file binary.py.

101 
102  def bin_stream(self):
103  "Return the BinStream instance corresponding to container content"
104  return self._bin_stream
def miasm2.analysis.binary.Container.entry_point (   self)
inherited

Definition at line 111 of file binary.py.

111 
112  def entry_point(self):
113  "Return the detected entry_point"
114  return self._entry_point
def miasm2.analysis.binary.Container.executable (   self)
inherited

Definition at line 106 of file binary.py.

106 
107  def executable(self):
108  "Return the abstract instance standing for parsed executable"
109  return self._executable
def miasm2.analysis.binary.Container.from_stream (   cls,
  stream,
  args,
  kwargs 
)
inherited 
Instanciate a container and parse the binary
@stream: stream to use as binary
@vm: (optional) VmMngr instance to link with the executable
@addr: (optional) Shift to apply before parsing the binary. If set,
       force the unknown format

Definition at line 76 of file binary.py.

76 
77  def from_stream(cls, stream, *args, **kwargs):
78  """Instanciate a container and parse the binary
79  @stream: stream to use as binary
80  @vm: (optional) VmMngr instance to link with the executable
81  @addr: (optional) Shift to apply before parsing the binary. If set,
82  force the unknown format
83  """
84  return Container.from_string(stream.read(), *args, **kwargs)
def miasm2.analysis.binary.Container.from_string (   cls,
  data,
  vm = None,
  addr = None 
)
inherited 
Instanciate a container and parse the binary
@data: str containing the binary
@vm: (optional) VmMngr instance to link with the executable
@addr: (optional) Base address for the binary. If set,
       force the unknown format

Definition at line 36 of file binary.py.

36 
37  def from_string(cls, data, vm=None, addr=None):
38  """Instanciate a container and parse the binary
39  @data: str containing the binary
40  @vm: (optional) VmMngr instance to link with the executable
41  @addr: (optional) Base address for the binary. If set,
42  force the unknown format
43  """
44  log.info('Load binary')
45 
46  if not addr:
47  addr = 0
48  else:
49  # Force fallback mode
50  log.warning('Fallback to string input (offset=%s)', hex(addr))
51  return cls.fallback_container(data, vm, addr)
52 
53  # Try each available format
54  for container_type in cls.available_container:
55  try:
56  return container_type(data, vm)
57  except ContainerSignatureException:
58  continue
59  except ContainerParsingException, error:
60  log.error(error)
61 
62  # Fallback mode
63  log.warning('Fallback to string input (offset=%s)', hex(addr))
64  return cls.fallback_container(data, vm, addr)
def miasm2.analysis.binary.Container.parse (   self,
  data,
  args,
  kwargs 
)
inherited

Definition at line 85 of file binary.py.

85 
86  def parse(self, data, *args, **kwargs):
87  "Launch parsing of @data"
88  raise NotImplementedError("Abstract method")
def miasm2.analysis.binary.ContainerPE.parse (   self,
  data,
  vm = None 
)

Definition at line 125 of file binary.py.

125 
126  def parse(self, data, vm=None):
127  from miasm2.jitter.loader.pe import vm_load_pe, preload_pe, guess_arch
128  from elfesteem import pe_init
129 
130  # Parse signature
131  if not data.startswith('MZ'):
132  raise ContainerSignatureException()
133 
134  # Build executable instance
135  try:
136  if vm is not None:
137  self._executable = vm_load_pe(vm, data)
138  else:
139  self._executable = pe_init.PE(data)
140  except Exception, error:
141  raise ContainerParsingException('Cannot read PE: %s' % error)
142 
143  # Check instance validity
144  if not self._executable.isPE() or \
145  self._executable.NTsig.signature_value != 0x4550:
146  raise ContainerSignatureException()
147 
148  # Guess the architecture
149  self._arch = guess_arch(self._executable)
150 
151  # Build the bin_stream instance and set the entry point
152  try:
153  self._bin_stream = bin_stream_pe(self._executable.virt)
154  ep_detected = self._executable.Opthdr.AddressOfEntryPoint
155  self._entry_point = self._executable.rva2virt(ep_detected)
156  except Exception, error:
157  raise ContainerParsingException('Cannot read PE: %s' % error)
158 
miasm2.core.bin_stream.bin_stream_pe
Definition: bin_stream.py:158
def miasm2.analysis.binary.Container.register_container (   cls,
  container 
)
inherited

Definition at line 66 of file binary.py.

66 
67  def register_container(cls, container):
68  "Add a Container format"
69  cls.available_container.append(container)
def miasm2.analysis.binary.Container.register_fallback (   cls,
  container 
)
inherited

Definition at line 71 of file binary.py.

71 
72  def register_fallback(cls, container):
73  "Set the Container fallback format"
74  cls.fallback_container = container

Member Data Documentation

miasm2.analysis.binary.ContainerPE._arch
private

Definition at line 148 of file binary.py.

miasm2.analysis.binary.ContainerPE._bin_stream
private

Definition at line 152 of file binary.py.

miasm2.analysis.binary.ContainerPE._entry_point
private

Definition at line 154 of file binary.py.

miasm2.analysis.binary.ContainerPE._executable
private

Definition at line 136 of file binary.py.

list miasm2.analysis.binary.Container.available_container = []
staticinherited

Definition at line 32 of file binary.py.

miasm2.analysis.binary.Container.fallback_container = None
staticinherited

Definition at line 33 of file binary.py.

The documentation for this class was generated from the following file:
Generated by   doxygen 1.8.8