Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Module module :: Class Module
[hide private]
[frames] | no frames]

Class Module

source code

Interface to a DLL library loaded in the context of another process.

Nested Classes [hide private]
  _SymbolEnumerator
Internally used by Module to enumerate symbols in a module.
Instance Methods [hide private]
 
__init__(self, lpBaseOfDll, hFile=None, fileName=None, SizeOfImage=None, EntryPoint=None, process=None)
x.__init__(...) initializes x; see help(type(x)) for signature		 source code
 
__get_size_and_entry_point(self)
Get the size and entry point of the module using the Win32 API.		 source code
str
__filename_to_modname(self, pathname)
Returns: Module name.		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

    Properties
 
set_handle(self, hFile) source code
Process
get_process(self)
Returns: Parent Process object.		 source code
 
set_process(self, process=None)
Manually set the parent process.		 source code
int or None
get_pid(self)
Returns: Parent process global ID.		 source code
int or None
get_base(self)
Returns: Base address of the module.		 source code
int or None
get_size(self)
Returns: Base size of the module.		 source code
int or None
get_entry_point(self)
Returns: Entry point of the module.		 source code
str or None
get_filename(self)
Returns: Module filename.		 source code
str
get_name(self)
Returns: Module name, as used in labels.		 source code
 
open_handle(self)
Opens a new handle to the module.		 source code
 
close_handle(self)
Closes the handle to the module.		 source code
FileHandle
get_handle(self)
Returns: Handle to the module file.		 source code
    Labels
bool
match_name(self, name)
Returns: True if the given name could refer to this module.		 source code
str
get_label(self, function=None, offset=None)
Retrieves the label for the given function of this module or the module base address if no function name is given.		 source code
str
get_label_at_address(self, address, offset=None)
Creates a label from the given memory address.		 source code
bool or None
is_address_here(self, address)
Tries to determine if the given address belongs to this module.		 source code
int
resolve(self, function)
Resolves a function exported by this module.		 source code
int
resolve_label(self, label)
Resolves a label for this module only.		 source code
    Symbols
 
load_symbols(self)
Loads the debugging symbols for a module.		 source code
 
unload_symbols(self)
Unloads the debugging symbols for a module.		 source code
list of tuple( str, int, int )
get_symbols(self)
Returns the debugging symbols for a module.		 source code
iterator of tuple( str, int, int )
iter_symbols(self)
Returns an iterator for the debugging symbols in a module, in no particular order.		 source code
int or None
resolve_symbol(self, symbol, bCaseSensitive=False)
Resolves a debugging symbol's address.		 source code
None or tuple( str, int, int )
get_symbol_at_address(self, address)
Tries to find the closest matching symbol for the given address.		 source code
    Modules snapshot
 
clear(self)
Clears the resources held by this object.		 source code
Class Variables [hide private]
str unknown = '<unknown>'
Suggested tag for unknown modules.
Instance Variables [hide private]
FileHandle hFile
Handle to the module file.
Process process
Process where the module is loaded.
int EntryPoint
Entry point of the module.
int SizeOfImage
Size of the module.
str fileName
Module filename.
int lpBaseOfDll
Base of DLL module.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, lpBaseOfDll, hFile=None, fileName=None, SizeOfImage=None, EntryPoint=None, process=None)
(Constructor)

source code 

x.__init__(...) initializes x; see help(type(x)) for signature

Parameters:
  • lpBaseOfDll (str) - Base address of the module.
  • hFile (FileHandle) - (Optional) Handle to the module file.
  • fileName (str) - (Optional) Module filename.
  • SizeOfImage (int) - (Optional) Size of the module.
  • EntryPoint (int) - (Optional) Entry point of the module.
  • process (Process) - (Optional) Process where the module is loaded.
Overrides: object.__init__

set_handle(self, hFile)

source code 
Parameters:
  • hFile (Handle) - File handle. Use None to clear.

get_process(self)

source code 
Returns: Process
Parent Process object. Returns None if unknown.

set_process(self, process=None)

source code 

Manually set the parent process. Use with care!

Parameters:
  • process (Process) - (Optional) Process object. Use None for no process.

get_pid(self)

source code 
Returns: int or None
Parent process global ID. Returns None on error.

get_base(self)

source code 
Returns: int or None
Base address of the module. Returns None if unknown.

get_size(self)

source code 
Returns: int or None
Base size of the module. Returns None if unknown.

get_entry_point(self)

source code 
Returns: int or None
Entry point of the module. Returns None if unknown.

get_filename(self)

source code 
Returns: str or None
Module filename. Returns None if unknown.

__filename_to_modname(self, pathname)

source code 
Parameters:
  • pathname (str) - Pathname to a module.
Returns: str
Module name.

get_name(self)

source code 
Returns: str
Module name, as used in labels.

Warning: Names are NOT guaranteed to be unique.

If you need unique identification for a loaded module, use the base address instead.

See Also: get_label

match_name(self, name)

source code 
Returns: bool
True if the given name could refer to this module. It may not be exactly the same returned by get_name.

open_handle(self)

source code 

Opens a new handle to the module.

The new handle is stored in the hFile property.

close_handle(self)

source code 

Closes the handle to the module.

Note: Normally you don't need to call this method. All handles created by WinAppDbg are automatically closed when the garbage collector claims them. So unless you've been tinkering with it, setting hFile to None should be enough.

get_handle(self)

source code 
Returns: FileHandle
Handle to the module file.

load_symbols(self)

source code 

Loads the debugging symbols for a module. Automatically called by get_symbols.

get_symbols(self)

source code 

Returns the debugging symbols for a module. The symbols are automatically loaded when needed.

Returns: list of tuple( str, int, int )
List of symbols. Each symbol is represented by a tuple that contains:
  • Symbol name
  • Symbol memory address
  • Symbol size in bytes

iter_symbols(self)

source code 

Returns an iterator for the debugging symbols in a module, in no particular order. The symbols are automatically loaded when needed.

Returns: iterator of tuple( str, int, int )
Iterator of symbols. Each symbol is represented by a tuple that contains:
  • Symbol name
  • Symbol memory address
  • Symbol size in bytes

resolve_symbol(self, symbol, bCaseSensitive=False)

source code 

Resolves a debugging symbol's address.

Parameters:
  • symbol (str) - Name of the symbol to resolve.
  • bCaseSensitive (bool) - True for case sensitive matches, False for case insensitive.
Returns: int or None
Memory address of symbol. None if not found.

get_symbol_at_address(self, address)

source code 

Tries to find the closest matching symbol for the given address.

Parameters:
  • address (int) - Memory address to query.
Returns: None or tuple( str, int, int )
Returns a tuple consisting of:
  • Name
  • Address
  • Size (in bytes)

Returns None if no symbol could be matched.

get_label(self, function=None, offset=None)

source code 

Retrieves the label for the given function of this module or the module base address if no function name is given.

Parameters:
  • function (str) - (Optional) Exported function name.
  • offset (int) - (Optional) Offset from the module base address.
Returns: str
Label for the module base address, plus the offset if given.

get_label_at_address(self, address, offset=None)

source code 

Creates a label from the given memory address.

If the address belongs to the module, the label is made relative to it's base address.

Parameters:
  • address (int) - Memory address.
  • offset (None or int) - (Optional) Offset value.
Returns: str
Label pointing to the given address.

is_address_here(self, address)

source code 

Tries to determine if the given address belongs to this module.

Parameters:
  • address (int) - Memory address.
Returns: bool or None
True if the address belongs to the module, False if it doesn't, and None if it can't be determined.

resolve(self, function)

source code 

Resolves a function exported by this module.

Parameters:
  • function (str or int) - str: Name of the function. int: Ordinal of the function.
Returns: int
Memory address of the exported function in the process. Returns None on error.

resolve_label(self, label)

source code 

Resolves a label for this module only. If the label refers to another module, an exception is raised.

Parameters:
  • label (str) - Label to resolve.
Returns: int
Memory address pointed to by the label.
Raises:
  • ValueError - The label is malformed or impossible to resolve.
  • RuntimeError - Cannot resolve the module or function.

Instance Variable Details [hide private]

hFile

Handle to the module file. Use get_handle instead.
Get Method:
unreachable.get_handle(self) - Returns: File handle.
Set Method:
set_handle(self, hFile)

process

Process where the module is loaded. Use the get_process method instead.
Get Method:
get_process(self) - Returns: Parent Process object.
Set Method:
set_process(self, process=None) - Manually set the parent process.

EntryPoint

Entry point of the module. Use get_entry_point instead.
Type:
int

SizeOfImage

Size of the module. Use get_size instead.
Type:
int

fileName

Module filename. Use get_filename instead.
Type:
str

lpBaseOfDll

Base of DLL module. Use get_base instead.
Type:
int

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Fri Dec 20 17:54:53 2013 http://epydoc.sourceforge.net