Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Package winappdbg :: Module search :: Class Pattern
[hide private]
[frames] | no frames]

Class Pattern

source code

Base class for search patterns.

The following Pattern subclasses are provided by WinAppDbg:

See Also: Search.search_process

Instance Methods [hide private]
 
__init__(self, pattern)
Class constructor.		 source code
 
__len__(self)
Returns the maximum expected length of the strings matched by this pattern.		 source code
 
read(self, process, address, size)
Reads the requested number of bytes from the process memory at the given address.		 source code
tuple( int, int )
find(self, buffer, pos=None)
Searches for the pattern in the given buffer, optionally starting at the given position within the buffer.		 source code
tuple( int, int, str )
found(self, address, size, data)
This method gets called when a match is found.		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, pattern)
(Constructor)

source code 

Class constructor.

The only mandatory argument should be the pattern string.

This method MUST be reimplemented by subclasses of Pattern.

Overrides: object.__init__

__len__(self)
(Length operator)

source code 

Returns the maximum expected length of the strings matched by this pattern. Exact behavior is implementation dependent.

Ideally it should be an exact value, but in some cases it's not possible to calculate so an upper limit should be returned instead.

If that's not possible either an exception must be raised.

This value will be used to calculate the required buffer size when doing buffered searches.

This method MUST be reimplemented by subclasses of Pattern.

read(self, process, address, size)

source code 

Reads the requested number of bytes from the process memory at the given address.

Subclasses of Pattern tipically don't need to reimplement this method.

find(self, buffer, pos=None)

source code 

Searches for the pattern in the given buffer, optionally starting at the given position within the buffer.

This method MUST be reimplemented by subclasses of Pattern.

Parameters:
  • buffer (str) - Buffer to search on.
  • pos (int) - (Optional) Position within the buffer to start searching from.
Returns: tuple( int, int )
Tuple containing the following:
  • Position within the buffer where a match is found, or -1 if no match was found.
  • Length of the matched data if a match is found, or undefined if no match was found.

found(self, address, size, data)

source code 

This method gets called when a match is found.

This allows subclasses of Pattern to filter out unwanted results, or modify the results before giving them to the caller of Search.search_process.

If the return value is None the result is skipped.

Subclasses of Pattern don't need to reimplement this method unless filtering is needed.

Parameters:
  • address (int) - The memory address where the pattern was found.
  • size (int) - The size of the data that matches the pattern.
  • data (str) - The data that matches the pattern.
Returns: tuple( int, int, str )
Tuple containing the following: * The memory address where the pattern was found. * The size of the data that matches the pattern. * The data that matches the pattern.

   Home       Trees       Indices       Help   
WinAppDbg - Programming Reference
Generated by Epydoc 3.0.1 on Fri Dec 20 17:54:54 2013 http://epydoc.sourceforge.net