Class WindowsDTBDescriptor

source code

A descriptor for DTB values.

On windows the DTB holds a reference to the _EPROCESS that owns it. This descriptor prints this information too.

Instance Methods

__init__(self, dtb, **kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature

source code

owner(self)

source code

render(self, renderer)
Render this step.

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables
	object_name = `'DTB'` hash(x)

Properties
Inherited from `object`: `__class__`

Method Details

init(self, dtb, **kwargs)
(Constructor)

source code

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__: (inherited documentation)

render(self, renderer)

source code

Render this step.

Overrides: addrspaces.intel.AddressTranslationDescriptor.render: (inherited documentation)

Class WindowsDTBDescriptor

__init__(self, dtb, **kwargs) (Constructor)

render(self, renderer)

init(self, dtb, **kwargs)
(Constructor)