Class WindowsPagedMemoryMixin

source code

A mixin to implement windows specific paged memory address spaces.

This mixin allows us to share code between 32 and 64 bit implementations.

Instance Methods

__init__(self, **kwargs)
x.__init__(...) initializes x; see help(type(x)) for signature

source code

ResolveProtoPTE(self, pte_value, vaddr)

source code

describe_proto_pte(self, collection, pte_addr, pte_value, vaddr)
Describe the analysis of the prototype PTE.

source code

describe_pte(self, collection, pte_addr, pte_value, vaddr)
Describe the initial analysis of the PTE.

source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Properties
	vad Returns a cached RangedCollection() of vad ranges.
Inherited from `object`: `__class__`

Method Details

init(self, **kwargs)
(Constructor)

source code

x.__init__(...) initializes x; see help(type(x)) for signature

Overrides: object.__init__: (inherited documentation)

describe_proto_pte(self, collection, pte_addr, pte_value, vaddr)

source code

Describe the analysis of the prototype PTE.

This essentially explains how we utilize the flow chart presented in [1] Figure 3.

NOTE: pte_addr is given here in the kernel's Virtual Address Space since prototype PTEs are always allocated from pool.

describe_pte(self, collection, pte_addr, pte_value, vaddr)

source code

Describe the initial analysis of the PTE.

This essentially explains how we utilize the flow chart presented in [1] Figure 2.

Property Details

vad

Returns a cached RangedCollection() of vad ranges.

Get Method:: unreachable.vad(self) - Returns a cached RangedCollection() of vad ranges.

Class WindowsPagedMemoryMixin

__init__(self, **kwargs) (Constructor)

describe_proto_pte(self, collection, pte_addr, pte_value, vaddr)

describe_pte(self, collection, pte_addr, pte_value, vaddr)

vad

init(self, **kwargs)
(Constructor)