5i,ddlZddlZddlTddlmZGddZGddZGd d ZGd d ZdS) N)*)PROCESSOR_ARCHITECTUREceZdZdZdZdS)VirtualSegmentc>||_||_||_d|_dSN)startendstart_file_addressdata)selfr r r s N/home/kali/Ninja/venv/lib/python3.11/site-packages/minidump/aminidumpreader.py__init__zVirtualSegment.__init__ s#$* $(.$$)))c.|j|ko ||jkSr )r r )rr r s rinrangezVirtualSegment.inranges u  /tx/rN)__name__ __module__ __qualname__rrrrrr s200000rrc.eZdZddZdZdZdZdZdS) AMinidumpBufferedMemorySegment(c|j|_|j|_|j|jz |_|j|_||_g|_dSr )start_virtual_address start_addressend_virtual_address end_address total_sizer chunksizechunks)rmemory_segmentr!s rrz'AMinidumpBufferedMemorySegment.__init__sG%;$#7$"69]]$/*=$$.$+++rc6|j|cxko |jkncSr )rrrpositions rrz&AMinidumpBufferedMemorySegment.inrange s* x : : : :$*: : : : ::rcD||sdS|j|z Sr )rrr%s r remaining_lenz,AMinidumpBufferedMemorySegment.remaining_len#s) h   $ H $$rclK||ddd{V}|||S)Nr)readfind)r file_handlepatternstartposr s rr,z#AMinidumpBufferedMemorySegment.find(sAyya,, , , , , , ,$ 7H % %%rcK|N||j|zd{V||j|j|zz d{VS|jD]9}|||r!|j||jz ||jz cS:|jd|j zkr|j}td||j}||jd{V||d{V|_|j ||j||jz ||jz St||z |j }||z|jkr |j|z }t|||z|j|z}||jd{V||d{V|_|j ||j||jz ||jz S)Nr) seekr r+rr"rr r r r!rappendmax)rr-r r chunkr!vss rr+z#AMinidumpBufferedMemorySegment.read,sN[   $1E9 : ::::::::  !1T5Lu5T!UVV V V V V V VV{>>e mmE3> :eek)3+<< ====> _$.(((9q)T%<==2   $1 2 22222222##I.. . . . . . .27;b '%"("C"(N2 333u9t~..) Y)))%'9eU9_d.E.MNN"./////////""9-- - - - - - -"'+R !3>1 22rNr)rrrrrr(r,r+rrrrrsd;;;%%% &&&33333rrc~eZdZddZdZddZdZddZd Zd Z dd Z d Z dZ dZ dZdZdZdZdZddZdS)AMinidumpBufferedReaderrcL||_g|_||_d|_d|_dSr )readermemory_segmentssegment_chunk_sizecurrent_segmentcurrent_position)rr;r=s rrz AMinidumpBufferedReader.__init__Is/$+$.$$$rcTK|jD](}||r||_||_dS)|jjD]X}||rAt ||j}|j|||_||_dSYtd|z)z N)r!z4Memory address 0x%08x is not in process memory space) r<rr>r?r;rr=r3 Exception)rrequested_positionr# newsegments r_select_segmentz'AMinidumpBufferedReader._select_segmentQs ,  n/00 )D.D FF  3  n/00 /$JabbbJ +++%D.D FF   HK]]^^^rrcK|dkr|jj|z}n6|dkr |j|z}n%|dkr|jj|z }nt d|j|st d||_dS)aD Changes the current address to an offset of offset. The whence parameter controls from which position should we count the offsets. 0: beginning of the current memory segment 1: from current position 2: from the end of the current memory segment If you wish to move out from the segment, use the 'move' function rrr1z.Seek function whence value must be between 0-2z5Seek would cross memory segment boundaries (use move)N)r>rr?rrAr)roffsetwhencets rr2zAMinidumpBufferedReader.seekgs q[[ )F211 {{ v%11 {{ '&011 C D DD  % %a ( (L J K KK$&rc@K||d{VdS)z@ Moves the buffer to a virtual address specified by address N)rD)raddresss rmovezAMinidumpBufferedReader.move~s3 W%%%%%%%%%&rNcK|$|jjjtjkrd}nd}|j|z}|dkrdS||z |z}||dd{VdS)zD Repositions the current reader to match architecture alignment Nrr)r;sysinfoProcessorArchitecturerAMD64r?r2)r alignmentrFoffset_to_aligneds ralignzAMinidumpBufferedReader.aligns k/3I3OOOIII  9 ,& q[[ 6 6)Y6 #Q'''''''''&rc|jS)z) Returns the current virtual address )r?)rs rtellzAMinidumpBufferedReader.tells   rcK|j|z}|j|dz std|j|jj|j|jjz ||jjz d{VS)z@ Returns up to length bytes from the current memory segment r#Would read over segment boundaries!N)r?r>rrAr+r;r-r)rlengthrHs rpeekzAMinidumpBufferedReader.peeks f$!  % %a!e , ,: 8 9 99#(()@$BWZ^ZnZ|B|@ADHDXDf@fgg g g g g g ggrr*c8K|dkrtd|dkrt|j|j}|sdS|j}|jj|_|j|jj||jjz dd{VS|j|z}|j |dz std|j}||_|j|jj||jjz ||jjz d{VS)z Returns data bytes of size size from the current segment. If size is -1 it returns all the remaining data bytes from memory segment r*zYou shouldnt be doing thisNrrX) rAr>r(r?rr+r;r-rr)rsizerH old_new_poss rr+zAMinidumpBufferedReader.reads_ BYY / 0 00 RZZ ))$*?@@1  4&;/;4$))$+*A;QUQeQsCsuyzz z z z z z zz d"!  % %a!e , ,: 8 9 99%+$#(()@+PTPdPrBrtux|yMy[u[\\ \ \ \ \ \ \\rc(K|jjjtjkr8|dd{V}t |ddS|dd{Vx}}t |ddS)z Reads an integer. The size depends on the architecture. Reads a 4 byte small-endian singed int on 32 bit arch Reads an 8 byte small-endian singed int on 64 bit arch rMNlittleT byteordersignedrNr;rOrPrrQr+int from_bytesrrHs rread_intz AMinidumpBufferedReader.read_ints  [.2H2NNN YYq\\1 ..4. @ @@1      1q ..4. @ @@rc$K|jjjtjkr8|dd{V}t |ddS|dd{V}t |ddS)z Reads an integer. The size depends on the architecture. Reads a 4 byte small-endian unsinged int on 32 bit arch Reads an 8 byte small-endian unsinged int on 64 bit arch rMNr_Fr`rNrcrfs r read_uintz!AMinidumpBufferedReader.read_uints  [.2H2NNN YYq\\1 ..5. A AA YYq\\1 ..5. A AArcK|j|jj|d{V}|dkrdS||jzS)z: Searches for a pattern in the current memory segment Nr*)r>r,r;r-r?)rr.poss rr,zAMinidumpBufferedReader.findsS"'' (?IIIIIIII#BYY " t$ $$rcKg}d} |j|jj||dzd{V}|dkrn#|||jjzY|S)zp Searches for all occurrences of a pattern in the current memory segment, returns all occurrences as a list r*TrN)r>r,r;r-r3r)rr.rk last_founds rfind_allz AMinidumpBufferedReader.find_alls #*?*// 0GR\_`R`aaaaaaaa:B ::j4/==>>> ? *rcK|j|d{V}t|dkrdS|dS)zx Searches for the pattern in the whole process memory space and returns the first occurrence. This is exhaustive! Nrr*)r;searchlen)rr.pos_ss r find_globalz#AMinidumpBufferedReader.find_globalsL  ""7++ + + + + + +%ZZ1__ " q/rcFK|j|d{VS)z Searches for the pattern in the whole process memory space and returns a list of addresses where the pattern begins. This is exhaustive! N)r;rp)rr.s rfind_all_globalz'AMinidumpBufferedReader.find_all_globals0 {!!'** * * * * * **rcpK||d{V|d{VSr )rKri)rrks rget_ptrzAMinidumpBufferedReader.get_ptrsJ #~~      rcdK|jjjtjkr[||d{V|dd{V}t|dd}|dz|zS||d{V| d{VS)NrNr_Tr`) r;rOrPrrQrKr+rdreri)rrkrHptrs rget_ptr_with_offsetz+AMinidumpBufferedReader.get_ptr_with_offsets [.2H2NNN 3 YYq\\1 x$ ? ?3 'C- 3   rFc^K|j|||||jd{V}|S)N) find_first reverse_orderr!)r; search_moduler=)r module_namer.r|r}rHs rfind_in_modulez&AMinidumpBufferedReader.find_in_modulesb K % %k7er@D@W % X XXXXXXX! (rr7)rr )r*)FF)rrrrrDr2rKrTrVrZr+rgrir,rnrsrurwrzrrrrr9r9Hs<___,    .        ggg\\\\. A A A B B B%%%       +++   !!!      rr9c8eZdZdZd dZdZd dZd dZdZd S) AMinidumpFileReaderc|jj|_|j|_|jr|jj|_d|_n|jj|_d|_|j|_|j|_d|_d|_|jj tj tj fvrd|_ d|_dS|jj tjtjfvrd|_ d|_dSt#d|jj z)NTFrNz->-@-@AARGG JJJH rFc6K||}|td|zg}|jD]c}|j|jcxkr |jkrEn!||||j||d{Vz }t|dkr|dur|cSd|S)NzCould not find module! %sr|r!rT) rrAr< baseaddressr endaddressasearchr-rq) rrr.r|r}r!rneedlesmss rr~z!AMinidumpFileReader.search_module;s  ,,#[ .< = == '  b o1BBBBCNBBBBB RZZ)9 `iZjjjjjjjjjG 7||aJ$.. ^^^ .rcpKg}|jD])}||||j||d{Vz }*|S)Nr)r<rr-)rr.r|r!rHrs rrpzAMinidumpFileReader.searchHsZ!  ddbbjj$"2Ybjccccccccc11 (rcK|jD];}||r$||||jd{VcSrs  <<<<<< 0 0 0 0 0 0 0 0/3/3/3/3/3/3/3/3bH H H H H H H H Z>F>F>F>F>F>F>F>F>F>Fr