5i(ddlZddlZddlZddlZddlZddlmZddlmZddl m Z ddl Tddl Tddl mZddlmZddlmZdd lmZGd d ZdS) N)List)MinidumpHeaderMinidumpFileReader)*)MINIDUMP_STREAM_TYPE)MINIDUMP_DIRECTORY)PROCESSOR_ARCHITECTURE)PEBceZdZdZedZeddZedZedZdZ dZ d Z d Z d Z d Zd ZdS) MinidumpFilecd|_d|_d|_g|_d|_d|_d|_d|_d|_d|_ d|_ d|_ d|_ d|_ d|_d|_d|_d|_d|_dSN)filename file_handleheader directories threads_exthreadsmodulesmemory_segmentsmemory_segments_64sysinfo comment_a comment_w exceptionhandlesunloaded_modules misc_info memory_info thread_infopebselfs K/home/kali/Ninja/venv/lib/python3.11/site-packages/minidump/minidumpfile.py__init__zMinidumpFile.__init__s$-$#$+/1$)-$/$($,$($,,0$15$$($,"&$."&$.!%$.*.$,59$$($.,0$,0$$(((ct}||_t|d|_||S)Nrb)r ropenr_parse)rmfs r%parsezMinidumpFile.parse0s5~~""+$''".))+++ )r'cft}||_||_||S)z External file handle must be an object that exposes basic file IO functionality that you'd get by python's file buffer (read, seek, tell etc.) )r rrr+)rrr,s r%parse_externalzMinidumpFile.parse_external8s- ~~""+".))+++ )r'cZttj|Sr)r parse_buffioBytesIO)datas r% parse_byteszMinidumpFile.parse_bytesDs  D!1!1 2 22r'cXt}||_||Sr)r rr+)bufferr,s r%r2zMinidumpFile.parse_buffHs$~~"".))+++ )r'c t|Srrr#s r% get_readerzMinidumpFile.get_readerOs D ! !!r'c|| |dS#t$r}t jdYd}~dSd}~wwxYw)NzPEB parsing error!)_MinidumpFile__parse_header _MinidumpFile__parse_directories_MinidumpFile__parse_peb Exceptionloggingr)r$es r%r+zMinidumpFile._parseRs+ +++ )*********+sA A) A$$A)ctj|j|_t d|jjD]}|j|jj|dzzdtj|j}|r|j |c|j|jj|dzzdtj |j}tj d|zdS)Nr z+Found Unknown UserStream directory Type: %x)rr-rrrangeNumberOfStreamsseekStreamDirectoryRvar rappendget_stream_type_valuer@debug)r$i minidump_diruser_stream_type_values r%__parse_headerzMinidumpFile.__parse_headerZs$T%566$+ DK/ 0 0 \ \a7!b&@!EEE$*4+;<<<\L))))$+81r6A1FFF/EdFVWW M?CYZ[[[[ \ \r'c|jD]}|jtjkr.t jd|jj|jjfzF|jtj kr.t jd|jj|jjfz|jtj kr.t jd|jj|jjfz|jtj krTt jd|jj|jjfzt ||j|_5|jtjkrTt jd|jj|jjfzt" ||j|_|jtjkrTt jd|jj|jjfzt( ||j|_|jtjkrTt jd|jj|jjfzt. ||j|_p|jtjkrTt jd|jj|jjfzt4 ||j|_|jtjkrTt jd |jj|jjfzt: ||j|_B|jtjkrTt jd |jj|jjfzt> ||j|_ |jtj!krTt jd |jj|jjfztB ||j|_"|jtj#krTt jd |jj|jjfztH ||j|_%}|jtj&krTt jd |jj|jjfztN ||j|_(|jtj)krCt jd|jj|jjfzt jd>|jtj*krTt jd|jj|jjfztV ||j|_,|jtj-krTt jd|jj|jjfzt\ ||j|_/|jtj0krTt jd|jj|jjfztb ||j|_2y|jtj3krzt jd|jj|jjfzth ||j|_5t jtm|j5|jtj7krCt jd|jj|jjfzt jd`|jtj8krBt jd|jj|jjfzt jdn|jtj9krBt jd|jj|jjfzt jdn|jtj:krBt jd|jj|jjfzt jdn8t jd|jj;|jj|jjfz |<dS#tz$r}t j%dYd}~dSd}~wwxYw)NzFound UnusedStream @%x Size: %dz"Found ReservedStream0 @%x Size: %dz"Found ReservedStream1 @%x Size: %dz#Found ThreadListStream @%x Size: %dz#Found ModuleListStream @%x Size: %dz#Found MemoryListStream @%x Size: %dz#Found SystemInfoStream @%x Size: %dz%Found ThreadExListStream @%x Size: %dz%Found Memory64ListStream @%x Size: %dz!Found CommentStreamA @%x Size: %dz!Found CommentStreamW @%x Size: %dz"Found ExceptionStream @%x Size: %dz#Found HandleDataStream @%x Size: %dz&Found FunctionTableStream @%x Size: %dz3Parsing of this stream type is not yet implemented!z+Found UnloadedModuleListStream @%x Size: %dz!Found MiscInfoStream @%x Size: %dz'Found MemoryInfoListStream @%x Size: %dz'Found ThreadInfoListStream @%x Size: %dz)Found SystemMemoryInfoStream @%x Size: %dzISystemMemoryInfoStream parsing is not implemented (Missing documentation)z'Found JavaScriptDataStream @%x Size: %dzGJavaScriptDataStream parsing is not implemented (Missing documentation)z*Found ProcessVmCountersStream @%x Size: %dzJProcessVmCountersStream parsing is not implemented (Missing documentation)zFound TokenStream @%x Size: %dz>TokenStream parsing is not implemented (Missing documentation)z+Found Unknown Stream! Type: %s @%x Size: %dzThread context parsing error!)>r StreamTyper UnusedStreamr@rJLocationRvaDataSizeReservedStream0ReservedStream1ThreadListStreamMinidumpThreadListr-rrModuleListStreamMinidumpModuleListrMemoryListStreamMinidumpMemoryListrSystemInfoStreamMinidumpSystemInforThreadExListStreamMinidumpThreadExListrMemory64ListStreamMinidumpMemory64ListrCommentStreamArCommentStreamWrExceptionStream ExceptionListrHandleDataStreamMinidumpHandleDataStreamrFunctionTableStreamUnloadedModuleListStreamMinidumpUnloadedModuleListrMiscInfoStreamMinidumpMiscInforMemoryInfoListStreamMinidumpMemoryInfoListr ThreadInfoListStreamMinidumpThreadInfoListr!strSystemMemoryInfoStreamJavaScriptDataStreamProcessVmCountersStream TokenStreamname#_MinidumpFile__parse_thread_contextr?)r$dirrAs r%__parse_directoriesz MinidumpFile.__parse_directoriesgs  mmc n,999 M3s|7GI^6__```  .>>> M6#,:JCLLa9bbccc  .>>> M6#,:JCLLa9bbccc  .??? M73<;KS\Mb:ccddd%++C1ABBDL  .??? M73<;KS\Mb:ccddd%++C1ABBDL  .??? M73<;KS\Mb:ccddd-33C9IJJD  .??? M73<;KS\Mb:ccddd%++C1ABBDL  .AAA M9S\=Ms|OdNOOD  .=== M59I3>> M6#,:JCLLa9bbccc"((d.>??DN  .??? M73<;KS\Mb:ccddd+11#t7GHHDL  .BBB M:cl>NPSP\Pe=ffggg MGHHH  .GGG M?3gghhh-33C9IJJD  .CCC M;s|?OQTQ]Qf>gghhh-33C9IJJD M#d&''(((  .EEE M=AQSVS_Sh@iijjj M]^^^  .CCC M;s|?OQTQ]Qf>gghhh M[\\\\ .FFF M>#,BRTWT`TiAjjkkk M^____ .::: M2cl6F H]5^^___ MRSSSS M?3>CVX[XdXhjmjvjCAABBB 6     666 45555555556s(b>> c'c""c'c|jr|jsdS|jjD]}|jj}|j||jjtjkr%t |j|_ g|jjtj kr$t |j|_ dSr)rr ThreadContextrSrrFProcessorArchitecturer AMD64CONTEXTr- ContextObjectINTEL WOW64_CONTEXT)r$threadrvas r%__parse_thread_contextz#MinidumpFile.__parse_thread_contexts  T\  6 $AAf   !3 l(,B,HHH"==)9::F *.D.JJJ(..t/?@@F AAr'cX|jr|jsdStj||_dSr)rrr from_minidumpr"r#s r% __parse_pebzMinidumpFile.__parse_pebs0  T\  6  t $ $$(((r'cd}|t|jz }|t|jz }|jD]}|t|dzz }|jjD]}|t|dzz }|j$|jjD]}|t|dzz }|j$|jjD]}|t|dzz }|S)Nz== Minidump File ==  )rrrrrrrr)r$trymodsegments r%__str__zMinidumpFile.__str__s!s4;!s4<!  cC411 \ !cC411 %&6wG tAA ()9wG tAA (r'N)r.)__name__ __module__ __qualname__r& staticmethodr-r0r6r2r:r+r<r=rxr>rr'r%r r s.  ,     ,  33,3  , """+++ \ \ \s6s6s6j A A A%%%     r'r )r3sysenumstructr@typingrminidump.headerrminidump.minidumpreaderrminidump.streamsminidump.common_structsminidump.constantsrminidump.directoryr !minidump.streams.SystemInfoStreamr minidump.structures.pebr r rr'r%rs ******666666%%%%333333111111DDDDDD''''''g g g g g g g g g g r'