Trees       Indices       Help   
Immunity Debugger API Reference
Package Libs :: Module pelib
[hide private]
[frames] | no frames]

Module pelib

source code

(c) Immunity, Inc. 2004-2007

Immunity Inc. pelib

Proprietary CANVAS source code - use only under the license agreement specified in LICENSE.txt in your CANVAS distribution Copyright Immunity, Inc, 2002-2007 http://www.immunityinc.com/CANVAS/ for more information

Classes [hide private]
  PEError
  MZ
  ImageImportByName
  ImportDescriptor
  Directory
  ImageExportDirectory
  Section
  IMGhdr
  IMGOPThdr
  PE
  PElib

Functions [hide private]
  hexdump(buf)
  readStringFromFile(fd, offset)
  usage(name)

Variables [hide private]
  __VERSION__ = '1.0'
  IMAGE_SIZEOF_FILE_HEADER = 20
  MZ_MAGIC = 23117
  PE_MAGIC = 17744
  IMAGE_NUMBEROF_DIRECTORY_ENTRIES = 16
  IMAGE_ORDINAL_FLAG = 2147483648L
  args = sys.argv [1:]
  OPEN = 0x1
  WRITE = 0x2
  EXAMPLE = 0x3
  p = PElib()
  what = 0
  file = ""
  shellcode = p.createShellcode()
  imports = [("advapi32.dll", ["RevertToSelf", "AccessCheck"]), ...
  vars = {}
  code = """ //start of code #import "remote", "kernel32.dll|...

Function Details [hide private]

hexdump(buf)

source code 
None

readStringFromFile(fd, offset)

source code 
None

usage(name)

source code 
None

Variables Details [hide private]

__VERSION__

None
Value:
'1.0'

IMAGE_SIZEOF_FILE_HEADER

None
Value:
20                                                                    

MZ_MAGIC

None
Value:
23117                                                                 

PE_MAGIC

None
Value:
17744                                                                 

IMAGE_NUMBEROF_DIRECTORY_ENTRIES

None
Value:
16                                                                    

IMAGE_ORDINAL_FLAG

None
Value:
2147483648L

args

None
Value:
sys.argv [1:]

OPEN

None
Value:
0x1

WRITE

None
Value:
0x2

EXAMPLE

None
Value:
0x3

p

None
Value:
PElib()

what

None
Value:
0

file

None
Value:
""

shellcode

None
Value:
p.createShellcode()

imports

None
Value:
[("advapi32.dll", ["RevertToSelf", "AccessCheck"]), ("urlmon.dll", ["U
RLDownloadToFileA", "FindMediaType"])]

vars

None
Value:
{}

code

None
Value:
"""      
                        //start of code
                        #import "remote", "kernel32.dll|GetProcAddress
" as "getprocaddress"
                        #import "remote", "kernel32.dll|RemoveDirector
yA" as "RemoveDirectory"
                        #import "remote", "kernel32.dll|ExitProcess" a
s "exit"
...

   Trees       Indices       Help   
Immunity Debugger API Reference
Generated by Epydoc 3.0alpha3 on Thu May 29 13:03:06 2008 http://epydoc.sourceforge.net