Add debug_dir method to pe_vtypes.py

pi-2r / volatility

Automatically exported from code.google.com/p/volatility

GNU General Public License v2.0

0 stars 0 forks source link

Add debug_dir method to pe_vtypes.py #402

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

In order to utilise debugging symbols, it's necessary to be able to access the 
_IMAGE_DEBUG_DIRECTORY.

As the import and export directories are already accessible via import_dir and 
export_dir methods, I'm suggesting adding the following code to class 
_LDR_DATA_TABLE_ENTRY:

def debug_dir(self):
  """Return the IMAGE_DEBUG_DIRECTORY for exports"""
  return self._directory(6) # IMAGE_DIRECTORY_ENTRY_DEBUG

Original issue reported on code.google.com by carl.pulley on 6 Apr 2013 at 4:32

GoogleCodeExporter commented 9 years ago

Sorry, thinking about the issue a bit more, it might be better to actually 
return a _IMAGE_DEBUG_DIRECTORY instance. So maybe the following would be more 
appropriate:

def debug_dir(self):
  """Return the IMAGE_DEBUG_DIRECTORY for exports"""
  debug_rva = self._directory(6).VirtualAddress # IMAGE_DIRECTORY_ENTRY_DEBUG
  return obj.Object('_IMAGE_DEBUG_DIRECTORY', self.DllBase + debug_rva, vm = self.obj_native_vm)

Original comment by carl.pulley on 6 Apr 2013 at 5:25

Added labels: ****
Removed labels: ****

GoogleCodeExporter commented 9 years ago

This issue was closed by revision r3325.

Original comment by michael.hale@gmail.com on 6 Apr 2013 at 7:47

Changed state: Fixed
Added labels: ****
Removed labels: ****