Class: Rex::PeParsey::PeBase::UnwindInfo

Inherits:

Object

Object
Rex::PeParsey::PeBase::UnwindInfo

show all

Defined in:: lib/rex/peparsey/pebase.rb

Instance Attribute Summary collapse

#count_of_codes ⇒ Object readonly

Returns the value of attribute count_of_codes.
#flags ⇒ Object readonly

Returns the value of attribute flags.
#frame_register ⇒ Object readonly

Returns the value of attribute frame_register.
#frame_register_offset ⇒ Object readonly

Returns the value of attribute frame_register_offset.
#size_of_prolog ⇒ Object readonly

Returns the value of attribute size_of_prolog.
#version ⇒ Object readonly

Returns the value of attribute version.

Instance Method Summary collapse

#initialize(pe, unwind_rva) ⇒ UnwindInfo constructor

A new instance of UnwindInfo.
#unwind_codes ⇒ Object

Constructor Details

#initialize(pe, unwind_rva) ⇒ `UnwindInfo`

Returns a new instance of UnwindInfo.

# File 'lib/rex/peparsey/pebase.rb', line 1070

def initialize(pe, unwind_rva)
	data = pe.read_rva(unwind_rva, UNWIND_INFO_HEADER_SZ)

	unwind  = UNWIND_INFO_HEADER.make_struct
	unwind.from_s(data)

	@version               = unwind.v['VersionFlags'] & 0x7
	@flags                 = unwind.v['VersionFlags'] >> 3
	@size_of_prolog        = unwind.v['SizeOfProlog']
	@count_of_codes        = unwind.v['CountOfCodes']
	@frame_register        = unwind.v['FrameRegisterAndOffset'] & 0xf
	@frame_register_offset = unwind.v['FrameRegisterAndOffset'] >> 4

	# Parse unwind codes
	clist = pe.read_rva(unwind_rva + UNWIND_INFO_HEADER_SZ, count_of_codes * 4)

	@unwind_codes = []

	while clist.length > 0
		@unwind_codes << UnwindCode.new(clist)
	end
end

Instance Attribute Details

#count_of_codes ⇒ `Object` (readonly)

Returns the value of attribute count_of_codes.



1093
1094
1095

# File 'lib/rex/peparsey/pebase.rb', line 1093

def count_of_codes
  @count_of_codes
end

#flags ⇒ `Object` (readonly)

Returns the value of attribute flags.



1093
1094
1095

# File 'lib/rex/peparsey/pebase.rb', line 1093

def flags
  @flags
end

#frame_register ⇒ `Object` (readonly)

Returns the value of attribute frame_register.



1094
1095
1096

# File 'lib/rex/peparsey/pebase.rb', line 1094

def frame_register
  @frame_register
end

#frame_register_offset ⇒ `Object` (readonly)

Returns the value of attribute frame_register_offset.



1094
1095
1096

# File 'lib/rex/peparsey/pebase.rb', line 1094

def frame_register_offset
  @frame_register_offset
end

#size_of_prolog ⇒ `Object` (readonly)

Returns the value of attribute size_of_prolog.



1093
1094
1095

# File 'lib/rex/peparsey/pebase.rb', line 1093

def size_of_prolog
  @size_of_prolog
end

#version ⇒ `Object` (readonly)

Returns the value of attribute version.



1093
1094
1095

# File 'lib/rex/peparsey/pebase.rb', line 1093

def version
  @version
end

Instance Method Details

#unwind_codes ⇒ `Object`



1096
1097
1098

# File 'lib/rex/peparsey/pebase.rb', line 1096

def unwind_codes
	@unwind_codes
end

Class: Rex::PeParsey::PeBase::UnwindInfo

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pe, unwind_rva) ⇒ UnwindInfo

Instance Attribute Details

#count_of_codes ⇒ Object (readonly)

#flags ⇒ Object (readonly)

#frame_register ⇒ Object (readonly)

#frame_register_offset ⇒ Object (readonly)

#size_of_prolog ⇒ Object (readonly)

#version ⇒ Object (readonly)