Module refinery.units.formats.pe.dotnet
Expand source code Browse git
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from __future__ import annotations
from functools import lru_cache
from refinery.lib.dotnet.types import Blob
from refinery.lib.dotnet.header import DotNetHeader
from refinery.units.formats import JSONEncoderUnit, BytesAsStringEncoder
class DotNetEncoder(BytesAsStringEncoder):
def default(self, obj):
if isinstance(obj, Blob):
obj = bytes(obj)
try:
return super().default(obj)
except TypeError:
return str(obj)
class DotNetJSONEncoderUnit(JSONEncoderUnit, abstract=True):
EncoderBase = DotNetEncoder
class CodePath:
"""
This class can be used to recover the method to which a certain virtual address
belongs, including its parent type and namespace.
"""
def __init__(self, header: DotNetHeader):
self.header = header
self.tables = tables = header.meta.Streams.Tables
memo = [tr.MethodList.Index - 1 for tr in tables.TypeDef]
memo.append(len(tables.MethodDef))
self.ranges = [range(*memo[k:k + 2]) for k in range(len(memo) - 1)]
def method_path(self, offset: int):
ns, tn, spec = self.method(offset)
if tn and ns:
ns = ns.replace('.', '/')
spec = F'{ns}/{tn}/{spec}'
return spec
def method_spec(self, offset: int):
ns, tn, spec = self.method(offset)
if tn and ns:
spec = F'{ns}::{tn}.{spec}'
return spec
@lru_cache(maxsize=None)
def method(self, offset: int):
def printable(name: str):
return name.replace('.', '').isidentifier()
ranges = self.ranges
tables = self.tables
header = self.header
rva = header.pe.offset_to_virtual_address(offset) - header.pe.imagebase
method = min(tables.MethodDef, key=lambda m: (m.RVA > rva, rva - m.RVA))
index = tables.MethodDef.index(method)
method_name = method.Name
if not printable(method_name):
method_name = F'method_{method.RVA:08X}'
for k, (methods, tr) in enumerate(zip(ranges, tables.TypeDef), 1):
if index in methods:
namespace = tr.TypeNamespace
type_name = tr.TypeName
if not printable(type_name):
type_name = F'type{k}'
if not printable(namespace):
namespace = F'ns{k}'
return namespace, type_name, method_name
return None, None, method_nameSub-modules
refinery.units.formats.pe.dotnet.dnarraysrefinery.units.formats.pe.dotnet.dnblobrefinery.units.formats.pe.dotnet.dndsrefinery.units.formats.pe.dotnet.dnfieldsrefinery.units.formats.pe.dotnet.dnhdrrefinery.units.formats.pe.dotnet.dnmrrefinery.units.formats.pe.dotnet.dnopcrefinery.units.formats.pe.dotnet.dnrcrefinery.units.formats.pe.dotnet.dnsfxrefinery.units.formats.pe.dotnet.dnstr
Classes
class DotNetEncoder (*args, **kwargs)-
This JSON Encoder encodes byte strings as escaped strings.
Constructor for JSONEncoder, with sensible defaults.
If skipkeys is false, then it is a TypeError to attempt encoding of keys that are not str, int, float or None. If skipkeys is True, such items are simply skipped.
If ensure_ascii is true, the output is guaranteed to be str objects with all incoming non-ASCII characters escaped. If ensure_ascii is false, the output can contain non-ASCII characters.
If check_circular is true, then lists, dicts, and custom encoded objects will be checked for circular references during encoding to prevent an infinite recursion (which would cause an OverflowError). Otherwise, no such check takes place.
If allow_nan is true, then NaN, Infinity, and -Infinity will be encoded as such. This behavior is not JSON specification compliant, but is consistent with most JavaScript based encoders and decoders. Otherwise, it will be a ValueError to encode such floats.
If sort_keys is true, then the output of dictionaries will be sorted by key; this is useful for regression tests to ensure that JSON serializations can be compared on a day-to-day basis.
If indent is a non-negative integer, then JSON array elements and object members will be pretty-printed with that indent level. An indent level of 0 will only insert newlines. None is the most compact representation.
If specified, separators should be an (item_separator, key_separator) tuple. The default is (', ', ': ') if indent is
Noneand (',', ': ') otherwise. To get the most compact JSON representation, you should specify (',', ':') to eliminate whitespace.If specified, default is a function that gets called for objects that can't otherwise be serialized. It should return a JSON encodable version of the object or raise a
TypeError.Expand source code Browse git
class DotNetEncoder(BytesAsStringEncoder): def default(self, obj): if isinstance(obj, Blob): obj = bytes(obj) try: return super().default(obj) except TypeError: return str(obj)Ancestors
- BytesAsStringEncoder
- BytesEncoder
- JSONEncoderEx
- json.encoder.JSONEncoder
Inherited members
class DotNetJSONEncoderUnit (encode=None, digest=None, arrays=False, **keywords)-
Expand source code Browse git
class DotNetJSONEncoderUnit(JSONEncoderUnit, abstract=True): EncoderBase = DotNetEncoderAncestors
Subclasses
Class variables
var required_dependenciesvar optional_dependenciesvar console
Inherited members
class CodePath (header)-
This class can be used to recover the method to which a certain virtual address belongs, including its parent type and namespace.
Expand source code Browse git
class CodePath: """ This class can be used to recover the method to which a certain virtual address belongs, including its parent type and namespace. """ def __init__(self, header: DotNetHeader): self.header = header self.tables = tables = header.meta.Streams.Tables memo = [tr.MethodList.Index - 1 for tr in tables.TypeDef] memo.append(len(tables.MethodDef)) self.ranges = [range(*memo[k:k + 2]) for k in range(len(memo) - 1)] def method_path(self, offset: int): ns, tn, spec = self.method(offset) if tn and ns: ns = ns.replace('.', '/') spec = F'{ns}/{tn}/{spec}' return spec def method_spec(self, offset: int): ns, tn, spec = self.method(offset) if tn and ns: spec = F'{ns}::{tn}.{spec}' return spec @lru_cache(maxsize=None) def method(self, offset: int): def printable(name: str): return name.replace('.', '').isidentifier() ranges = self.ranges tables = self.tables header = self.header rva = header.pe.offset_to_virtual_address(offset) - header.pe.imagebase method = min(tables.MethodDef, key=lambda m: (m.RVA > rva, rva - m.RVA)) index = tables.MethodDef.index(method) method_name = method.Name if not printable(method_name): method_name = F'method_{method.RVA:08X}' for k, (methods, tr) in enumerate(zip(ranges, tables.TypeDef), 1): if index in methods: namespace = tr.TypeNamespace type_name = tr.TypeName if not printable(type_name): type_name = F'type{k}' if not printable(namespace): namespace = F'ns{k}' return namespace, type_name, method_name return None, None, method_nameMethods
def method_path(self, offset)-
Expand source code Browse git
def method_path(self, offset: int): ns, tn, spec = self.method(offset) if tn and ns: ns = ns.replace('.', '/') spec = F'{ns}/{tn}/{spec}' return spec def method_spec(self, offset)-
Expand source code Browse git
def method_spec(self, offset: int): ns, tn, spec = self.method(offset) if tn and ns: spec = F'{ns}::{tn}.{spec}' return spec def method(self, offset)-
Expand source code Browse git
@lru_cache(maxsize=None) def method(self, offset: int): def printable(name: str): return name.replace('.', '').isidentifier() ranges = self.ranges tables = self.tables header = self.header rva = header.pe.offset_to_virtual_address(offset) - header.pe.imagebase method = min(tables.MethodDef, key=lambda m: (m.RVA > rva, rva - m.RVA)) index = tables.MethodDef.index(method) method_name = method.Name if not printable(method_name): method_name = F'method_{method.RVA:08X}' for k, (methods, tr) in enumerate(zip(ranges, tables.TypeDef), 1): if index in methods: namespace = tr.TypeNamespace type_name = tr.TypeName if not printable(type_name): type_name = F'type{k}' if not printable(namespace): namespace = F'ns{k}' return namespace, type_name, method_name return None, None, method_name