Trees       Indices       Help   
Package vtrace :: Package tools :: Module win32aslr
[hide private]
[frames] | no frames]

Source Code for Module vtrace.tools.win32aslr

 1  '''
 
 2  Utilities for windows tracer objects.
 
 3  ''' 
 4  import PE 
 5  import vtrace 
 6  import envi.bits as e_bits 
 7  
 

 8 -def deAslr(trace, va): 

 9      '''
 
10      Given an address in an ASLR'd library, rebase
 
11      it back to the address as it would be if the
 
12      given PE were at it's suggested address...
 
13      ''' 
14  
 
15      if vtrace.remote: 
16          raise Exception('deAslr only works for local debuggers!') 
17  
 
18      map = trace.getMemoryMap(va) 
19      if map == None: 
20          return va 
21  
 
22      mapva, mapsize, mapperm, mapfname = map 
23      if not mapfname: 
24          return va 
25  
 
26      normname = trace.normFileName(mapfname) 
27      sym = trace.getSymByName(normname) 
28      if sym == None: 
29          return va 
30  
 
31      membase = long(sym) 
32  
 
33      pe = PE.peFromFileName(mapfname) 
34      filebase = pe.IMAGE_NT_HEADERS.OptionalHeader.ImageBase 
35  
 
36      rva = va - membase 
37  
 
38      return filebase + rva 

39

   Trees       Indices       Help   
Generated by Epydoc 3.0.1 on Fri Nov 16 18:22:19 2012 http://epydoc.sourceforge.net