Lines Matching refs:cstr
48 (cstr('Characteristics', Color.BLUE),
49 cstr(self._toHex(fh.Characteristics), Color.WHITE)),
50 (cstr('Machine', Color.BLUE),
51 cstr(pe.IMAGE_FILE_MACHINE[fh.Machine], Color.WHITE)),
52 (cstr('NumberOfSections', Color.BLUE),
53 cstr((fh.NumberOfSections), Color.WHITE)),
54 (cstr('PointerToSymbolTable', Color.BLUE),
55 cstr(self._toHex(fh.PointerToSymbolTable, pefile.arch.addressLength), Color.WHITE)),
56 (cstr('SizeOfOptionalHeader', Color.BLUE),
57 cstr((fh.SizeOfOptionalHeader), Color.WHITE)),
58 (cstr('TimeDateStamp', Color.BLUE),
59 cstr((datetime.datetime.fromtimestamp(
64 …self._printTable('Image Headers', (cstr('Name',Color.LIGHT_GRAY), cstr('Value',Color.LIGHT_GRAY)),…
70 (cstr('AddressOfEntryPoint', Color.BLUE),
71 cstr(self._toHex(oh.AddressOfEntryPoint, addressLength), Color.WHITE)),
72 (cstr('BaseOfCode', Color.BLUE),
73 cstr(self._toHex(oh.BaseOfCode, addressLength), Color.WHITE)),
74 (cstr('CheckSum', Color.BLUE),
75 cstr(self._toHex(oh.CheckSum,4), Color.WHITE)),
76 (cstr('DllCharacteristics', Color.BLUE),
77 cstr(self._toHex(oh.DllCharacteristics,2), Color.WHITE)),
78 (cstr('FileAlignment', Color.BLUE),
79 cstr(self._toHex(oh.FileAlignment,4), Color.WHITE)),
80 (cstr('ImageBase', Color.BLUE),
81 cstr(self._toHex(oh.ImageBase, addressLength), Color.WHITE)),
82 (cstr('LoaderFlags', Color.BLUE),
83 cstr(self._toHex(oh.LoaderFlags,4), Color.WHITE)),
84 (cstr('Magic', Color.BLUE),
85 cstr(self._toHex(oh.Magic,4), Color.WHITE)),
86 (cstr('MajorImageVersion', Color.BLUE),
87 cstr(self._toHex(oh.MajorImageVersion,2), Color.WHITE)),
88 (cstr('MajorLinkerVersion', Color.BLUE),
89 cstr(self._toHex(oh.MajorLinkerVersion,2), Color.WHITE)),
90 (cstr('MajorOperatingSystemVersion', Color.BLUE),
91 cstr(self._toHex(oh.MajorOperatingSystemVersion,2), Color.WHITE)),
92 (cstr('MajorSubsystemVersion', Color.BLUE),
93 cstr(self._toHex(oh.MajorSubsystemVersion,2), Color.WHITE)),
94 (cstr('MinorImageVersion', Color.BLUE),
95 cstr(self._toHex(oh.MinorImageVersion,2), Color.WHITE)),
96 (cstr('NumberOfRvaAndSizes', Color.BLUE),
97 cstr(self._toHex(oh.NumberOfRvaAndSizes,4), Color.WHITE)),
98 (cstr('SectionAlignment', Color.BLUE),
99 cstr(self._toHex(oh.SectionAlignment,4), Color.WHITE)),
100 (cstr('SizeOfCode', Color.BLUE),
101 cstr(self._toHex(oh.SizeOfCode,4), Color.WHITE)),
102 (cstr('SizeOfHeaders', Color.BLUE),
103 cstr(self._toHex(oh.SizeOfHeaders,4), Color.WHITE)),
104 (cstr('SizeOfHeapCommit', Color.BLUE),
105 cstr(self._toHex(oh.SizeOfHeapCommit,4), Color.WHITE)),
106 (cstr('SizeOfHeapReserve', Color.BLUE),
107 cstr(self._toHex(oh.SizeOfHeapReserve,4), Color.WHITE)),
108 (cstr('SizeOfImage', Color.BLUE),
109 cstr(self._toHex(oh.SizeOfImage,4), Color.WHITE)),
110 (cstr('SizeOfInitializedData', Color.BLUE),
111 cstr(self._toHex(oh.SizeOfInitializedData,4), Color.WHITE)),
112 (cstr('SizeOfStackCommit', Color.BLUE),
113 cstr(self._toHex(oh.SizeOfStackCommit,4), Color.WHITE)),
114 (cstr('SizeOfStackReserve', Color.BLUE),
115 cstr(self._toHex(oh.SizeOfStackReserve,4), Color.WHITE)),
116 (cstr('SizeOfUninitializedData', Color.BLUE),
117 cstr(self._toHex(oh.SizeOfUninitializedData,4), Color.WHITE)),
118 (cstr('Subsystem', Color.BLUE),
119 cstr(self._toHex(oh.Subsystem,4), Color.WHITE)),
120 (cstr('Win32VersionValue', Color.BLUE),
121 cstr(self._toHex(oh.Win32VersionValue,4), Color.WHITE))
124 …self._printTable('Image Optional Headers', (cstr('Name', Color.LIGHT_GRAY), cstr('Value',Color.LIG…
128 yes = cstr('Yes', Color.YELLOW)
129 no = cstr('NO', Color.GREEN)
131 (cstr('DynamicBase', Color.BLUE), yes if (
133 (cstr('ForceIntegrity', Color.BLUE), yes if (
135 (cstr('NxCompat', Color.BLUE), yes if (
137 (cstr('No Isolation', Color.BLUE), yes if (
139 (cstr('No SEH', Color.BLUE), yes if (dllc & ImageDllCharacteristics.NO_SEH)
141 (cstr('No Bind', Color.BLUE), yes if (dllc & ImageDllCharacteristics.NO_BIND)
143 (cstr('WdmDriver', Color.BLUE), yes if (
145 (cstr('ControlFLowGuard', Color.BLUE), yes if (
147 (cstr('TerminalServerAware', Color.BLUE), yes if (
151 …self._printTable('DllCharacteristics', (cstr('Name', Color.LIGHT_GRAY), cstr('Value', Color.LIGHT_…
167 data.append((cstr(descriptorData.dllName, Color.BLUE),
168 … cstr(self._toHex(pefile._binary.imageBase + function.rva,pefile.arch.addressLength), Color.CYAN),
169 cstr(hex(function.ordinal), Color.LIGHT_GRAY),
170 cstr('', Color.WHITE)))
172 data.append((cstr(descriptorData.dllName, Color.BLUE),
173 … cstr(self._toHex(pefile._binary.imageBase+function.rva,pefile.arch.addressLength), Color.CYAN),
174 … cstr(hex(function.importByName.hint) if function.importByName else '', Color.LIGHT_GRAY),
175 … cstr(function.importByName.name if function.importByName else '', Color.WHITE)))
178 …'Imports', (cstr('DLL', Color.LIGHT_GRAY), cstr('Address', Color.LIGHT_GRAY), cstr('Hint/Ordinal',…
186 data.append((cstr(section.header.Name, Color.BLUE),
187 … cstr(self._toHex(section.header.VirtualAddress,pefile.arch.addressLength), Color.CYAN),
188 cstr(self._toHex(section.header.SizeOfRawData), Color.LIGHT_GRAY),
189 … cstr(self._toHex(section.header.PointerToRawData,pefile.arch.addressLength), Color.WHITE),
190 …cstr(self._toHex(section.header.PointerToRelocations,pefile.arch.addressLength), Color.LIGHT_GRAY),
191 cstr(self._toHex(section.header.NumberOfRelocations), Color.WHITE),))
194 …cstr('Name', Color.LIGHT_GRAY), cstr('VAddr', Color.LIGHT_GRAY), cstr('RawDataSize', Color.LIGHT_G…