Class: Rex::PeParsey::PeBase::UnwindInfo

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/peparsey/pebase.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(pe, unwind_rva) ⇒ UnwindInfo


1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
# File 'lib/rex/peparsey/pebase.rb', line 1051

def initialize(pe, unwind_rva)
  data = pe.read_rva(unwind_rva, UNWIND_INFO_HEADER_SZ)

  unwind  = UNWIND_INFO_HEADER.make_struct
  unwind.from_s(data)

  @version               = unwind.v['VersionFlags'] & 0x7
  @flags                 = unwind.v['VersionFlags'] >> 3
  @size_of_prolog        = unwind.v['SizeOfProlog']
  @count_of_codes        = unwind.v['CountOfCodes']
  @frame_register        = unwind.v['FrameRegisterAndOffset'] & 0xf
  @frame_register_offset = unwind.v['FrameRegisterAndOffset'] >> 4

  # Parse unwind codes
  clist = pe.read_rva(unwind_rva + UNWIND_INFO_HEADER_SZ, count_of_codes * 4)

  @unwind_codes = []

  while clist.length > 0
    @unwind_codes << UnwindCode.new(clist)
  end
end

Instance Attribute Details

#count_of_codesObject (readonly)

Returns the value of attribute count_of_codes


1074
1075
1076
# File 'lib/rex/peparsey/pebase.rb', line 1074

def count_of_codes
  @count_of_codes
end

#flagsObject (readonly)

Returns the value of attribute flags


1074
1075
1076
# File 'lib/rex/peparsey/pebase.rb', line 1074

def flags
  @flags
end

#frame_registerObject (readonly)

Returns the value of attribute frame_register


1075
1076
1077
# File 'lib/rex/peparsey/pebase.rb', line 1075

def frame_register
  @frame_register
end

#frame_register_offsetObject (readonly)

Returns the value of attribute frame_register_offset


1075
1076
1077
# File 'lib/rex/peparsey/pebase.rb', line 1075

def frame_register_offset
  @frame_register_offset
end

#size_of_prologObject (readonly)

Returns the value of attribute size_of_prolog


1074
1075
1076
# File 'lib/rex/peparsey/pebase.rb', line 1074

def size_of_prolog
  @size_of_prolog
end

#versionObject (readonly)

Returns the value of attribute version


1074
1075
1076
# File 'lib/rex/peparsey/pebase.rb', line 1074

def version
  @version
end

Instance Method Details

#unwind_codesObject


1077
1078
1079
# File 'lib/rex/peparsey/pebase.rb', line 1077

def unwind_codes
  @unwind_codes
end