# This file is Copyright 2019 Volatility Foundation and licensed under the Volatility Software License 1.0
# which is available at https://www.volatilityfoundation.org/license/vsl-v1.0
#
from volatility3.framework import constants
from volatility3.framework import objects
[docs]class KDDEBUGGER_DATA64(objects.StructType):
[docs] def get_build_lab(self):
"""Returns the NT build lab string from the KDBG."""
layer_name = self.vol.layer_name
symbol_table_name = self.get_symbol_table_name()
return self._context.object(symbol_table_name + constants.BANG + "string",
layer_name = layer_name,
offset = self.NtBuildLab,
max_length = 32,
errors = "replace")
[docs] def get_csdversion(self):
"""Returns the CSDVersion as an integer (i.e. Service Pack number)"""
layer_name = self.vol.layer_name
symbol_table_name = self.get_symbol_table_name()
csdresult = self._context.object(symbol_table_name + constants.BANG + "unsigned long",
layer_name = layer_name,
offset = self.CmNtCSDVersion)
return (csdresult >> 8) & 0xffffffff
class_types = {'_KDDEBUGGER_DATA64': KDDEBUGGER_DATA64}