Skip to content

VirtualAlloc ¤

convert_prot ¤

convert_prot(prot)

Convert from a windows memory protection constant to an angr bitmask

Source code in sema_toolchain/sema_scdg/application/procedures/windows/custom_package/VirtualAlloc.py 
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
def convert_prot(prot):
    """
    Convert from a windows memory protection constant to an angr bitmask
    """
    # https://msdn.microsoft.com/en-us/library/windows/desktop/aa366786(v=vs.85).aspx
    if prot & 0x10:
        return 4
    if prot & 0x20:
        return 5
    if prot & 0x40:
        return 7
    if prot & 0x80:
        return 7
    if prot & 0x01:
        return 0
    if prot & 0x02:
        return 1
    if prot & 0x04:
        return 3
    if prot & 0x08:
        return 3
    raise angr.errors.SimValueError("Unknown windows memory protection constant: %#x" % prot)

deconvert_prot ¤

deconvert_prot(prot)

Convert from a angr bitmask to a windows memory protection constant

Source code in sema_toolchain/sema_scdg/application/procedures/windows/custom_package/VirtualAlloc.py 
40
41
42
43
44
45
46
def deconvert_prot(prot):
    """
    Convert from a angr bitmask to a windows memory protection constant
    """
    if prot in (2, 6):
        raise angr.errors.SimValueError("Invalid memory protection for windows process")
    return [0x01, 0x02, None, 0x04, 0x10, 0x20, None, 0x40][prot]