get_best_fit_member

summary: get member by offset, taking into account variable sized structures

description:

The goal of this script is to provide a way to figure out what structure member, is most likely referenced by an offset.

This also works for variable sized types.

level: intermediate

Attributes

`struct_str`
`tif`
`byte_offset`
`udm`

Functions

get_best_fit_member(tif, offset)

Module Contents

get_best_fit_member.get_best_fit_member(tif, offset)

get_best_fit_member.struct_str = Multiline-String

Show Value

"""struct modified_pcap_hdr_s {
        uint32_t magic_number;   /* magic number */
        uint16_t version_info[6];
        int32_t  thiszone;       /* GMT to local correction */
        uint32_t sigfigs;        /* accuracy of timestamps */
        uint32_t snaplen;        /* max length of captured packets, in octets */
        unsigned char mybytes[8];
};"""

get_best_fit_member.tif

get_best_fit_member.byte_offset = 5

get_best_fit_member.udm = None