Beispiel #1
0
def watch(opt):
    ''' structname watch vaddr [refreshrate] [varname]'''
    addr = opt.addr
    refresh = opt.refresh_rate
    varname = opt.varname
    # get structure class
    structType = abouchet.getKlass(opt.structName)
    # verify target compliance
    if varname is not None:
        varname = varname.split('.')
        if not check_varname_for_type(varname, structType):
            return False
    # load the struct
    mappings = memory_mapper.MemoryMapper(opt).getMappings()
    finder = abouchet.StructFinder(mappings)
    # get the target memory map
    memoryMap = finder.mappings.is_valid_address_value(addr)
    if not memoryMap:
        log.error("the address is not accessible in the memoryMap")
        raise ValueError("the address is not accessible in the memoryMap")
    instance, validated = finder.loadAt(memoryMap, addr, structType)
    # instance.loadMembers(mappings)

    pyObj = instance.toPyObject()
    # print pyObj
    # print as asked every n secs.
    while True:
        clear()
        if varname is None:
            print pyObj
        else:
            print get_varname_value(varname, pyObj)

        if refresh == 0:
            break
        time.sleep(refresh)
        instance, validated = finder.loadAt(memoryMap, addr, structType)
        pyObj = instance.toPyObject()
Beispiel #2
0
 def setUpClass(self):
   d = {'pickled': True, 
       'dumpname': 'test/dumps/ssh/ssh.1/', 
       'structName': 'sslsnoop.ctypes_openssh.session_state',
       'addr': '0xb84ee318',
       'pid': None,
       'memfile': None,
       'interactive': None,
       'human': None,
       'json': None,
       }
   args = type('args', ( object,), d)
   # setup haystack
   from haystack import config
   config.make_config_from_memdump(d['dumpname'])
   #
   addr = int(args.addr,16)
   structType = abouchet.getKlass(args.structName)
   self.mappings = memory_mapper.MemoryMapper(dumpname=args.dumpname).getMappings()
   self.finder = abouchet.StructFinder(self.mappings)
   memoryMap = utils.is_valid_address_value(addr, self.finder.mappings)
   # done          
   self.session_state, self.found = self.finder.loadAt( memoryMap, addr, structType)
   self.pyobj = self.session_state.toPyObject()