def _make_mmap_with_values(self, intervals, struct_offset=None):
"""
Make a memory map, with a fake structure of pointer pattern inside.
Return the pattern signature
:param intervals:
:param struct_offset:
:return:
"""
# template of a memory map metadata
self._mstart = 0x0c00000
self._mlength = 4096 # end at (0x0c01000)
# could be 8, it doesn't really matter
self.word_size = self.target.get_word_size()
if struct_offset is not None:
self._struct_offset = struct_offset
else:
self._struct_offset = self.word_size * 12 # 12, or any other aligned
mmap, values = self._make_mmap(0x0c00000, 4096, self._struct_offset,
intervals, self.word_size)
# add a reference to mmap in mmap2
ammap2 = AMemoryMapping(0xff7dc000, 0xff7dc000 + 0x1000, '-rwx', 0, 0,
0, 0, 'test_mmap2')
ammap2.set_ctypes(self.target.get_target_ctypes())
mmap2 = LocalMemoryMapping.fromBytebuffer(ammap2,
mmap.get_byte_buffer())
self._memory_handler = MemoryHandler([mmap, mmap2], self.target,
'test')
self.mmap2 = mmap2
return mmap, values
def _make_mmap_with_values(self, intervals, struct_offset=None):
"""
Make a memory map, with a fake structure of pointer pattern inside.
Return the pattern signature
:param intervals:
:param struct_offset:
:return:
"""
# template of a memory map metadata
self._mstart = 0x0C00000
self._mlength = 4096 # end at (0x0c01000)
# could be 8, it doesn't really matter
self.word_size = self.target.get_word_size()
if struct_offset is not None:
self._struct_offset = struct_offset
else:
self._struct_offset = self.word_size * 12 # 12, or any other aligned
mmap, values = self._make_mmap(0x0C00000, 4096, self._struct_offset, intervals, self.word_size)
# add a reference to mmap in mmap2
ammap2 = AMemoryMapping(0xFF7DC000, 0xFF7DC000 + 0x1000, "-rwx", 0, 0, 0, 0, "test_mmap2")
ammap2.set_ctypes(self.target.get_target_ctypes())
mmap2 = LocalMemoryMapping.fromBytebuffer(ammap2, mmap.get_byte_buffer())
self._memory_handler = MemoryHandler([mmap, mmap2], self.target, "test")
self.mmap2 = mmap2
return mmap, values
def __init__(self, address, start, end, permissions, offset, major_device,
minor_device, inode, pathname):
AMemoryMapping.__init__(self, start, end, permissions, offset,
major_device, minor_device, inode, pathname)
self._local_mmap = (ctypes.c_ubyte * len(self)).from_address(
int(address)) # DEBUG TODO byte or ubyte
self._address = ctypes.addressof(self._local_mmap)
self._bytebuffer = None
def __init__(self, process, start, end, permissions, offset, major_device, minor_device, inode, pathname):
AMemoryMapping.__init__(self, start, end, permissions, offset, major_device, minor_device, inode, pathname)
self._process = ref(process)
self._local_mmap = None
self._local_mmap_content = None
# read from process by default
# self._base = self._process()
self._base = process
def __init__(self, process, start, end, permissions, offset, major_device,
minor_device, inode, pathname):
AMemoryMapping.__init__(self, start, end, permissions, offset,
major_device, minor_device, inode, pathname)
self._process = ref(process)
self._local_mmap = None
self._local_mmap_content = None
# read from process by default
#self._base = self._process()
self._base = process
def __init__(self,
address_space,
start,
end,
permissions='r--',
offset=0,
major_device=0,
minor_device=0,
inode=0,
pathname=''):
AMemoryMapping.__init__(self, start, end, permissions, offset,
major_device, minor_device, inode, pathname)
self._backend = address_space
def __init__(self, address_space, start, end, permissions='r--',
offset=0, major_device=0, minor_device=0, inode=0, pathname=''):
AMemoryMapping.__init__(
self,
start,
end,
permissions,
offset,
major_device,
minor_device,
inode,
pathname)
self._backend = address_space
def __init__(self, memdump, start, end, permissions='rwx-', offset=0x0,
major_device=0x0, minor_device=0x0, inode=0x0, pathname='MEMORYDUMP', preload=False):
AMemoryMapping.__init__(
self,
start,
end,
permissions,
offset,
major_device,
minor_device,
inode,
pathname)
self._memdump = memdump
self._base = None
if preload:
self._mmap()
def __init__(self, address, start, end, permissions, offset,
major_device, minor_device, inode, pathname):
AMemoryMapping.__init__(
self,
start,
end,
permissions,
offset,
major_device,
minor_device,
inode,
pathname)
# DEBUG TODO byte or ubyte
self._local_mmap = (ctypes.c_ubyte * len(self)).from_address(int(address))
self._address = ctypes.addressof(self._local_mmap)
self._bytebuffer = None
def __init__(self, memdump, start, end, permissions='rwx-', offset=0x0,
major_device=0x0, minor_device=0x0, inode=0x0, pathname='MEMORYDUMP', preload=False):
AMemoryMapping.__init__(
self,
start,
end,
permissions,
offset,
major_device,
minor_device,
inode,
pathname)
self._memdump = memdump
self._base = None
if preload:
self._mmap()
def _make_mmap(self, mstart, mlength, struct_offset, seq, word_size):
"""
Create memory mapping with some pointer values at specific
intervals.
:param mstart:
:param mlength:
:param struct_offset:
:param seq:
:param word_size:
:return:
"""
nsig = [struct_offset]
nsig.extend(seq)
# rewrite intervals indices to offsets from start
indices = [i for i in self._accumulate(nsig)]
dump = [] # b''
values = []
fmt = self.target.get_word_type_char()
# write a memory map with valid pointer address in specifics offsets.
for i in range(0, mlength, word_size):
if i in indices:
log.debug('Insert word %x at 0x%x',mstart + i,mstart + i)
dump.append(struct.pack(fmt, mstart + i))
values.append(mstart + i)
else:
dump.append(struct.pack(fmt, 0x2e2e2e2e2e2e2e2e))
if len(dump) != mlength / word_size:
raise ValueError('error 1 on length dump %d ' % (len(dump)))
dump2 = ''.join(dump)
if len(dump) * word_size != len(dump2):
print dump
raise ValueError(
'error 2 on length dump %d dump2 %d' %
(len(dump), len(dump2)))
stop = mstart + len(dump2)
mmap = AMemoryMapping(mstart, stop, '-rwx', 0, 0, 0, 0, 'test_mmap')
mmap.set_ctypes(self.target.get_target_ctypes())
mmap2 = LocalMemoryMapping.fromBytebuffer(mmap, dump2)
# mmap2.set_ctypes(self.target.get_target_ctypes())
return mmap2, values
def _make_mmap(self, mstart, mlength, struct_offset, seq, word_size):
"""
Create memory mapping with some pointer values at specific
intervals.
:param mstart:
:param mlength:
:param struct_offset:
:param seq:
:param word_size:
:return:
"""
nsig = [struct_offset]
nsig.extend(seq)
# rewrite intervals indices to offsets from start
indices = [i for i in self._accumulate(nsig)]
dump = [] # b''
values = []
fmt = self.target.get_word_type_char()
# write a memory map with valid pointer address in specifics offsets.
for i in range(0, mlength, word_size):
if i in indices:
log.debug('Insert word %x at 0x%x',mstart + i,mstart + i)
dump.append(struct.pack(fmt, mstart + i))
values.append(mstart + i)
else:
dump.append(struct.pack(fmt, 0x2e2e2e2e2e2e2e2e))
if len(dump) != mlength // word_size:
raise ValueError('error 1 on length dump %d ' % (len(dump)))
dump2 = b''.join(dump)
if len(dump) * word_size != len(dump2):
print(dump)
raise ValueError(
'error 2 on length dump %d dump2 %d' %
(len(dump), len(dump2)))
stop = mstart + len(dump2)
mmap = AMemoryMapping(mstart, stop, '-rwx', 0, 0, 0, 0, 'test_mmap')
mmap.set_ctypes(self.target.get_target_ctypes())
mmap2 = LocalMemoryMapping.fromBytebuffer(mmap, dump2)
# mmap2.set_ctypes(self.target.get_target_ctypes())
return mmap2, values
def _load_memory_mappings(self):
""" make the python objects"""
_mappings = []
for mmap_fname, start, end, permissions, offset, major_device, minor_device, inode, pathname in self.metalines:
log.debug('Loading %s - %s' % (mmap_fname, pathname))
# open the file in the archive
try:
mmap_content_file = self._protected_open_file(mmap_fname, pathname)
except (IOError, KeyError) as e:
log.debug('Ignore absent file : %s' % (e))
mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
continue
except LazyLoadingException as e:
mmap = FilenameBackedMemoryMapping(e._filename, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
continue
if isinstance(self.archive, zipfile.ZipFile): # ZipExtFile is lame
log.warning(
'Using a local memory mapping . Zipfile sux. thx ruby.')
mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
mmap = LocalMemoryMapping.fromBytebuffer(
mmap,
mmap_content_file.read())
# use file mmap when file is too big
elif end - start > haystack.MAX_MAPPING_SIZE_FOR_MMAP:
log.warning('Using a file backed memory mapping. no mmap in memory for this memorymap (%s).' % (pathname) +
' Search will fail. Buffer is needed.')
mmap = FileBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
else:
# log.debug('Using a MemoryDumpMemoryMapping. small size')
# mmap = MemoryDumpMemoryMapping(mmap_content_file, start, end, permissions, offset,
log.debug('Always use FilenameBackedMemoryMapping. small size')
mmap = FilenameBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
_target_platform = target.TargetPlatform(_mappings, cpu_bits=self._cpu_bits, os_name=self._os_name)
self._memory_handler = MemoryHandler(_mappings, _target_platform, self.dumpname)
return
def __init__(self, frida_session, start, end, permissions, pathname):
AMemoryMapping.__init__(self, start, end, permissions, 0, 0, 0, 0,
pathname)
self._session = frida_session
def __init__(self, frida_session, start, end, permissions, pathname):
AMemoryMapping.__init__(self, start, end, permissions, 0, 0, 0, 0, pathname)
self._session = frida_session
