def test_basic_types(self):
# struct a - basic types
offset = self.offsets['struct_a'][0]
m = self.memory_handler.get_mapping_for_address(offset)
my_ctypes = self.memory_handler.get_target_platform(
).get_target_ctypes()
ret, validated = api.load_record(self.memory_handler,
self.ctypes5_gen32.struct_a, offset)
self.assertTrue(validated)
self.assertEquals(int(self.sizes['struct_a']), my_ctypes.sizeof(ret))
parser = python.PythonOutputter(self.memory_handler)
a = parser.parse(ret)
self.assertEquals(int(self.values['struct_a.a']), a.a)
self.assertEquals(int(self.values['struct_a.b']), a.b)
self.assertEquals(int(self.values['struct_a.c']), a.c)
self.assertEquals(int(self.values['struct_a.d']), a.d)
self.assertEquals(int(self.values['struct_a.e']), a.e)
self.assertEquals(float(self.values['struct_a.f']), a.f)
self.assertEquals(float(self.values['struct_a.g']), a.g)
self.assertEquals(float(self.values['struct_a.h']), a.h)
offset = self.offsets['union_au'][0]
m = self.memory_handler.get_mapping_for_address(offset)
au, validated = api.load_record(self.memory_handler,
self.ctypes5_gen32.union_au, offset)
self.assertTrue(validated)
au = parser.parse(au)
self.assertEquals(int(self.values['union_au.d']), au.d)
self.assertEquals(float(self.values['union_au.g']), au.g)
self.assertEquals(float(self.values['union_au.h']), au.h)
return
def test_complex(self):
# struct a - basic types
offset = self.offsets['struct_d'][0]
m = self.memory_handler.get_mapping_for_address(offset)
my_ctypes = self.memory_handler.get_target_platform(
).get_target_ctypes()
d, validated = api.load_record(self.memory_handler,
self.ctypes5_gen32.struct_d, offset)
self.assertTrue(validated)
self.assertEquals(int(self.sizes['struct_d']), my_ctypes.sizeof(d))
parser = python.PythonOutputter(self.memory_handler)
obj = parser.parse(d)
# check Ctypes values too
self.assertEquals(d.a.value, self.offsets['struct_d'][0])
self.assertEquals(d.b.value, self.offsets['struct_d.b'][0])
self.assertEquals(d.b2.value, self.offsets['struct_d.b2'][0])
# check python calues
for i in range(9):
self.assertEquals(int(self.values['struct_d.c[%d].a' % i]),
obj.c[i].a)
self.assertEquals(int(self.values['struct_d.f[%d]' % i]), obj.f[i])
self.assertEquals(int(self.values['struct_d.e']), obj.e)
self.assertEquals(str(self.values['struct_d.i']), obj.i)
return
def test_bitfield(self):
# struct a - basic types
offset = self.offsets['struct_c'][0]
m = self.memory_handler.get_mapping_for_address(offset)
my_ctypes = self.memory_handler.get_target_platform(
).get_target_ctypes()
c, validated = api.load_record(self.memory_handler,
self.ctypes5_gen32.struct_c, offset)
self.assertTrue(validated)
self.assertEquals(int(self.sizes['struct_c']), my_ctypes.sizeof(c))
parser = python.PythonOutputter(self.memory_handler)
c = parser.parse(c)
self.assertEquals(int(self.values['struct_c.a1']), c.a1)
self.assertEquals(int(self.values['struct_c.b1']), c.b1)
self.assertEquals(int(self.values['struct_c.c1']), c.c1)
self.assertEquals(int(self.values['struct_c.d1']), c.d1)
self.assertEquals(str(self.values['struct_c.a2']), c.a2)
self.assertEquals(int(self.values['struct_c.b2']), c.b2)
self.assertEquals(int(self.values['struct_c.c2']), c.c2)
self.assertEquals(int(self.values['struct_c.d2']), c.d2)
self.assertEquals(int(self.values['struct_c.h']), c.h)
return
def test_print_heap_alignmask(self):
finder = winxpheapwalker.WinXPHeapFinder(self._memory_handler)
for addr, size in zeus_1668_vmtoolsd_exe.known_heaps:
m = self._memory_handler.get_mapping_for_address(addr)
walker = finder.get_heap_walker(m)
win7heap = walker._heap_module
heap = m.read_struct(addr, win7heap.HEAP)
parser = python.PythonOutputter(self._memory_handler)
x = parser.parse(heap)
log.info("Heap: @0x%x #:%d AlignMask: 0x%x FrontEndHeapType:%d", addr, x.ProcessHeapsListIndex, x.AlignMask, x.FrontEndHeapType)
#tparser = python.PythonOutputter(self._memory_handler)
#print tparser.parse(heap).toString()
self.assertEqual(x.AlignMask, 0xfffffff8)
def test_basic_signed_types(self):
# union b - basic types
offset = self.offsets['union_b'][0]
m = self.memory_handler.get_mapping_for_address(offset)
my_ctypes = self.memory_handler.get_target_platform(
).get_target_ctypes()
ret, validated = api.load_record(self.memory_handler,
self.ctypes5_gen32.union_b, offset)
self.assertTrue(ret)
parser = python.PythonOutputter(self.memory_handler)
b = parser.parse(ret)
self.assertEquals(int(self.values['union_b.a']), b.a)
self.assertEquals(int(self.values['union_b.b']), b.b)
self.assertEquals(int(self.values['union_b.c']), b.c)
self.assertEquals(int(self.values['union_b.d']), b.d)
self.assertEquals(int(self.values['union_b.e']), b.e)
# char 251
self.assertEquals((self.values['union_b.g']), b.g)
return
def output_to_python(memory_handler, results):
"""
Transform ctypes results in a non-ctypes python object format
:param memory_handler: IMemoryHandler
:param results: results from the search_record
:return:
"""
if not isinstance(results, list):
raise TypeError('Feed me a list of results')
# also generate POPOs
my_model = memory_handler.get_model()
pythoned_modules = my_model.get_pythoned_modules().keys()
for module_name, module in my_model.get_imported_modules().items():
if module_name not in pythoned_modules:
my_model.build_python_class_clones(module)
# parse and generate instances
parser = python.PythonOutputter(memory_handler)
ret = [(parser.parse(ss), addr) for ss, addr in results]
# last check to clean the structure from any ctypes Structure
if python.findCtypesInPyObj(memory_handler, ret):
raise HaystackError(
'Bug in framework, some Ctypes are still in the return results. Please Report test unit.')
return ret