vm.all_pages[p.paddr].append((a, p)) for addr, pages in vm.all_pages.iteritems(): if len(pages) > 1: log("fsm", "match for 0x%x" % addr) for ads, pg in pages: log("fsm", "ads 0x%x: %s" % (ads, pg)) return True ## ## Main ## peer = "172.16.131.128:1337" vm = VM(CPUFamily.Intel, peer) vm.nr_cr3 = 5 vm.ads = {} log.setup(info=True, fail=True, gdb=False, vm=True, brk=True, evt=False, fsm=(True, log.blue)) vm.attach() vm.stop()
# Target process process_name = sys.argv[1] # Some offsets for debian 2.6.32-5-486 kernel settings = { "thread_size": 8192, "comm": 540, "next": 240, "mm": 268, "pgd": 36 } os = OSFactory(OSAffinity.Linux26, settings) hook = os.find_process_filter(process_name) ## ## Main ## vm = VM(CPUFamily.AMD, "192.168.254.254:1234") vm.attach() vm.stop() vm.cpu.breakpoints.add_data_w(vm.cpu.sr.tr_base + 4, 4, hook) while not vm.resume(): continue vm.cpu.breakpoints.remove(1) log("info", "success: %#x" % os.get_process_cr3()) vm.detach()