def init_vatopa_x86_pae(self, vflag):
if self.mempath == '':
return 1
if self.build[
0:
2] >= '12': # for KSLR supported OS (Mountain Lion, Mavericks)
if vflag:
print '[+] Finding Kernel Base Address (KASLR)'
self.base_address = self.catfishlocation - (
self.symbol_list['_lowGlo'] % 0xFFFFFF80
) # find table base address
if vflag:
print ' [-] Kernel Base Address : 0x%.8x' % self.base_address
self.idlepdpt = (self.symbol_list['_BootPDPT'] %
0xFFFFFF80) + self.base_address
self.bootpml4 = (self.symbol_list['_BootPML4'] %
0xFFFFFF80) + self.base_address
if isMachoVolafoxCompatible(self.mempath):
self.boot_pml4_pt = IA32PML4MemoryPae(
MachoAddressSpace(self.mempath), self.bootpml4)
else:
self.boot_pml4_pt = IA32PML4MemoryPae(
FileAddressSpace(self.mempath), self.bootpml4)
idlepml4_ptr = self.boot_pml4_pt.read(
self.symbol_list['_IdlePML4'] + self.base_address, 8)
self.idlepml4 = struct.unpack('=Q', idlepml4_ptr)[0]
else:
self.idlepdpt = self.symbol_list['_IdlePDPT']
self.idlepml4 = self.symbol_list['_IdlePML4']
if self.arch is 32:
if vflag:
print '[+] Loading Intel 32bit(PAE Enabled) Paging Table'
if isMachoVolafoxCompatible(self.mempath):
self.x86_mem_pae = IA32PagedMemoryPae(
MachoAddressSpace(self.mempath), self.idlepdpt)
else:
self.x86_mem_pae = IA32PagedMemoryPae(
FileAddressSpace(self.mempath), self.idlepdpt)
else: # 64
if vflag:
print '[+] Loading Intel IA-32e(PAE Enabled) Paging Table'
if isMachoVolafoxCompatible(self.mempath):
self.x86_mem_pae = IA32PML4MemoryPae(
MachoAddressSpace(self.mempath), self.idlepml4)
else:
self.x86_mem_pae = IA32PML4MemoryPae(
FileAddressSpace(self.mempath), self.idlepml4)
return 0
def netstat(self):
tcb_symbol_addr = self.symbol_list['_tcbinfo']
udb_symbol_addr = self.symbol_list['_udbinfo']
if isMachoVolafoxCompatible(self.mempath):
net_pae = IA32PML4MemoryPae(MachoAddressSpace(self.mempath), self.idlepml4)
else:
net_pae = IA32PML4MemoryPae(FileAddressSpace(self.mempath), self.idlepml4)
network_list = get_network_hash(net_pae, tcb_symbol_addr, udb_symbol_addr, self.arch, self.os_version, self.build, self.base_address)
print_network_list(network_list[0], network_list[1])
def init_vatopa_x86_pae(self, vflag):
if self.mempath == "":
return 1
if self.build[0:2] >= "12": # for KSLR supported OS (Mountain Lion, Mavericks)
if vflag:
print "[+] Finding Kernel Base Address (KASLR)"
self.base_address = self.catfishlocation - (
self.symbol_list["_lowGlo"] % 0xFFFFFF80
) # find table base address
if vflag:
print " [-] Kernel Base Address : 0x%.8x" % self.base_address
self.idlepdpt = (self.symbol_list["_BootPDPT"] % 0xFFFFFF80) + self.base_address
self.bootpml4 = (self.symbol_list["_BootPML4"] % 0xFFFFFF80) + self.base_address
if isMachoVolafoxCompatible(self.mempath):
self.boot_pml4_pt = IA32PML4MemoryPae(MachoAddressSpace(self.mempath), self.bootpml4)
else:
self.boot_pml4_pt = IA32PML4MemoryPae(FileAddressSpace(self.mempath), self.bootpml4)
idlepml4_ptr = self.boot_pml4_pt.read(self.symbol_list["_IdlePML4"] + self.base_address, 8)
self.idlepml4 = struct.unpack("=Q", idlepml4_ptr)[0]
else:
self.idlepdpt = self.symbol_list["_IdlePDPT"]
self.idlepml4 = self.symbol_list["_IdlePML4"]
if self.arch is 32:
if vflag:
print "[+] Loading Intel 32bit(PAE Enabled) Paging Table"
if isMachoVolafoxCompatible(self.mempath):
self.x86_mem_pae = IA32PagedMemoryPae(MachoAddressSpace(self.mempath), self.idlepdpt)
else:
self.x86_mem_pae = IA32PagedMemoryPae(FileAddressSpace(self.mempath), self.idlepdpt)
else: # 64
if vflag:
print "[+] Loading Intel IA-32e(PAE Enabled) Paging Table"
if isMachoVolafoxCompatible(self.mempath):
self.x86_mem_pae = IA32PML4MemoryPae(MachoAddressSpace(self.mempath), self.idlepml4)
else:
self.x86_mem_pae = IA32PML4MemoryPae(FileAddressSpace(self.mempath), self.idlepml4)
return 0
def netstat(self):
tcb_symbol_addr = self.symbol_list['_tcbinfo']
udb_symbol_addr = self.symbol_list['_udbinfo']
if isMachoVolafoxCompatible(self.mempath):
net_pae = IA32PML4MemoryPae(MachoAddressSpace(self.mempath),
self.idlepml4)
else:
net_pae = IA32PML4MemoryPae(FileAddressSpace(self.mempath),
self.idlepml4)
network_list = get_network_hash(net_pae, tcb_symbol_addr,
udb_symbol_addr, self.arch,
self.os_version, self.build,
self.base_address)
print_network_list(network_list[0], network_list[1])