#!/usr/bin/env python
#
# We are looking for "argv[1]" running under debian
#
# We install the Linux26.find_process_filter on cr3 writes
# The framework will call our filter Before each write
#
from ramooflax import VM, CPUFamily, OSFactory, OSAffinity, log
import sys
# create logging for this script
log.setup(info=True, fail=True)
if len(sys.argv) < 2:
log("fail", "gimme prog name")
sys.exit(-1)
# Target process
process_name = sys.argv[1]
# Some offsets for debian 2.6.32-5-486 kernel
settings = {
"thread_size": 8192,
"comm": 540,
"next": 240,
"mm": 268,
"pgd": 36
}
os = OSFactory(OSAffinity.Linux26, settings)
hook = os.find_process_filter(process_name)
#!/usr/bin/env python
#
# We are looking for "argv[1]" running under windows 7
#
# We install a filter on cr3 writes
# On each write, the vmm gives us control
# before the write operation
#
from ramooflax import VM, CPUFamily, OSFactory, OSAffinity, log
import sys
# create logging for this script
log.setup(info=True, fail=True)
if len(sys.argv) < 2:
log("fail", "gimme prog name")
sys.exit(-1)
# Target process
process_name = sys.argv[1]
# Some offsets for Windows 7 Premium FR 32 bits
settings = {"kprcb":0x20, "kthread":4,
"eprocess":0x150, "name":0x16c,
"cr3":0x18, "next":0xb8}
os = OSFactory(OSAffinity.Win7, settings)
hook = os.find_process_filter(process_name)
#
# Main