def readAddr(self, address, isLocalAddress=False): if not isLocalAddress: address = self.remoteAddressToLocalAddress(address) if 4 == self._POINTER_SIZE: return c_uint32.from_address(address).value else: return c_uint64.from_address(address).value
def find_instances(cmd_string = None, not_me = True, other_users = False, unhandled_exc_handler = None): my_pid = os.getpid() my_euid = os.geteuid() mib = (c_int * 4)() mib[0] = CTL_KERN mib[1] = KERN_PROC mib[2] = KERN_PROC_ALL mib[3] = 0 buf_size = c_size_t() libc.sysctl(mib, 4, None, byref(buf_size), None, 0) kprocbuf = create_string_buffer(buf_size.value) libc.sysctl(mib, 4, kprocbuf, byref(buf_size), None, 0) ENTRY_SIZE = 492 PID_OFFSET = 24 EUID_OFFSET = 304 buf_address = addressof(kprocbuf) num_entries = buf_size.value / ENTRY_SIZE for i in xrange(num_entries): entry_offset = buf_address + i * ENTRY_SIZE the_pid = c_uint32.from_address(entry_offset + PID_OFFSET).value the_euid = c_uint32.from_address(entry_offset + EUID_OFFSET).value if the_pid == 0: continue if not other_users and my_euid != the_euid or not_me and the_pid == my_pid: continue if cmd_string is not None: try: the_cmd_string = get_process_command_string(the_pid, unhandled_exc_handler) except OSError: pass except Exception: if unhandled_exc_handler: unhandled_exc_handler() else: if the_cmd_string and (cmd_string == the_cmd_string or the_cmd_string.endswith('/' + cmd_string)): yield the_pid else: yield the_pid
def is_pid_in_64bit_mode(pid): mib = (c_int * 4)() mib[0] = CTL_KERN mib[1] = KERN_PROC mib[2] = KERN_PROC_PID mib[3] = pid ENTRY_SIZE = 492 FLAGS_OFFSET = 16 buf_size = c_size_t(ENTRY_SIZE) kprocbuf = create_string_buffer(buf_size.value) libc.sysctl(mib, 4, kprocbuf, byref(buf_size), None, 0) if buf_size.value != ENTRY_SIZE: raise Exception('Size mismatch %d vs %d', buf_size.value, ENTRY_SIZE) buf_address = addressof(kprocbuf) flags = c_uint32.from_address(buf_address + FLAGS_OFFSET).value P_LP64 = 4 return flags & P_LP64
def t_uint32(address): return c_uint32.from_address(address + sizeof(nlattr)).value
def DerefUInt32(p): return c_uint32.from_address(p).value
def read_register(cls, register_offset, returned_data): """Read register.""" address = int(str(returned_data).rstrip('>)').split('(', 1)[1], 16) c_uint32.from_address(address).value = cls.register.get( register_offset)
def readDword(self, address, isLocalAddress=False): if not isLocalAddress: address = self.remoteAddressToLocalAddress(address) return c_uint32.from_address(address).value