def _mmap(self):
""" protected api """
# mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer.
# we have to get a ctypes pointer-able instance to make our ctypes structure read efficient.
# sad we can't have a bytebuffer from that same raw memspace
# we do not keep the bytebuffer in memory, because it's a lost of space
# in most cases.
if self._base is None:
if hasattr(self._memdump, 'fileno'): # normal file.
# XXX that is the most f****d up, non-portable f**k I ever
# wrote.
if haystack.MMAP_HACK_ACTIVE:
log.debug('Using MMAP_HACK: %s' % self)
# if self.pathname.startswith('/usr/lib'):
# raise Exception
self._local_mmap_bytebuffer = mmap.mmap(
self._memdump.fileno(),
self.end - self.start,
access=mmap.ACCESS_READ)
self._memdump.close()
self._memdump = None
# yeap, that right, I'm stealing the pointer value. DEAL WITH IT.
# this is a local memory hack, so
# self._target_platform.get_word_type() is not involved.
heapmap = struct.unpack('L', (ctypes.c_ulong).from_address(
id(self._local_mmap_bytebuffer) + 2 *
(ctypes.sizeof(ctypes.c_ulong))))[0]
self._local_mmap_content = (
ctypes.c_ubyte * (self.end - self.start)).from_address(
int(heapmap))
else: # fallback with no creepy hacks
log.warning(
'MemoryHandler Mapping content mmap-ed() (double copy of %s) : %s'
% (self._memdump.__class__, self))
# we have the bytes
local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(),
self.end - self.start,
access=mmap.ACCESS_READ)
self._memdump.close()
# we need an ctypes
self._local_mmap_content = utils.bytes2array(
local_mmap_bytebuffer, ctypes.c_ubyte)
else: # dumpfile, file inside targz ... any read() API really
print self.__class__
self._local_mmap_content = utils.bytes2array(
self._memdump.read(), ctypes.c_ubyte)
self._memdump.close()
log.warning(
'MemoryHandler Mapping content copied to ctypes array : %s'
% (self))
# make that _base
self._base = LocalMemoryMapping.fromAddress(
self, ctypes.addressof(self._local_mmap_content))
log.debug('%s done.' % self.__class__)
# redirect function calls
self.read_word = self._base.read_word
self.read_array = self._base.read_array
self.read_bytes = self._base.read_bytes
self.read_struct = self._base.read_struct
return self._base
def _mmap(self):
''' protected api '''
# mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer.
# we have to get a ctypes pointer-able instance to make our ctypes structure read efficient.
# sad we can't have a bytebuffer from that same raw memspace
# we do not keep the bytebuffer in memory, because it's a lost of space in most cases.
if self._base is None:
mmap_hack = True
if mmap_hack: # XXX that is the most f****d up, non-portable f**k I ever wrote.
self._local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ)
# yeap, that right, I'm stealing the pointer value. DEAL WITH IT.
heapmap = struct.unpack('L', (ctypes.c_uint).from_address(id(self._local_mmap_bytebuffer) + 8 ) )[0]
self._local_mmap_content = (ctypes.c_ubyte*(self.end-self.start)).from_address(heapmap)
elif hasattr(self._memdump,'fileno'): # normal file. mmap kinda useless i suppose.
log.warning('Memory Mapping content mmap-ed() (double copy of %s) : %s'%(self._memdump.__class__, self))
# we have the bytes
local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ)
# we need an ctypes
self._local_mmap_content = utils.bytes2array(local_mmap_bytebuffer, ctypes.c_ubyte)
else: # dumpfile, file inside targz ... any read() API really
self._local_mmap_content = utils.bytes2array(self._memdump.read(), ctypes.c_ubyte)
log.warning('Memory Mapping content copied to ctypes array : %s'%(self))
# make that _base
self._base = LocalMemoryMapping.fromAddress( self, ctypes.addressof(self._local_mmap_content) )
log.debug('LocalMemoryMapping done.')
#redirect stuff
self.readWord = self._base.readWord
self.readArray = self._base.readArray
self.readBytes = self._base.readBytes
self.readStruct = self._base.readStruct
return self._base
def _mmap(self):
""" protected api """
# mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer.
# we have to get a ctypes pointer-able instance to make our ctypes structure read efficient.
# sad we can't have a bytebuffer from that same raw memspace
# we do not keep the bytebuffer in memory, because it's a lost of space
# in most cases.
if self._base is None:
if hasattr(self._memdump, "fileno"): # normal file.
# XXX that is the most f****d up, non-portable f**k I ever
# wrote.
if haystack.MMAP_HACK_ACTIVE:
log.debug("Using MMAP_HACK: %s" % self)
# if self.pathname.startswith('/usr/lib'):
# raise Exception
self._local_mmap_bytebuffer = mmap.mmap(
self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ
)
self._memdump.close()
self._memdump = None
# yeap, that right, I'm stealing the pointer value. DEAL WITH IT.
# this is a local memory hack, so
heapmap = struct.unpack(
"L",
(ctypes.c_ulong).from_address(
id(self._local_mmap_bytebuffer) + 2 * (ctypes.sizeof(ctypes.c_ulong))
),
)[0]
self._local_mmap_content = (ctypes.c_ubyte * (self.end - self.start)).from_address(int(heapmap))
else: # fallback with no creepy hacks
log.warning(
"MemoryHandler Mapping content mmap-ed() (double copy of %s) : %s",
self._memdump.__class__,
self,
)
# we have the bytes
local_mmap_bytebuffer = mmap.mmap(
self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ
)
self._memdump.close()
# we need an ctypes
self._local_mmap_content = utils.bytes2array(local_mmap_bytebuffer, ctypes.c_ubyte)
else: # dumpfile, file inside targz ... any read() API really
print self.__class__
self._local_mmap_content = utils.bytes2array(self._memdump.read(), ctypes.c_ubyte)
self._memdump.close()
log.warning("MemoryHandler Mapping content copied to ctypes array : %s", self)
# make that _base
self._base = LocalMemoryMapping.fromAddress(self, ctypes.addressof(self._local_mmap_content))
log.debug("%s done." % self.__class__)
# redirect function calls
self.read_word = self._base.read_word
self.read_array = self._base.read_array
self.read_bytes = self._base.read_bytes
self.read_struct = self._base.read_struct
return self._base
def _mmap(self):
''' protected api '''
# mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer.
# we have to get a ctypes pointer-able instance to make our ctypes structure read efficient.
# sad we can't have a bytebuffer from that same raw memspace
# we do not keep the bytebuffer in memory, because it's a lost of space in most cases.
if self._base is None:
mmap_hack = True
if mmap_hack: # XXX that is the most f****d up, non-portable f**k I ever wrote.
self._local_mmap_bytebuffer = mmap.mmap(
self._memdump.fileno(),
self.end - self.start,
access=mmap.ACCESS_READ)
# yeap, that right, I'm stealing the pointer value. DEAL WITH IT.
heapmap = struct.unpack(
'L',
(ctypes.c_uint
).from_address(id(self._local_mmap_bytebuffer) + 8))[0]
self._local_mmap_content = (
ctypes.c_ubyte *
(self.end - self.start)).from_address(heapmap)
elif hasattr(
self._memdump,
'fileno'): # normal file. mmap kinda useless i suppose.
log.warning(
'Memory Mapping content mmap-ed() (double copy of %s) : %s'
% (self._memdump.__class__, self))
# we have the bytes
local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(),
self.end - self.start,
access=mmap.ACCESS_READ)
# we need an ctypes
self._local_mmap_content = utils.bytes2array(
local_mmap_bytebuffer, ctypes.c_ubyte)
else: # dumpfile, file inside targz ... any read() API really
self._local_mmap_content = utils.bytes2array(
self._memdump.read(), ctypes.c_ubyte)
log.warning(
'Memory Mapping content copied to ctypes array : %s' %
(self))
# make that _base
self._base = LocalMemoryMapping.fromAddress(
self, ctypes.addressof(self._local_mmap_content))
log.debug('LocalMemoryMapping done.')
#redirect stuff
self.readWord = self._base.readWord
self.readArray = self._base.readArray
self.readBytes = self._base.readBytes
self.readStruct = self._base.readStruct
return self._base
def test_bytes2array(self):
"""bytes to ctypes array"""
ctypes = types.reload_ctypes(4, 4, 8)
bytes = 4 * b'\xAA' + 4 * b'\xBB' + 4 * b'\xCC' + \
4 * b'\xDD' + 4 * b'\xEE' + 4 * b'\xFF'
array = utils.bytes2array(bytes, ctypes.c_ulong)
self.assertEquals(array[0], 0xAAAAAAAA)
self.assertEquals(len(array), 6)
ctypes = types.reload_ctypes(8, 8, 16)
bytes = 4 * b'\xAA' + 4 * b'\xBB' + 4 * b'\xCC' + \
4 * b'\xDD' + 4 * b'\xEE' + 4 * b'\xFF'
array = utils.bytes2array(bytes, ctypes.c_ulong)
self.assertEquals(array[0], 0xBBBBBBBBAAAAAAAA)
self.assertEquals(len(array), 3)
pass
def fromBytebuffer(cls, memoryMapping, content):
content_array = utils.bytes2array(content, ctypes.c_ubyte)
content_address = ctypes.addressof(content_array)
el = cls( content_address, memoryMapping.start, memoryMapping.end,
memoryMapping.permissions, memoryMapping.offset, memoryMapping.major_device, memoryMapping.minor_device,
memoryMapping.inode, memoryMapping.pathname)
el.content_array_save_me_from_gc = content_array
return el
def fromBytebuffer(cls, memoryMapping, content):
content_array = utils.bytes2array(content, ctypes.c_ubyte)
content_address = ctypes.addressof(content_array)
el = cls(content_address, memoryMapping.start, memoryMapping.end,
memoryMapping.permissions, memoryMapping.offset,
memoryMapping.major_device, memoryMapping.minor_device,
memoryMapping.inode, memoryMapping.pathname)
el.content_array_save_me_from_gc = content_array
return el
def _mmap(self):
''' protected api '''
# mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer.
# we have to get a ctypes pointer-able instance to make our ctypes structure read efficient.
# sad we can't have a bytebuffer from that same raw memspace
# we do not keep the bytebuffer in memory, because it's a lost of space in most cases.
if self._base is None:
if hasattr(self._memdump,'fileno'): # normal file.
if Config.mmap_hack: # XXX that is the most f****d up, non-portable f**k I ever wrote.
#print 'mmap_hack', self
#if self.pathname.startswith('/usr/lib'):
# raise Exception
self._local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ)
self._memdump.close()
self._memdump = None
# yeap, that right, I'm stealing the pointer value. DEAL WITH IT.
# this is a local memory hack, so Config.WORDTYPE is not involved.
heapmap = struct.unpack('L', (ctypes.c_ulong).from_address(id(self._local_mmap_bytebuffer) + 2*(ctypes.sizeof(ctypes.c_ulong)) ) )[0]
self._local_mmap_content = (ctypes.c_ubyte*(self.end-self.start)).from_address(int(heapmap))
else: # fallback with no creepy hacks
log.warning('Memory Mapping content mmap-ed() (double copy of %s) : %s'%(self._memdump.__class__, self))
# we have the bytes
local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ)
self._memdump.close()
# we need an ctypes
self._local_mmap_content = utils.bytes2array(local_mmap_bytebuffer, ctypes.c_ubyte)
else: # dumpfile, file inside targz ... any read() API really
self._local_mmap_content = utils.bytes2array(self._memdump.read(), ctypes.c_ubyte)
self._memdump.close()
log.warning('Memory Mapping content copied to ctypes array : %s'%(self))
# make that _base
self._base = LocalMemoryMapping.fromAddress( self, ctypes.addressof(self._local_mmap_content) )
log.debug('LocalMemoryMapping done.')
#redirect stuff
self.readWord = self._base.readWord
self.readArray = self._base.readArray
self.readBytes = self._base.readBytes
self.readStruct = self._base.readStruct
return self._base
def mmap(self):
''' mmap-ed access gives a 20% perf increase on by tests '''
# DO NOT USE ptrace.process.readArray on 64 bits.
# It breaks stuff.
# probably a bad cast statement on c_char_p
# FIXME: the big perf increase is now gone. Howto cast pointer to bytes
# into ctypes array ?
ctypes = self.config.ctypes
if not self.isMmaped():
# self._process().readArray(self.start, ctypes.c_ubyte, len(self) ) # keep ref
# self._local_mmap_content = self._process().readArray(self.start,
# ctypes.c_ubyte, len(self) ) # keep ref
self._local_mmap_content = utils.bytes2array(
self._process().readBytes(
self.start,
len(self)),
ctypes.c_ubyte)
log.debug('type array %s' % (type(self._local_mmap_content)))
self._local_mmap = LocalMemoryMapping.fromAddress(
self, ctypes.addressof(
self._local_mmap_content))
self._base = self._local_mmap
return self._local_mmap
def RC4_KEY_fromPyObj(self, pyobj):
#copy P and S
self.data = bytes2array(pyobj.data, ctypes.c_uint)
self.x = pyobj.x
self.y = pyobj.y
return self
def AES_KEY_fromPyObj(self,pyobj):
#copy rd_key
self.rd_key = bytes2array(pyobj.rd_key,ctypes.c_ulong)
#copy rounds
self.rounds = pyobj.rounds
return self
def fromPyObj(self, pyobj):
#recurse copy aes_ctx
self.r_ctx = rijndael_ctx().fromPyObj(pyobj.r_ctx)
#copy counter
self.r_iv = bytes2array(pyobj.r_iv, ctypes.c_ubyte)
return self
def fromPyObj(self, pyobj):
self.decrypt = pyobj.decrypt
self.Nr = pyobj.Nr
self.ek = bytes2array(pyobj.ek, ctypes.c_uint32)
self.dk = bytes2array(pyobj.dk, ctypes.c_uint32)
return self
def fromPyObj(self, pyobj):
#recurse copy aes_ctx
self.aes_ctx = AES_KEY().fromPyObj(pyobj.aes_ctx)
#copy counter
self.aes_counter = bytes2array(pyobj.aes_counter, ctypes.c_ubyte)
return self
def RC4_KEY_fromPyObj(self,pyobj):
#copy P and S
self.data = bytes2array(pyobj.data, ctypes.c_uint)
self.x = pyobj.x
self.y = pyobj.y
return self
def CAST_KEY_fromPyObj(self,pyobj):
#copy P and S
self.data = bytes2array(pyobj.data, ctypes.c_uint)
self.short_key = pyobj.short_key
return self
def fromPyObj(self,pyobj):
#recurse copy aes_ctx
self.r_ctx = rijndael_ctx().fromPyObj(pyobj.r_ctx)
#copy counter
self.r_iv = bytes2array(pyobj.r_iv, ctypes.c_ubyte)
return self
def BF_KEY_fromPyObj(self,pyobj):
#copy P and S
self.P = bytes2array(pyobj.P, ctypes.c_ulong)
self.S = bytes2array(pyobj.S, ctypes.c_ulong)
return self
def CAST_KEY_fromPyObj(self, pyobj):
#copy P and S
self.data = bytes2array(pyobj.data, ctypes.c_uint)
self.short_key = pyobj.short_key
return self
def AES_KEY_fromPyObj(self, pyobj):
#copy rd_key
self.rd_key = bytes2array(pyobj.rd_key, ctypes.c_ulong)
#copy rounds
self.rounds = pyobj.rounds
return self
def BF_KEY_fromPyObj(self, pyobj):
#copy P and S
self.P = bytes2array(pyobj.P, ctypes.c_ulong)
self.S = bytes2array(pyobj.S, ctypes.c_ulong)
return self
def _get(self, offset, size):
memdump = file(self.memdump_name, "rb")
memdump.seek(offset)
me = utils.bytes2array(memdump.read(size), ctypes.c_ubyte)
memdump.close()
return me
def fromPyObj(self,pyobj):
#recurse copy aes_ctx
self.aes_ctx = AES_KEY().fromPyObj(pyobj.aes_ctx)
#copy counter
self.aes_counter=bytes2array(pyobj.aes_counter, ctypes.c_ubyte)
return self
def _get(self, offset, size):
memdump = file(self.memdump_name, 'rb')
memdump.seek(offset)
me = utils.bytes2array(memdump.read(size), ctypes.c_ubyte)
memdump.close()
return me
def fromPyObj(self,pyobj):
self.decrypt = pyobj.decrypt
self.Nr = pyobj.Nr
self.ek = bytes2array(pyobj.ek, ctypes.c_uint32)
self.dk = bytes2array(pyobj.dk, ctypes.c_uint32)
return self
