def main():
print "Process memory map"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) < 2 or '-h' in sys.argv or '--help' in sys.argv:
script = os.path.basename(sys.argv[0])
print "Usage:"
print " %s <pid>..." % script
print " %s <process.exe>..." % script
return
s = System()
s.request_debug_privileges()
s.scan_processes()
targets = set()
for token in sys.argv[1:]:
try:
pid = HexInput.integer(token)
if not s.has_process(pid):
print "Process not found: %s" % token
return
targets.add(pid)
except ValueError:
pl = s.find_processes_by_filename(token)
if not pl:
print "Process not found: %s" % token
return
for p, n in pl:
pid = p.get_pid()
targets.add(pid)
targets = list(targets)
targets.sort()
for pid in targets:
process = Process(pid)
fileName = process.get_filename()
memoryMap = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames()
if fileName:
print "Memory map for %d (%s):" % (pid, fileName)
else:
print "Memory map for %d:" % pid
print
## print CrashDump.dump_memory_map(memoryMap),
print CrashDump.dump_memory_map(memoryMap, mappedFilenames)
readable = 0
writeable = 0
executable = 0
private = 0
mapped = 0
image = 0
total = 0
for mbi in memoryMap:
size = mbi.RegionSize
if not mbi.is_free():
total += size
if mbi.is_readable():
readable += size
if mbi.is_writeable():
writeable += size
if mbi.is_executable():
executable += size
if mbi.is_private():
private += size
if mbi.is_mapped():
mapped += size
if mbi.is_image():
image += size
width = len(number(total))
print(" %%%ds bytes of readable memory" % width) % number(readable)
print(" %%%ds bytes of writeable memory" % width) % number(writeable)
print(" %%%ds bytes of executable memory" %
width) % number(executable)
print(" %%%ds bytes of private memory" % width) % number(private)
print(" %%%ds bytes of mapped memory" % width) % number(mapped)
print(" %%%ds bytes of image memory" % width) % number(image)
print(" %%%ds bytes of total memory" % width) % number(total)
print
def openProc(pid):
''' return proc maps '''
process = Process(pid)
fileName = process.get_filename()
memoryMap = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames()
# 08048000-080b0000 r-xp 0804d000 fe:01 3334030 /usr/myfile
lines = []
for mbi in memoryMap:
if not mbi.is_readable():
continue
addr = ''
perm = '--- '
offset = ''
device = ''
inode = ''
filename = ''
# Address and size of memory block.
BaseAddress = HexDump.address(mbi.BaseAddress)
RegionSize = HexDump.address(mbi.RegionSize)
# State (free or allocated).
mbiState = mbi.State
if mbiState == win32.MEM_RESERVE:
State = "Reserved"
elif mbiState == win32.MEM_COMMIT:
State = "Commited"
elif mbiState == win32.MEM_FREE:
State = "Free"
else:
State = "Unknown"
# Page protection bits (R/W/X/G).
if mbiState != win32.MEM_COMMIT:
Protect = "--- "
else:
mbiProtect = mbi.Protect
if mbiProtect & win32.PAGE_NOACCESS:
Protect = "--- "
elif mbiProtect & win32.PAGE_READONLY:
Protect = "R-- "
elif mbiProtect & win32.PAGE_READWRITE:
Protect = "RW- "
elif mbiProtect & win32.PAGE_WRITECOPY:
Protect = "RC- "
elif mbiProtect & win32.PAGE_EXECUTE:
Protect = "--X "
elif mbiProtect & win32.PAGE_EXECUTE_READ:
Protect = "R-X "
elif mbiProtect & win32.PAGE_EXECUTE_READWRITE:
Protect = "RWX "
elif mbiProtect & win32.PAGE_EXECUTE_WRITECOPY:
Protect = "RCX "
else:
Protect = "??? "
'''
if mbiProtect & win32.PAGE_GUARD:
Protect += "G"
#else:
# Protect += "-"
if mbiProtect & win32.PAGE_NOCACHE:
Protect += "N"
#else:
# Protect += "-"
if mbiProtect & win32.PAGE_WRITECOMBINE:
Protect += "W"
#else:
# Protect += "-"
'''
perm = Protect
# Type (file mapping, executable image, or private memory).
mbiType = mbi.Type
if mbiType == win32.MEM_IMAGE:
Type = "Image"
elif mbiType == win32.MEM_MAPPED:
Type = "Mapped"
elif mbiType == win32.MEM_PRIVATE:
Type = "Private"
elif mbiType == 0:
Type = ""
else:
Type = "Unknown"
log.debug(BaseAddress)
addr = '%08x-%08x' % (int(
BaseAddress, 16), int(BaseAddress, 16) + int(RegionSize, 16))
perm = perm.lower()
offset = '00000000'
device = 'fe:01'
inode = 24422442
filename = mappedFilenames.get(mbi.BaseAddress, ' ')
# 08048000-080b0000 r-xp 0804d000 fe:01 3334030 /usr/myfile
lines.append('%s %s %s %s %s %s\n' %
(addr, perm, offset, device, inode, filename))
log.debug('%s %s %s %s %s %s\n' %
(addr, perm, offset, device, inode, filename))
##generate_memory_snapshot(self, minAddr=None, maxAddr=None)
return lines
# process.suspend()
# try:
# snapshot = process.generate_memory_snapshot()
# for mbi in snapshot:
# print HexDump.hexblock(mbi.content, mbi.BaseAddress)
# finally:
# process.resume()
# process.read_structure()
process = Process(pid)
fileName = process.get_filename()
memoryMap = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames()
if fileName:
log.debug("MemoryHandler map for %d (%s):" % (pid, fileName))
else:
log.debug("MemoryHandler map for %d:" % pid)
log.debug('%d filenames' % len(mappedFilenames))
log.debug('')
log.debug('%d memorymap' % len(memoryMap))
readable = 0
writeable = 0
executable = 0
private = 0
mapped = 0
image = 0
total = 0
for mbi in memoryMap:
size = mbi.RegionSize
if not mbi.is_free():
total += size
if mbi.is_readable():
readable += size
if mbi.is_writeable():
writeable += size
if mbi.is_executable():
executable += size
if mbi.is_private():
private += size
if mbi.is_mapped():
mapped += size
if mbi.is_image():
image += size
width = len(str(total))
log.debug(" %%%ds bytes of readable memory" % width) % int(readable)
log.debug(
" %%%ds bytes of writeable memory" % width) % int(writeable)
log.debug(
" %%%ds bytes of executable memory" % width) % int(executable)
log.debug(" %%%ds bytes of private memory" % width) % int(private)
log.debug(" %%%ds bytes of mapped memory" % width) % int(mapped)
log.debug(" %%%ds bytes of image memory" % width) % int(image)
log.debug(" %%%ds bytes of total memory" % width) % int(total)
log.debug('')
return
def openProc(pid):
''' return proc maps '''
process = Process(pid)
fileName = process.get_filename()
memoryMap = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames()
# 08048000-080b0000 r-xp 0804d000 fe:01 3334030 /usr/myfile
lines = []
for mbi in memoryMap:
if not mbi.is_readable():
continue
addr = ''
perm = '--- '
offset = ''
device = ''
inode = ''
filename = ''
# Address and size of memory block.
BaseAddress = HexDump.address(mbi.BaseAddress)
RegionSize = HexDump.address(mbi.RegionSize)
# State (free or allocated).
mbiState = mbi.State
if mbiState == win32.MEM_RESERVE:
State = "Reserved"
elif mbiState == win32.MEM_COMMIT:
State = "Commited"
elif mbiState == win32.MEM_FREE:
State = "Free"
else:
State = "Unknown"
# Page protection bits (R/W/X/G).
if mbiState != win32.MEM_COMMIT:
Protect = "--- "
else:
mbiProtect = mbi.Protect
if mbiProtect & win32.PAGE_NOACCESS:
Protect = "--- "
elif mbiProtect & win32.PAGE_READONLY:
Protect = "R-- "
elif mbiProtect & win32.PAGE_READWRITE:
Protect = "RW- "
elif mbiProtect & win32.PAGE_WRITECOPY:
Protect = "RC- "
elif mbiProtect & win32.PAGE_EXECUTE:
Protect = "--X "
elif mbiProtect & win32.PAGE_EXECUTE_READ:
Protect = "R-X "
elif mbiProtect & win32.PAGE_EXECUTE_READWRITE:
Protect = "RWX "
elif mbiProtect & win32.PAGE_EXECUTE_WRITECOPY:
Protect = "RCX "
else:
Protect = "??? "
'''
if mbiProtect & win32.PAGE_GUARD:
Protect += "G"
#else:
# Protect += "-"
if mbiProtect & win32.PAGE_NOCACHE:
Protect += "N"
#else:
# Protect += "-"
if mbiProtect & win32.PAGE_WRITECOMBINE:
Protect += "W"
#else:
# Protect += "-"
'''
perm = Protect
# Type (file mapping, executable image, or private memory).
mbiType = mbi.Type
if mbiType == win32.MEM_IMAGE:
Type = "Image"
elif mbiType == win32.MEM_MAPPED:
Type = "Mapped"
elif mbiType == win32.MEM_PRIVATE:
Type = "Private"
elif mbiType == 0:
Type = ""
else:
Type = "Unknown"
log.debug(BaseAddress)
addr = '%08x-%08x' % (int(BaseAddress, 16),
int(BaseAddress, 16) + int(RegionSize, 16))
perm = perm.lower()
offset = '00000000'
device = 'fe:01'
inode = 24422442
filename = mappedFilenames.get(mbi.BaseAddress, ' ')
# 08048000-080b0000 r-xp 0804d000 fe:01 3334030 /usr/myfile
lines.append(
'%s %s %s %s %s %s\n' %
(addr, perm, offset, device, inode, filename))
log.debug(
'%s %s %s %s %s %s\n' %
(addr, perm, offset, device, inode, filename))
##generate_memory_snapshot(self, minAddr=None, maxAddr=None)
return lines
# process.suspend()
# try:
# snapshot = process.generate_memory_snapshot()
# for mbi in snapshot:
# print HexDump.hexblock(mbi.content, mbi.BaseAddress)
# finally:
# process.resume()
# process.read_structure()
process = Process(pid)
fileName = process.get_filename()
memoryMap = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames()
if fileName:
log.debug("MemoryHandler map for %d (%s):" % (pid, fileName))
else:
log.debug("MemoryHandler map for %d:" % pid)
log.debug('%d filenames' % len(mappedFilenames))
log.debug('')
log.debug('%d memorymap' % len(memoryMap))
readable = 0
writeable = 0
executable = 0
private = 0
mapped = 0
image = 0
total = 0
for mbi in memoryMap:
size = mbi.RegionSize
if not mbi.is_free():
total += size
if mbi.is_readable():
readable += size
if mbi.is_writeable():
writeable += size
if mbi.is_executable():
executable += size
if mbi.is_private():
private += size
if mbi.is_mapped():
mapped += size
if mbi.is_image():
image += size
width = len(str(total))
log.debug(" %%%ds bytes of readable memory" % width) % int(readable)
log.debug(" %%%ds bytes of writeable memory" %
width) % int(writeable)
log.debug(" %%%ds bytes of executable memory" %
width) % int(executable)
log.debug(" %%%ds bytes of private memory" % width) % int(private)
log.debug(" %%%ds bytes of mapped memory" % width) % int(mapped)
log.debug(" %%%ds bytes of image memory" % width) % int(image)
log.debug(" %%%ds bytes of total memory" % width) % int(total)
log.debug('')
return
def main():
print "Process memory map"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) < 2 or "-h" in sys.argv or "--help" in sys.argv:
script = os.path.basename(sys.argv[0])
print "Usage:"
print " %s <pid>..." % script
print " %s <process.exe>..." % script
return
s = System()
s.request_debug_privileges()
s.scan_processes()
targets = set()
for token in sys.argv[1:]:
try:
pid = HexInput.integer(token)
if not s.has_process(pid):
print "Process not found: %s" % token
return
targets.add(pid)
except ValueError:
pl = s.find_processes_by_filename(token)
if not pl:
print "Process not found: %s" % token
return
for p, n in pl:
pid = p.get_pid()
targets.add(pid)
targets = list(targets)
targets.sort()
for pid in targets:
process = Process(pid)
fileName = process.get_filename()
memoryMap = process.get_memory_map()
mappedFilenames = process.get_mapped_filenames()
if fileName:
print "Memory map for %d (%s):" % (pid, fileName)
else:
print "Memory map for %d:" % pid
print
## print CrashDump.dump_memory_map(memoryMap),
print CrashDump.dump_memory_map(memoryMap, mappedFilenames)
readable = 0
writeable = 0
executable = 0
private = 0
mapped = 0
image = 0
total = 0
for mbi in memoryMap:
size = mbi.RegionSize
if not mbi.is_free():
total += size
if mbi.is_readable():
readable += size
if mbi.is_writeable():
writeable += size
if mbi.is_executable():
executable += size
if mbi.is_private():
private += size
if mbi.is_mapped():
mapped += size
if mbi.is_image():
image += size
width = len(number(total))
print (" %%%ds bytes of readable memory" % width) % number(readable)
print (" %%%ds bytes of writeable memory" % width) % number(writeable)
print (" %%%ds bytes of executable memory" % width) % number(executable)
print (" %%%ds bytes of private memory" % width) % number(private)
print (" %%%ds bytes of mapped memory" % width) % number(mapped)
print (" %%%ds bytes of image memory" % width) % number(image)
print (" %%%ds bytes of total memory" % width) % number(total)
print
