def reverseInstances(dumpname): from haystack.reverse import context log.debug ('[+] Loading the memory dump ') ctx = context.get_context(dumpname) try: if not os.access(Config.getStructsCacheDir(ctx.dumpname), os.F_OK): os.mkdir(Config.getStructsCacheDir(ctx.dumpname)) # we use common allocators to find structures. #log.debug('Reversing malloc') #mallocRev = MallocReverser() #ctx = mallocRev.reverse(ctx) #mallocRev.check_inuse(ctx) # try to find some logical constructs. log.debug('Reversing DoubleLinkedListReverser') doublelink = DoubleLinkedListReverser() ctx = doublelink.reverse(ctx) # decode bytes contents to find basic types. log.debug('Reversing Fields') fr = FieldReverser() ctx = fr.reverse(ctx) # identify pointer relation between structures log.debug('Reversing PointerFields') pfr = PointerFieldReverser() ctx = pfr.reverse(ctx) # graph pointer relations between structures log.debug('Reversing PointerGraph') ptrgraph = PointerGraphReverser() ctx = ptrgraph.reverse(ctx) ptrgraph._saveStructures(ctx) #save to file save_headers(ctx) #fr._saveStructures(ctx) ##libRev = KnowStructReverser('libQt') ##ctx = libRev.reverse(ctx) # we have more enriched context # etc except KeyboardInterrupt,e: #except IOError,e: log.warning(e) log.info('[+] %d structs extracted'%( context.structuresCount()) ) raise e pass
def reverseInstances(dumpname): from haystack.reverse import context log.debug('[+] Loading the memory dump ') ctx = context.get_context(dumpname) try: if not os.access(Config.getStructsCacheDir(ctx.dumpname), os.F_OK): os.mkdir(Config.getStructsCacheDir(ctx.dumpname)) # we use common allocators to find structures. #log.debug('Reversing malloc') #mallocRev = MallocReverser() #ctx = mallocRev.reverse(ctx) #mallocRev.check_inuse(ctx) # try to find some logical constructs. log.debug('Reversing DoubleLinkedListReverser') doublelink = DoubleLinkedListReverser() ctx = doublelink.reverse(ctx) # decode bytes contents to find basic types. log.debug('Reversing Fields') fr = FieldReverser() ctx = fr.reverse(ctx) # identify pointer relation between structures log.debug('Reversing PointerFields') pfr = PointerFieldReverser() ctx = pfr.reverse(ctx) # graph pointer relations between structures log.debug('Reversing PointerGraph') ptrgraph = PointerGraphReverser() ctx = ptrgraph.reverse(ctx) ptrgraph._saveStructures(ctx) #save to file save_headers(ctx) #fr._saveStructures(ctx) ##libRev = KnowStructReverser('libQt') ##ctx = libRev.reverse(ctx) # we have more enriched context # etc except KeyboardInterrupt, e: #except IOError,e: log.warning(e) log.info('[+] %d structs extracted' % (context.structuresCount())) raise e pass
def saveme(self): if not self._dirty: return sdir = Config.getStructsCacheDir(self._context.dumpname) if not os.path.isdir(sdir): os.mkdir(sdir) fname = makeFilename(self._context, self) try: # FIXME : loops create pickle loops #print self.__dict__.keys() pickle.dump(self, file(fname,'w')) except RuntimeError,e: log.error(e) print self.toString()
def saveme(self): if not self._dirty: return sdir = Config.getStructsCacheDir(self._context.dumpname) if not os.path.isdir(sdir): os.mkdir(sdir) fname = makeFilename(self._context, self) try: # FIXME : loops create pickle loops #print self.__dict__.keys() pickle.dump(self, file(fname, 'w')) except RuntimeError, e: log.error(e) print self.toString()
def saveme(self): if not self._dirty: return sdir = Config.getStructsCacheDir(self._context.dumpname) if not os.path.isdir(sdir): os.mkdir(sdir) fname = makeFilename(self._context, self) try: pickle.dump(self, file(fname, 'w')) except KeyboardInterrupt, e: # clean it, its stale os.remove(fname) log.warning('removing %s' % (fname)) import sys ex = sys.exc_info() raise ex[1], None, ex[2]
def saveme(self): if not self._dirty: return sdir = Config.getStructsCacheDir(self._context.dumpname) if not os.path.isdir(sdir): os.mkdir(sdir) fname = makeFilename(self._context, self) try: pickle.dump(self, file(fname,'w')) except KeyboardInterrupt, e: # clean it, its stale os.remove(fname) log.warning('removing %s'%(fname)) import sys ex = sys.exc_info() raise ex[1], None, ex[2]
def makeFilename(context, st): sdir = Config.getStructsCacheDir(context.dumpname) if not os.path.isdir(sdir): os.mkdir(sdir) return os.path.sep.join([sdir, str(st)])