def iterate_strings(targets, regex=None, min_length=4, max_length=51, omit='isxr', portions=4096, nodup=True, terminate=None):
if not targets:
return
if type(targets) == (str, int):
targets = [targets]
targets = set([try_int(x) for x in targets])
if regex is None:
printable = re.compile('^[\x20-\x7e]{{{},{}}}$'.format(min_length, max_length))
else:
printable = re.compile(regex)
for process in memorpy.Process.list():
if terminate is not None and terminate.is_set():
break
try:
if not (
process.get('pid') in targets or os.path.basename(process.get('name')) in targets
):
continue
except:
continue
strings = []
pid = process.get('pid')
name = process.get('name')
try:
mw = memorpy.MemWorker(pid=process.get('pid'))
duplicates = set()
for _, (cstring,) in mw.mem_search('([^\x00]+)', ftype='groups', optimizations=omit):
if terminate is not None and terminate.is_set():
break
if printable.match(cstring):
if nodup:
if cstring in duplicates:
continue
duplicates.add(cstring)
strings.append(cstring)
if len(strings) >= portions:
yield pid, name, strings
del strings[:]
except Exception, e:
logging.exception('MemWorker failed: %s', e)
if strings:
yield pid, name, strings
del strings[:]
def get_pid_strings(self, pid):
try:
mw = memorpy.MemWorker(pid=pid)
matcher = self.policy or self.printable
for _, (cstring, ) in mw.mem_search('([\x20-\x7e]+)\x00',
ftype='groups',
optimizations='ixrs'):
if matcher.match(cstring):
if cstring not in self.duplicates:
yield cstring
if len(self.duplicates) > self.maxdups:
self.duplicates = set()
self.duplicates.add(cstring)
except:
pass