Python VM.resume Exemples

Exemple #1

Fichier : find_kmem.py Projet : chubbymaggie/ramooflax_scripts

                    for p in ulst:
                        log("fkm", fmt % (a,ka,p,kp))

##
## Main
##
peer = "172.16.131.128:1337"
vm = VM(CPUFamily.Intel, peer)

vm.nr_cr3 = 1
vm.ads = {}
#keep track of every kernel physical pages
vm.kppg = defaultdict(list)

log.setup(info=True, fail=True,
          gdb=False, vm=True,
          brk=True,  evt=False,
          fkm=(True,log.blue))

vm.attach()
vm.stop()

vm.cpu.filter_write_cr(3, wcr3)

log("info", "ready!")
while len(vm.ads) < vm.nr_cr3:
    vm.resume()

vm.detach()
find_kmem(vm)

Exemple #2

Fichier : set_active_process_linux.py Projet : Trietptm-on-Coding-Algorithms/ramooflax_scripts

process_name = sys.argv[1]

# Some offsets for debian 2.6.32-5-486 kernel
settings = {
    "thread_size": 8192,
    "comm": 540,
    "next": 240,
    "mm": 268,
    "pgd": 36
}
os = OSFactory(OSAffinity.Linux26, settings)
hook = os.find_process_filter(process_name)

##
## Main
##
peer = "172.16.131.128:1337"
vm = VM(CPUFamily.Intel, peer)

vm.attach()
vm.stop()
vm.cpu.filter_write_cr(3, hook)

while not vm.resume():
    continue

vm.cpu.release_write_cr(3)
vm.cpu.set_active_cr3(os.get_process_cr3(), True, OSAffinity.Linux26)
log("info", "active cr3 installed for %#x" % os.get_process_cr3())
vm.detach()

Exemple #3

Fichier : set_active_process_linux.py Projet : chubbymaggie/ramooflax_scripts

if len(sys.argv) < 2:
    log("fail", "gimme prog name")
    sys.exit(-1)

# Target process
process_name = sys.argv[1]

# Some offsets for debian 2.6.32-5-486 kernel
settings = {"thread_size":8192, "comm":540, "next":240, "mm":268, "pgd":36}
os = OSFactory(OSAffinity.Linux26, settings)
hook = os.find_process_filter(process_name)

##
## Main
##
peer = "172.16.131.128:1337"
vm = VM(CPUFamily.Intel, peer)

vm.attach()
vm.stop()
vm.cpu.filter_write_cr(3, hook)

while not vm.resume():
    continue

vm.cpu.release_write_cr(3)
vm.cpu.set_active_cr3(os.get_process_cr3(), True, OSAffinity.Linux26)
log("info", "active cr3 installed for %#x" % os.get_process_cr3())
vm.detach()

Exemple #4

Fichier : break_process_linux.py Projet : chubbymaggie/ramooflax_scripts

# create logging for this script
log.setup(info=(True,Log.blue), fail=(True,Log.red),
          brk=True, gdb=True, vm=True, evt=True)

##
## Main
##
peer = "172.16.131.128:1337"
vm = VM(CPUFamily.Intel, peer)

vm.attach()
vm.stop()
vm.cpu.breakpoints.add_data_w(vm.cpu.sr.tr_base+4, 4, hook)

while not vm.resume():
    continue

vm.cpu.breakpoints.remove(1)
vm.cpu.set_active_cr3(os.get_process_cr3(), affinity=OSAffinity.Linux26)
log("info", "found break process")

#
# Breakpoints handling
#

#1
vm.cpu.breakpoints.remove()
vm.cpu.breakpoints.add_insn(0x804844b)
vm.cpu.breakpoints.add_insn(0x804846b, lambda x:False)
while vm.resume():

Exemple #5

          brk=True,
          gdb=True,
          vm=True,
          evt=True)

##
## Main
##
peer = "172.16.131.128:1337"
vm = VM(CPUFamily.Intel, peer)

vm.attach()
vm.stop()
vm.cpu.breakpoints.add_data_w(vm.cpu.sr.tr_base + 4, 4, hook)

while not vm.resume():
    continue

vm.cpu.breakpoints.remove(1)
vm.cpu.set_active_cr3(os.get_process_cr3(), affinity=OSAffinity.Linux26)
log("info", "found break process")

#
# Breakpoints handling
#

#1
vm.cpu.breakpoints.remove()
vm.cpu.breakpoints.add_insn(0x804844b)
vm.cpu.breakpoints.add_insn(0x804846b, lambda x: False)
while vm.resume():

Exemple #6

##
## Main
##
peer = "172.16.131.128:1337"
vm = VM(CPUFamily.Intel, peer)

vm.nr_cr3 = 1
vm.ads = {}
#keep track of every kernel physical pages
vm.kppg = defaultdict(list)

log.setup(info=True,
          fail=True,
          gdb=False,
          vm=True,
          brk=True,
          evt=False,
          fkm=(True, log.blue))

vm.attach()
vm.stop()

vm.cpu.filter_write_cr(3, wcr3)

log("info", "ready!")
while len(vm.ads) < vm.nr_cr3:
    vm.resume()

vm.detach()
find_kmem(vm)