def make(opts):
log.info('[+] Extracting structures from pointer values and offsets.')
## get the list of pointers values pointing to heap
## need cache
mappings = dump_loader.load(opts.dumpfile, lazy=True)
values, heap_addrs, aligned, not_aligned = utils.getHeapPointers(
opts.dumpfile.name, mappings)
dumpname = opts.dumpfile.name
# we
if not os.access(Config.structsCacheDir, os.F_OK):
os.mkdir(Config.structsCacheDir)
heap = mappings.getHeap()
log.info('[+] Reversing %s' % (heap))
# creates
t0 = time.time()
structCache = {}
signatures = {}
lastNb = 0
for anon_struct, structs_addrs in buildAnonymousStructs(
mappings,
heap,
aligned,
not_aligned,
heap_addrs,
structCache,
reverse=False): # reverse is way too slow...
#
# regexp could be better if crossed against another dump.
anon_struct.save()
# save signature
cacheSignature(signatures, anon_struct)
#
nb = len(structs_addrs)
if nb >= lastNb + 1000: #time.time() - t0 > 30 :
td = time.time()
log.info(
'\t[-] extracted @%lx, %lx left - %d structs extracted (%d)' %
(anon_struct.vaddr, heap.end - anon_struct.vaddr,
len(structCache), td - t0))
rewrite(structs_addrs, structCache, dumpname)
saveSignatures(signatures, structCache, dumpname)
log.info('\t\t[.] %2.2f secs to rewrite %d structs' %
(time.time() - td, len(structs_addrs)))
t0 = time.time()
lastNb = nb
Config.nbAnonymousStruct = nb
pass
# final pass
rewrite(structs_addrs, structCache, dumpname)
saveSignatures(signatures, structCache)
## we have :
## resolved PinnedPointers on all sigs in ppMapper.resolved
## unresolved PP in ppMapper.unresolved
## next step
log.info('Pin resolved PinnedPointers to their respective heap.')
def make(opts):
log.info('[+] Extracting structures from pointer values and offsets.')
# get the list of pointers values pointing to heap
# need cache
mappings = dump_loader.load(opts.dumpfile, lazy=True)
values, heap_addrs, aligned, not_aligned = utils.getHeapPointers(
opts.dumpfile.name, mappings)
dumpname = opts.dumpfile.name
# we
if not os.access(Config.structsCacheDir, os.F_OK):
os.mkdir(Config.structsCacheDir)
heap = mappings.get_heap()
log.info('[+] Reversing %s' % (heap))
# creates
t0 = time.time()
structCache = {}
signatures = {}
lastNb = 0
for anon_struct, structs_addrs in buildAnonymousStructs(mappings, heap, aligned,
not_aligned, heap_addrs, structCache, reverse=False): # reverse is way too slow...
#
# regexp could be better if crossed against another dump.
anon_struct.save()
# save signature
cacheSignature(signatures, anon_struct)
#
nb = len(structs_addrs)
if nb >= lastNb + 1000: # time.time() - t0 > 30 :
td = time.time()
log.info('\t[-] extracted @%lx, %lx left - %d structs extracted (%d)' % (anon_struct.vaddr,
heap.end - anon_struct.vaddr, len(structCache), td - t0))
rewrite(structs_addrs, structCache, dumpname)
saveSignatures(signatures, structCache, dumpname)
log.info(
'\t\t[.] %2.2f secs to rewrite %d structs' %
(time.time() - td, len(structs_addrs)))
t0 = time.time()
lastNb = nb
Config.nbAnonymousStruct = nb
pass
# final pass
rewrite(structs_addrs, structCache, dumpname)
saveSignatures(signatures, structCache)
# we have :
# resolved PinnedPointers on all sigs in ppMapper.resolved
# unresolved PP in ppMapper.unresolved
# next step
log.info('Pin resolved PinnedPointers to their respective heap.')
def _init2(self):
# force reload JIT
self._reversedTypes = dict()
self._structures = dict()
log.info('[+] Fetching cached structures addresses list')
#ptr_values, ptr_offsets, aligned_ptr, not_aligned_ptr = utils.getHeapPointers(self.dumpname, self.mappings)
heap_offsets, heap_values = utils.getHeapPointers(self.dumpname, self.mappings)
self._pointers_values = heap_values
self._pointers_offsets = heap_offsets
log.info('[+] Fetching cached malloc chunks list')
# malloc_size is the structures_sizes,
# TODO adaptable allocator win32/linux
self._malloc_addresses, self._malloc_sizes = utils.getAllocations(self.dumpname, self.mappings, self.heap)
self._structures_addresses = self._malloc_addresses
return
