def show_disassemble(pid, addr, size, Flag=True): x = int(addr, 16) process = Process(pid) if Flag == True: code = process.disassemble(x, size * 8) else: data = process.read(x, size * 8) code = process.disassemble_string(x, data) s = '' for line in code: print CrashDump.dump_code_line(line, bShowDump=True, dwDumpWidth=16) s += CrashDump.dump_shell_line(line) return s
def print_alnum_jump_addresses(pid): # Request debug privileges so we can inspect the memory of services too. System.request_debug_privileges() # Suspend the process so there are no malloc's and free's while iterating. process = Process(pid) process.suspend() try: # For each executable alphanumeric address... for address, packed, module in iterate_alnum_jump_addresses(process): # Format the address for printing. numeric = HexDump.address(address, process.get_bits()) ascii = repr(packed) # Format the module name for printing. if module: modname = module.get_name() else: modname = "" # Try to disassemble the code at this location. try: code = process.disassemble(address, 16)[0][2] except NotImplementedError: code = "" # Print it. print numeric, ascii, modname, code # Resume the process when we're done. # This is inside a "finally" block, so if the program is interrupted # for any reason we don't leave the process suspended. finally: process.resume()