コード例 #1
0
 def _load_metadata(self):
   """ Load  amemory dump meta data """
   mappingsFile = self._open_file(self.archive, self.indexFilename)
   self.metalines = []
   for l in mappingsFile.readlines():
     fields = l.strip().split(' ')
     if '' in fields:
       fields.remove('')
     self.metalines.append( ( fields[0], fields[1], fields[2], fields[3], fields[4], fields[5], ' '.join(fields[6:]) )  )
   # test if x32 or x64
   if len(fields[0]) > 10:
     log.info('[+] WORDSIZE = 8 #x64 arch dump detected')
     Config.set_word_size(8)
   else:
     Config.set_word_size(4)
   return
コード例 #2
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Tests haystack.utils ."""

import struct
import operator
import os
import unittest

from haystack.config import Config
Config.set_word_size(4)

import ctypes
from haystack import memory_mapping
from haystack.model import LoadableMembersStructure
from haystack import utils

__author__ = "Loic Jaquemet"
__copyright__ = "Copyright (C) 2012 Loic Jaquemet"
__email__ = "*****@*****.**"
__license__ = "GPL"
__maintainer__ = "Loic Jaquemet"
__status__ = "Production"


class St(LoadableMembersStructure):
    _fields_ = [('a', ctypes.c_int)]


class St2(LoadableMembersStructure):
    _fields_ = [('a', ctypes.c_int)]
コード例 #3
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""Tests for haystack.reverse.structure."""

import logging
import struct
import operator
import os
import unittest
import pickle
import sys

from haystack.config import Config
Config.set_word_size(4) # forcing it on these unittest

from haystack import utils, model
from haystack.reverse.win32 import win7heapwalker, win7heap
from haystack.reverse.win32.win7heap import HEAP, HEAP_ENTRY
from haystack import dump_loader

__author__ = "Loic Jaquemet"
__copyright__ = "Copyright (C) 2012 Loic Jaquemet"
__license__ = "GPL"
__maintainer__ = "Loic Jaquemet"
__email__ = "*****@*****.**"
__status__ = "Production"

import ctypes 

log = logging.getLogger('testwalker')
コード例 #4
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Tests for haystack.reverse.structure."""

import logging
import struct
import operator
import os
import unittest
import pickle
import sys

from haystack.config import Config

Config.set_word_size(4)  # forcing it on these unittest

from haystack.reverse import context
from haystack.reverse.libc import ctypes_malloc as ctypes_alloc
from haystack.reverse.libc import libcheapwalker
from haystack import dump_loader

__author__ = "Loic Jaquemet"
__copyright__ = "Copyright (C) 2012 Loic Jaquemet"
__license__ = "GPL"
__maintainer__ = "Loic Jaquemet"
__email__ = "*****@*****.**"
__status__ = "Production"

import ctypes
コード例 #5
0
ファイル: test_model.py プロジェクト: Macdawr/python-haystack 
#!/usr/bin/env python
# -*- coding: utf-8 -*-

"""Tests haystack.model ."""

import logging
import unittest
import sys

from haystack.config import Config
Config.set_word_size(4) # force it

from haystack import dump_loader
from haystack import model
from haystack import utils
from haystack.reverse.win32 import win7heapwalker 
from haystack.utils import isCStringPointer, isPointerType, isVoidPointerType, isFunctionType, getaddress

class TestReferenceBook(unittest.TestCase):
  ''' Test the reference book
  '''

  def setUp(self):
    self.mappings = dump_loader.load('test/dumps/putty/putty.1.dump')
    heap = self.mappings.getHeap()
    # execute a loadMembers
    walker = win7heapwalker.Win7HeapWalker(self.mappings, heap, 0)
    self.heap_obj = walker._heap
  
  def tearDown(self):
    model.reset()
コード例 #6
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Copyright (C) 2011 Loic Jaquemet [email protected]
#

__author__ = "Loic Jaquemet [email protected]"

import struct
import operator
import os
import unittest

from haystack.config import Config

Config.set_word_size(4)

from haystack import memory_mapping
from haystack.reverse import pointerfinder

Config.MMAP_START = 0x0C00000
Config.MMAP_STOP = 0x0C01000
Config.MMAP_LENGTH = 4096
Config.STRUCT_OFFSET = 44
# Config.cacheDir = os.path.normpath('./outputs/')


def accumulate(iterable, func=operator.add):
    it = iter(iterable)
    total = next(it)
    yield total
コード例 #7
0
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Tests haystack.model ."""

import logging
import unittest
import sys

from haystack.config import Config
Config.set_word_size(4)  # force it

from haystack import dump_loader
from haystack import model
from haystack import utils
from haystack.reverse.win32 import win7heapwalker
from haystack.utils import isCStringPointer, isPointerType, isVoidPointerType, isFunctionType, getaddress


class TestReferenceBook(unittest.TestCase):
    ''' Test the reference book
  '''
    def setUp(self):
        self.mappings = dump_loader.load('test/dumps/putty/putty.1.dump')
        heap = self.mappings.getHeap()
        # execute a loadMembers
        walker = win7heapwalker.Win7HeapWalker(self.mappings, heap, 0)
        self.heap_obj = walker._heap

    def tearDown(self):
        model.reset()
        self.mappings = None