def getDiff(d1, d2):
mappings1 = folder.load(d1)
mappings2 = folder.load(d2)
log.debug('Building hashes for %s' % d1.name)
m1 = dict(buildMappingsHashes(mappings1))
log.debug('Building hashes for %s' % d2.name)
m2 = dict(buildMappingsHashes(mappings2))
# new _memory_handler in d2
pnames1 = set([m.pathname for m in m1.values()])
pnames2 = set([m.pathname for m in m2.values()])
new2 = pnames2 - pnames1
news = []
for pathname in new2:
news.extend(mappings2._get_mapping(pathname))
print('new _memory_handler in %s:' % d2.name)
for n in news:
print(n)
# believe in hash funcs.
diff2 = set(m2.keys()) - set(m1.keys())
diffs = []
revm1 = dict((v, k) for k, v in m1.items())
print('modified _memory_handler in %s:' % d2.name)
for h2 in diff2:
m = m2[h2]
if m.pathname in pnames1:
print(m)
diffs.append(m)
return news, diffs
def test_dumptype_dir(self):
'''Checks if dumping to folder works'''
tgt1 = self._make_tgt_dir()
tgt2 = self._make_tgt_dir()
tgt3 = self._make_tgt_dir()
self.devnull = open('/dev/null')
self.process = self.run_app_test('test3', stdout=self.devnull.fileno())
time.sleep(0.1)
out1 = memory_dumper.dump(self.process.pid, tgt1, "dir", True)
self.assertEqual(out1, tgt1) # same name
self._renew_process()
out2 = memory_dumper.dump(self.process.pid, tgt2, "dir", True)
self.assertEqual(out2, tgt2) # same name
self._renew_process()
out3 = memory_dumper.dump(self.process.pid, tgt3, "dir", False)
self.assertEqual(out3, tgt3) # same name
size1 = self.get_folder_size(tgt1)
size2 = self.get_folder_size(tgt2)
size3 = self.get_folder_size(tgt3)
self.assertGreater(size1, 500) # not a null archive
# self.assertGreater(size2, size1) # more _memory_handler
self.assertGreater(size3, size2) # more _memory_handler
# print size1, size2, size3
# print file(out1+'/_memory_handler').read()
# print '-'*80
# print file(out2+'/_memory_handler').read()
# print '-'*80
# print file(out3+'/_memory_handler').read()
# print '-'*80
# test opening by dump_loader
from haystack.mappings import folder
from haystack.mappings.base import MemoryHandler
# PYDOC
# NotImplementedError: MACHINE has not been found.
# laoder should habe a cpu, os_name loading
mappings1 = folder.load(out1, cpu=self.cpu_bits, os_name=self.os_name)
self.assertIsInstance(mappings1, MemoryHandler)
mappings2 = folder.load(out2, cpu=self.cpu_bits, os_name=self.os_name)
mappings3 = folder.load(out3, cpu=self.cpu_bits, os_name=self.os_name)
pathnames1 = [m.pathname for m in mappings1]
pathnames2 = [m.pathname for m in mappings2]
pathnames3 = [m.pathname for m in mappings3]
self.assertEqual(pathnames1, pathnames2)
self.assertEqual(pathnames3, pathnames2)
return
def setUp(self):
dumpname = 'test/src/test-ctypes6.64.dump'
self.memory_handler = folder.load(dumpname)
self.my_model = self.memory_handler.get_model()
self.ctypes_gen64 = self.my_model.import_module("test.src.ctypes6_gen64")
# load TU values
self._load_offsets_values(self.memory_handler.get_name())
def setUp(self):
dumpname = 'test/src/test-ctypes6.64.dump'
self.memory_handler = folder.load(dumpname)
process_context = self.memory_handler.get_reverse_context()
process_context.create_record_cache_folder()
# load TU values
self._load_offsets_values(self.memory_handler.get_name())
def setUpClass(cls):
cls.dumpname = 'test/src/test-ctypes6.32.dump'
config.remove_cache_folder(cls.dumpname)
cls.memory_handler = folder.load(cls.dumpname)
cls.my_target = cls.memory_handler.get_target_platform()
cls.my_ctypes = cls.my_target.get_target_ctypes()
cls.my_utils = cls.my_target.get_target_ctypes_utils()
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes5.32.dump')
self._load_offsets_values('test/src/test-ctypes5.32.dump')
sys.path.append('test/src/')
my_model = self.memory_handler.get_model()
self.ctypes5_gen32 = my_model.import_module("ctypes5_gen32")
my_model.build_python_class_clones(self.ctypes5_gen32)
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes5.32.dump')
self._load_offsets_values('test/src/test-ctypes5.32.dump')
sys.path.append('test/src/')
my_model = self.memory_handler.get_model()
self.ctypes5_gen32 = my_model.import_module("ctypes5_gen32")
my_model.build_python_class_clones(self.ctypes5_gen32)
def setUpClass(cls):
cls.memory_handler = folder.load(cls.memdumpname)
cls.my_target = cls.memory_handler.get_target_platform()
cls.my_ctypes = cls.my_target.get_target_ctypes()
cls.my_utils = cls.my_target.get_target_ctypes_utils()
cls.my_model = cls.memory_handler.get_model()
# load offsets
cls._load_offsets_values(cls.memdumpname)
def setUp(self):
dumpname = 'test/src/test-ctypes6.64.dump'
self.memory_handler = folder.load(dumpname)
self.my_model = self.memory_handler.get_model()
self.ctypes_gen64 = self.my_model.import_module(
"test.src.ctypes6_gen64")
# load TU values
self._load_offsets_values(self.memory_handler.get_name())
def setUpClass(cls):
cls.memory_handler = folder.load('test/src/test-ctypes5.32.dump')
cls.my_target = cls.memory_handler.get_target_platform()
cls.my_ctypes = cls.my_target.get_target_ctypes()
cls.my_utils = cls.my_target.get_target_ctypes_utils()
cls.my_model = cls.memory_handler.get_model()
cls.ctypes5_gen32 = cls.my_model.import_module("test.src.ctypes5_gen32")
cls.validator = listmodel.ListModel(cls.memory_handler, None)
def setUpClass(cls):
cls.memory_handler = folder.load(cls.memdumpname)
cls.my_target = cls.memory_handler.get_target_platform()
cls.my_ctypes = cls.my_target.get_target_ctypes()
cls.my_utils = cls.my_target.get_target_ctypes_utils()
cls.my_model = cls.memory_handler.get_model()
# load offsets
cls._load_offsets_values(cls.memdumpname)
def setUpClass(cls):
cls.memory_handler = folder.load('test/src/test-ctypes5.32.dump')
cls.my_target = cls.memory_handler.get_target_platform()
cls.my_ctypes = cls.my_target.get_target_ctypes()
cls.my_utils = cls.my_target.get_target_ctypes_utils()
cls.my_model = cls.memory_handler.get_model()
cls.ctypes5_gen32 = cls.my_model.import_module(
"test.src.ctypes5_gen32")
cls.validator = listmodel.ListModel(cls.memory_handler, None)
def setUpClass(cls):
cls.dumpname = zeus_856_svchost_exe.dumpname
#config.remove_cache_folder(cls.dumpname)
cls.memory_handler = folder.load(zeus_856_svchost_exe.dumpname)
##
cls.offset = zeus_856_svchost_exe.known_records[0][0]
cls._context = context.get_context_for_address(cls.memory_handler,
cls.offset)
return
def setUp(self):
# os.chdir()
self.memory_handler = folder.load('test/src/test-ctypes3.32.dump')
self._load_offsets_values(self.memory_handler.get_name())
finder = self.memory_handler.get_heap_finder()
walkers = finder.list_heap_walkers()
self.context = context.get_context_for_address(self.memory_handler,
walkers[0])
##
self.dsa = dsa.FieldReverser(self.memory_handler)
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes5.32.dump')
self._load_offsets_values('test/src/test-ctypes5.32.dump')
self.my_target = target.TargetPlatform.make_target_linux_32()
self.my_ctypes = self.my_target.get_target_ctypes()
self.my_utils = self.my_target.get_target_ctypes_utils()
self.my_model = self.memory_handler.get_model()
_constraints = constraints.ModuleConstraints() # empty
self.validator = basicmodel.CTypesRecordConstraintValidator(self.memory_handler, _constraints)
self.ctypes_gen32 = self.my_model.import_module("test.src.ctypes5_gen32")
def setUpClass(cls):
cls.dumpname = zeus_856_svchost_exe.dumpname
cls.memory_handler = folder.load(zeus_856_svchost_exe.dumpname)
cls.process_context = cls.memory_handler.get_reverse_context()
cls.process_context.create_record_cache_folder()
##
cls.offset = zeus_856_svchost_exe.known_records[0][0]
cls._context = context.get_context_for_address(cls.memory_handler,
cls.offset)
api.reverse_instances(cls.memory_handler)
return
def test_list_heap_walkers(self):
memory_handler = folder.load('test/src/test-ctypes1.64.dump')
heap_finder = memory_handler.get_heap_finder()
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
self.assertEqual(walkers[0].get_heap_mapping().pathname, '[heap]')
memory_handler.reset_mappings()
memory_handler = folder.load('test/src/test-ctypes3.64.dump')
heap_finder = memory_handler.get_heap_finder()
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
self.assertEqual(walkers[0].get_heap_mapping().pathname, '[heap]')
memory_handler.reset_mappings()
memory_handler = folder.load('test/src/test-ctypes3.32.dump')
heap_finder = memory_handler.get_heap_finder()
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
self.assertEqual(walkers[0].get_heap_mapping().pathname, '[heap]')
memory_handler.reset_mappings()
def setUp(self):
self.classname = 'haystack.allocators.win32.win7heap.HEAP'
self.known_heaps = [(0x00390000, 8956), (0x00540000, 868),
(0x00580000, 111933), (0x005c0000, 1704080),
(0x01ef0000, 604), (0x02010000, 61348),
(0x02080000, 474949), (0x021f0000, 18762),
(0x03360000, 604), (0x04030000, 632),
(0x04110000, 1334), (0x041c0000, 644),
# from free stuf
(0x0061a000, 1200),
]
self.memory_handler = folder.load(self.memdumpname)
def test_list_heap_walkers(self):
memory_handler = folder.load('test/src/test-ctypes1.64.dump')
heap_finder = memory_handler.get_heap_finder()
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
self.assertEqual(walkers[0].get_heap_mapping().pathname, '[heap]')
memory_handler.reset_mappings()
memory_handler = folder.load('test/src/test-ctypes3.64.dump')
heap_finder = memory_handler.get_heap_finder()
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
self.assertEqual(walkers[0].get_heap_mapping().pathname, '[heap]')
memory_handler.reset_mappings()
memory_handler = folder.load('test/src/test-ctypes3.32.dump')
heap_finder = memory_handler.get_heap_finder()
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
self.assertEqual(walkers[0].get_heap_mapping().pathname, '[heap]')
memory_handler.reset_mappings()
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes5.32.dump')
self._load_offsets_values('test/src/test-ctypes5.32.dump')
self.my_target = target.TargetPlatform.make_target_linux_32()
self.my_ctypes = self.my_target.get_target_ctypes()
self.my_utils = self.my_target.get_target_ctypes_utils()
self.my_model = self.memory_handler.get_model()
_constraints = constraints.ModuleConstraints() # empty
self.validator = basicmodel.CTypesRecordConstraintValidator(
self.memory_handler, _constraints)
self.ctypes_gen32 = self.my_model.import_module(
"test.src.ctypes5_gen32")
def setUpClass(cls):
cls.dumpname = 'test/src/test-ctypes3.32.dump'
config.remove_cache_folder(cls.dumpname)
cls.memory_handler = folder.load(cls.dumpname)
finder = cls.memory_handler.get_heap_finder()
heap_walker = finder.list_heap_walkers()[0]
heap_addr = heap_walker.get_heap_address()
cls.context = context.get_context_for_address(cls.memory_handler, heap_addr)
cls.target = cls.context.memory_handler.get_target_platform()
cls.dsa = dsa.FieldReverser(cls.context.memory_handler)
cls.pta = pointertypes.PointerFieldReverser(cls.context.memory_handler)
return
def test_closestFloorValue(self):
lst = numpy.asarray(range(0, 100, 10))
self.assertEqual(utils.closestFloorValue(41, lst), (40, 4))
self.assertEqual(utils.closestFloorValue(40, lst), (40, 4))
with self.assertRaises(ValueError):
utils.closestFloorValue(-1, lst)
memory_handler = folder.load('test/src/test-ctypes3.32.dump')
finder = memory_handler.get_heap_finder()
walker = finder.list_heap_walkers()[0]
heap_addr = walker.get_heap_address()
ctx = context.get_context_for_address(memory_handler, heap_addr)
lst = ctx._structures_addresses
def setUpClass(cls):
cls.libc_mh_64 = folder.load('test/src/test-ctypes3.64.dump')
cls.libc_mh_32 = folder.load('test/src/test-ctypes3.32.dump')
cls.winxp_mh_32 = folder.load('test/dumps/minidump/cmd.dmp')
cls.winxp_mh_64 = folder.load('test/dumps/minidump/alg.dmp')
cls.win7_mh_32 = folder.load(putty_1_win7.dumpname)
# FIXME, its loaded as a winxp
cls.win7_mh_64 = folder.load('test/dumps/keepass.test')
def setUpClass(cls):
cls.libc_mh_64 = folder.load('test/src/test-ctypes3.64.dump')
cls.libc_mh_32 = folder.load('test/src/test-ctypes3.32.dump')
cls.winxp_mh_32 = folder.load('test/dumps/minidump/cmd.dmp')
cls.winxp_mh_64 = folder.load('test/dumps/minidump/alg.dmp')
cls.win7_mh_32 = folder.load(putty_1_win7.dumpname)
# FIXME, its loaded as a winxp
cls.win7_mh_64 = folder.load('test/dumps/keepass.test')
def setUpClass(cls):
cls.memory_handler = folder.load(zeus_856_svchost_exe.dumpname)
cls._context = context.get_context_for_address(cls.memory_handler,
0x90000)
cls.process_context = cls.memory_handler.get_reverse_context()
fr = dsa.FieldReverser(cls.memory_handler)
fr.reverse()
tfc = dsa.TextFieldCorrection(cls.memory_handler)
tfc.reverse()
doublelink = reversers.DoubleLinkedListReverser(cls.memory_handler)
doublelink.reverse()
doublelink.rename_all_lists()
pfr = pointertypes.PointerFieldReverser(cls.memory_handler)
pfr.reverse()
def setUp(self):
self.memory_handler = folder.load('test/dumps/ssh/ssh.1/')
self.my_target = self.memory_handler.get_target_platform()
self.my_ctypes = self.my_target.get_target_ctypes()
self.my_utils = self.my_target.get_target_ctypes_utils()
self.my_model = self.memory_handler.get_model()
_constraints = constraints.ModuleConstraints() # empty
self.validator = basicmodel.CTypesRecordConstraintValidator(self.memory_handler, _constraints)
try:
self.sslsnoop = self.my_model.import_module("sslsnoop")
except ImportError:
self.skipTest('sslsnoop not present')
self.classname = 'sslsnoop.ctypes_openssh.session_state'
self.known_offset = 0xb84ee318
def setUp(self):
self.memory_handler = folder.load('test/dumps/ssh/ssh.1/')
self.my_target = self.memory_handler.get_target_platform()
self.my_ctypes = self.my_target.get_target_ctypes()
self.my_utils = self.my_target.get_target_ctypes_utils()
self.my_model = self.memory_handler.get_model()
_constraints = constraints.ModuleConstraints() # empty
self.validator = basicmodel.CTypesRecordConstraintValidator(
self.memory_handler, _constraints)
try:
self.sslsnoop = self.my_model.import_module("sslsnoop")
except ImportError:
self.skipTest('sslsnoop not present')
self.classname = 'sslsnoop.ctypes_openssh.session_state'
self.known_offset = 0xb84ee318
def setUp(self):
dumpname = 'test/src/test-ctypes6.64.dump'
# arh ... py2/py3 pickled cache
config.remove_cache_folder(dumpname)
self.memory_handler = folder.load(dumpname)
process_context = self.memory_handler.get_reverse_context()
process_context.create_record_cache_folder()
# load TU values
self._load_offsets_values(self.memory_handler.get_name())
##
self.dllr = reversers.DoubleLinkedListReverser(self.memory_handler)
log.debug('Reversing Fields')
fr = dsa.FieldReverser(self.memory_handler)
fr.reverse()
def setUpClass(cls):
#self.context3 = context.get_context('test/src/test-ctypes3.dump')
cls.dumpname = 'test/src/test-ctypes6.32.dump'
config.remove_cache_folder(cls.dumpname)
cls.memory_handler = folder.load(cls.dumpname)
cls._target = cls.memory_handler.get_target_platform()
finder = cls.memory_handler.get_heap_finder()
heap_walker = finder.list_heap_walkers()[0]
heap_addr = heap_walker.get_heap_address()
cls._load_offsets_values(cls.memory_handler.get_name())
cls.context6 = context.get_context_for_address(cls.memory_handler,
heap_addr)
cls.dsa = dsa.FieldReverser(cls.context6.memory_handler)
cls.st = cls.context6.listStructures()[0]
def setUp(self):
self.classname = 'haystack.allocators.win32.win7heap.HEAP'
self.known_heaps = [
(0x00390000, 8956),
(0x00540000, 868),
(0x00580000, 111933),
(0x005c0000, 1704080),
(0x01ef0000, 604),
(0x02010000, 61348),
(0x02080000, 474949),
(0x021f0000, 18762),
(0x03360000, 604),
(0x04030000, 632),
(0x04110000, 1334),
(0x041c0000, 644),
# from free stuf
(0x0061a000, 1200),
]
self.memory_handler = folder.load(self.memdumpname)
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes5.64.dump')
self._load_offsets_values(self.memory_handler.get_name())
sys.path.append('test/src/')
self.offset = self.offsets['struct_d'][0]
self.m = self.memory_handler.get_mapping_for_address(self.offset)
self._context = context.get_context_for_address(
self.memory_handler, self.offset)
# reverse the heap
if not os.access(
config.get_record_cache_folder_name(self._context.dumpname),
os.F_OK):
os.mkdir(
config.get_record_cache_folder_name(self._context.dumpname))
log.info("[+] Cache created in %s",
config.get_cache_folder_name(self._context.dumpname))
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes6.32.dump')
self.memdumpname = 'test/src/test-ctypes6.32.dump'
self._load_offsets_values(self.memdumpname)
sys.path.append('test/src/')
my_model = self.memory_handler.get_model()
self.ctypes6_gen32 = my_model.import_module("ctypes6_gen32")
handler = constraints.ConstraintsConfigHandler()
my_constraints = handler.read('test/src/ctypes6.constraints')
self.x32_validator = ctypes6.CTypes6Validator(self.memory_handler, my_constraints, self.ctypes6_gen32)
self.offset = self.offsets['test1'][0]
self.m = self.memory_handler.get_mapping_for_address(self.offset)
self.usual = self.m.read_struct(self.offset, self.ctypes6_gen32.struct_usual)
# complex
self.o_rootA = self.offsets['rootA'][0]
self.rootA = self.m.read_struct(self.o_rootA, self.ctypes6_gen32.struct_Node)
self.o_rootB = self.offsets['rootB'][0]
self.rootB = self.m.read_struct(self.o_rootB, self.ctypes6_gen32.struct_Node)
self.o_rootC = self.offsets['rootC'][0]
self.rootC = self.m.read_struct(self.o_rootC, self.ctypes6_gen32.struct_Node)
def test_chunks_numbers(self):
""" Count all user allocations and free chunks (10 sec)"""
memory_handler = folder.load('test/dumps/ssh/ssh.1')
heap_finder = memory_handler.get_heap_finder()
#
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
heap = walkers[0].get_heap_mapping()
walker = heap_finder.get_heap_walker(heap)
# test the number of allocations
allocs = walker.get_user_allocations()
self.assertEqual(len(allocs), 2568)
# test the size of allocations
size = sum([size for addr, size in allocs])
self.assertEqual(size, 105616)
# test the number of free chunks
free = walker.get_free_chunks()
self.assertEqual(len(free), 7)
# test the size of free chunks
size = sum([size for addr, size in free])
self.assertEqual(size, 19252)
return
def test_chunks_numbers(self):
""" Count all user allocations and free chunks (10 sec)"""
memory_handler = folder.load('test/dumps/ssh/ssh.1')
heap_finder = memory_handler.get_heap_finder()
#
walkers = heap_finder.list_heap_walkers()
self.assertEqual(len(walkers), 1)
heap = walkers[0].get_heap_mapping()
walker = heap_finder.get_heap_walker(heap)
# test the number of allocations
allocs = walker.get_user_allocations()
self.assertEqual(len(allocs), 2568)
# test the size of allocations
size = sum([size for addr, size in allocs])
self.assertEqual(size, 105616)
# test the number of free chunks
free = walker.get_free_chunks()
self.assertEqual(len(free), 7)
# test the size of free chunks
size = sum([size for addr, size in free])
self.assertEqual(size, 19252)
return
def test_dumptype_dir(self):
'''Checks if dumping to folder works'''
tgt1 = self._make_tgt_dir()
tgt2 = self._make_tgt_dir()
tgt3 = self._make_tgt_dir()
self.devnull = open('/dev/null')
self.process = self.run_app_test('test3', stdout=self.devnull.fileno())
time.sleep(0.1)
out1 = memory_dumper.dump(self.process.pid, tgt1, "dir", True)
self.assertEqual(out1, tgt1) # same name
self._renew_process()
out2 = memory_dumper.dump(self.process.pid, tgt2, "dir", True)
self.assertEqual(out2, tgt2) # same name
self._renew_process()
out3 = memory_dumper.dump(self.process.pid, tgt3, "dir", False)
self.assertEqual(out3, tgt3) # same name
size1 = self.get_folder_size(tgt1)
size2 = self.get_folder_size(tgt2)
size3 = self.get_folder_size(tgt3)
self.assertGreater(size1, 500) # not a null archive
# self.assertGreater(size2, size1) # more _memory_handler
self.assertGreater(size3, size2) # more _memory_handler
# print size1, size2, size3
# print file(out1+'/_memory_handler').read()
# print '-'*80
# print file(out2+'/_memory_handler').read()
# print '-'*80
# print file(out3+'/_memory_handler').read()
# print '-'*80
# test opening by dump_loader
from haystack.mappings import folder
from haystack.mappings.base import MemoryHandler
# PYDOC
# NotImplementedError: MACHINE has not been found.
# laoder should habe a cpu, os_name loading
mappings1 = folder.load(
out1,
cpu=self.cpu_bits,
os_name=self.os_name)
self.assertIsInstance(mappings1, MemoryHandler)
mappings2 = folder.load(
out2,
cpu=self.cpu_bits,
os_name=self.os_name)
mappings3 = folder.load(
out3,
cpu=self.cpu_bits,
os_name=self.os_name)
pathnames1 = [m.pathname for m in mappings1]
pathnames2 = [m.pathname for m in mappings2]
pathnames3 = [m.pathname for m in mappings3]
self.assertEqual(pathnames1, pathnames2)
self.assertEqual(pathnames3, pathnames2)
return
def setUpClass(cls):
cls.memory_handler = folder.load('test/dumps/putty/putty.1.dump')
cls.my_target = cls.memory_handler.get_target_platform()
cls.my_ctypes = cls.my_target.get_target_ctypes()
cls.my_utils = cls.my_target.get_target_ctypes_utils()
def setUpClass(cls):
cls._memory_handler = folder.load(zeus_1668_vmtoolsd_exe.dumpname)
return
def setUpClass(cls):
# putty 1 was done under win7 32 bits ?
cls._memory_handler = folder.load(putty_1_win7.dumpname)
return
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes6.32.dump')
def setUp(self):
self.memory_handler = folder.load('test/src/test-ctypes6.64.dump')
self.heap_finder = self.memory_handler.get_heap_finder()
self.walkers = self.heap_finder.list_heap_walkers()
self.walker = self.walkers[0]
def setUpClass(cls):
cls.memory_handler = folder.load('test/dumps/ssh/ssh.1')
def setUpClass(cls):
cls.memory_handler = folder.load('test/dumps/putty/putty.1.dump')
cls.my_target = cls.memory_handler.get_target_platform()
cls.my_ctypes = cls.my_target.get_target_ctypes()
cls.my_utils = cls.my_target.get_target_ctypes_utils()
def setUpClass(cls):
cls.memory_handler = folder.load('test/dumps/ssh/ssh.1')
def setUpClass(cls):
cls.memory_handler = folder.load('test/dumps/ssh/ssh.1')
cls.finder = cls.memory_handler.get_heap_finder()
def setUp(self):
dumpname = zeus_856_svchost_exe.dumpname
# config.remove_cache_folder(dumpname)
self.memory_handler = folder.load(dumpname)
process_context = self.memory_handler.get_reverse_context()
def setUpClass(cls):
cls._memory_handler = folder.load(zeus_1668_vmtoolsd_exe.dumpname)
cls._utils = cls._memory_handler.get_target_platform().get_target_ctypes_utils()
return
def setUpClass(cls):
cls.memory_handler = folder.load(putty_1_win7.dumpname)
return
def setUpClass(cls):
cls.memory_handler = folder.load(putty_1_win7.dumpname)
cls.finder = cls.memory_handler.get_heap_finder()
def setUpClass(cls):
cls.memory_handler = folder.load(putty_1_win7.dumpname)
return
