def get_symbol_list(): """ Return list of symbols :return: List of symbols, each element is a dictionary with keys: "mod", "name", and "addr" :rtype: list """ import vmi import windows_vmi from utils import pp_print syms = [] diff_modules = {} proc_list = get_process_list() pp_print("[*] Updating symbol list... Be patient, this may take a while\n") for proc in proc_list: proc_pid = proc["pid"] proc_pgd = proc["pgd"] windows_vmi.windows_update_modules(proc_pgd,update_symbols=True) for module in vmi.modules[proc_pid,proc_pgd].values(): c = module.get_checksum() n = module.get_fullname() if (c,n) not in diff_modules: diff_modules[(c,n)] = module for mod in diff_modules.values(): for ordinal,addr,name in mod.get_symbols(): syms.append({"mod": mod.get_name(),"name": name, "addr": addr}) return syms
def get_module_list(pgd): """ Return list of modules for a given PGD :param pgd: The PGD of the process for which we want to extract the modules :type pgd: int :return: List of modules, each element is a dictionary with keys: "name", "base", and "size" :rtype: list """ import vmi import windows_vmi proc_list = get_process_list() mods = [] found = False for proc in proc_list: proc_pid = proc["pid"] proc_pgd = proc["pgd"] if proc_pgd == pgd: found = True windows_vmi.windows_update_modules(proc_pgd,update_symbols=False) for mod in vmi.modules[(proc_pid,proc_pgd)].values(): mods.append({"name": mod.get_name(), "base": mod.get_base(), "size": mod.get_size()}) if found: return mods else: raise ValueError("Process with PGD %x not found" % pgd)
def update_modules(proc_pgd, update_symbols=False): global os_family from windows_vmi import windows_update_modules from linux_vmi import linux_update_modules hook_points = None if os_family == OS_FAMILY_WIN: hook_points = windows_update_modules(proc_pgd, update_symbols) elif os_family == OS_FAMILY_LINUX: hook_points = linux_update_modules(proc_pgd, update_symbols) return hook_points