def calculate(self):
proc_maps = linux_proc_maps.linux_proc_maps(self._config).calculate()
dalvikVMs = dalvik_vms.dalvik_vms(self._config).calculate()
for task, gDvm in dalvikVMs:
for entry in gDvm.loadedClasses.dereference().get_entries():
clazz = obj.Object('ClassObject', offset = entry, vm = gDvm.loadedClasses.obj_vm)
yield task, clazz
def _calculate(self):
linux_common.set_plugin_members(self)
vmas = linux_proc_maps.linux_proc_maps(self._config).calculate()
print "pname\t"+self._config.PNAME
for (task, vma) in vmas:
if not self._config.PNAME or self._config.PNAME==str(task.comm):
for page in self.read_addr_range(task, vma.vm_start, vma.vm_end):
if page:
yield page
def calculate(self):
linux_common.set_plugin_members(self)
vmas = linux_proc_maps.linux_proc_maps(self._config).calculate()
for (task, vma) in vmas:
if not self._config.VMA or vma.vm_start == self._config.VMA:
for page in self.read_addr_range(task, vma.vm_start, vma.vm_end):
if page:
yield page
def calculate(self):
proc_maps = linux_proc_maps.linux_proc_maps(self._config).calculate()
dalvikVMs = dalvik_vms.dalvik_vms(self._config).calculate()
for task, gDvm in dalvikVMs:
for entry in gDvm.loadedClasses.dereference().get_entries():
clazz = obj.Object('ClassObject',
offset=entry,
vm=gDvm.loadedClasses.obj_vm)
yield task, clazz
def calculate(self):
linux_common.set_plugin_members(self)
vmas = linux_proc_maps.linux_proc_maps(self._config).calculate()
for (task, vma) in vmas:
if not self._config.VMA or vma.vm_start == self._config.VMA:
for page in self.read_addr_range(task, vma.vm_start,
vma.vm_end):
if page:
yield page
def _calculate(self):
linux_common.set_plugin_members(self)
vmas = linux_proc_maps.linux_proc_maps(self._config).calculate()
print "pname\t" + self._config.PNAME
for (task, vma) in vmas:
if not self._config.PNAME or self._config.PNAME == str(task.comm):
for page in self.read_addr_range(task, vma.vm_start,
vma.vm_end):
if page:
yield page
def get_data_section(config, what):
proc_maps = linux_proc_maps.linux_proc_maps(config).calculate()
for task, vma in proc_maps:
if not vma.vm_file:
continue
if not linux_common.get_path(task, vma.vm_file) == what:
continue
if not (vma.vm_flags & linux_flags.VM_READ and vma.vm_flags & linux_flags.VM_WRITE and not vma.vm_flags & linux_flags.VM_EXEC):
continue
yield task, vma
def calculate(self):
if (not self._config.OUT_DIR
or not os.path.isdir(self._config.OUT_DIR)):
debug.error("Please specify an existing output dir (--out-dir)")
if (not os.path.isfile("./loader")):
debug.error(
"Cannot find 'loader' inside current working directory, compile it or `cd` in the right directory"
)
# Extract mappings, kind of ugly but i did not find another way to call the modules..
for p in linux_pslist.linux_pslist(self._config).calculate():
pname = str(p.comm)
if pname == 'X' or pname == 'Xorg':
break
tmp_dir = tempfile.mkdtemp()
self._config.add_option("PID")
self._config.add_option("DUMP_DIR")
self._config.PID = str(p.pid)
self._config.DUMP_DIR = tmp_dir
out = StringIO.StringIO()
data = linux_proc_maps.linux_proc_maps(self._config).calculate()
print("[+] Dumping Xorg memory mappings in %s" % tmp_dir)
linux_dump_map.linux_dump_map(self._config).render_text(out, data)
# Extract screenshots
xw = linux_xwindows.linux_xwindows(self._config)
for msg, screen_windows, screen_info in xw.calculate():
for screen_id, win in screen_windows:
# print('{} on Screen {}\n'.format(str(win), screen_id))
if win.drawable.type == 0 and win.drawable.width > 150 and win.drawable.height > 150:
out = StringIO.StringIO()
xw.visit_property(
win.optional.dereference().userProps.dereference(),
out)
loader = [
"./loader",
str(win.drawable),
str(win.drawable.pScreen.visuals),
str(win.borderWidth),
str(screen_info.imageByteOrder),
str(screen_info.bitmapScanlineUnit),
str(screen_info.bitmapScanlinePad),
str(screen_info.bitmapBitOrder),
str(win.drawable.pScreen.GetImage),
str(tmp_dir),
str(self._config.OUT_DIR)
]
print("[+] Calling %s" % ' '.join(loader))
subprocess.check_call(loader)
