def _load_metadata(self):
""" Load amemory dump meta data """
mappingsFile = self._open_file(self.archive, self.indexFilename)
self.metalines = []
for l in mappingsFile.readlines():
fields = l.strip().split(' ')
if '' in fields:
fields.remove('')
self.metalines.append( ( fields[0], fields[1], fields[2], fields[3], fields[4], fields[5], ' '.join(fields[6:]) ) )
# test if x32 or x64
if len(fields[0]) > 10:
log.info('[+] WORDSIZE = 8 #x64 arch dump detected')
Config.set_word_size(8)
else:
Config.set_word_size(4)
return
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Tests haystack.utils ."""
import struct
import operator
import os
import unittest
from haystack.config import Config
Config.set_word_size(4)
import ctypes
from haystack import memory_mapping
from haystack.model import LoadableMembersStructure
from haystack import utils
__author__ = "Loic Jaquemet"
__copyright__ = "Copyright (C) 2012 Loic Jaquemet"
__email__ = "*****@*****.**"
__license__ = "GPL"
__maintainer__ = "Loic Jaquemet"
__status__ = "Production"
class St(LoadableMembersStructure):
_fields_ = [('a', ctypes.c_int)]
class St2(LoadableMembersStructure):
_fields_ = [('a', ctypes.c_int)]
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Tests for haystack.reverse.structure."""
import logging
import struct
import operator
import os
import unittest
import pickle
import sys
from haystack.config import Config
Config.set_word_size(4) # forcing it on these unittest
from haystack import utils, model
from haystack.reverse.win32 import win7heapwalker, win7heap
from haystack.reverse.win32.win7heap import HEAP, HEAP_ENTRY
from haystack import dump_loader
__author__ = "Loic Jaquemet"
__copyright__ = "Copyright (C) 2012 Loic Jaquemet"
__license__ = "GPL"
__maintainer__ = "Loic Jaquemet"
__email__ = "*****@*****.**"
__status__ = "Production"
import ctypes
log = logging.getLogger('testwalker')
#!/usr/bin/env python # -*- coding: utf-8 -*- """Tests for haystack.reverse.structure.""" import logging import struct import operator import os import unittest import pickle import sys from haystack.config import Config Config.set_word_size(4) # forcing it on these unittest from haystack.reverse import context from haystack.reverse.libc import ctypes_malloc as ctypes_alloc from haystack.reverse.libc import libcheapwalker from haystack import dump_loader __author__ = "Loic Jaquemet" __copyright__ = "Copyright (C) 2012 Loic Jaquemet" __license__ = "GPL" __maintainer__ = "Loic Jaquemet" __email__ = "*****@*****.**" __status__ = "Production" import ctypes
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Tests haystack.model ."""
import logging
import unittest
import sys
from haystack.config import Config
Config.set_word_size(4) # force it
from haystack import dump_loader
from haystack import model
from haystack import utils
from haystack.reverse.win32 import win7heapwalker
from haystack.utils import isCStringPointer, isPointerType, isVoidPointerType, isFunctionType, getaddress
class TestReferenceBook(unittest.TestCase):
''' Test the reference book
'''
def setUp(self):
self.mappings = dump_loader.load('test/dumps/putty/putty.1.dump')
heap = self.mappings.getHeap()
# execute a loadMembers
walker = win7heapwalker.Win7HeapWalker(self.mappings, heap, 0)
self.heap_obj = walker._heap
def tearDown(self):
model.reset()
#!/usr/bin/env python # -*- coding: utf-8 -*- # # Copyright (C) 2011 Loic Jaquemet [email protected] # __author__ = "Loic Jaquemet [email protected]" import struct import operator import os import unittest from haystack.config import Config Config.set_word_size(4) from haystack import memory_mapping from haystack.reverse import pointerfinder Config.MMAP_START = 0x0C00000 Config.MMAP_STOP = 0x0C01000 Config.MMAP_LENGTH = 4096 Config.STRUCT_OFFSET = 44 # Config.cacheDir = os.path.normpath('./outputs/') def accumulate(iterable, func=operator.add): it = iter(iterable) total = next(it) yield total
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""Tests haystack.model ."""
import logging
import unittest
import sys
from haystack.config import Config
Config.set_word_size(4) # force it
from haystack import dump_loader
from haystack import model
from haystack import utils
from haystack.reverse.win32 import win7heapwalker
from haystack.utils import isCStringPointer, isPointerType, isVoidPointerType, isFunctionType, getaddress
class TestReferenceBook(unittest.TestCase):
''' Test the reference book
'''
def setUp(self):
self.mappings = dump_loader.load('test/dumps/putty/putty.1.dump')
heap = self.mappings.getHeap()
# execute a loadMembers
walker = win7heapwalker.Win7HeapWalker(self.mappings, heap, 0)
self.heap_obj = walker._heap
def tearDown(self):
model.reset()
self.mappings = None
