Exemplo n.º 1
0
#!/usr/bin/env python
#
# We are looking for "argv[1]" running under debian
#
# We install the Linux26.find_process_filter on cr3 writes
# The framework will call our filter Before each write
#
from ramooflax import VM, CPUFamily, OSFactory, OSAffinity, log
import sys

# create logging for this script
log.setup(info=True, fail=True)

if len(sys.argv) < 2:
    log("fail", "gimme prog name")
    sys.exit(-1)

# Target process
process_name = sys.argv[1]

# Some offsets for debian 2.6.32-5-486 kernel
settings = {
    "thread_size": 8192,
    "comm": 540,
    "next": 240,
    "mm": 268,
    "pgd": 36
}
os = OSFactory(OSAffinity.Linux26, settings)
hook = os.find_process_filter(process_name)
Exemplo n.º 2
0
#!/usr/bin/env python
#
# We are looking for "argv[1]" running under windows 7
#
# We install a filter on cr3 writes
# On each write, the vmm gives us control
# before the write operation
#
from ramooflax import VM, CPUFamily, OSFactory, OSAffinity, log
import sys

# create logging for this script
log.setup(info=True, fail=True)

if len(sys.argv) < 2:
    log("fail", "gimme prog name")
    sys.exit(-1)

# Target process
process_name = sys.argv[1]

# Some offsets for Windows 7 Premium FR 32 bits
settings = {"kprcb":0x20, "kthread":4,
            "eprocess":0x150, "name":0x16c,
            "cr3":0x18, "next":0xb8}

os = OSFactory(OSAffinity.Win7, settings)
hook = os.find_process_filter(process_name)

#
# Main