def _make_mmap_with_values(self, intervals, struct_offset=None):
"""
Make a memory map, with a fake structure of pointer pattern inside.
Return the pattern signature
:param intervals:
:param struct_offset:
:return:
"""
# template of a memory map metadata
self._mstart = 0x0c00000
self._mlength = 4096 # end at (0x0c01000)
# could be 8, it doesn't really matter
self.word_size = self.target.get_word_size()
if struct_offset is not None:
self._struct_offset = struct_offset
else:
self._struct_offset = self.word_size * 12 # 12, or any other aligned
mmap, values = self._make_mmap(0x0c00000, 4096, self._struct_offset,
intervals, self.word_size)
# add a reference to mmap in mmap2
ammap2 = AMemoryMapping(0xff7dc000, 0xff7dc000 + 0x1000, '-rwx', 0, 0,
0, 0, 'test_mmap2')
ammap2.set_ctypes(self.target.get_target_ctypes())
mmap2 = LocalMemoryMapping.fromBytebuffer(ammap2,
mmap.get_byte_buffer())
self._memory_handler = MemoryHandler([mmap, mmap2], self.target,
'test')
self.mmap2 = mmap2
return mmap, values
def _make_mmap_with_values(self, intervals, struct_offset=None):
"""
Make a memory map, with a fake structure of pointer pattern inside.
Return the pattern signature
:param intervals:
:param struct_offset:
:return:
"""
# template of a memory map metadata
self._mstart = 0x0c00000
self._mlength = 4096 # end at (0x0c01000)
# could be 8, it doesn't really matter
self.word_size = self.target.get_word_size()
if struct_offset is not None:
self._struct_offset = struct_offset
else:
self._struct_offset = self.word_size*12 # 12, or any other aligned
mmap,values = self._make_mmap(0x0c00000, 4096, self._struct_offset,
intervals, self.word_size)
# add a reference to mmap in mmap2
ammap2 = AMemoryMapping(0xff7dc000, 0xff7dc000+0x1000, '-rwx', 0, 0, 0, 0, 'test_mmap2')
mmap2 = LocalMemoryMapping.fromBytebuffer(ammap2, mmap.get_byte_buffer())
mmap2.set_target_platform(self.target)
self._memory_handler = MemoryHandler([mmap, mmap2], self.target, 'test')
self.mmap2 = mmap2
return mmap, values
def _make_mmap(self, mstart, mlength, struct_offset, seq, word_size):
'''Create memory mapping with some pointer values at specific
intervals. '''
nsig = [struct_offset]
nsig.extend(seq)
# rewrite intervals indices to offsets from start
indices = [i for i in self._accumulate(nsig)]
dump = [] # b''
values = []
fmt = self.config.get_word_type_char()
# write a memory map with valid pointer address in specifics offsets.
for i in range(0, mlength, word_size):
if i in indices:
log.debug('Insert word %x at 0x%x',mstart + i,mstart + i)
dump.append(struct.pack(fmt, mstart + i))
values.append(mstart + i)
else:
dump.append(struct.pack(fmt, 0x2e2e2e2e2e2e2e2e))
if len(dump) != mlength / word_size:
raise ValueError('error 1 on length dump %d ' % (len(dump)))
dump2 = ''.join(dump)
if len(dump) * word_size != len(dump2):
print dump
raise ValueError(
'error 2 on length dump %d dump2 %d' %
(len(dump), len(dump2)))
stop = mstart + len(dump2)
mmap = MemoryMapping(mstart, stop, '-rwx', 0, 0, 0, 0, 'test_mmap')
mmap2 = LocalMemoryMapping.fromBytebuffer(mmap, dump2)
mmap2.init_config(self.config)
return mmap2, values
def _load_memory_mappings(self):
""" make the python objects"""
self.mappings = Mappings(None, self.dumpname)
for _start, _end, permissions, offset, devices, inode, mmap_pathname in self.metalines:
start, end = int(_start, 16), int(_end, 16)
offset = int(offset, 16)
inode = int(inode)
# rebuild filename
mmap_fname = "%s-%s" % (_start, _end)
# get devices nums
major_device, minor_device = devices.split(':')
major_device = int(major_device, 16)
minor_device = int(minor_device, 16)
log.debug('Loading %s - %s' % (mmap_fname, mmap_pathname))
# open the file in the archive
try:
mmap_content_file = self._protected_open_file(
mmap_fname,
mmap_pathname)
except (IOError, KeyError) as e:
log.debug('Ignore absent file : %s' % (e))
mmap = MemoryMapping(start, end, permissions, offset,
major_device, minor_device, inode, pathname=mmap_pathname)
self.mappings.append(mmap)
continue
# except ValueError,e: # explicit non-loading
# log.debug('Ignore useless file : %s'%(e))
# mmap = MemoryMapping(start, end, permissions, offset,
# major_device, minor_device, inode,pathname=mmap_pathname)
# self.mappings.append(mmap)
# continue
except LazyLoadingException as e:
mmap = FilenameBackedMemoryMapping(e._filename, start, end, permissions, offset,
major_device, minor_device, inode, pathname=mmap_pathname)
self.mappings.append(mmap)
continue
if isinstance(self.archive, zipfile.ZipFile): # ZipExtFile is lame
log.warning(
'Using a local memory mapping . Zipfile sux. thx ruby.')
mmap = MemoryMapping(start, end, permissions, offset,
major_device, minor_device, inode, pathname=mmap_pathname)
mmap = LocalMemoryMapping.fromBytebuffer(
mmap,
mmap_content_file.read())
# use file mmap when file is too big
elif end - start > config.MAX_MAPPING_SIZE_FOR_MMAP:
log.warning('Using a file backed memory mapping. no mmap in memory for this memorymap (%s).' % (mmap_pathname) +
' Search will fail. Buffer is needed.')
mmap = FileBackedMemoryMapping(mmap_content_file, start, end, permissions, offset,
major_device, minor_device, inode, pathname=mmap_pathname)
else:
log.debug('Using a MemoryDumpMemoryMapping. small size')
mmap = MemoryDumpMemoryMapping(mmap_content_file, start, end, permissions, offset,
major_device, minor_device, inode, pathname=mmap_pathname)
self.mappings.append(mmap)
self.mappings.init_config(cpu=self._cpu_bits, os_name=self._os_name)
return
def mmap(self):
"""
mmap-ed access gives a 20% perf increase on by tests
:return:
"""
# DO NOT USE ptrace.process.readArray on 64 bits.
# It breaks stuff.
# probably a bad cast statement on c_char_p
# FIXME: the big perf increase is now gone. Howto cast pointer to bytes
# into my_ctypes array ?
if not self.is_mmaped():
self._local_mmap_content = self._utils.bytes2array(self._process().read_bytes(self.start, len(self)), self._ctypes.c_ubyte)
log.debug('type array %s' % (type(self._local_mmap_content)))
self._local_mmap = LocalMemoryMapping.fromAddress(self, self._ctypes.addressof(self._local_mmap_content))
self._base = self._local_mmap
return self._local_mmap
def mmap(self):
"""
mmap-ed access gives a 20% perf increase on by tests
:return:
"""
# DO NOT USE ptrace.process.readArray on 64 bits.
# It breaks stuff.
# probably a bad cast statement on c_char_p
# FIXME: the big perf increase is now gone. Howto cast pointer to bytes
# into my_ctypes array ?
if not self.isMmaped():
self._local_mmap_content = self._utils.bytes2array(self._process().read_bytes(self.start, len(self)), self._ctypes.c_ubyte)
log.debug('type array %s' % (type(self._local_mmap_content)))
self._local_mmap = LocalMemoryMapping.fromAddress(self, self._ctypes.addressof(self._local_mmap_content))
self._base = self._local_mmap
return self._local_mmap
def mmap(self):
""" mmap-ed access gives a 20% perf increase on by tests """
# DO NOT USE ptrace.process.readArray on 64 bits.
# It breaks stuff.
# probably a bad cast statement on c_char_p
# FIXME: the big perf increase is now gone. Howto cast pointer to bytes
# into my_ctypes array ?
my_ctypes = self._target_platform.get_target_ctypes()
my_utils = self._target_platform.get_target_ctypes_utils()
if not self.isMmaped():
# self._process().readArray(self.start, my_ctypes.c_ubyte, len(self) ) # keep ref
# self._local_mmap_content = self._process().readArray(self.start,
# my_ctypes.c_ubyte, len(self) ) # keep ref
self._local_mmap_content = my_utils.bytes2array(
self._process().readBytes(self.start, len(self)), my_ctypes.c_ubyte
)
log.debug("type array %s" % (type(self._local_mmap_content)))
self._local_mmap = LocalMemoryMapping.fromAddress(self, my_ctypes.addressof(self._local_mmap_content))
self._base = self._local_mmap
return self._local_mmap
def _make_mmap(self, mstart, mlength, struct_offset, seq, word_size):
"""
Create memory mapping with some pointer values at specific
intervals.
:param mstart:
:param mlength:
:param struct_offset:
:param seq:
:param word_size:
:return:
"""
nsig = [struct_offset]
nsig.extend(seq)
# rewrite intervals indices to offsets from start
indices = [i for i in self._accumulate(nsig)]
dump = [] # b''
values = []
fmt = self.target.get_word_type_char()
# write a memory map with valid pointer address in specifics offsets.
for i in range(0, mlength, word_size):
if i in indices:
log.debug('Insert word %x at 0x%x',mstart + i,mstart + i)
dump.append(struct.pack(fmt, mstart + i))
values.append(mstart + i)
else:
dump.append(struct.pack(fmt, 0x2e2e2e2e2e2e2e2e))
if len(dump) != mlength // word_size:
raise ValueError('error 1 on length dump %d ' % (len(dump)))
dump2 = b''.join(dump)
if len(dump) * word_size != len(dump2):
print(dump)
raise ValueError(
'error 2 on length dump %d dump2 %d' %
(len(dump), len(dump2)))
stop = mstart + len(dump2)
mmap = AMemoryMapping(mstart, stop, '-rwx', 0, 0, 0, 0, 'test_mmap')
mmap.set_ctypes(self.target.get_target_ctypes())
mmap2 = LocalMemoryMapping.fromBytebuffer(mmap, dump2)
# mmap2.set_ctypes(self.target.get_target_ctypes())
return mmap2, values
def mmap(self):
''' mmap-ed access gives a 20% perf increase on by tests '''
# DO NOT USE ptrace.process.readArray on 64 bits.
# It breaks stuff.
# probably a bad cast statement on c_char_p
# FIXME: the big perf increase is now gone. Howto cast pointer to bytes
# into my_ctypes array ?
my_ctypes = self._target_platform.get_target_ctypes()
my_utils = self._target_platform.get_target_ctypes_utils()
if not self.isMmaped():
# self._process().readArray(self.start, my_ctypes.c_ubyte, len(self) ) # keep ref
# self._local_mmap_content = self._process().readArray(self.start,
# my_ctypes.c_ubyte, len(self) ) # keep ref
self._local_mmap_content = my_utils.bytes2array(
self._process().readBytes(self.start, len(self)),
my_ctypes.c_ubyte)
log.debug('type array %s' % (type(self._local_mmap_content)))
self._local_mmap = LocalMemoryMapping.fromAddress(
self, my_ctypes.addressof(self._local_mmap_content))
self._base = self._local_mmap
return self._local_mmap
def _load_memory_mappings(self):
""" make the python objects"""
_mappings = []
for mmap_fname, start, end, permissions, offset, major_device, minor_device, inode, pathname in self.metalines:
log.debug('Loading %s - %s' % (mmap_fname, pathname))
# open the file in the archive
try:
mmap_content_file = self._protected_open_file(mmap_fname, pathname)
except (IOError, KeyError) as e:
log.debug('Ignore absent file : %s' % (e))
mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
continue
except LazyLoadingException as e:
mmap = FilenameBackedMemoryMapping(e._filename, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
continue
if isinstance(self.archive, zipfile.ZipFile): # ZipExtFile is lame
log.warning(
'Using a local memory mapping . Zipfile sux. thx ruby.')
mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
mmap = LocalMemoryMapping.fromBytebuffer(
mmap,
mmap_content_file.read())
# use file mmap when file is too big
elif end - start > haystack.MAX_MAPPING_SIZE_FOR_MMAP:
log.warning('Using a file backed memory mapping. no mmap in memory for this memorymap (%s).' % (pathname) +
' Search will fail. Buffer is needed.')
mmap = FileBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
else:
# log.debug('Using a MemoryDumpMemoryMapping. small size')
# mmap = MemoryDumpMemoryMapping(mmap_content_file, start, end, permissions, offset,
log.debug('Always use FilenameBackedMemoryMapping. small size')
mmap = FilenameBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
_target_platform = target.TargetPlatform(_mappings, cpu_bits=self._cpu_bits, os_name=self._os_name)
self._memory_handler = MemoryHandler(_mappings, _target_platform, self.dumpname)
return
def _load_memory_mappings(self):
""" make the python objects"""
_mappings = []
for mmap_fname, start, end, permissions, offset, major_device, minor_device, inode, pathname in self.metalines:
log.debug('Loading %s - %s' % (mmap_fname, pathname))
# open the file in the archive
try:
mmap_content_file = self._protected_open_file(mmap_fname, pathname)
except (IOError, KeyError) as e:
log.debug('Ignore absent file : %s' % (e))
mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
continue
except LazyLoadingException as e:
mmap = FilenameBackedMemoryMapping(e._filename, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
continue
if isinstance(self.archive, zipfile.ZipFile): # ZipExtFile is lame
log.warning(
'Using a local memory mapping . Zipfile sux. thx ruby.')
mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
mmap = LocalMemoryMapping.fromBytebuffer(mmap, mmap_content_file.read())
# use file mmap when file is too big
elif end - start > haystack.MAX_MAPPING_SIZE_FOR_MMAP:
log.warning('Using a file backed memory mapping. no mmap in memory for this memorymap (%s).' % (pathname) +
' Search will fail. Buffer is needed.')
mmap = FileBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
else:
# log.debug('Using a MemoryDumpMemoryMapping. small size')
# mmap = MemoryDumpMemoryMapping(mmap_content_file, start, end, permissions, offset,
log.debug('Always use FilenameBackedMemoryMapping. small size')
mmap = FilenameBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
_mappings.append(mmap)
_target_platform = target.TargetPlatform(_mappings, cpu_bits=self._cpu_bits, os_name=self._os_name)
self._memory_handler = MemoryHandler(_mappings, _target_platform, self.dumpname)
return