def tearDown(self): super(SrcTests,self).tearDown() self.memdumpname = None self.validAddress = None self.classname = None self.known_heap = None model.reset()
def tearDownClass(self): self.mappings = None self.finder = None self.found = None self.session_state = None from haystack import model model.reset() pass
def tearDown(self): super(SrcTests,self).tearDown() self.memdumpname = None self.node_structname = None self.usual_structname = None self.address1 = None self.address2 = None self.address3 = None model.reset()
def setUp(self): model.reset() self.memdumpname = 'test/dumps/ssh/ssh.1' self.classname = 'sslsnoop.ctypes_openssh.session_state' self.known_heaps = [(0xb84ee318, 0) ] try: import sslsnoop except ImportError: self.skipTest('sslsnoop not present')
def setUp(self): model.reset() self.validAddress = '0x7f724c90d740' self.memdumpname = 'test/dumps/ssh/ssh.x64.6653.dump' self.classname = 'sslsnoop.ctypes_openssh.session_state' self.known_heap = (0x00007f724c905000, 249856) try: import sslsnoop except ImportError: self.skipTest('sslsnoop not present')
def setUp(self): model.reset() self._mappings = dump_loader.load('test/dumps/putty/putty.1.dump') self._known_heaps = [(0x390000, 0x3000), (0x540000, 0x1000), (0x580000, 0x9000), (0x5c0000, 0x59000), (0x1ef0000, 0x1000), (0x2010000, 0x21000), (0x2080000, 0x10000), (0x21f0000, 0x6000), (0x3360000, 0x1000), (0x4030000, 0x1000), (0x4110000, 0x1000), (0x41c0000, 0x1000), ] return
def setUp(self): model.reset() from haystack import types types.reload_ctypes(4, 4, 8) self.cpu_bits = '32' self.os_name = 'linux' self.tgts = [] self.process = None self.tests = {"test1": "test-ctypes1.%d" % (32), "test2": "test-ctypes2.%d" % (32), "test3": "test-ctypes3.%d" % (32), }
def setUp(self): model.reset() self.memdumpname = 'test/dumps/putty/putty.1.dump' self.classname = 'haystack.structures.win32.win7heap.HEAP' self.known_heaps = [(0x00390000, 8956), (0x00540000, 868), (0x00580000, 111933), (0x005c0000, 1704080), (0x01ef0000, 604), (0x02010000, 61348), (0x02080000, 474949), (0x021f0000, 18762), (0x03360000, 604), (0x04030000, 632), (0x04110000, 1334), (0x041c0000, 644), # from free stuf (0x0061a000, 1200), ]
def setUp(self): model.reset() types.reload_ctypes(8, 8, 16) self.memdumpname = 'test/src/test-ctypes7.64.dump' self.classname = 'test.src.ctypes7.struct_Node' self._load_offsets_values(self.memdumpname) self.address = self.offsets['test1'][0] # 0x000000001b1e010 # load layout in x64 from test.src import ctypes7 from test.src import ctypes7_gen64 model.copyGeneratedClasses(ctypes7_gen64, ctypes7) model.registerModule(ctypes7) # apply constraints ctypes7.populate()
def setUp(self): model.reset() types.reload_ctypes(4, 4, 8) self.memdumpname = 'test/src/test-ctypes7.32.dump' self.classname = 'test.src.ctypes7.struct_Node' self._load_offsets_values(self.memdumpname) self.address = self.offsets['test1'][0] # 0x8f40008 # load layout in x32 from test.src import ctypes7 from test.src import ctypes7_gen32 model.copyGeneratedClasses(ctypes7_gen32, ctypes7) model.registerModule(ctypes7) # apply constraints ctypes7.populate()
def setUp(self): model.reset() self.mappings = dump_loader.load('test/src/test-ctypes6.32.dump') self.memdumpname = 'test/src/test-ctypes6.32.dump' self._load_offsets_values(self.memdumpname) sys.path.append('test/src/') from test.src import ctypes6 from test.src import ctypes6_gen32 model.copyGeneratedClasses(ctypes6_gen32, ctypes6) model.registerModule(ctypes6) # apply constraints ctypes6.populate(self.mappings.config) self.offset = self.offsets['test1'][0] self.m = self.mappings.get_mapping_for_address(self.offset) self.usual = self.m.readStruct(self.offset, ctypes6.struct_usual)
def test_registerModule(self): from haystack import model model.reset() try: from test.structures import good from test.structures import good_gen from test.structures import bad_gen # copy bad_gen in good model.copyGeneratedClasses(bad_gen, good) model.copyGeneratedClasses(good_gen, good) self.assertIn('Struct1', good.__dict__) self.assertIn('Struct2', good.__dict__) self.assertNotIn('Struct1_py', good.__dict__) self.assertNotIn('expectedValues', good.Struct1.__dict__) except ImportError as e: self.fail(e) try: from test.structures import bad # test if module has members self.assertEquals(bad.BLOCK_SIZE, 16) self.assertIn('Struct1', bad.__dict__) self.assertIn('expectedValues', bad.Struct1.__dict__) # same Struct1 object is imported in bad and good self.assertIn('expectedValues', good.Struct1.__dict__) self.assertNotIn('expectedValues', good.Struct2.__dict__) except ImportError as e: self.fail(e) # test if register works (creates POPO) model.registerModule(bad) self.assertIn('Struct1_py', bad.__dict__) self.assertIn('expectedValues', bad.Struct1.__dict__) # POPO is not create in good self.assertNotIn('Struct1_py', good.__dict__) self.assertIn('expectedValues', good.Struct1.__dict__) self.assertNotIn('expectedValues', good.Struct2.__dict__) model.registerModule(good) # creates POPO for the rest self.assertIn('Struct2_py', good.__dict__) self.assertIn('expectedValues', good.Struct1.__dict__) # expectedValues is in a function self.assertNotIn('expectedValues', good.Struct2.__dict__) # add an expectedValues good.populate() self.assertIn('expectedValues', good.Struct1.__dict__) self.assertIn('expectedValues', good.Struct2.__dict__)
def setUp(self): model.reset() types.reload_ctypes(8, 8, 16) class MyConfig: def get_word_size(self): return 8 self.memdumpname = 'test/src/test-ctypes6.64.dump' self.node_structname = 'test.src.ctypes6.struct_Node' self.usual_structname = 'test.src.ctypes6.struct_usual' self._load_offsets_values(self.memdumpname) self.address1 = self.offsets['test1'][0] # struct_usual self.address2 = self.offsets['test2'][0] # struct_Node self.address3 = self.offsets['test3'][0] # struct_Node # load layout in x64 from test.src import ctypes6 from test.src import ctypes6_gen64 model.copyGeneratedClasses(ctypes6_gen64, ctypes6) model.registerModule(ctypes6) # apply constraints ctypes6.populate(MyConfig())
def test_walker_after_arch_change(self): x32 = types.reload_ctypes(4, 4, 8) x64 = types.reload_ctypes(8, 8, 16) from haystack.structures.libc import libcheapwalker from haystack.structures.win32 import winheapwalker from haystack.structures.win32 import win7heapwalker if False: # set the arch ctypes = types.set_ctypes(x32) libc_x32 = libcheapwalker.LibcHeapFinder(x32) winxp_x32 = winheapwalker.WinHeapFinder(x32) win7_x32 = win7heapwalker.Win7HeapFinder(x32) from haystack.structures.win32 import win7heap t = win7heap.HEAP_ENTRY for fi, tp in t._fields_: f = getattr(t, fi) print fi, " : ", hex(f.offset), hex(f.size) self.assertEquals(ctypes.sizeof(libc_x32.heap_type), 8) self.assertEquals(ctypes.sizeof(winxp_x32.heap_type), 1430) self.assertEquals(ctypes.sizeof(win7_x32.heap_type), 312) # 0x138 # set the arch model.reset() ctypes = types.set_ctypes(x64) libc_x64 = libcheapwalker.LibcHeapFinder(x64) winxp_x64 = winheapwalker.WinHeapFinder(x64) win7_x64 = win7heapwalker.Win7HeapFinder(x64) # import code # code.interact(local=locals()) self.assertEquals(ctypes.sizeof(libc_x64.heap_type), 16) # who knows... self.assertEquals(ctypes.sizeof(win7_x64.heap_type), 520) # BUG FIXME, what is the size of winxp64 HEAP ? self.assertEquals(ctypes.sizeof(winxp_x64.heap_type), 2792) # 0xae8
def tearDown(self): from haystack import model model.reset() self._mappings = None return
def tearDownClass(self): from haystack import model model.reset() self.context6 = None return
def tearDownClass(self): self.mappings = None model.reset() return
def tearDown(self): self.context = None model.reset()
def setUp(self): model.reset() self.mappings = dump_loader.load('test/dumps/ssh/ssh.1')
def tearDown(self): model.reset()
def setUp(self): model.reset() self.mappings = dump_loader.load('test/dumps/putty/putty.1.dump')
def setUp(self): model.reset() self.mappings = dump_loader.load('test/src/test-ctypes5.32.dump') # struct a - basic types self._load_offsets_values('test/src/test-ctypes5.32.dump')
def tearDown(self): from haystack import model model.reset() self.mappings = None pass
def tearDown(self): self.memdumpname = None self.classname = None self.known_heaps = None model.reset()
def tearDown(self): super(SrcTests,self).tearDown() self.mappings = None model.reset()
def tearDown(self): model.reset() self.mappings = None self.heap_obj = None pass
def setUp(self): model.reset()
def tearDown(self): model.reset() types.load_ctypes_default()
def setUp(self): model.reset() self.mappings = dump_loader.load('test/src/test-ctypes6.32.dump')
def setUp(self): model.reset() # os.chdir() self.context = context.get_context('test/src/test-ctypes3.32.dump') self.dsa = dsa.DSASimple(self.context.config)
def tearDown(self): self.mappings = None model.reset()