def task_struct_loadMembers(self, mappings, maxDepth=99):
listHeads= [('cg_list', task_struct),
('children', None), # core dump on 'task_struct'
('cpu_timers', None), # array of 3
('perf_event_list', None),
('pi_state_list', None),
('pi_waiters', None),
('preempt_notifiers', None), # ?
('ptraced', None),
('ptrace_entry', None),
('robust_list', None),
('sibling', task_struct),
('tasks', task_struct),
('thread_group', None),
]
offsets=dict()
for attrname, attrtype in listHeads:
if attrtype is not None:
# save next and prev from differential offset
offsets[(attrname, attrtype)] = getattr(self,attrname).getOffsets(mappings, attrtype, attrname)
#now, we can map in local space // kinda useless, but hey... we wont hack into ctypes..
maxDepth = 5
LoadableMembers.loadMembers(self,mappings, maxDepth)
log.debug("Loaded task_struct for process '%s'"%(self.comm))
# copy real list members memory space size, offseting from list_head member
for head,addrs in offsets.items():
attrname, attrtype = head
# load that list_head members
getattr(self,attrname).loadRealMembers(mappings, maxDepth, attrtype, attrname, addrs)
return True
def task_struct_loadMembers(self, mappings, maxDepth=99):
listHeads = [
('cg_list', task_struct),
('children', None), # core dump on 'task_struct'
('cpu_timers', None), # array of 3
('perf_event_list', None),
('pi_state_list', None),
('pi_waiters', None),
('preempt_notifiers', None), # ?
('ptraced', None),
('ptrace_entry', None),
('robust_list', None),
('sibling', task_struct),
('tasks', task_struct),
('thread_group', None),
]
offsets = dict()
for attrname, attrtype in listHeads:
if attrtype is not None:
# save next and prev from differential offset
offsets[(attrname, attrtype)] = getattr(self, attrname).getOffsets(
mappings, attrtype, attrname)
#now, we can map in local space // kinda useless, but hey... we wont hack into ctypes..
maxDepth = 5
LoadableMembers.loadMembers(self, mappings, maxDepth)
log.debug("Loaded task_struct for process '%s'" % (self.comm))
# copy real list members memory space size, offseting from list_head member
for head, addrs in offsets.items():
attrname, attrtype = head
# load that list_head members
getattr(self, attrname).loadRealMembers(mappings, maxDepth, attrtype,
attrname, addrs)
return True
def DSA_loadMembers(self, mappings, maxDepth):
# clean other structs
# r and kinv can be null
self.meth = None
self._method_mod_p = None
#self.engine = None
if not LoadableMembers.loadMembers(self, mappings, maxDepth):
log.debug('DSA not loaded')
return False
return True
def loadMembers(self, mappings, maxDepth):
if not LoadableMembers.loadMembers(self, mappings, maxDepth):
return False
# Load and memcopy key
log.debug('Memcopying a Key with %d bytes'%self.key_len)
attr_obj_address=getaddress(self.key)
memoryMap = is_valid_address_value( attr_obj_address, mappings)
array=(ctypes.c_ubyte*self.key_len).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte, self.key_len))
self.key.contents=ctypes.c_ubyte.from_buffer(array)
log.debug('unmac_ctx has been nulled and ignored. its not often used by any ssh impl. Not useful for us anyway.')
log.debug('MAC KEY(%d bytes) acquired'%(self.key_len))
return True
def RSA_loadMembers(self, mappings, maxDepth):
#self.meth = 0 # from_address(0)
# ignore bignum_data.
#self.bignum_data = 0
self.bignum_data.ptr.value = 0
#self.blinding = 0
#self.mt_blinding = 0
if not LoadableMembers.loadMembers(self, mappings, maxDepth):
log.debug('RSA not loaded')
return False
return True
def loadMembers(self, mappings, maxDepth):
if not LoadableMembers.loadMembers(self, mappings, maxDepth):
return False
# Load and memcopy key and iv
log.debug('Memcopying a Key with %d bytes'%self.key_len)
attr_obj_address=getaddress(self.key)
memoryMap = is_valid_address_value( attr_obj_address, mappings)
array=(ctypes.c_ubyte*self.key_len).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte, self.key_len))
self.key.contents=ctypes.c_ubyte.from_buffer(array)
log.debug('Memcopying a IV with %d bytes'%( self.block_size) )
attr_obj_address=getaddress(self.iv)
memoryMap = is_valid_address_value( attr_obj_address, mappings)
array=(ctypes.c_ubyte*self.block_size).from_buffer_copy(memoryMap.readArray(attr_obj_address, ctypes.c_ubyte,self.block_size))
self.iv.contents=ctypes.c_ubyte.from_buffer(array)
log.debug('ENC KEY(%d bytes) and IV(%d bytes) acquired'%(self.key_len,self.block_size))
return True
def loadMembers(self, mappings, maxDepth):
if not LoadableMembers.loadMembers(self, mappings, maxDepth):
return False
#log.debug('evp app_data attr_obj_address=0x%lx'%(self.evp.app_data) )
#log.debug('evp cipher_data attr_obj_address=0x%lx'%(self.evp.cipher_data) ) ##none
#log.debug('cipher app_data attr_obj_address=0x%lx'%(getaddress(self.cipher.contents.cipher_data)) )
# cast evp.app_data into a valid struct
if self.cipher.contents.name.string in self.cipherContexts:
struct,fieldname=self.cipherContexts[self.cipher.contents.name.string]
if(struct is None):
log.warning("Unsupported cipher %s"%(self.cipher.contents.name.string))
return True
attr=getattr(self.evp,fieldname)
#attr_obj_address=getaddress(attr) or attr # c_void_p is a basic type.
attr_obj_address = attr
#print attr
memoryMap = is_valid_address_value( attr_obj_address, mappings, struct)
log.debug( "CipherContext CAST %s into : %s "%(fieldname, struct) )
if not memoryMap:
log.warning('On second toughts, %s seems to be at an invalid address. That should not happen (often).'%(fieldname))
log.warning('%s addr:0x%lx size:0x%lx addr+size:0x%lx '%(is_valid_address_value( attr_obj_address, mappings),
attr_obj_address, ctypes.sizeof(struct), attr_obj_address+ctypes.sizeof(struct)))
log.warning('%s : %s'%(fieldname, attr))
return False # DEBUG kill it
#st=struct.from_buffer_copy(memoryMap.readStruct(attr_obj_address, struct ) )
# XXX CAST do not copy buffer when casting, sinon on perds des bytes
## attr.contents=(type(attr.contents)).from_buffer(st)
### c_void_p -> allocate local_mem and change value
### XXX dangling pointer ?
#attr.value = ctypes.addressof(st)
#setattr(self.evp, fieldname, ctypes.c_void_p(ctypes.addressof(st)) )
st=memoryMap.readStruct(attr_obj_address, struct )
model.keepRef(st)
setattr(self.evp, fieldname, ctypes.c_void_p(ctypes.addressof(st)) )
attr=getattr(self.evp,fieldname)
log.debug('Copied 0x%lx into %s (0x%lx)'%(ctypes.addressof(st), fieldname, attr))
log.debug('LOADED app_data evp.%s as %s from 0x%lx (%s) into 0x%lx'%(fieldname,struct,
attr_obj_address, is_valid_address_value(attr_obj_address,mappings,struct), attr ))
log.debug('\t\t---------\n%s\t\t---------'%st.toString())
else:
log.warning("Unknown cipher %s, can't load a data struct for the EVP_CIPHER_CTX->app_data"%(self.cipher.contents.name.string))
return True
def CRYPTO_EX_DATA_isValid(self,mappings): ''' erase self.sk''' # TODO why ? #self.sk=ctypes.POINTER(STACK)() return LoadableMembers.isValid(self,mappings)
def CRYPTO_EX_DATA_loadMembers(self, mappings, maxDepth): ''' erase self.sk''' #self.sk=ctypes.POINTER(STACK)() return LoadableMembers.loadMembers(self, mappings, maxDepth)
def BIGNUM_isValid(self,mappings):
if ( self.dmax < 0 or self.top < 0 or self.dmax < self.top ):
return False
return LoadableMembers.isValid(self,mappings)
