def _mmap(self): """ protected api """ # mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer. # we have to get a ctypes pointer-able instance to make our ctypes structure read efficient. # sad we can't have a bytebuffer from that same raw memspace # we do not keep the bytebuffer in memory, because it's a lost of space # in most cases. if self._base is None: if hasattr(self._memdump, 'fileno'): # normal file. # XXX that is the most f****d up, non-portable f**k I ever # wrote. if haystack.MMAP_HACK_ACTIVE: log.debug('Using MMAP_HACK: %s' % self) # if self.pathname.startswith('/usr/lib'): # raise Exception self._local_mmap_bytebuffer = mmap.mmap( self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ) self._memdump.close() self._memdump = None # yeap, that right, I'm stealing the pointer value. DEAL WITH IT. # this is a local memory hack, so # self._target_platform.get_word_type() is not involved. heapmap = struct.unpack('L', (ctypes.c_ulong).from_address( id(self._local_mmap_bytebuffer) + 2 * (ctypes.sizeof(ctypes.c_ulong))))[0] self._local_mmap_content = ( ctypes.c_ubyte * (self.end - self.start)).from_address( int(heapmap)) else: # fallback with no creepy hacks log.warning( 'MemoryHandler Mapping content mmap-ed() (double copy of %s) : %s' % (self._memdump.__class__, self)) # we have the bytes local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ) self._memdump.close() # we need an ctypes self._local_mmap_content = utils.bytes2array( local_mmap_bytebuffer, ctypes.c_ubyte) else: # dumpfile, file inside targz ... any read() API really print self.__class__ self._local_mmap_content = utils.bytes2array( self._memdump.read(), ctypes.c_ubyte) self._memdump.close() log.warning( 'MemoryHandler Mapping content copied to ctypes array : %s' % (self)) # make that _base self._base = LocalMemoryMapping.fromAddress( self, ctypes.addressof(self._local_mmap_content)) log.debug('%s done.' % self.__class__) # redirect function calls self.read_word = self._base.read_word self.read_array = self._base.read_array self.read_bytes = self._base.read_bytes self.read_struct = self._base.read_struct return self._base
def _mmap(self): ''' protected api ''' # mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer. # we have to get a ctypes pointer-able instance to make our ctypes structure read efficient. # sad we can't have a bytebuffer from that same raw memspace # we do not keep the bytebuffer in memory, because it's a lost of space in most cases. if self._base is None: mmap_hack = True if mmap_hack: # XXX that is the most f****d up, non-portable f**k I ever wrote. self._local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ) # yeap, that right, I'm stealing the pointer value. DEAL WITH IT. heapmap = struct.unpack('L', (ctypes.c_uint).from_address(id(self._local_mmap_bytebuffer) + 8 ) )[0] self._local_mmap_content = (ctypes.c_ubyte*(self.end-self.start)).from_address(heapmap) elif hasattr(self._memdump,'fileno'): # normal file. mmap kinda useless i suppose. log.warning('Memory Mapping content mmap-ed() (double copy of %s) : %s'%(self._memdump.__class__, self)) # we have the bytes local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ) # we need an ctypes self._local_mmap_content = utils.bytes2array(local_mmap_bytebuffer, ctypes.c_ubyte) else: # dumpfile, file inside targz ... any read() API really self._local_mmap_content = utils.bytes2array(self._memdump.read(), ctypes.c_ubyte) log.warning('Memory Mapping content copied to ctypes array : %s'%(self)) # make that _base self._base = LocalMemoryMapping.fromAddress( self, ctypes.addressof(self._local_mmap_content) ) log.debug('LocalMemoryMapping done.') #redirect stuff self.readWord = self._base.readWord self.readArray = self._base.readArray self.readBytes = self._base.readBytes self.readStruct = self._base.readStruct return self._base
def _mmap(self): """ protected api """ # mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer. # we have to get a ctypes pointer-able instance to make our ctypes structure read efficient. # sad we can't have a bytebuffer from that same raw memspace # we do not keep the bytebuffer in memory, because it's a lost of space # in most cases. if self._base is None: if hasattr(self._memdump, "fileno"): # normal file. # XXX that is the most f****d up, non-portable f**k I ever # wrote. if haystack.MMAP_HACK_ACTIVE: log.debug("Using MMAP_HACK: %s" % self) # if self.pathname.startswith('/usr/lib'): # raise Exception self._local_mmap_bytebuffer = mmap.mmap( self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ ) self._memdump.close() self._memdump = None # yeap, that right, I'm stealing the pointer value. DEAL WITH IT. # this is a local memory hack, so heapmap = struct.unpack( "L", (ctypes.c_ulong).from_address( id(self._local_mmap_bytebuffer) + 2 * (ctypes.sizeof(ctypes.c_ulong)) ), )[0] self._local_mmap_content = (ctypes.c_ubyte * (self.end - self.start)).from_address(int(heapmap)) else: # fallback with no creepy hacks log.warning( "MemoryHandler Mapping content mmap-ed() (double copy of %s) : %s", self._memdump.__class__, self, ) # we have the bytes local_mmap_bytebuffer = mmap.mmap( self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ ) self._memdump.close() # we need an ctypes self._local_mmap_content = utils.bytes2array(local_mmap_bytebuffer, ctypes.c_ubyte) else: # dumpfile, file inside targz ... any read() API really print self.__class__ self._local_mmap_content = utils.bytes2array(self._memdump.read(), ctypes.c_ubyte) self._memdump.close() log.warning("MemoryHandler Mapping content copied to ctypes array : %s", self) # make that _base self._base = LocalMemoryMapping.fromAddress(self, ctypes.addressof(self._local_mmap_content)) log.debug("%s done." % self.__class__) # redirect function calls self.read_word = self._base.read_word self.read_array = self._base.read_array self.read_bytes = self._base.read_bytes self.read_struct = self._base.read_struct return self._base
def _mmap(self): ''' protected api ''' # mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer. # we have to get a ctypes pointer-able instance to make our ctypes structure read efficient. # sad we can't have a bytebuffer from that same raw memspace # we do not keep the bytebuffer in memory, because it's a lost of space in most cases. if self._base is None: mmap_hack = True if mmap_hack: # XXX that is the most f****d up, non-portable f**k I ever wrote. self._local_mmap_bytebuffer = mmap.mmap( self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ) # yeap, that right, I'm stealing the pointer value. DEAL WITH IT. heapmap = struct.unpack( 'L', (ctypes.c_uint ).from_address(id(self._local_mmap_bytebuffer) + 8))[0] self._local_mmap_content = ( ctypes.c_ubyte * (self.end - self.start)).from_address(heapmap) elif hasattr( self._memdump, 'fileno'): # normal file. mmap kinda useless i suppose. log.warning( 'Memory Mapping content mmap-ed() (double copy of %s) : %s' % (self._memdump.__class__, self)) # we have the bytes local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end - self.start, access=mmap.ACCESS_READ) # we need an ctypes self._local_mmap_content = utils.bytes2array( local_mmap_bytebuffer, ctypes.c_ubyte) else: # dumpfile, file inside targz ... any read() API really self._local_mmap_content = utils.bytes2array( self._memdump.read(), ctypes.c_ubyte) log.warning( 'Memory Mapping content copied to ctypes array : %s' % (self)) # make that _base self._base = LocalMemoryMapping.fromAddress( self, ctypes.addressof(self._local_mmap_content)) log.debug('LocalMemoryMapping done.') #redirect stuff self.readWord = self._base.readWord self.readArray = self._base.readArray self.readBytes = self._base.readBytes self.readStruct = self._base.readStruct return self._base
def test_bytes2array(self): """bytes to ctypes array""" ctypes = types.reload_ctypes(4, 4, 8) bytes = 4 * b'\xAA' + 4 * b'\xBB' + 4 * b'\xCC' + \ 4 * b'\xDD' + 4 * b'\xEE' + 4 * b'\xFF' array = utils.bytes2array(bytes, ctypes.c_ulong) self.assertEquals(array[0], 0xAAAAAAAA) self.assertEquals(len(array), 6) ctypes = types.reload_ctypes(8, 8, 16) bytes = 4 * b'\xAA' + 4 * b'\xBB' + 4 * b'\xCC' + \ 4 * b'\xDD' + 4 * b'\xEE' + 4 * b'\xFF' array = utils.bytes2array(bytes, ctypes.c_ulong) self.assertEquals(array[0], 0xBBBBBBBBAAAAAAAA) self.assertEquals(len(array), 3) pass
def fromBytebuffer(cls, memoryMapping, content): content_array = utils.bytes2array(content, ctypes.c_ubyte) content_address = ctypes.addressof(content_array) el = cls( content_address, memoryMapping.start, memoryMapping.end, memoryMapping.permissions, memoryMapping.offset, memoryMapping.major_device, memoryMapping.minor_device, memoryMapping.inode, memoryMapping.pathname) el.content_array_save_me_from_gc = content_array return el
def fromBytebuffer(cls, memoryMapping, content): content_array = utils.bytes2array(content, ctypes.c_ubyte) content_address = ctypes.addressof(content_array) el = cls(content_address, memoryMapping.start, memoryMapping.end, memoryMapping.permissions, memoryMapping.offset, memoryMapping.major_device, memoryMapping.minor_device, memoryMapping.inode, memoryMapping.pathname) el.content_array_save_me_from_gc = content_array return el
def _mmap(self): ''' protected api ''' # mmap.mmap has a full bytebuffer API, so we can use it as is for bytebuffer. # we have to get a ctypes pointer-able instance to make our ctypes structure read efficient. # sad we can't have a bytebuffer from that same raw memspace # we do not keep the bytebuffer in memory, because it's a lost of space in most cases. if self._base is None: if hasattr(self._memdump,'fileno'): # normal file. if Config.mmap_hack: # XXX that is the most f****d up, non-portable f**k I ever wrote. #print 'mmap_hack', self #if self.pathname.startswith('/usr/lib'): # raise Exception self._local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ) self._memdump.close() self._memdump = None # yeap, that right, I'm stealing the pointer value. DEAL WITH IT. # this is a local memory hack, so Config.WORDTYPE is not involved. heapmap = struct.unpack('L', (ctypes.c_ulong).from_address(id(self._local_mmap_bytebuffer) + 2*(ctypes.sizeof(ctypes.c_ulong)) ) )[0] self._local_mmap_content = (ctypes.c_ubyte*(self.end-self.start)).from_address(int(heapmap)) else: # fallback with no creepy hacks log.warning('Memory Mapping content mmap-ed() (double copy of %s) : %s'%(self._memdump.__class__, self)) # we have the bytes local_mmap_bytebuffer = mmap.mmap(self._memdump.fileno(), self.end-self.start, access=mmap.ACCESS_READ) self._memdump.close() # we need an ctypes self._local_mmap_content = utils.bytes2array(local_mmap_bytebuffer, ctypes.c_ubyte) else: # dumpfile, file inside targz ... any read() API really self._local_mmap_content = utils.bytes2array(self._memdump.read(), ctypes.c_ubyte) self._memdump.close() log.warning('Memory Mapping content copied to ctypes array : %s'%(self)) # make that _base self._base = LocalMemoryMapping.fromAddress( self, ctypes.addressof(self._local_mmap_content) ) log.debug('LocalMemoryMapping done.') #redirect stuff self.readWord = self._base.readWord self.readArray = self._base.readArray self.readBytes = self._base.readBytes self.readStruct = self._base.readStruct return self._base
def mmap(self): ''' mmap-ed access gives a 20% perf increase on by tests ''' # DO NOT USE ptrace.process.readArray on 64 bits. # It breaks stuff. # probably a bad cast statement on c_char_p # FIXME: the big perf increase is now gone. Howto cast pointer to bytes # into ctypes array ? ctypes = self.config.ctypes if not self.isMmaped(): # self._process().readArray(self.start, ctypes.c_ubyte, len(self) ) # keep ref # self._local_mmap_content = self._process().readArray(self.start, # ctypes.c_ubyte, len(self) ) # keep ref self._local_mmap_content = utils.bytes2array( self._process().readBytes( self.start, len(self)), ctypes.c_ubyte) log.debug('type array %s' % (type(self._local_mmap_content))) self._local_mmap = LocalMemoryMapping.fromAddress( self, ctypes.addressof( self._local_mmap_content)) self._base = self._local_mmap return self._local_mmap
def RC4_KEY_fromPyObj(self, pyobj): #copy P and S self.data = bytes2array(pyobj.data, ctypes.c_uint) self.x = pyobj.x self.y = pyobj.y return self
def AES_KEY_fromPyObj(self,pyobj): #copy rd_key self.rd_key = bytes2array(pyobj.rd_key,ctypes.c_ulong) #copy rounds self.rounds = pyobj.rounds return self
def fromPyObj(self, pyobj): #recurse copy aes_ctx self.r_ctx = rijndael_ctx().fromPyObj(pyobj.r_ctx) #copy counter self.r_iv = bytes2array(pyobj.r_iv, ctypes.c_ubyte) return self
def fromPyObj(self, pyobj): self.decrypt = pyobj.decrypt self.Nr = pyobj.Nr self.ek = bytes2array(pyobj.ek, ctypes.c_uint32) self.dk = bytes2array(pyobj.dk, ctypes.c_uint32) return self
def fromPyObj(self, pyobj): #recurse copy aes_ctx self.aes_ctx = AES_KEY().fromPyObj(pyobj.aes_ctx) #copy counter self.aes_counter = bytes2array(pyobj.aes_counter, ctypes.c_ubyte) return self
def RC4_KEY_fromPyObj(self,pyobj): #copy P and S self.data = bytes2array(pyobj.data, ctypes.c_uint) self.x = pyobj.x self.y = pyobj.y return self
def CAST_KEY_fromPyObj(self,pyobj): #copy P and S self.data = bytes2array(pyobj.data, ctypes.c_uint) self.short_key = pyobj.short_key return self
def fromPyObj(self,pyobj): #recurse copy aes_ctx self.r_ctx = rijndael_ctx().fromPyObj(pyobj.r_ctx) #copy counter self.r_iv = bytes2array(pyobj.r_iv, ctypes.c_ubyte) return self
def BF_KEY_fromPyObj(self,pyobj): #copy P and S self.P = bytes2array(pyobj.P, ctypes.c_ulong) self.S = bytes2array(pyobj.S, ctypes.c_ulong) return self
def CAST_KEY_fromPyObj(self, pyobj): #copy P and S self.data = bytes2array(pyobj.data, ctypes.c_uint) self.short_key = pyobj.short_key return self
def AES_KEY_fromPyObj(self, pyobj): #copy rd_key self.rd_key = bytes2array(pyobj.rd_key, ctypes.c_ulong) #copy rounds self.rounds = pyobj.rounds return self
def BF_KEY_fromPyObj(self, pyobj): #copy P and S self.P = bytes2array(pyobj.P, ctypes.c_ulong) self.S = bytes2array(pyobj.S, ctypes.c_ulong) return self
def _get(self, offset, size): memdump = file(self.memdump_name, "rb") memdump.seek(offset) me = utils.bytes2array(memdump.read(size), ctypes.c_ubyte) memdump.close() return me
def fromPyObj(self,pyobj): #recurse copy aes_ctx self.aes_ctx = AES_KEY().fromPyObj(pyobj.aes_ctx) #copy counter self.aes_counter=bytes2array(pyobj.aes_counter, ctypes.c_ubyte) return self
def _get(self, offset, size): memdump = file(self.memdump_name, 'rb') memdump.seek(offset) me = utils.bytes2array(memdump.read(size), ctypes.c_ubyte) memdump.close() return me
def fromPyObj(self,pyobj): self.decrypt = pyobj.decrypt self.Nr = pyobj.Nr self.ek = bytes2array(pyobj.ek, ctypes.c_uint32) self.dk = bytes2array(pyobj.dk, ctypes.c_uint32) return self