def test_load(self):
# this is kinda stupid, given we are using a heapwalker to
# find the heap, and testing the heap.
finder = self.memory_handler.get_heap_finder()
walkers = finder.list_heap_walkers()
heaps = [walker.get_heap_mapping() for walker in walkers]
my_heap = [x for x in heaps if x.start == self.known_heaps[0][0]][0]
heap_mapping = self.memory_handler.get_mapping_for_address(
self.known_heaps[0][0])
# we want the 32 bits heap record type on 32 bits heap mappings
heapwalker = finder.get_heap_walker(heap_mapping)
## Thats a 64 bits heap heapwalker = finder.get_heap_walker(heaps[0])
my_loader = searcher.RecordLoader(self.memory_handler)
res = my_loader.load(heapwalker._heap_module.HEAP,
self.known_heaps[0][0])
res_p = haystack.output_to_python(self.memory_handler, [res])
instance, validated = res_p[0]
# no constraints loaded, subsegmentcode pointer went to is_valid
self.assertFalse(validated)
# now lets just use the win7heap constraints
my_loader = searcher.RecordLoader(self.memory_handler,
heapwalker._heap_module_constraints)
res = my_loader.load(heapwalker._heap_module.HEAP,
self.known_heaps[0][0])
res_p = haystack.output_to_python(self.memory_handler, [res])
instance, validated = res_p[0]
# no constraints loaded, subsegmentcode pointer went to is_valid
self.assertTrue(validated)
self.assertIsInstance(instance, object)
self.assertEquals(instance.Signature, 0xeeffeeff)
self.assertEquals(instance.VirtualMemoryThreshold, 0xfe00)
self.assertEquals(instance.FrontEndHeapType, 0)
# try a misalign read
res = my_loader.load(heapwalker._heap_module.HEAP,
self.known_heaps[0][0] + 1)
res_p = haystack.output_to_python(self.memory_handler, [res])
instance, validated = res_p[0]
self.assertFalse(validated)
self.assertIsInstance(instance, object)
self.assertNotEquals(instance.Signature, 0xeeffeeff)
self.assertEquals(instance.Signature, 0xeeffee) # 1 byte off
self.assertNotEquals(instance.VirtualMemoryThreshold, 0xfe00)
self.assertEquals(instance.VirtualMemoryThreshold, 0xff0000fe)
return
def test_load(self):
# this is kinda stupid, given we are using a heapwalker to
# find the heap, and testing the heap.
my_target = self.memory_handler.get_target_platform()
my_ctypes = my_target.get_target_ctypes()
my_utils = my_target.get_target_ctypes_utils()
my_model = self.memory_handler.get_model()
finder = self.memory_handler.get_heap_finder()
heaps = finder.get_heap_mappings()
my_heap = [ x for x in heaps if x.start == self.known_heaps[0][0]][0]
heapwalker = finder.get_heap_walker(heaps[0])
win7heap = heapwalker._heap
my_loader = searcher.RecordLoader(self.memory_handler)
res = my_loader.load(heapwalker._heap_module.HEAP, self.known_heaps[0][0])
res_p = haystack.output_to_python(self.memory_handler, [res])
instance, validated = res_p[0]
# no constraints loaded, subsegmentcode pointer went to is_valid
self.assertFalse(validated)
# now lets just use the win7heap constraints
my_loader = searcher.RecordLoader(self.memory_handler, heapwalker._heap_module_constraints)
res = my_loader.load(heapwalker._heap_module.HEAP, self.known_heaps[0][0])
res_p = haystack.output_to_python(self.memory_handler, [res])
instance, validated = res_p[0]
# no constraints loaded, subsegmentcode pointer went to is_valid
self.assertTrue(validated)
self.assertIsInstance(instance, object)
self.assertEquals(instance.Signature, 0xeeffeeff)
self.assertEquals(instance.VirtualMemoryThreshold, 0xfe00)
self.assertEquals(instance.FrontEndHeapType, 0)
# try a misalign read
res = my_loader.load(heapwalker._heap_module.HEAP, self.known_heaps[0][0] + 1)
res_p = haystack.output_to_python(self.memory_handler, [res])
instance, validated = res_p[0]
self.assertFalse(validated)
self.assertIsInstance(instance, object)
self.assertNotEquals(instance.Signature, 0xeeffeeff)
self.assertEquals(instance.Signature, 0xeeffee) # 1 byte off
self.assertNotEquals(instance.VirtualMemoryThreshold, 0xfe00)
self.assertEquals(instance.VirtualMemoryThreshold, 0xff0000fe)
return
def print_cb(self, memory_handler, instance, address):
"""
Callback function called by AnyOffsetRecordSearcher when an instance is found
:param memory_handler:
:param instance:
:param address:
:return:
"""
py_results = haystack.output_to_python(memory_handler, [(instance, address)])
for x, addr in py_results:
heap_not_at_start = ' '
m = memory_handler.get_mapping_for_address(addr)
if addr != m.start:
heap_not_at_start = ' (!)'
print 'HEAP at 0x%x%s\tsize: 0x%x map: %s' % (addr, heap_not_at_start, len(m), m)
def print_cb(self, memory_handler, instance, address):
"""
Callback function called by AnyOffsetRecordSearcher when an instance is found
:param memory_handler:
:param instance:
:param address:
:return:
"""
py_results = haystack.output_to_python(memory_handler,
[(instance, address)])
for x, addr in py_results:
heap_not_at_start = ' '
m = memory_handler.get_mapping_for_address(addr)
if addr != m.start:
heap_not_at_start = ' (!)'
print 'HEAP at 0x%x%s\tsize: 0x%x map: %s' % (
addr, heap_not_at_start, len(m), m)
def test_refresh(self):
#handler = constraints.ConstraintsConfigHandler()
#my_constraints = handler.read('test/src/ctypes6.constraints')
#results = haystack.search_record(self.memory_handler, self.usual_structname, my_constraints)
# search struct_usual with constraints
results, validated = haystack.search.api.load_record(self.memory_handler, self.usual, self.address1)
# check the string output
retstr = haystack.output_to_string(self.memory_handler, [(results, validated)])
self.assertTrue(isinstance(retstr, str))
# string
#retstr = api.show_dumpname(self.usual_structname, self.memdumpname,
# self.address1, rtype='string')
self.assertIn(str(0x0aaaaaaa), retstr) # 0xaaaaaaa/178956970L
self.assertIn(str(0x0ffffff0), retstr)
self.assertIn('"val2b": 0L,', retstr)
self.assertIn('"val1b": 0L,', retstr)
# usual->root.{f,b}link = &node1->list; # offset list is (wordsize) bytes
## TU results based on __book
node1_list_addr = hex(self.address2 + self.my_target.get_word_size())
self.assertIn('"flink": { # <struct_entry at %s' % node1_list_addr, retstr)
self.assertIn('"blink": { # <struct_entry at %s' % node1_list_addr, retstr)
## TU results based on direct access
#node1_list_addr = self.address2 + self.my_target.get_word_size()
#self.assertIn('"flink": 0x%0.8x' % node1_list_addr, retstr)
#self.assertIn('"blink": 0x%0.8x' % node1_list_addr, retstr)
# python
usuals = haystack.output_to_python(self.memory_handler, [(results, validated)])
usual, validated = usuals[0]
self.assertEquals(validated, True)
self.assertEquals(usual.val1, 0x0aaaaaaa)
self.assertEquals(usual.val2, 0x0ffffff0)
self.assertEquals(usual.txt, 'This a string with a test this is a test '
'string')
# so now we got python objects
# that is node 1
self.assertIsNotNone(usual.root.flink)
self.assertEquals(usual.root.flink, usual.root.blink)
#print usual.root.flink
# that is node2
self.assertEquals(usual.root.blink.flink, usual.root.flink.flink)
# that is None (root.flink = root.blink)
self.assertIsNone(usual.root.blink.blink)
self.assertIsNone(usual.root.flink.blink)
# that is None per design UT
self.assertIsNone(usual.root.blink.flink.flink)
# python 2 struct Node
results, validated = haystack.search.api.load_record(self.memory_handler, self.node, self.address2)
node1s = haystack.output_to_python(self.memory_handler, [(results, validated)])
node1, validated = node1s[0]
self.assertEquals(validated, True)
self.assertEquals(node1.val1, 0xdeadbeef)
self.assertEquals(node1.val2, 0xffffffff)
results, validated = haystack.search.api.load_record(self.memory_handler, self.node, self.address3)
node2s = haystack.output_to_python(self.memory_handler, [(results, validated)])
node2, validated = node2s[0]
self.assertEquals(validated, True)
self.assertEquals(node2.val1, 0xdeadbabe)
self.assertEquals(node2.val2, 0xffffffff)
self.assertIsNotNone(usual.root.flink)
# FIXME this was assertNotEquals. Why would the python obj be equals now ?
# but we have different instances/references between calls to
# show_dumpname
self.assertEquals(usual.root.flink, node1.list)
self.assertEquals(usual.root.blink.flink, node2.list)
