def do_writemem(self, *args):
"""
Write a character array to a location in a process's memory.
The SandKit "ps" command will list pids/processes.
The SandKit "readmem" command can be used to display the memory region
before and after.
Usage:
writemem <pid> <address> <string to write to memory>
Example:
writemem 2764 0x7c900000 "\\x90\\x90\\x90\\x90"
or
writemem 2764 0x7c900000 "This is a test."
Note: Please do "all or nothing". In other words, please
don't mix and match excaped bytes with non-escaped
bytes in the string like: "\\x90ABCDEF\\x90"
"""
args = self.checkargs(args, 3)
if args == None:
return
if args[2].__contains__('\\x'): #handle escaped bytes
args[2] = args[2].replace('"', '')
args[2] = args[2].replace('\'', '')
args[2] = args[2].replace('\\x', ' ').split(' ')
i = 0
for x in args[2]:
if x == '':
args[2].__delitem__(i)
i += 1
args[2] = ''.join([struct.pack("B", int(x, 16)) for x in args[2]])
#print repr(args)
#print len(args[2])
if args[1].__contains__("0x"): #python f*****g sucks sometimes
args[1] = int(args[1], 16) #so we have to do this
# If you are wondering why all the attaches and reattaches
# I just want to make sure that everything is "fresh"
# I was encoutering bugs where not doing so would cause problems.
dbg1 = litedbg.LiteDbg(int(args[0]))
buf = dbg1.read_memory(int(args[1]), len(args[2]))
print "----------------------"
print "MEMORY BEFORE CHANGES:"
print "----------------------"
litedbg.hexdump(buf)
del (dbg1)
dbg2 = litedbg.LiteDbg(int(args[0]))
dbg2.write_memory(int(args[1]), args[2])
del (dbg2)
dbg3 = litedbg.LiteDbg(int(args[0]))
buf = dbg3.read_memory(int(args[1]), len(args[2]))
print "---------------------"
print "MEMORY AFTER CHANGES:"
print "---------------------"
litedbg.hexdump(buf)
del (dbg3)
def do_writemem(self, *args):
"""
Write a character array to a location in a process's memory.
The SandKit "ps" command will list pids/processes.
The SandKit "readmem" command can be used to display the memory region
before and after.
Usage:
writemem <pid> <address> <string to write to memory>
Example:
writemem 2764 0x7c900000 "\\x90\\x90\\x90\\x90"
or
writemem 2764 0x7c900000 "This is a test."
Note: Please do "all or nothing". In other words, please
don't mix and match excaped bytes with non-escaped
bytes in the string like: "\\x90ABCDEF\\x90"
"""
args = self.checkargs(args, 3)
if args == None:
return
if args[2].__contains__('\\x'): #handle escaped bytes
args[2] = args[2].replace('"',''); args[2] = args[2].replace('\'','')
args[2] = args[2].replace('\\x',' ').split(' ')
i = 0
for x in args[2]:
if x == '':
args[2].__delitem__(i)
i+=1
args[2] = ''.join([struct.pack("B",int(x,16)) for x in args[2]])
#print repr(args)
#print len(args[2])
if args[1].__contains__("0x"): #python f*****g sucks sometimes
args[1] = int(args[1],16) #so we have to do this
# If you are wondering why all the attaches and reattaches
# I just want to make sure that everything is "fresh"
# I was encoutering bugs where not doing so would cause problems.
dbg1 = litedbg.LiteDbg(int(args[0]))
buf = dbg1.read_memory(int(args[1]), len(args[2]))
print "----------------------"
print "MEMORY BEFORE CHANGES:"
print "----------------------"
litedbg.hexdump(buf)
del(dbg1)
dbg2 = litedbg.LiteDbg(int(args[0]))
dbg2.write_memory(int(args[1]), args[2])
del(dbg2)
dbg3 = litedbg.LiteDbg(int(args[0]))
buf = dbg3.read_memory(int(args[1]), len(args[2]))
print "---------------------"
print "MEMORY AFTER CHANGES:"
print "---------------------"
litedbg.hexdump(buf)
del(dbg3)
def do_readmem(self, *args):
"""
Read and display memory from a process.
The SandKit "ps" command will list pids/processes.
Usage:
readmem <pid> <address> <length in bytes>
Example:
readmem 2764 0x7c900000 20
"""
args = self.checkargs(args, 3)
if args == None:
return
if args[1].__contains__("0x"): #python f*****g sucks sometimes
args[1] = int(args[1], 16) #so we have to do this
dbg1 = litedbg.LiteDbg(int(args[0]))
buf = dbg1.read_memory(int(args[1]), int(args[2]))
litedbg.hexdump(buf)
del (dbg1)
def do_readmem(self, *args):
"""
Read and display memory from a process.
The SandKit "ps" command will list pids/processes.
Usage:
readmem <pid> <address> <length in bytes>
Example:
readmem 2764 0x7c900000 20
"""
args = self.checkargs(args, 3)
if args == None:
return
if args[1].__contains__("0x"): #python f*****g sucks sometimes
args[1] = int(args[1],16) #so we have to do this
dbg1 = litedbg.LiteDbg(int(args[0]))
buf = dbg1.read_memory(int(args[1]), int(args[2]))
litedbg.hexdump(buf)
del(dbg1)
def do_copymem(self, *args):
"""
Copy memory regions from one process into another.
Usage:
copymem <source-pid> <address> <length in bytes> <target-pid> <address>
Example:
copymem 3000 0x7c885000 5 3001 0x7c885000
"""
args = self.checkargs(args, 5)
if args == None:
return
if args[1].__contains__("0x"): #python f*****g sucks sometimes
args[1] = int(args[1], 16) #so we have to do this
if args[4].__contains__("0x"): #python f*****g sucks sometimes
args[4] = int(args[4], 16) #so we have to do this
dbg1 = litedbg.LiteDbg(int(args[0]))
dbg2 = litedbg.LiteDbg(int(args[3]))
try:
buf1 = dbg1.read_memory(int(args[1]), int(args[2]))
except:
print "Memory read error."
return
try:
buf2 = dbg2.read_memory(int(args[1]), int(args[2]))
except:
print "Memory read error."
return
print "------------------------------------------"
print "MEMORY FROM SOURCE PID: %d @0x%08X" % (dbg1.pid, int(args[1]))
print "------------------------------------------"
litedbg.hexdump(buf1)
print "----------------------------------------------"
print "MEMORY FROM DEST PID %d @0x%08X (before)" % (dbg2.pid,
int(args[4]))
print "----------------------------------------------"
litedbg.hexdump(buf2)
try:
dbg2.write_memory(int(args[4]), buf1)
except:
print "Memory write error."
return
dbg3 = litedbg.LiteDbg(int(args[3]))
buf2 = dbg3.read_memory(int(args[4]), int(args[2]))
print "----------------------------------------------"
print "MEMORY FROM DEST PID %d @0x%08X (after)" % (dbg2.pid,
int(args[4]))
print "----------------------------------------------"
litedbg.hexdump(buf2)
del (dbg1)
del (dbg2)
del (dbg3)
def do_copymem(self, *args):
"""
Copy memory regions from one process into another.
Usage:
copymem <source-pid> <address> <length in bytes> <target-pid> <address>
Example:
copymem 3000 0x7c885000 5 3001 0x7c885000
"""
args = self.checkargs(args, 5)
if args == None:
return
if args[1].__contains__("0x"): #python f*****g sucks sometimes
args[1] = int(args[1],16) #so we have to do this
if args[4].__contains__("0x"): #python f*****g sucks sometimes
args[4] = int(args[4],16) #so we have to do this
dbg1 = litedbg.LiteDbg(int(args[0]))
dbg2 = litedbg.LiteDbg(int(args[3]))
try:
buf1 = dbg1.read_memory(int(args[1]), int(args[2]))
except:
print "Memory read error."
return
try:
buf2 = dbg2.read_memory(int(args[1]), int(args[2]))
except:
print "Memory read error."
return
print "------------------------------------------"
print "MEMORY FROM SOURCE PID: %d @0x%08X" % (dbg1.pid, int(args[1]))
print "------------------------------------------"
litedbg.hexdump(buf1)
print "----------------------------------------------"
print "MEMORY FROM DEST PID %d @0x%08X (before)" % (dbg2.pid, int(args[4]))
print "----------------------------------------------"
litedbg.hexdump(buf2)
try:
dbg2.write_memory(int(args[4]), buf1)
except:
print "Memory write error."
return
dbg3 = litedbg.LiteDbg(int(args[3]))
buf2 = dbg3.read_memory(int(args[4]), int(args[2]))
print "----------------------------------------------"
print "MEMORY FROM DEST PID %d @0x%08X (after)" % (dbg2.pid, int(args[4]))
print "----------------------------------------------"
litedbg.hexdump(buf2)
del(dbg1)
del(dbg2)
del(dbg3)
