示例#1
0
 def handle_memtrace(self, event):
     eip = PyFlxInstrument.registers()["eip"]
     if event.writes:
         self.log("Write: 0x%x , Addr: 0x%x, BBL: 0x%x" %
                  (event.value, event.addr, eip))
     else:
         self.log("Read:  0x%x , Addr: 0x%x, BBL: 0x%x" %
                  (event.value, event.addr, eip))
示例#2
0
	def __init__(self, fromaddr, toaddr, nextaddr, process):
		self.fromaddr = fromaddr
		self.toaddr   = toaddr
		self.nextaddr = nextaddr
		self.process = process

		self.entrystate = PyFlxInstrument.registers()
		self.exitstate = None
		self.return_callbacks = []

		self.dllname = None
		self.name = None
示例#3
0
文件: process.py 项目: pleed/pyqemu
	def handle_syscall(self, syscall):
		# NtCreateThread
		syscall_name = syscalls.getSyscallByNumber(syscall.number)
		if syscall_name is not None:
			if syscall_name == "NtTerminateProcess":
				self.os.terminating_processes.append((self,PyFlxInstrument.registers()["cr3"]))
				self.log(syscall_name)
				self.thread.terminate()
				self.logger.shutdown(self)
			if syscall_name == "NtCreateThread":
				self.logger.info("Creating Thread")
				self.log(syscall_name)
			if syscall_name == "NtTerminateThread":
				self.logger.info("Thread %d terminated"%self.cur_tid)
				self.log(syscall_name)
				self.thread.terminate()
			if syscall_name == "NtCreateProcess" or syscall_name == "NtCreateProcessEx":
				self.logger.info("New Process has been created by %s"%self.name)
				self.log(syscall_name)
示例#4
0
 def handle_syscall(self, syscall):
     # NtCreateThread
     syscall_name = syscalls.getSyscallByNumber(syscall.number)
     if syscall_name is not None:
         if syscall_name == "NtTerminateProcess":
             self.os.terminating_processes.append(
                 (self, PyFlxInstrument.registers()["cr3"]))
             self.log(syscall_name)
             self.thread.terminate()
             self.logger.shutdown(self)
         if syscall_name == "NtCreateThread":
             self.logger.info("Creating Thread")
             self.log(syscall_name)
         if syscall_name == "NtTerminateThread":
             self.logger.info("Thread %d terminated" % self.cur_tid)
             self.log(syscall_name)
             self.thread.terminate()
         if syscall_name == "NtCreateProcess" or syscall_name == "NtCreateProcessEx":
             self.logger.info("New Process has been created by %s" %
                              self.name)
             self.log(syscall_name)
示例#5
0
 def caballero_enable(self, min_icount, threshold):
     PyFlxInstrument.caballero_enable(min_icount, threshold)
示例#6
0
	def vmem_read(self, n):
		return PyFlxInstrument.vmem_read(n, 4096)
示例#7
0
 def filter_filtered(self, addr):
     return PyFlxInstrument.filtered(addr)
示例#8
0
 def filter_add(self, start, stop):
     PyFlxInstrument.filter_add(start, stop)
示例#9
0
	def caballero_disable(self):
		PyFlxInstrument.caballero_disable()
示例#10
0
	def set_context(self, pid, tid):
		PyFlxInstrument.set_context(pid, tid)
示例#11
0
 def functionentropy_enable(self, threshold):
     PyFlxInstrument.functionentropy_enable(threshold)
示例#12
0
	def filter_del(self, start, end):
		PyFlxInstrument.filter_del(start, stop)
示例#13
0
 def functiontrace_disable(self):
     PyFlxInstrument.functiontrace_disable()
示例#14
0
 def set_context(self, pid, tid):
     PyFlxInstrument.set_context(pid, tid)
示例#15
0
 def arithwindow_disable(self):
     PyFlxInstrument.arithwindow_disable()
示例#16
0
 def arithwindow_enable(self, window_size, threshold):
     PyFlxInstrument.arithwindow_enable(window_size, threshold)
示例#17
0
 def caballero_disable(self):
     PyFlxInstrument.caballero_disable()
示例#18
0
	def memtrace_disable(self):
		PyFlxInstrument.memtrace_disable()
示例#19
0
 def functionentropy_disable(self):
     PyFlxInstrument.functionentropy_disable()
示例#20
0
	def filter_disable(self):
		PyFlxInstrument.filter_disable()
示例#21
0
 def codesearch_enable(self):
     PyFlxInstrument.codesearch_enable()
示例#22
0
	def bbltrace_disable(self):
		PyFlxInstrument.bbltrace_disable()
示例#23
0
 def constsearch_pattern(self, pattern):
     PyFlxInstrument.constsearch_pattern(pattern)
示例#24
0
	def arithwindow_disable(self):
		PyFlxInstrument.arithwindow_disable()
示例#25
0
 def constsearch_disable(self):
     PyFlxInstrument.constsearch_disable()
示例#26
0
	def functionentropy_disable(self):
		PyFlxInstrument.functionentropy_disable()
示例#27
0
	def syscall_hook(self, number):
		PyFlxInstrument.syscall_hook(number)
示例#28
0
	def breakpoint_insert(self, addr):
		PyFlxInstrument.breakpoint_insert(addr)
示例#29
0
	def dump_enable(self, path):
		PyFlxInstrument.dump_enable(path)
示例#30
0
 def constsearch_search(self):
     PyFlxInstrument.constsearch_search()
示例#31
0
 def bbltrace_disable(self):
     PyFlxInstrument.bbltrace_disable()
示例#32
0
	def deactivate(self):
		PyFlxInstrument.set_instrumentation_active(0)
示例#33
0
 def breakpoint_insert(self, addr):
     PyFlxInstrument.breakpoint_insert(addr)
示例#34
0
	def dump_disable(self):
		PyFlxInstrument.dump_disable()
示例#35
0
 def breakpoint_delete(self, addr):
     PyFlxInstrument.breakpoint_delete(addr)
示例#36
0
	def read_process(self, process, address, len):
		try:
			return PyFlxInstrument.vmem_read_process(process.cr3, address, len)
		except RuntimeError:
			return None
示例#37
0
 def addBreakpoint(self, addr, handler):
     if not self.has_key(addr):
         self[addr] = set([])
         PyFlxInstrument.breakpoint_insert(addr)
     self[addr].add(handler)
示例#38
0
	def retranslate(self):
		PyFlxInstrument.retranslate()
示例#39
0
 def register(self, register):
     regs = PyFlxInstrument.registers()
     return regs[register]
示例#40
0
	def filter_add(self, start, stop):
		PyFlxInstrument.filter_add(start, stop)
示例#41
0
 def creg(self, register):
     return PyFlxInstrument.creg(register)
示例#42
0
	def filter_filtered(self, addr):
		return PyFlxInstrument.filtered(addr)
示例#43
0
 def eip(self):
     return PyFlxInstrument.eip()
示例#44
0
	def caballero_enable(self, min_icount, threshold):
		PyFlxInstrument.caballero_enable(min_icount, threshold)
示例#45
0
 def genreg(self, index):
     return PyFlxInstrument.genreg(index)
示例#46
0
	def arithwindow_enable(self, window_size, threshold):
		PyFlxInstrument.arithwindow_enable(window_size, threshold)
示例#47
0
 def delBreakpoint(self, addr, handler):
     for addr, hash in self.items():
         if not self[addr].isdisjoint([handler]):
             self[addr] = self[addr] - set([handler])
         if len(self[addr]) == 0:
             PyFlxInstrument.breakpoint_delete(addr)
示例#48
0
	def functiontrace_disable(self):
		PyFlxInstrument.functiontrace_disable()
示例#49
0
	def constsearch_pattern(self, pattern):
		PyFlxInstrument.constsearch_pattern(pattern)
示例#50
0
	def functionentropy_enable(self, threshold):
		PyFlxInstrument.functionentropy_enable(threshold)
示例#51
0
	def activate(self, pid, tid, procname):
		PyFlxInstrument.set_instrumentation_active(1)
		PyFlxInstrument.set_context(pid,tid, str(procname))
示例#52
0
	def codesearch_enable(self):
		PyFlxInstrument.codesearch_enable()
示例#53
0
 def filter_del(self, start, end):
     PyFlxInstrument.filter_del(start, stop)
示例#54
0
	def constsearch_disable(self):
		PyFlxInstrument.constsearch_disable()
示例#55
0
	def doReturn(self):
		self.exitstate = PyFlxInstrument.registers()
		for callback in self.return_callbacks:
			callback(self)
示例#56
0
	def constsearch_search(self):
		PyFlxInstrument.constsearch_search()
示例#57
0
	def retval(self):
		self.exitstate = PyFlxInstrument.registers()
		return self.exitstate["eax"]
示例#58
0
	def breakpoint_delete(self, addr):
		PyFlxInstrument.breakpoint_delete(addr)
示例#59
0
 def filter_disable(self):
     PyFlxInstrument.filter_disable()