示例#1
0
    def _make_mmap_with_values(self, intervals, struct_offset=None):
        """
         Make a memory map, with a fake structure of pointer pattern inside.
        Return the pattern signature

        :param intervals:
        :param struct_offset:
        :return:
        """
        # template of a memory map metadata
        self._mstart = 0x0c00000
        self._mlength = 4096  # end at (0x0c01000)
        # could be 8, it doesn't really matter
        self.word_size = self.target.get_word_size()
        if struct_offset is not None:
            self._struct_offset = struct_offset
        else:
            self._struct_offset = self.word_size * 12  # 12, or any other aligned
        mmap, values = self._make_mmap(0x0c00000, 4096, self._struct_offset,
                                       intervals, self.word_size)
        # add a reference to mmap in mmap2
        ammap2 = AMemoryMapping(0xff7dc000, 0xff7dc000 + 0x1000, '-rwx', 0, 0,
                                0, 0, 'test_mmap2')
        ammap2.set_ctypes(self.target.get_target_ctypes())
        mmap2 = LocalMemoryMapping.fromBytebuffer(ammap2,
                                                  mmap.get_byte_buffer())
        self._memory_handler = MemoryHandler([mmap, mmap2], self.target,
                                             'test')
        self.mmap2 = mmap2
        return mmap, values
    def _make_mmap_with_values(self, intervals, struct_offset=None):
        """
         Make a memory map, with a fake structure of pointer pattern inside.
        Return the pattern signature

        :param intervals:
        :param struct_offset:
        :return:
        """
        # template of a memory map metadata
        self._mstart = 0x0c00000
        self._mlength = 4096  # end at (0x0c01000)
        # could be 8, it doesn't really matter
        self.word_size = self.target.get_word_size()
        if struct_offset is not None:
            self._struct_offset = struct_offset
        else:
            self._struct_offset = self.word_size*12 # 12, or any other aligned
        mmap,values = self._make_mmap(0x0c00000, 4096, self._struct_offset,
                               intervals, self.word_size)
        # add a reference to mmap in mmap2
        ammap2 = AMemoryMapping(0xff7dc000, 0xff7dc000+0x1000, '-rwx', 0, 0, 0, 0, 'test_mmap2')
        mmap2 = LocalMemoryMapping.fromBytebuffer(ammap2, mmap.get_byte_buffer())
        mmap2.set_target_platform(self.target)
        self._memory_handler = MemoryHandler([mmap, mmap2], self.target, 'test')
        self.mmap2 = mmap2
        return mmap, values
示例#3
0
    def _make_mmap(self, mstart, mlength, struct_offset, seq, word_size):
        '''Create memory mapping with some pointer values at specific
        intervals. '''
        nsig = [struct_offset]
        nsig.extend(seq)
        # rewrite intervals indices to offsets from start
        indices = [i for i in self._accumulate(nsig)]
        dump = []  # b''
        values = []
        fmt = self.config.get_word_type_char()
        # write a memory map with valid pointer address in specifics offsets.
        for i in range(0, mlength, word_size):
            if i in indices:
                log.debug('Insert word %x at 0x%x',mstart + i,mstart + i)
                dump.append(struct.pack(fmt, mstart + i))
                values.append(mstart + i)
            else:
                dump.append(struct.pack(fmt, 0x2e2e2e2e2e2e2e2e))

        if len(dump) != mlength / word_size:
            raise ValueError('error 1 on length dump %d ' % (len(dump)))
        dump2 = ''.join(dump)
        if len(dump) * word_size != len(dump2):
            print dump
            raise ValueError(
                'error 2 on length dump %d dump2 %d' %
                (len(dump), len(dump2)))
        stop = mstart + len(dump2)
        mmap = MemoryMapping(mstart, stop, '-rwx', 0, 0, 0, 0, 'test_mmap')
        mmap2 = LocalMemoryMapping.fromBytebuffer(mmap, dump2)
        mmap2.init_config(self.config)
        return mmap2, values
示例#4
0
    def _load_memory_mappings(self):
        """ make the python objects"""
        self.mappings = Mappings(None, self.dumpname)
        for _start, _end, permissions, offset, devices, inode, mmap_pathname in self.metalines:
            start, end = int(_start, 16), int(_end, 16)
            offset = int(offset, 16)
            inode = int(inode)
            # rebuild filename
            mmap_fname = "%s-%s" % (_start, _end)
            # get devices nums
            major_device, minor_device = devices.split(':')
            major_device = int(major_device, 16)
            minor_device = int(minor_device, 16)
            log.debug('Loading %s - %s' % (mmap_fname, mmap_pathname))
            # open the file in the archive
            try:
                mmap_content_file = self._protected_open_file(
                    mmap_fname,
                    mmap_pathname)
            except (IOError, KeyError) as e:
                log.debug('Ignore absent file : %s' % (e))
                mmap = MemoryMapping(start, end, permissions, offset,
                                     major_device, minor_device, inode, pathname=mmap_pathname)
                self.mappings.append(mmap)
                continue
            # except ValueError,e: # explicit non-loading
            #    log.debug('Ignore useless file : %s'%(e))
            #    mmap = MemoryMapping(start, end, permissions, offset,
            #                                                    major_device, minor_device, inode,pathname=mmap_pathname)
            #    self.mappings.append(mmap)
            #    continue
            except LazyLoadingException as e:
                mmap = FilenameBackedMemoryMapping(e._filename, start, end, permissions, offset,
                                                   major_device, minor_device, inode, pathname=mmap_pathname)
                self.mappings.append(mmap)
                continue

            if isinstance(self.archive, zipfile.ZipFile):  # ZipExtFile is lame
                log.warning(
                    'Using a local memory mapping . Zipfile sux. thx ruby.')
                mmap = MemoryMapping(start, end, permissions, offset,
                                     major_device, minor_device, inode, pathname=mmap_pathname)
                mmap = LocalMemoryMapping.fromBytebuffer(
                    mmap,
                    mmap_content_file.read())
            # use file mmap when file is too big
            elif end - start > config.MAX_MAPPING_SIZE_FOR_MMAP:
                log.warning('Using a file backed memory mapping. no mmap in memory for this memorymap (%s).' % (mmap_pathname) +
                            ' Search will fail. Buffer is needed.')
                mmap = FileBackedMemoryMapping(mmap_content_file, start, end, permissions, offset,
                                               major_device, minor_device, inode, pathname=mmap_pathname)
            else:
                log.debug('Using a MemoryDumpMemoryMapping. small size')
                mmap = MemoryDumpMemoryMapping(mmap_content_file, start, end, permissions, offset,
                                               major_device, minor_device, inode, pathname=mmap_pathname)
            self.mappings.append(mmap)
        self.mappings.init_config(cpu=self._cpu_bits, os_name=self._os_name)
        return
示例#5
0
 def mmap(self):
     """
      mmap-ed access gives a 20% perf increase on by tests
     :return:
     """
     # DO NOT USE ptrace.process.readArray on 64 bits.
     # It breaks stuff.
     # probably a bad cast statement on c_char_p
     # FIXME: the big perf increase is now gone. Howto cast pointer to bytes
     # into my_ctypes array ?
     if not self.is_mmaped():
         self._local_mmap_content = self._utils.bytes2array(self._process().read_bytes(self.start, len(self)), self._ctypes.c_ubyte)
         log.debug('type array %s' % (type(self._local_mmap_content)))
         self._local_mmap = LocalMemoryMapping.fromAddress(self, self._ctypes.addressof(self._local_mmap_content))
         self._base = self._local_mmap
     return self._local_mmap
示例#6
0
 def mmap(self):
     """
      mmap-ed access gives a 20% perf increase on by tests
     :return:
     """
     # DO NOT USE ptrace.process.readArray on 64 bits.
     # It breaks stuff.
     # probably a bad cast statement on c_char_p
     # FIXME: the big perf increase is now gone. Howto cast pointer to bytes
     # into my_ctypes array ?
     if not self.isMmaped():
         self._local_mmap_content = self._utils.bytes2array(self._process().read_bytes(self.start, len(self)), self._ctypes.c_ubyte)
         log.debug('type array %s' % (type(self._local_mmap_content)))
         self._local_mmap = LocalMemoryMapping.fromAddress(self, self._ctypes.addressof(self._local_mmap_content))
         self._base = self._local_mmap
     return self._local_mmap
示例#7
0
 def mmap(self):
     """ mmap-ed access gives a 20% perf increase on by tests """
     # DO NOT USE ptrace.process.readArray on 64 bits.
     # It breaks stuff.
     # probably a bad cast statement on c_char_p
     # FIXME: the big perf increase is now gone. Howto cast pointer to bytes
     # into my_ctypes array ?
     my_ctypes = self._target_platform.get_target_ctypes()
     my_utils = self._target_platform.get_target_ctypes_utils()
     if not self.isMmaped():
         # self._process().readArray(self.start, my_ctypes.c_ubyte, len(self) ) # keep ref
         # self._local_mmap_content = self._process().readArray(self.start,
         # my_ctypes.c_ubyte, len(self) ) # keep ref
         self._local_mmap_content = my_utils.bytes2array(
             self._process().readBytes(self.start, len(self)), my_ctypes.c_ubyte
         )
         log.debug("type array %s" % (type(self._local_mmap_content)))
         self._local_mmap = LocalMemoryMapping.fromAddress(self, my_ctypes.addressof(self._local_mmap_content))
         self._base = self._local_mmap
     return self._local_mmap
示例#8
0
    def _make_mmap(self, mstart, mlength, struct_offset, seq, word_size):
        """
        Create memory mapping with some pointer values at specific
        intervals.
        :param mstart:
        :param mlength:
        :param struct_offset:
        :param seq:
        :param word_size:
        :return:
        """
        nsig = [struct_offset]
        nsig.extend(seq)
        # rewrite intervals indices to offsets from start
        indices = [i for i in self._accumulate(nsig)]
        dump = []  # b''
        values = []
        fmt = self.target.get_word_type_char()
        # write a memory map with valid pointer address in specifics offsets.
        for i in range(0, mlength, word_size):
            if i in indices:
                log.debug('Insert word %x at 0x%x',mstart + i,mstart + i)
                dump.append(struct.pack(fmt, mstart + i))
                values.append(mstart + i)
            else:
                dump.append(struct.pack(fmt, 0x2e2e2e2e2e2e2e2e))

        if len(dump) != mlength // word_size:
            raise ValueError('error 1 on length dump %d ' % (len(dump)))
        dump2 = b''.join(dump)
        if len(dump) * word_size != len(dump2):
            print(dump)
            raise ValueError(
                'error 2 on length dump %d dump2 %d' %
                (len(dump), len(dump2)))
        stop = mstart + len(dump2)
        mmap = AMemoryMapping(mstart, stop, '-rwx', 0, 0, 0, 0, 'test_mmap')
        mmap.set_ctypes(self.target.get_target_ctypes())
        mmap2 = LocalMemoryMapping.fromBytebuffer(mmap, dump2)
        # mmap2.set_ctypes(self.target.get_target_ctypes())
        return mmap2, values
示例#9
0
 def mmap(self):
     ''' mmap-ed access gives a 20% perf increase on by tests '''
     # DO NOT USE ptrace.process.readArray on 64 bits.
     # It breaks stuff.
     # probably a bad cast statement on c_char_p
     # FIXME: the big perf increase is now gone. Howto cast pointer to bytes
     # into my_ctypes array ?
     my_ctypes = self._target_platform.get_target_ctypes()
     my_utils = self._target_platform.get_target_ctypes_utils()
     if not self.isMmaped():
         # self._process().readArray(self.start, my_ctypes.c_ubyte, len(self) ) # keep ref
         # self._local_mmap_content = self._process().readArray(self.start,
         # my_ctypes.c_ubyte, len(self) ) # keep ref
         self._local_mmap_content = my_utils.bytes2array(
             self._process().readBytes(self.start, len(self)),
             my_ctypes.c_ubyte)
         log.debug('type array %s' % (type(self._local_mmap_content)))
         self._local_mmap = LocalMemoryMapping.fromAddress(
             self, my_ctypes.addressof(self._local_mmap_content))
         self._base = self._local_mmap
     return self._local_mmap
示例#10
0
    def _load_memory_mappings(self):
        """ make the python objects"""
        _mappings = []
        for mmap_fname, start, end, permissions, offset, major_device, minor_device, inode, pathname in self.metalines:
            log.debug('Loading %s - %s' % (mmap_fname, pathname))
            # open the file in the archive
            try:
                mmap_content_file = self._protected_open_file(mmap_fname, pathname)
            except (IOError, KeyError) as e:
                log.debug('Ignore absent file : %s' % (e))
                mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
                _mappings.append(mmap)
                continue
            except LazyLoadingException as e:
                mmap = FilenameBackedMemoryMapping(e._filename, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
                _mappings.append(mmap)
                continue

            if isinstance(self.archive, zipfile.ZipFile):  # ZipExtFile is lame
                log.warning(
                    'Using a local memory mapping . Zipfile sux. thx ruby.')
                mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
                mmap = LocalMemoryMapping.fromBytebuffer(
                    mmap,
                    mmap_content_file.read())
            # use file mmap when file is too big
            elif end - start > haystack.MAX_MAPPING_SIZE_FOR_MMAP:
                log.warning('Using a file backed memory mapping. no mmap in memory for this memorymap (%s).' % (pathname) +
                            ' Search will fail. Buffer is needed.')
                mmap = FileBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
            else:
                # log.debug('Using a MemoryDumpMemoryMapping. small size')
                # mmap = MemoryDumpMemoryMapping(mmap_content_file, start, end, permissions, offset,
                log.debug('Always use FilenameBackedMemoryMapping. small size')
                mmap = FilenameBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
            _mappings.append(mmap)
        _target_platform = target.TargetPlatform(_mappings, cpu_bits=self._cpu_bits, os_name=self._os_name)
        self._memory_handler = MemoryHandler(_mappings, _target_platform, self.dumpname)
        return
示例#11
0
    def _load_memory_mappings(self):
        """ make the python objects"""
        _mappings = []
        for mmap_fname, start, end, permissions, offset, major_device, minor_device, inode, pathname in self.metalines:
            log.debug('Loading %s - %s' % (mmap_fname, pathname))
            # open the file in the archive
            try:
                mmap_content_file = self._protected_open_file(mmap_fname, pathname)
            except (IOError, KeyError) as e:
                log.debug('Ignore absent file : %s' % (e))
                mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
                _mappings.append(mmap)
                continue
            except LazyLoadingException as e:
                mmap = FilenameBackedMemoryMapping(e._filename, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
                _mappings.append(mmap)
                continue

            if isinstance(self.archive, zipfile.ZipFile):  # ZipExtFile is lame
                log.warning(
                    'Using a local memory mapping . Zipfile sux. thx ruby.')
                mmap = AMemoryMapping(start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
                mmap = LocalMemoryMapping.fromBytebuffer(mmap, mmap_content_file.read())
            # use file mmap when file is too big
            elif end - start > haystack.MAX_MAPPING_SIZE_FOR_MMAP:
                log.warning('Using a file backed memory mapping. no mmap in memory for this memorymap (%s).' % (pathname) +
                            ' Search will fail. Buffer is needed.')
                mmap = FileBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
            else:
                # log.debug('Using a MemoryDumpMemoryMapping. small size')
                # mmap = MemoryDumpMemoryMapping(mmap_content_file, start, end, permissions, offset,
                log.debug('Always use FilenameBackedMemoryMapping. small size')
                mmap = FilenameBackedMemoryMapping(mmap_content_file.name, start, end, permissions, offset, major_device, minor_device, inode, pathname=pathname)
            _mappings.append(mmap)
        _target_platform = target.TargetPlatform(_mappings, cpu_bits=self._cpu_bits, os_name=self._os_name)
        self._memory_handler = MemoryHandler(_mappings, _target_platform, self.dumpname)
        return