def is_address_local(self, obj, structType=None):
"""
Costly , checks if obj is mapped to local memory space.
Returns the memory mapping if found.
False, otherwise.
"""
addr = self.get_pointee_address(obj)
log.debug('get_pointee_address returned %x',addr)
if addr == 0:
return False
# maintain a cache to improve performance.
# if not found in cache, try to reload local process memory space.
# the pointer memory space could have been allocated recently.
# the calling function is most certainly going to fail anyway
if self.__local_process_memory_handler is not None:
ret = self.__local_process_memory_handler.is_valid_address(obj, structType)
if ret:
return ret
class P:
pid = os.getpid()
# we need that for the machine arch read.
def readBytes(self, addr, size):
return self.__ctypes.string_at(addr, size)
# loading dependencies
from haystack.mappings.process import readProcessMappings
memory_handler = readProcessMappings(P()) # memory_mapping
self.__local_process_memory_handler = memory_handler
return self.__local_process_memory_handler.is_valid_address(obj, structType)
def is_address_local(self, obj, structType=None):
"""
Costly , checks if obj is mapped to local memory space.
Returns the memory mapping if found.
False, otherwise.
"""
addr = self.get_pointee_address(obj)
log.debug('get_pointee_address returned %x', addr)
if addr == 0:
return False
# maintain a cache to improve performance.
# if not found in cache, try to reload local process memory space.
# the pointer memory space could have been allocated recently.
# the calling function is most certainly going to fail anyway
if self.__local_process_memory_handler is not None:
ret = self.__local_process_memory_handler.is_valid_address(
obj, structType)
if ret:
return ret
class P:
pid = os.getpid()
# we need that for the machine arch read.
def readBytes(self, addr, size):
return self.__ctypes.string_at(addr, size)
# loading dependencies
from haystack.mappings.process import readProcessMappings
memory_handler = readProcessMappings(P()) # memory_mapping
self.__local_process_memory_handler = memory_handler
return self.__local_process_memory_handler.is_valid_address(
obj, structType)
def test_is_address_local(self):
my_target = target.TargetPlatform.make_target_platform_local()
my_ctypes = my_target.get_target_ctypes()
my_utils = my_target.get_target_ctypes_utils()
ctypes5_gen64 = haystack.model.import_module_for_target_ctypes(
"test.src.ctypes5_gen64", my_ctypes)
# kinda chicken and egg here...
class P:
pid = os.getpid()
def readBytes(self, addr, size):
import ctypes
return ctypes.string_at(addr, size)
# one call
mappings = readProcessMappings(P())
m = mappings.get_mappings()[0]
# struct a - basic types
s = ctypes.sizeof(ctypes5_gen64.struct_a)
a = ctypes5_gen64.struct_a.from_address(m.start)
pa = my_ctypes.c_void_p(m.start)
ptr_a = my_ctypes.POINTER(ctypes5_gen64.struct_a)(a)
b = ctypes5_gen64.struct_a.from_address(m.end - s)
pb = my_ctypes.c_void_p(m.end - s)
ptr_b = my_ctypes.POINTER(ctypes5_gen64.struct_a)(b)
c = ctypes5_gen64.struct_a.from_address(m.end - 1)
pc = my_ctypes.c_void_p(m.end - 1)
ptr_c = my_ctypes.POINTER(ctypes5_gen64.struct_a)(c)
self.assertTrue(my_utils.is_address_local(pa, structType=None))
self.assertTrue(
my_utils.is_address_local(pa, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(ptr_a, structType=None))
self.assertTrue(
my_utils.is_address_local(ptr_a,
structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(pb, structType=None))
self.assertTrue(
my_utils.is_address_local(pb, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(ptr_b, structType=None))
self.assertTrue(
my_utils.is_address_local(ptr_b,
structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(pc, structType=None))
self.assertFalse(
my_utils.is_address_local(pc, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(ptr_c, structType=None))
self.assertFalse(
my_utils.is_address_local(ptr_c,
structType=ctypes5_gen64.struct_a))
def connectProcess(self):
"""Connect the debugguer to the process and gets the memory _memory_handler
metadata."""
self.dbg = dbg.PtraceDebugger()
self.process = self.dbg.addProcess(self._pid, is_attached=False)
if self.process is None:
log.error("Error initializing Process debugging for %d" % self._pid)
raise IOError
# ptrace exception is raised before that
self.mappings = readProcessMappings(self.process)
log.debug("_memory_handler read. Dropping ptrace on pid.")
return
def connectProcess(self):
"""Connect the debugguer to the process and gets the memory _memory_handler
metadata."""
self.dbg = dbg.PtraceDebugger()
self.process = self.dbg.addProcess(self._pid, is_attached=False)
if self.process is None:
log.error("Error initializing Process debugging for %d" %
self._pid)
raise IOError
# ptrace exception is raised before that
self.mappings = readProcessMappings(self.process)
log.debug('_memory_handler read. Dropping ptrace on pid.')
return
def test_is_address_local(self):
my_target = target.TargetPlatform.make_target_platform_local()
my_ctypes = my_target.get_target_ctypes()
my_utils = my_target.get_target_ctypes_utils()
ctypes5_gen64 = haystack.model.import_module_for_target_ctypes("test.src.ctypes5_gen64", my_ctypes)
# kinda chicken and egg here...
class P:
pid = os.getpid()
def readBytes(self, addr, size):
import ctypes
return ctypes.string_at(addr, size)
# one call
mappings = readProcessMappings(P())
m = mappings.get_mappings()[0]
# struct a - basic types
s = ctypes.sizeof(ctypes5_gen64.struct_a)
a = ctypes5_gen64.struct_a.from_address(m.start)
pa = my_ctypes.c_void_p(m.start)
ptr_a = my_ctypes.POINTER(ctypes5_gen64.struct_a)(a)
b = ctypes5_gen64.struct_a.from_address(m.end - s)
pb = my_ctypes.c_void_p(m.end - s)
ptr_b = my_ctypes.POINTER(ctypes5_gen64.struct_a)(b)
c = ctypes5_gen64.struct_a.from_address(m.end - 1)
pc = my_ctypes.c_void_p(m.end - 1)
ptr_c = my_ctypes.POINTER(ctypes5_gen64.struct_a)(c)
self.assertTrue(my_utils.is_address_local(pa, structType=None))
self.assertTrue(my_utils.is_address_local(pa, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(ptr_a, structType=None))
self.assertTrue(my_utils.is_address_local(ptr_a, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(pb, structType=None))
self.assertTrue(my_utils.is_address_local(pb, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(ptr_b, structType=None))
self.assertTrue(my_utils.is_address_local(ptr_b, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(pc, structType=None))
self.assertFalse(my_utils.is_address_local(pc, structType=ctypes5_gen64.struct_a))
self.assertTrue(my_utils.is_address_local(ptr_c, structType=None))
self.assertFalse(my_utils.is_address_local(ptr_c, structType=ctypes5_gen64.struct_a))
def _init_pid(pid, mmap):
if not isinstance(pid, (int, long)):
raise TypeError('PID should be a number')
dbg = PtraceDebugger()
process = dbg.addProcess(pid, is_attached=False)
if process is None:
log.error("Error initializing Process debugging for %d" % pid)
raise IOError
# ptrace exception is raised before that
_memory_handler = readProcessMappings(process)
t0 = time.time()
for m in _memory_handler:
if mmap:
# mmap memory in local space
m.mmap()
log.debug('mmap() : %d' % (len(m.mmap())))
if mmap:
# mmap done, we can release process...
process.cont()
log.info(
'MemoryHandler mmaped, process released after %02.02f secs' %
(time.time() - t0))
return _memory_handler
def is_address_local(obj, structType=None):
"""
Costly , checks if obj is mapped to local memory space.
Returns the memory mapping if found.
False, otherwise.
"""
addr = get_pointee_address(obj)
if addr == 0:
return False
class P:
pid = os.getpid()
# we need that for the machine arch read.
def readBytes(self, addr, size):
import ctypes
return ctypes.string_at(addr, size)
# loading dependencies
from haystack.mappings.process import readProcessMappings
mappings = readProcessMappings(P()) # memory_mapping
ret = mappings.is_valid_address(obj, structType)
return ret
def getMappings():
me = Dummy()
me.pid = os.getpid()
return readProcessMappings(me)
def getMappings():
me = Dummy()
me.pid = os.getpid()
return readProcessMappings(me)
def test_is_address_local(self):
ctypes = types.load_ctypes_default()
from test.src import ctypes5_gen64
# kinda chicken and egg here...
from haystack.mappings.process import readProcessMappings
import os
class P:
pid = os.getpid()
def readBytes(self, addr, size):
import ctypes
return ctypes.string_at(addr, size)
mappings = readProcessMappings(P())
m = mappings.mappings[0]
# struct a - basic types
s = ctypes.sizeof(ctypes5_gen64.struct_a)
a = ctypes5_gen64.struct_a.from_address(m.start)
pa = ctypes.c_void_p(m.start)
ptr_a = ctypes.POINTER(ctypes5_gen64.struct_a)(a)
b = ctypes5_gen64.struct_a.from_address(m.end - s)
pb = ctypes.c_void_p(m.end - s)
ptr_b = ctypes.POINTER(ctypes5_gen64.struct_a)(b)
c = ctypes5_gen64.struct_a.from_address(m.end - 1)
pc = ctypes.c_void_p(m.end - 1)
ptr_c = ctypes.POINTER(ctypes5_gen64.struct_a)(c)
self.assertTrue(utils.is_address_local(pa, structType=None))
self.assertTrue(
utils.is_address_local(
pa,
structType=ctypes5_gen64.struct_a))
self.assertTrue(utils.is_address_local(ptr_a, structType=None))
self.assertTrue(
utils.is_address_local(
ptr_a,
structType=ctypes5_gen64.struct_a))
self.assertTrue(utils.is_address_local(pb, structType=None))
self.assertTrue(
utils.is_address_local(
pb,
structType=ctypes5_gen64.struct_a))
self.assertTrue(utils.is_address_local(ptr_b, structType=None))
self.assertTrue(
utils.is_address_local(
ptr_b,
structType=ctypes5_gen64.struct_a))
self.assertTrue(utils.is_address_local(pc, structType=None))
self.assertFalse(
utils.is_address_local(
pc,
structType=ctypes5_gen64.struct_a))
self.assertTrue(utils.is_address_local(ptr_c, structType=None))
self.assertFalse(
utils.is_address_local(
ptr_c,
structType=ctypes5_gen64.struct_a))
