def tearDown(self):
super(SrcTests,self).tearDown()
self.memdumpname = None
self.validAddress = None
self.classname = None
self.known_heap = None
model.reset()
def tearDownClass(self): self.mappings = None self.finder = None self.found = None self.session_state = None from haystack import model model.reset() pass
def tearDown(self):
super(SrcTests,self).tearDown()
self.memdumpname = None
self.node_structname = None
self.usual_structname = None
self.address1 = None
self.address2 = None
self.address3 = None
model.reset()
def setUp(self):
model.reset()
self.memdumpname = 'test/dumps/ssh/ssh.1'
self.classname = 'sslsnoop.ctypes_openssh.session_state'
self.known_heaps = [(0xb84ee318, 0)
]
try:
import sslsnoop
except ImportError:
self.skipTest('sslsnoop not present')
def setUp(self):
model.reset()
self.validAddress = '0x7f724c90d740'
self.memdumpname = 'test/dumps/ssh/ssh.x64.6653.dump'
self.classname = 'sslsnoop.ctypes_openssh.session_state'
self.known_heap = (0x00007f724c905000, 249856)
try:
import sslsnoop
except ImportError:
self.skipTest('sslsnoop not present')
def setUp(self):
model.reset()
self._mappings = dump_loader.load('test/dumps/putty/putty.1.dump')
self._known_heaps = [(0x390000, 0x3000), (0x540000, 0x1000),
(0x580000, 0x9000), (0x5c0000, 0x59000),
(0x1ef0000, 0x1000), (0x2010000, 0x21000),
(0x2080000, 0x10000), (0x21f0000, 0x6000),
(0x3360000, 0x1000), (0x4030000, 0x1000),
(0x4110000, 0x1000), (0x41c0000, 0x1000),
]
return
def setUp(self):
model.reset()
from haystack import types
types.reload_ctypes(4, 4, 8)
self.cpu_bits = '32'
self.os_name = 'linux'
self.tgts = []
self.process = None
self.tests = {"test1": "test-ctypes1.%d" % (32),
"test2": "test-ctypes2.%d" % (32),
"test3": "test-ctypes3.%d" % (32),
}
def setUp(self):
model.reset()
self.memdumpname = 'test/dumps/putty/putty.1.dump'
self.classname = 'haystack.structures.win32.win7heap.HEAP'
self.known_heaps = [(0x00390000, 8956), (0x00540000, 868),
(0x00580000, 111933), (0x005c0000, 1704080),
(0x01ef0000, 604), (0x02010000, 61348),
(0x02080000, 474949), (0x021f0000, 18762),
(0x03360000, 604), (0x04030000, 632),
(0x04110000, 1334), (0x041c0000, 644),
# from free stuf
(0x0061a000, 1200),
]
def setUp(self):
model.reset()
types.reload_ctypes(8, 8, 16)
self.memdumpname = 'test/src/test-ctypes7.64.dump'
self.classname = 'test.src.ctypes7.struct_Node'
self._load_offsets_values(self.memdumpname)
self.address = self.offsets['test1'][0] # 0x000000001b1e010
# load layout in x64
from test.src import ctypes7
from test.src import ctypes7_gen64
model.copyGeneratedClasses(ctypes7_gen64, ctypes7)
model.registerModule(ctypes7)
# apply constraints
ctypes7.populate()
def setUp(self):
model.reset()
types.reload_ctypes(4, 4, 8)
self.memdumpname = 'test/src/test-ctypes7.32.dump'
self.classname = 'test.src.ctypes7.struct_Node'
self._load_offsets_values(self.memdumpname)
self.address = self.offsets['test1'][0] # 0x8f40008
# load layout in x32
from test.src import ctypes7
from test.src import ctypes7_gen32
model.copyGeneratedClasses(ctypes7_gen32, ctypes7)
model.registerModule(ctypes7)
# apply constraints
ctypes7.populate()
def setUp(self):
model.reset()
self.mappings = dump_loader.load('test/src/test-ctypes6.32.dump')
self.memdumpname = 'test/src/test-ctypes6.32.dump'
self._load_offsets_values(self.memdumpname)
sys.path.append('test/src/')
from test.src import ctypes6
from test.src import ctypes6_gen32
model.copyGeneratedClasses(ctypes6_gen32, ctypes6)
model.registerModule(ctypes6)
# apply constraints
ctypes6.populate(self.mappings.config)
self.offset = self.offsets['test1'][0]
self.m = self.mappings.get_mapping_for_address(self.offset)
self.usual = self.m.readStruct(self.offset, ctypes6.struct_usual)
def test_registerModule(self):
from haystack import model
model.reset()
try:
from test.structures import good
from test.structures import good_gen
from test.structures import bad_gen
# copy bad_gen in good
model.copyGeneratedClasses(bad_gen, good)
model.copyGeneratedClasses(good_gen, good)
self.assertIn('Struct1', good.__dict__)
self.assertIn('Struct2', good.__dict__)
self.assertNotIn('Struct1_py', good.__dict__)
self.assertNotIn('expectedValues', good.Struct1.__dict__)
except ImportError as e:
self.fail(e)
try:
from test.structures import bad
# test if module has members
self.assertEquals(bad.BLOCK_SIZE, 16)
self.assertIn('Struct1', bad.__dict__)
self.assertIn('expectedValues', bad.Struct1.__dict__)
# same Struct1 object is imported in bad and good
self.assertIn('expectedValues', good.Struct1.__dict__)
self.assertNotIn('expectedValues', good.Struct2.__dict__)
except ImportError as e:
self.fail(e)
# test if register works (creates POPO)
model.registerModule(bad)
self.assertIn('Struct1_py', bad.__dict__)
self.assertIn('expectedValues', bad.Struct1.__dict__)
# POPO is not create in good
self.assertNotIn('Struct1_py', good.__dict__)
self.assertIn('expectedValues', good.Struct1.__dict__)
self.assertNotIn('expectedValues', good.Struct2.__dict__)
model.registerModule(good) # creates POPO for the rest
self.assertIn('Struct2_py', good.__dict__)
self.assertIn('expectedValues', good.Struct1.__dict__)
# expectedValues is in a function
self.assertNotIn('expectedValues', good.Struct2.__dict__)
# add an expectedValues
good.populate()
self.assertIn('expectedValues', good.Struct1.__dict__)
self.assertIn('expectedValues', good.Struct2.__dict__)
def setUp(self):
model.reset()
types.reload_ctypes(8, 8, 16)
class MyConfig:
def get_word_size(self):
return 8
self.memdumpname = 'test/src/test-ctypes6.64.dump'
self.node_structname = 'test.src.ctypes6.struct_Node'
self.usual_structname = 'test.src.ctypes6.struct_usual'
self._load_offsets_values(self.memdumpname)
self.address1 = self.offsets['test1'][0] # struct_usual
self.address2 = self.offsets['test2'][0] # struct_Node
self.address3 = self.offsets['test3'][0] # struct_Node
# load layout in x64
from test.src import ctypes6
from test.src import ctypes6_gen64
model.copyGeneratedClasses(ctypes6_gen64, ctypes6)
model.registerModule(ctypes6)
# apply constraints
ctypes6.populate(MyConfig())
def test_walker_after_arch_change(self):
x32 = types.reload_ctypes(4, 4, 8)
x64 = types.reload_ctypes(8, 8, 16)
from haystack.structures.libc import libcheapwalker
from haystack.structures.win32 import winheapwalker
from haystack.structures.win32 import win7heapwalker
if False:
# set the arch
ctypes = types.set_ctypes(x32)
libc_x32 = libcheapwalker.LibcHeapFinder(x32)
winxp_x32 = winheapwalker.WinHeapFinder(x32)
win7_x32 = win7heapwalker.Win7HeapFinder(x32)
from haystack.structures.win32 import win7heap
t = win7heap.HEAP_ENTRY
for fi, tp in t._fields_:
f = getattr(t, fi)
print fi, " : ", hex(f.offset), hex(f.size)
self.assertEquals(ctypes.sizeof(libc_x32.heap_type), 8)
self.assertEquals(ctypes.sizeof(winxp_x32.heap_type), 1430)
self.assertEquals(ctypes.sizeof(win7_x32.heap_type), 312) # 0x138
# set the arch
model.reset()
ctypes = types.set_ctypes(x64)
libc_x64 = libcheapwalker.LibcHeapFinder(x64)
winxp_x64 = winheapwalker.WinHeapFinder(x64)
win7_x64 = win7heapwalker.Win7HeapFinder(x64)
# import code
# code.interact(local=locals())
self.assertEquals(ctypes.sizeof(libc_x64.heap_type), 16)
# who knows...
self.assertEquals(ctypes.sizeof(win7_x64.heap_type), 520)
# BUG FIXME, what is the size of winxp64 HEAP ?
self.assertEquals(ctypes.sizeof(winxp_x64.heap_type), 2792) # 0xae8
def tearDown(self):
from haystack import model
model.reset()
self._mappings = None
return
def tearDownClass(self):
from haystack import model
model.reset()
self.context6 = None
return
def tearDownClass(self):
self.mappings = None
model.reset()
return
def tearDown(self):
self.context = None
model.reset()
def setUp(self):
model.reset()
self.mappings = dump_loader.load('test/dumps/ssh/ssh.1')
def tearDown(self):
model.reset()
def setUp(self):
model.reset()
self.mappings = dump_loader.load('test/dumps/putty/putty.1.dump')
def setUp(self):
model.reset()
self.mappings = dump_loader.load('test/src/test-ctypes5.32.dump')
# struct a - basic types
self._load_offsets_values('test/src/test-ctypes5.32.dump')
def tearDownClass(self):
from haystack import model
model.reset()
self.context6 = None
return
def tearDown(self):
from haystack import model
model.reset()
self.mappings = None
pass
def tearDown(self):
self.memdumpname = None
self.classname = None
self.known_heaps = None
model.reset()
def tearDown(self):
super(SrcTests,self).tearDown()
self.mappings = None
model.reset()
def tearDown(self): model.reset() self.mappings = None self.heap_obj = None pass
def setUp(self):
model.reset()
def tearDown(self):
model.reset()
types.load_ctypes_default()
def setUp(self):
model.reset()
self.mappings = dump_loader.load('test/src/test-ctypes6.32.dump')
def setUp(self):
model.reset()
# os.chdir()
self.context = context.get_context('test/src/test-ctypes3.32.dump')
self.dsa = dsa.DSASimple(self.context.config)
def tearDown(self):
self.mappings = None
model.reset()
def tearDown(self):
model.reset()
self.mappings = None
self.heap_obj = None
pass
