def reverse_instances(memory_handler):
"""
Reverse all heaps in process from memory_handler
:param memory_handler:
:return:
"""
assert isinstance(memory_handler, interfaces.IMemoryHandler)
process_context = memory_handler.get_reverse_context()
#for heap in heaps:
# # reverse all fields in all records from that heap
# ## reverse_heap(memory_handler, heap_addr)
log.info('Reversing Fields')
fr = dsa.FieldReverser(memory_handler)
fr.reverse()
log.info('Fixing Text Fields')
tfc = dsa.TextFieldCorrection(memory_handler)
tfc.reverse()
# try to find some logical constructs.
log.info('Reversing DoubleLinkedListReverser')
# why is this a reverse_context ?
doublelink = reversers.DoubleLinkedListReverser(memory_handler)
doublelink.reverse()
doublelink.rename_all_lists()
# then and only then can we look at the PointerFields
# identify pointer relation between allocators
log.info('Reversing PointerFields')
pfr = pointertypes.PointerFieldReverser(memory_handler)
pfr.reverse()
# save that
log.info('Saving reversed records instances')
for heap_context in process_context.list_contextes():
heap_context.save_structures()
# save to file
save_headers(heap_context)
log.info('Saving reversed records types')
process_context.save_reversed_types()
# graph pointer relations between allocators
log.info('Reversing PointerGraph')
ptrgraph = reversers.PointerGraphReverser(memory_handler)
ptrgraph.reverse()
# extract all strings
log.info('Reversing strings')
strout = reversers.StringsReverser(memory_handler)
strout.reverse()
log.info('Analysis results are in %s',
config.get_cache_folder_name(memory_handler.get_name()))
return process_context
def _load_graph_cache(self):
from haystack.reverse.heuristics import reversers
graph_rev = reversers.PointerGraphReverser(self.memory_handler)
self.__record_graph = graph_rev.load_process_graph()
def test_graph(self):
log.debug('Reversing PointerGraph')
ptrgraph = reversers.PointerGraphReverser(self.memory_handler)
ptrgraph.reverse()