def search_win_heaps(self): # TODO move in haystack.reverse.heapwalker from haystack.reverse.win32 import win7heapwalker # FIXME win7, winxp... heaps = list() for mapping in self.mappings: if win7heapwalker.is_heap(self, mapping): heaps.append(mapping) log.debug('%s is a Heap'%(mapping)) mapping._children = win7heapwalker.Win7HeapWalker(self, mapping, 0).get_heap_children_mmaps() # order by ProcessHeapsListIndex heaps.sort(key=lambda m: win7heapwalker.readHeap(m).ProcessHeapsListIndex) return heaps
def search_win_heaps(self): # TODO move in haystack.reverse.heapwalker from haystack.reverse.win32 import win7heapwalker # FIXME win7, winxp... heaps = list() for mapping in self.mappings: if win7heapwalker.is_heap(self, mapping): heaps.append(mapping) log.debug('%s is a Heap' % (mapping)) mapping._children = win7heapwalker.Win7HeapWalker( self, mapping, 0).get_heap_children_mmaps() # order by ProcessHeapsListIndex heaps.sort( key=lambda m: win7heapwalker.readHeap(m).ProcessHeapsListIndex) return heaps
def test_heap_read(self): from haystack.reverse.win32 import win7heapwalker, win7heap h = self._mappings.getMmapForAddr(0x005c0000) self.assertEquals(h.getByteBuffer()[0:10],'\xc7\xf52\xbc\xc9\xaa\x00\x01\xee\xff') addr = h.start self.assertEquals( addr , 6029312) heap = h.readStruct( addr, win7heap.HEAP ) self.assertEquals( ctypes.addressof( h._local_mmap_content ), ctypes.addressof( heap ) ) self.assertEquals( heap.Signature , 4009750271L ) #print addr #print hex( ctypes.addressof( heap ) ) #print heap.Signature #print '*'*80 self.assertTrue( win7heapwalker.is_heap(self._mappings, h) ) #, '\n'.join([str(m) for m in self._mappings]))
def test_heap_read(self): from haystack.reverse.win32 import win7heapwalker, win7heap h = self._mappings.getMmapForAddr(0x005c0000) self.assertEquals(h.getByteBuffer()[0:10], '\xc7\xf52\xbc\xc9\xaa\x00\x01\xee\xff') addr = h.start self.assertEquals(addr, 6029312) heap = h.readStruct(addr, win7heap.HEAP) self.assertEquals(ctypes.addressof(h._local_mmap_content), ctypes.addressof(heap)) self.assertEquals(heap.Signature, 4009750271L) #print addr #print hex( ctypes.addressof( heap ) ) #print heap.Signature #print '*'*80 self.assertTrue(win7heapwalker.is_heap( self._mappings, h)) #, '\n'.join([str(m) for m in self._mappings]))