Python readHeap示例

示例#1

    def test_freelists(self):
        ''' List all free blocks '''

        # TODO test 0x0061a000 for overflow

        #self.skipTest('known ok')
        self.assertNotEqual(self._mappings, None)

        heap_sums = dict([(heap, list())
                          for heap in self._mappings.getHeaps()])
        child_heaps = dict()
        # append addr and size to each mmaps
        for heap in self._mappings.getHeaps():
            log.debug('==== walking heap num: %0.2d @ %0.8x' %
                      (win7heapwalker.readHeap(heap).ProcessHeapsListIndex,
                       heap.start))
            walker = win7heapwalker.Win7HeapWalker(self._mappings, heap, 0)
            for x, s in walker._get_freelists():
                m = self._mappings.getMmapForAddr(x)
                #Found new mmap outside of heaps mmaps
                if m not in heap_sums:
                    heap_sums[m] = []
                heap_sums[m].append((x, s))
            #self.assertEquals( free_size, walker.HEAP().TotalFreeSize)
            # save mmap hierarchy
            child_heaps[heap] = walker.get_heap_children_mmaps()

        # calcul cumulates
        for heap, children in child_heaps.items():
            # for each heap, look at all children
            freeblocks = map(lambda x: x[0], heap_sums[heap])
            free_size = sum(map(lambda x: x[1], heap_sums[heap]))
            cheap = win7heapwalker.readHeap(heap)
            log.debug('-- heap 0x%0.8x \t free:%0.5x \texpected: %0.5x' %
                      (heap.start, free_size, cheap.TotalFreeSize))
            total = free_size
            for child in children:
                freeblocks = map(lambda x: x[0], heap_sums[child])
                self.assertEquals(len(freeblocks), len(set(freeblocks)))
                #print heap_sums[child]
                free_size = sum(map(lambda x: x[1], heap_sums[child]))
                log.debug('   \_ mmap 0x%0.8x\t free:%0.5x ' %
                          (child.start, free_size))
                self.assertEquals(len(freeblocks), len(set(freeblocks)))
                total += free_size
            log.debug('   \= total: \t\t free:%0.5x ' % (total))

            maxlen = len(heap)
            cheap = win7heapwalker.readHeap(heap)
            self.assertEquals(cheap.TotalFreeSize, total)
            log.debug(
                'heap: 0x%0.8x free: %0.5x  \texpected: %0.5x  \tmmap len:%0.5x'
                % (heap.start, total, cheap.TotalFreeSize, maxlen))

        return

示例#2

文件： test_walker.py 项目： Macdawr/python-haystack

  def test_freelists(self):
    ''' List all free blocks '''

    # TODO test 0x0061a000 for overflow
    
    
    #self.skipTest('known ok')
    self.assertNotEqual( self._mappings, None )
    
    heap_sums = dict([(heap,list()) for heap in self._mappings.getHeaps()])
    child_heaps = dict()
    # append addr and size to each mmaps
    for heap in self._mappings.getHeaps():
      log.debug( '==== walking heap num: %0.2d @ %0.8x'%(win7heapwalker.readHeap(heap).ProcessHeapsListIndex, heap.start))
      walker = win7heapwalker.Win7HeapWalker(self._mappings, heap, 0)    
      for x,s in walker._get_freelists():
        m = self._mappings.getMmapForAddr(x)
        #Found new mmap outside of heaps mmaps
        if m not in heap_sums:
          heap_sums[m] = []
        heap_sums[m].append( (x,s) )
      #self.assertEquals( free_size, walker.HEAP().TotalFreeSize)
      # save mmap hierarchy
      child_heaps[heap] = walker.get_heap_children_mmaps()

    # calcul cumulates
    for heap, children in child_heaps.items():
      # for each heap, look at all children
      freeblocks = map(lambda x: x[0], heap_sums[heap])
      free_size = sum(map(lambda x: x[1], heap_sums[heap]))
      cheap = win7heapwalker.readHeap(heap)
      log.debug('-- heap 0x%0.8x \t free:%0.5x \texpected: %0.5x'%(heap.start, free_size, cheap.TotalFreeSize))
      total = free_size
      for child in children:
        freeblocks = map(lambda x: x[0], heap_sums[child])
        self.assertEquals( len(freeblocks), len(set(freeblocks)))
        #print heap_sums[child]
        free_size = sum(map(lambda x: x[1], heap_sums[child]))
        log.debug('   \_ mmap 0x%0.8x\t free:%0.5x '%(child.start, free_size))
        self.assertEquals( len(freeblocks), len(set(freeblocks)))
        total += free_size
      log.debug('   \= total: \t\t free:%0.5x '%(total) )
      
      maxlen = len(heap)
      cheap = win7heapwalker.readHeap(heap)      
      self.assertEquals(cheap.TotalFreeSize, total)
      log.debug( 'heap: 0x%0.8x free: %0.5x  \texpected: %0.5x  \tmmap len:%0.5x'%(heap.start, total, cheap.TotalFreeSize, maxlen ) )
    
    return

示例#3

文件： test_walker.py 项目： Macdawr/python-haystack

 def test_sorted_heaps(self):
   ''' check if memory_mapping gives heaps sorted by index. '''
   #self.skipTest('known_ok')
   
   for i, m in enumerate(self._mappings.getHeaps()):
     #print '%d @%0.8x'%(win7heapwalker.readHeap(m).ProcessHeapsListIndex, m.start)
     self.assertEquals(win7heapwalker.readHeap(m).ProcessHeapsListIndex, i+1, 'ProcessHeaps should have correct indexes')
   return

示例#4

    def test_sorted_heaps(self):
        ''' check if memory_mapping gives heaps sorted by index. '''
        #self.skipTest('known_ok')

        for i, m in enumerate(self._mappings.getHeaps()):
            #print '%d @%0.8x'%(win7heapwalker.readHeap(m).ProcessHeapsListIndex, m.start)
            self.assertEquals(
                win7heapwalker.readHeap(m).ProcessHeapsListIndex, i + 1,
                'ProcessHeaps should have correct indexes')
        return

示例#5

文件： memory_mapping.py 项目： Macdawr/python-haystack

 def search_win_heaps(self):
   # TODO move in haystack.reverse.heapwalker
   from haystack.reverse.win32 import win7heapwalker # FIXME win7, winxp...
   heaps = list()
   for mapping in self.mappings:
     if win7heapwalker.is_heap(self, mapping):
       heaps.append(mapping)
       log.debug('%s is a Heap'%(mapping))
       mapping._children = win7heapwalker.Win7HeapWalker(self, mapping, 0).get_heap_children_mmaps()
   # order by ProcessHeapsListIndex
   heaps.sort(key=lambda m: win7heapwalker.readHeap(m).ProcessHeapsListIndex)
   return heaps

示例#6

 def search_win_heaps(self):
     # TODO move in haystack.reverse.heapwalker
     from haystack.reverse.win32 import win7heapwalker  # FIXME win7, winxp...
     heaps = list()
     for mapping in self.mappings:
         if win7heapwalker.is_heap(self, mapping):
             heaps.append(mapping)
             log.debug('%s is a Heap' % (mapping))
             mapping._children = win7heapwalker.Win7HeapWalker(
                 self, mapping, 0).get_heap_children_mmaps()
     # order by ProcessHeapsListIndex
     heaps.sort(
         key=lambda m: win7heapwalker.readHeap(m).ProcessHeapsListIndex)
     return heaps