Python MachoAddressSpace示例

编程语言: Python

命名空间/包名称: vatopa.machaddrspace

hotexamples.com的示例: 2

Python MachoAddressSpace - 已找到2个示例。这些是从开源项目中提取的最受好评的vatopa.machaddrspace.MachoAddressSpace现实Python示例。您可以评价示例，以帮助我们提高示例质量。

常用方法

显示隐藏

MachoAddressSpace(2)

示例#1

显示文件

文件： volafox.py 项目： qatarattack/volafox

    def init_vatopa_x86_pae(self, vflag):
        if self.mempath == '':
            return 1
        if self.build[
                0:
                2] >= '12':  # for KSLR supported OS (Mountain Lion, Mavericks)
            if vflag:
                print '[+] Finding Kernel Base Address (KASLR)'
            self.base_address = self.catfishlocation - (
                self.symbol_list['_lowGlo'] % 0xFFFFFF80
            )  # find table base address
            if vflag:
                print ' [-] Kernel Base Address : 0x%.8x' % self.base_address
            self.idlepdpt = (self.symbol_list['_BootPDPT'] %
                             0xFFFFFF80) + self.base_address
            self.bootpml4 = (self.symbol_list['_BootPML4'] %
                             0xFFFFFF80) + self.base_address

            if isMachoVolafoxCompatible(self.mempath):
                self.boot_pml4_pt = IA32PML4MemoryPae(
                    MachoAddressSpace(self.mempath), self.bootpml4)
            else:
                self.boot_pml4_pt = IA32PML4MemoryPae(
                    FileAddressSpace(self.mempath), self.bootpml4)
            idlepml4_ptr = self.boot_pml4_pt.read(
                self.symbol_list['_IdlePML4'] + self.base_address, 8)
            self.idlepml4 = struct.unpack('=Q', idlepml4_ptr)[0]
        else:
            self.idlepdpt = self.symbol_list['_IdlePDPT']
            self.idlepml4 = self.symbol_list['_IdlePML4']
        if self.arch is 32:
            if vflag:
                print '[+] Loading Intel 32bit(PAE Enabled) Paging Table'
            if isMachoVolafoxCompatible(self.mempath):
                self.x86_mem_pae = IA32PagedMemoryPae(
                    MachoAddressSpace(self.mempath), self.idlepdpt)
            else:
                self.x86_mem_pae = IA32PagedMemoryPae(
                    FileAddressSpace(self.mempath), self.idlepdpt)
        else:  # 64
            if vflag:
                print '[+] Loading Intel IA-32e(PAE Enabled) Paging Table'
            if isMachoVolafoxCompatible(self.mempath):
                self.x86_mem_pae = IA32PML4MemoryPae(
                    MachoAddressSpace(self.mempath), self.idlepml4)
            else:
                self.x86_mem_pae = IA32PML4MemoryPae(
                    FileAddressSpace(self.mempath), self.idlepml4)
        return 0

示例#2

显示文件

文件： volafox.py 项目： qatarattack/volafox

    def netstat(self):
        tcb_symbol_addr = self.symbol_list['_tcbinfo']
        udb_symbol_addr = self.symbol_list['_udbinfo']

        if isMachoVolafoxCompatible(self.mempath):
            net_pae = IA32PML4MemoryPae(MachoAddressSpace(self.mempath),
                                        self.idlepml4)
        else:
            net_pae = IA32PML4MemoryPae(FileAddressSpace(self.mempath),
                                        self.idlepml4)
        network_list = get_network_hash(net_pae, tcb_symbol_addr,
                                        udb_symbol_addr, self.arch,
                                        self.os_version, self.build,
                                        self.base_address)
        print_network_list(network_list[0], network_list[1])