示例#1
0
文件: api.py 项目: zhouat/pyrebox 
def get_symbol_list():
    """ Return list of symbols 

        :return: List of symbols, each element is a dictionary with keys: "mod", "name", and "addr"
        :rtype: list
    """
    import vmi
    import windows_vmi
    from utils import pp_print
    syms = []
    diff_modules = {}
    proc_list = get_process_list()
    pp_print("[*] Updating symbol list... Be patient, this may take a while\n")
    for proc in proc_list: 
        proc_pid = proc["pid"]
        proc_pgd = proc["pgd"]
        windows_vmi.windows_update_modules(proc_pgd,update_symbols=True)
        for module in vmi.modules[proc_pid,proc_pgd].values():
            c =  module.get_checksum()
            n = module.get_fullname()
            if (c,n) not in diff_modules:
                diff_modules[(c,n)] = module
    for mod in diff_modules.values():
        for ordinal,addr,name in mod.get_symbols():
            syms.append({"mod": mod.get_name(),"name": name, "addr": addr})
    return syms
示例#2
0
文件: api.py 项目: zhouat/pyrebox 
def get_module_list(pgd):
    """ Return list of modules for a given PGD

        :param pgd: The PGD of the process for which we want to extract the modules
        :type pgd: int

        :return: List of modules, each element is a dictionary with keys: "name", "base", and "size"
        :rtype: list
    """
    import vmi
    import windows_vmi
    proc_list = get_process_list()
    mods = []
    found = False
    for proc in proc_list: 
        proc_pid = proc["pid"]
        proc_pgd = proc["pgd"]
        if proc_pgd == pgd:
            found = True
            windows_vmi.windows_update_modules(proc_pgd,update_symbols=False)
            for mod in vmi.modules[(proc_pid,proc_pgd)].values():
                mods.append({"name": mod.get_name(), "base": mod.get_base(), "size": mod.get_size()})
    if found:
        return mods
    else:
        raise ValueError("Process with PGD %x not found" % pgd)
示例#3
0
def update_modules(proc_pgd, update_symbols=False):
    global os_family
    from windows_vmi import windows_update_modules
    from linux_vmi import linux_update_modules
    hook_points = None
    if os_family == OS_FAMILY_WIN:
        hook_points = windows_update_modules(proc_pgd, update_symbols)
    elif os_family == OS_FAMILY_LINUX:
        hook_points = linux_update_modules(proc_pgd, update_symbols)
    return hook_points
示例#4
0
文件: vmi.py 项目: CRYP706URU/pyrebox 
def update_modules(proc_pgd, update_symbols=False):
    global os_family
    from windows_vmi import windows_update_modules
    from linux_vmi import linux_update_modules
    hook_points = None
    if os_family == OS_FAMILY_WIN:
        hook_points = windows_update_modules(proc_pgd, update_symbols)
    elif os_family == OS_FAMILY_LINUX:
        hook_points = linux_update_modules(proc_pgd, update_symbols)
    return hook_points