`proc`¶

This module contains base classes for OS specific objects to inherit from.

Modules¶

Classes¶

class Hook(hook_type, hook_location, old_address, new_address)[source]¶

This object describes a hook which has been installed to modify the behavior of native code. This is generally used for hijacking functions to force them to execute different instructions when they are called. The Hook specifically referes to the data which has been modified to alter the flow of execution. This is generally a modified funciton pointer or an assembly stub which redirects code to the new_handler.

__init__(hook_type, hook_location, old_address, new_address)[source]¶

Parameters:	hook_type (str) – The type of hook (iat or eat). hook_location (int) – The address of where the hook has been installed. old_address (int) – The original address of the hooked function. new_address (int) – The new modified address of the hooked function.

class MemoryRegion(addr_low, addr_high, perms)[source]¶

This describes a memory region in a platform independant way. Permissions are described with a string using ‘rwx’ for full read, write and execute permissions and substituting ‘-‘ for missing permissions. For example a page with only read and execute permissions would have permissions of ‘r-x’.

__init__(addr_low, addr_high, perms)[source]¶

Parameters:	addr_low (int) – The address of where this memory region starts. addr_high (int) – The address of where this memory region ends. perms (str) – The permissions that this memory region has.

is_executable¶: Whether or not the memory region contains the execute permission.

is_private¶: Whether or not the memory region is marked as private.

is_readable¶: Whether or not the memory region contains the read permission.

is_shared¶: Whether or not the memory region is marked as shared.

is_writeable¶: Whether or not the memory region contains the write permission.

size¶: The size of the memory region.

class ProcessBase[source]¶

allocate(size=1024, address=None, permissions=None)[source]¶

Allocate memory in the attached process. If permissions is not specified it will be the platform specific version of read, write and execute.

Parameters:	size (int) – The size of the space to allocate. address (int) – The preferred address to allocate space at. permissions (str) – The permissions to set in the newly allocated space.

arch¶: The architecture of the process.

close()[source]¶: Close the handle to the process and perform any necessary clean up operations. No further calls should be made to the object after this function is called.

free(address)[source]¶

Unallocate the memory at address.

Parameters:	address (int) – The address to unallocate.

get_proc_attribute(attribute)[source]¶

Look up a platform specific attribute of the process. Valid values for attribute will be different depending on the class.

Parameters:	attribute (str) – The attribute to look up.

install_hook(mod_name, new_address, name=None, ordinal=None)[source]¶

Install a hook to redirect execution from the specified function to new_address. Different platform implemenations of this function may not support both the name and ordinal parameters.

Parameters:	mod_name (str) – The module where the target function to hook resides. new_address (int) – The address of the new code to be executed. name (str) – The name of the function to hook. ordinal (int) – The ordinal of the function to hook.

join_thread(thread_id)[source]¶

Wait for the thread described in thread_id to finish execution.

Parameters:	thread_id (int) – The ID of the thread to wait for.

kill()[source]¶: Kill the process which is currently being manipulated.

load_library(libpath)[source]¶

Load the library specified by libpath into the address space of the attached process.

Parameters:	libpath (str) – The path to the library to load.

protect(address, permissions=None, size=1024)[source]¶

Change the access permissions to the memory residing at address. If permissions is not specified it will be the platform specific version of read, write and execute.

Parameters:	address (int) – The address to change the permissions of. permissions (str) – The permissions to set for address. size (int) – The size of the space starting at address to change the permissions of.

read_memory(address, size=1024)[source]¶

Return the contents of memory at address.

Parameters:	address (int) – The location from which to read memory. size (int) – The number of bytes to read.
Returns:	The contents of memory at address.
Return type:	str

read_memory_string(address)[source]¶

Read bytes from address until a NULL termination character is encountered.

Parameters:	address (int) – The address to start reading from.
Returns:	The string residing at address.
Return type:	str

read_region(region)[source]¶

Read an entire region from memory. If region is a MemoryRegion instance, it is returned. If region is an int, it must be the starting address of a memory region in the maps attribute.

Parameters:	region (int, `MemoryRegion`) – The region to read from.
Returns:	The contents of the memory region.
Return type:	str

start_thread(address, targ=None)[source]¶

Execute address in the context of a new thread.

Parameters:	address (int) – The entry point of the thread. targ – The arguments to supply for the thread.
Returns:	A platform specific thread identifier.

write_memory(address, data)[source]¶

Write arbitrary data to the processes memory.

Parameters:	address (int) – The location to start writing to. data (str) – The data to write into memory.

Exceptions¶

exception ProcessError(msg)[source]¶: This base exception describes process related errors and are raised by mayhem.proc.Process classes.

proc¶

Modules¶

Classes¶

Exceptions¶

`proc`¶