proc
¶
This module contains base classes for OS specific objects to inherit from.
Classes¶
-
class
Hook
(hook_type, hook_location, old_address, new_address)[source]¶ This object describes a hook which has been installed to modify the behavior of native code. This is generally used for hijacking functions to force them to execute different instructions when they are called. The Hook specifically referes to the data which has been modified to alter the flow of execution. This is generally a modified funciton pointer or an assembly stub which redirects code to the new_handler.
-
class
MemoryRegion
(addr_low, addr_high, perms)[source]¶ This describes a memory region in a platform independant way. Permissions are described with a string using ‘rwx’ for full read, write and execute permissions and substituting ‘-‘ for missing permissions. For example a page with only read and execute permissions would have permissions of ‘r-x’.
-
is_executable
¶ Whether or not the memory region contains the execute permission.
-
is_private
¶ Whether or not the memory region is marked as private.
-
is_readable
¶ Whether or not the memory region contains the read permission.
Whether or not the memory region is marked as shared.
-
is_writeable
¶ Whether or not the memory region contains the write permission.
-
size
¶ The size of the memory region.
-
-
class
ProcessBase
[source]¶ -
allocate
(size=1024, address=None, permissions=None)[source]¶ Allocate memory in the attached process. If permissions is not specified it will be the platform specific version of read, write and execute.
Parameters:
-
arch
¶ The architecture of the process.
-
close
()[source]¶ Close the handle to the process and perform any necessary clean up operations. No further calls should be made to the object after this function is called.
-
free
(address)[source]¶ Unallocate the memory at address.
Parameters: address (int) – The address to unallocate.
-
get_proc_attribute
(attribute)[source]¶ Look up a platform specific attribute of the process. Valid values for attribute will be different depending on the class.
Parameters: attribute (str) – The attribute to look up.
-
install_hook
(mod_name, new_address, name=None, ordinal=None)[source]¶ Install a hook to redirect execution from the specified function to new_address. Different platform implemenations of this function may not support both the name and ordinal parameters.
Parameters:
-
join_thread
(thread_id)[source]¶ Wait for the thread described in thread_id to finish execution.
Parameters: thread_id (int) – The ID of the thread to wait for.
-
load_library
(libpath)[source]¶ Load the library specified by libpath into the address space of the attached process.
Parameters: libpath (str) – The path to the library to load.
-
protect
(address, permissions=None, size=1024)[source]¶ Change the access permissions to the memory residing at address. If permissions is not specified it will be the platform specific version of read, write and execute.
Parameters:
-
read_memory
(address, size=1024)[source]¶ Return the contents of memory at address.
Parameters: Returns: The contents of memory at address.
Return type:
-
read_memory_string
(address)[source]¶ Read bytes from address until a NULL termination character is encountered.
Parameters: address (int) – The address to start reading from. Returns: The string residing at address. Return type: str
-
read_region
(region)[source]¶ Read an entire region from memory. If region is a
MemoryRegion
instance, it is returned. If region is an int, it must be the starting address of a memory region in themaps
attribute.Parameters: region (int, MemoryRegion
) – The region to read from.Returns: The contents of the memory region. Return type: str
-