linux

This module contains classes functions and exceptions specific to POSIX Linux environments.

Functions

get_errno()[source]

Get the value of the error from the last function call.

Returns:The error number from libc.
Return type:int
parse_proc_maps(pid)[source]

Parse the memory maps file for pid into a dictionary of LinuxMemoryRegion objects with keys of their starting address.

Parameters:pid (int) – The pid to parse the maps file from /proc for.
Returns:The parsed memory regions for pid.
Return type:dict

Classes

class LinuxMemoryRegion(addr_low, addr_high, perms, pathname=None)[source]

Bases: mayhem.proc.MemoryRegion

Describe a memory region on Linux.

is_executable

Whether or not the memory region contains the execute permission.

is_private

Whether or not the memory region is marked as private.

is_readable

Whether or not the memory region contains the read permission.

is_shared

Whether or not the memory region is marked as shared.

is_writeable

Whether or not the memory region contains the write permission.

pathname = None

The file which mapped the region, if known.

size

The size of the memory region.

class LinuxProcess(pid=None, exe=None)[source]

Bases: mayhem.proc.ProcessBase

This class represents a process in a POSIX Linux environment.

__init__(pid=None, exe=None)[source]

Initialize self. See help(type(self)) for accurate signature.

allocate(size=1024, address=None, permissions=None)[source]

Allocate memory in the attached process. If permissions is not specified it will be the platform specific version of read, write and execute.

Parameters:
  • size (int) – The size of the space to allocate.
  • address (int) – The preferred address to allocate space at.
  • permissions (str) – The permissions to set in the newly allocated space.
close()[source]

Close the handle to the process and perform any necessary clean up operations. No further calls should be made to the object after this function is called.

free(address)[source]

Unallocate the memory at address.

Parameters:address (int) – The address to unallocate.
get_proc_attribute(attribute)[source]

Look up a platform specific attribute of the process. Valid values for attribute will be different depending on the class.

Parameters:attribute (str) – The attribute to look up.
install_hook(mod_name, new_address, name=None, ordinal=None)[source]

Install a hook to redirect execution from the specified function to new_address. Different platform implemenations of this function may not support both the name and ordinal parameters.

Parameters:
  • mod_name (str) – The module where the target function to hook resides.
  • new_address (int) – The address of the new code to be executed.
  • name (str) – The name of the function to hook.
  • ordinal (int) – The ordinal of the function to hook.
join_thread(thread_id)[source]

Wait for the thread described in thread_id to finish execution.

Parameters:thread_id (int) – The ID of the thread to wait for.
kill()[source]

Kill the process which is currently being manipulated.

load_library(libpath)[source]

Load the library specified by libpath into the address space of the attached process.

Parameters:libpath (str) – The path to the library to load.
protect(address, permissions=None, size=1024)[source]

Change the access permissions to the memory residing at address. If permissions is not specified it will be the platform specific version of read, write and execute.

Parameters:
  • address (int) – The address to change the permissions of.
  • permissions (str) – The permissions to set for address.
  • size (int) – The size of the space starting at address to change the permissions of.
read_memory(address, size=1024)[source]

Return the contents of memory at address.

Parameters:
  • address (int) – The location from which to read memory.
  • size (int) – The number of bytes to read.
Returns:

The contents of memory at address.
Return type:

str
start_thread(address, targ=None)[source]

Execute address in the context of a new thread.

Parameters:
  • address (int) – The entry point of the thread.
  • targ – The arguments to supply for the thread.
Returns:

A platform specific thread identifier.
write_memory(address, data)[source]

Write arbitrary data to the processes memory.

Parameters:
  • address (int) – The location to start writing to.
  • data (str) – The data to write into memory.

Exceptions

exception LinuxProcessError(*args, **kwargs)[source]

Bases: mayhem.proc.ProcessError

args
errno = None

The libc error number at the time the exception was raised.

with_traceback()

Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.