linux
¶
This module contains classes functions and exceptions specific to POSIX Linux environments.
Functions¶
-
get_errno
()[source]¶ Get the value of the error from the last function call.
Returns: The error number from libc. Return type: int
-
parse_proc_maps
(pid)[source]¶ Parse the memory maps file for pid into a dictionary of
LinuxMemoryRegion
objects with keys of their starting address.Parameters: pid (int) – The pid to parse the maps file from /proc for. Returns: The parsed memory regions for pid. Return type: dict
Classes¶
-
class
LinuxMemoryRegion
(addr_low, addr_high, perms, pathname=None)[source]¶ Bases:
mayhem.proc.MemoryRegion
Describe a memory region on Linux.
-
is_executable
¶ Whether or not the memory region contains the execute permission.
-
is_private
¶ Whether or not the memory region is marked as private.
-
is_readable
¶ Whether or not the memory region contains the read permission.
Whether or not the memory region is marked as shared.
-
is_writeable
¶ Whether or not the memory region contains the write permission.
-
pathname
= None¶ The file which mapped the region, if known.
-
size
¶ The size of the memory region.
-
-
class
LinuxProcess
(pid=None, exe=None)[source]¶ Bases:
mayhem.proc.ProcessBase
This class represents a process in a POSIX Linux environment.
-
allocate
(size=1024, address=None, permissions=None)[source]¶ Allocate memory in the attached process. If permissions is not specified it will be the platform specific version of read, write and execute.
Parameters:
-
close
()[source]¶ Close the handle to the process and perform any necessary clean up operations. No further calls should be made to the object after this function is called.
-
free
(address)[source]¶ Unallocate the memory at address.
Parameters: address (int) – The address to unallocate.
-
get_proc_attribute
(attribute)[source]¶ Look up a platform specific attribute of the process. Valid values for attribute will be different depending on the class.
Parameters: attribute (str) – The attribute to look up.
-
install_hook
(mod_name, new_address, name=None, ordinal=None)[source]¶ Install a hook to redirect execution from the specified function to new_address. Different platform implemenations of this function may not support both the name and ordinal parameters.
Parameters:
-
join_thread
(thread_id)[source]¶ Wait for the thread described in thread_id to finish execution.
Parameters: thread_id (int) – The ID of the thread to wait for.
-
load_library
(libpath)[source]¶ Load the library specified by libpath into the address space of the attached process.
Parameters: libpath (str) – The path to the library to load.
-
protect
(address, permissions=None, size=1024)[source]¶ Change the access permissions to the memory residing at address. If permissions is not specified it will be the platform specific version of read, write and execute.
Parameters:
-
read_memory
(address, size=1024)[source]¶ Return the contents of memory at address.
Parameters: Returns: The contents of memory at address.
Return type:
-