[go: up one dir, main page]
Menu

[r77]: / general.py  Maximize  Restore  History

Download this file

39 lines (32 with data), 1.4 kB 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
#!/usr/bin/env python



from memutil import offsets,PagedOutException,virt2phys



def get_flags(value, flags, ignore=[]):

    """Return a list of flags for a value.

    Arguments:

        value - the value to be tested

        flags - a dictionary of name -> bit flag mappings

        ignore - an optional list of keys to ignore

    """

    return [ k for (k,v) in flags.items() if (value & v) > 0 

             and k not in ignore]



# Optparse things common to all programs in the memory utils



from optparse import OptionParser



usage = "usage: %prog [options] <memory dump> <EPROCESS offset>"

parser = OptionParser(usage=usage)

parser.add_option("-o", "--operating-system", dest="osname", default="XPSP2",

        help=("operating system memory dump comes from"

              " [default: %%default, options: %s]" % ",".join(offsets.keys())))



def getUnicodeString(memdump,pdba,str_addr,size):

    if size == 0: return ""

    print "DEBUG: getting string of size %d at %08x" % (size,str_addr)

    try:

        str_addr_real = virt2phys(memdump,pdba,str_addr)

    except PagedOutException:

        return "[string address paged out]"

    #print "DEBUG: getting string of size %d at %08x (%08x)" % (size,str_addr,str_addr_real)

    memdump.seek(str_addr_real)

    try:

        str = memdump.read(size).decode('utf_16_le','replace')

        return str

    except UnicodeDecodeError:

        return "[unicode decoding error]"