[go: up one dir, main page]
Menu

[r79]: / misc / handleinfo.py  Maximize  Restore  History

Download this file

41 lines (27 with data), 1.0 kB 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/usr/bin/env python



from memutil import virt2phys, offsets 

from handleutil import HandleTable

from struct import unpack



def unpack_le(str):

    """Silly helper function to convert 4 characters to a little-endian unsigned int"""

    return unpack("<L", str)[0]



if __name__ == "__main__":

    from general import parser



    (options, args) = parser.parse_args()



    if len(args) != 2:

        import sys

        parser.print_help()

        sys.exit(1)



    print "Done parsing arguments."

    

    memdump = open(args[0], 'rb')

    eproc_offset = int(args[1], 0)

    offs = offsets[options.osname]

    

    memdump.seek(eproc_offset)

    eproc_struct = memdump.read(offs["EPROC_SIZE"])



    pdba = unpack_le(eproc_struct[offs["PDBA_OFFSET"]:offs["PDBA_OFFSET"]+4])



    handle_table_addr = unpack_le(eproc_struct[offs["HANDLE_TABLE_OFFSET"]:offs["HANDLE_TABLE_OFFSET"]+4])

    ht = HandleTable(memdump,pdba,handle_table_addr)



    print "Successfully read handle table."



    for handle in ht:

        print handle



    memdump.close()