Fix docs (Process.open() -> Process(); remove trailing whitespace

This commit is contained in:
Jan Petykiewicz 2018-08-09 14:04:30 -07:00
parent 96eea79bfc
commit 9f71883fbe

View File

@ -32,36 +32,36 @@ class Process(metaclass=ABCMeta):
Once you have found the pid, you are ready to construct an instance of Process Once you have found the pid, you are ready to construct an instance of Process
and use it to read and write to memory. Once you are done with the process, and use it to read and write to memory. Once you are done with the process,
use .close() to free up the process for access by other debuggers etc. use .close() to free up the process for access by other debuggers etc.
p = Process.open(1239) p = Process(1239)
p.close() p.close()
To read/write to memory, first create a buffer using ctypes: To read/write to memory, first create a buffer using ctypes:
buffer0 = (ctypes.c_byte * 5)(39, 50, 03, 40, 30) buffer0 = (ctypes.c_byte * 5)(39, 50, 03, 40, 30)
buffer1 = ctypes.c_ulong() buffer1 = ctypes.c_ulong()
and then use and then use
p.write_memory(0x2fe, buffer0) p.write_memory(0x2fe, buffer0)
val0 = p.read_memory(0x220, buffer0)[:] val0 = p.read_memory(0x220, buffer0)[:]
val1a = p.read_memory(0x149, buffer1).value val1a = p.read_memory(0x149, buffer1).value
val2b = buffer1.value val2b = buffer1.value
assert(val1a == val2b) assert(val1a == val2b)
Searching for a value can be done in a number of ways: Searching for a value can be done in a number of ways:
Search a list of addresses: Search a list of addresses:
found_addresses = p.search_addresses([0x1020, 0x1030], buffer0) found_addresses = p.search_addresses([0x1020, 0x1030], buffer0)
Search the entire memory space: Search the entire memory space:
found_addresses = p.search_all_memory(buffer0, writeable_only=False) found_addresses = p.search_all_memory(buffer0, writeable_only=False)
You can also get a list of which regions in memory are mapped (readable): You can also get a list of which regions in memory are mapped (readable):
regions = p.list_mapped_regions(writeable_only=False) regions = p.list_mapped_regions(writeable_only=False)
which can be used along with search_buffer(...) to re-create .search_all_memory(...): which can be used along with search_buffer(...) to re-create .search_all_memory(...):
found = [] found = []
for region_start, region_stop in regions: for region_start, region_stop in regions:
region_buffer = (ctypes.c_byte * (region_stop - region_start))() region_buffer = (ctypes.c_byte * (region_stop - region_start))()
@ -69,15 +69,15 @@ class Process(metaclass=ABCMeta):
found += utils.search_buffer(ctypes.c_ulong(123456790), region_buffer) found += utils.search_buffer(ctypes.c_ulong(123456790), region_buffer)
Other useful methods include the context manager, implemented as a static method: Other useful methods include the context manager, implemented as a static method:
with Process.open_process(pid) as p: with Process.open_process(pid) as p:
# use p here, no need to call p.close() # use p here, no need to call p.close()
.get_path(), which reports the path of the executable file which was used .get_path(), which reports the path of the executable file which was used
to start the process: to start the process:
executable_path = p.get_path() executable_path = p.get_path()
and deref_struct_pointer, which takes a pointer to a struct and reads out the struct members: and deref_struct_pointer, which takes a pointer to a struct and reads out the struct members:
# struct is a list of (offset, buffer) pairs # struct is a list of (offset, buffer) pairs
@ -86,7 +86,7 @@ class Process(metaclass=ABCMeta):
values = p.deref_struct_pointer(0x0feab4, struct_defintion) values = p.deref_struct_pointer(0x0feab4, struct_defintion)
which is shorthand for which is shorthand for
struct_addr = p.read_memory(0x0feab4, ctypes.c_void_p()) struct_addr = p.read_memory(0x0feab4, ctypes.c_void_p())
values = [p.read_memory(struct_addr + 0x0, ctypes.c_ulong()), values = [p.read_memory(struct_addr + 0x0, ctypes.c_ulong()),
p.read_memory(struct_addr + 0x20, ctypes.c_byte())] p.read_memory(struct_addr + 0x20, ctypes.c_byte())]
@ -168,14 +168,14 @@ class Process(metaclass=ABCMeta):
:returns: read_buffer is returned as well as being overwritten. :returns: read_buffer is returned as well as being overwritten.
""" """
pass pass
@abstractmethod @abstractmethod
def list_mapped_regions(self, writeable_only=True) -> List[Tuple[int, int]]: def list_mapped_regions(self, writeable_only=True) -> List[Tuple[int, int]]:
""" """
Return a list of (start_address, stop_address) for the regions of the address space Return a list of (start_address, stop_address) for the regions of the address space
accessible to (readable and possibly writable by) the process. accessible to (readable and possibly writable by) the process.
By default, this function does not return non-writeable regions. By default, this function does not return non-writeable regions.
:param writeable_only: If True, only return regions which are also writeable. :param writeable_only: If True, only return regions which are also writeable.
Default true. Default true.
:return: List of (start_address, stop_address) for each accessible memory region. :return: List of (start_address, stop_address) for each accessible memory region.
@ -197,7 +197,7 @@ class Process(metaclass=ABCMeta):
""" """
Return a list of all process ids (pids) accessible on this system. Return a list of all process ids (pids) accessible on this system.
:return: List of running process ids. :return: List of running process ids.
""" """
pass pass
@ -216,8 +216,8 @@ class Process(metaclass=ABCMeta):
executable file is renamed). executable file is renamed).
:return: Process id (pid) of a process with the provided name, or None. :return: Process id (pid) of a process with the provided name, or None.
""" """
pass pass
def deref_struct_pointer(self, def deref_struct_pointer(self,
base_address: int, base_address: int,
targets: List[Tuple[int, ctypes_buffer_t]], targets: List[Tuple[int, ctypes_buffer_t]],
@ -279,7 +279,7 @@ class Process(metaclass=ABCMeta):
except OSError: except OSError:
logger.error('Failed to read in range 0x{} - 0x{}'.format(start, stop)) logger.error('Failed to read in range 0x{} - 0x{}'.format(start, stop))
return found return found
@classmethod @classmethod
@contextmanager @contextmanager
def open_process(cls, process_id: int) -> 'Process': def open_process(cls, process_id: int) -> 'Process':