haystack 0.17

Search C Structures in a process' memory

  Add it to your Download Basket!

 Add it to your Watch List!

0/5

Rate it!
send us
an update
LICENSE TYPE:
GPL (GNU General Public License) 
USER RATING:
UNRATED
  0.0/5
DEVELOPED BY:
Loic Jaquemet
HOMEPAGE:
packages.python.org
CATEGORY:
ROOT \ Security
haystack is a Python module to search C structures in a process' memory.

What does it do?:

The basic functionnality is to search in a process' memory maps for a specific C Structures.

How do it knows that the structures is valid?:


You add some constraints ( expectedValues ) on the fields. Pointers are also a good start.

Where does the idea comes from?:


use http://www.hsc.fr/ressources/breves/passe-partout.html.fr  to get keys
use http://pauldotcom.com/2010/10/tsharkwireshark-ssl-decryption.html
 or http://www.rtfm.com/ssldump/ to read streams
use scapy, because it's fun ? but we need IP reassembly .
pynids could be more useful...
dsniff is now in python ?
flowgrep
use python.


HOWTO:

>>> import haystack
>>> haystack.findStruct( pid , 'ctypes.c_int')
>>> haystack.findStruct( pid , 'ctypes_example.big_struct')


It's easy to add new structures (check ctypeslib or do it by hand).

Last updated on June 19th, 2012

requirements

#C structures #process memory #C #structures #search #memory

Add your review!

SUBMIT