haystack 0.17

Search C Structures in a process' memory
haystack is a Python module to search C structures in a process' memory.

What does it do?:

The basic functionnality is to search in a process' memory maps for a specific C Structures.

How do it knows that the structures is valid?:


You add some constraints ( expectedValues ) on the fields. Pointers are also a good start.

Where does the idea comes from?:


use http://www.hsc.fr/ressources/breves/passe-partout.html.fr  to get keys
use http://pauldotcom.com/2010/10/tsharkwireshark-ssl-decryption.html
 or http://www.rtfm.com/ssldump/ to read streams
use scapy, because it's fun ? but we need IP reassembly .
pynids could be more useful...
dsniff is now in python ?
flowgrep
use python.


HOWTO:

>>> import haystack
>>> haystack.findStruct( pid , 'ctypes.c_int')
>>> haystack.findStruct( pid , 'ctypes_example.big_struct')


It's easy to add new structures (check ctypeslib or do it by hand).

last updated on:
June 19th, 2012, 12:25 GMT
price:
FREE!
homepage:
packages.python.org
license type:
GPL (GNU General Public License) 
developed by:
Loic Jaquemet
category:
ROOT \ Security
haystack
Download Button

In a hurry? Add it to your Download Basket!

user rating

UNRATED
0.0/5
 

0/5

Rate it!

Add your review!

SUBMIT